Installing a Squid HTTP Proxy on Debian/Ubuntu

Introduction

This tutorial shows you how to install a Squid HTTP proxy on your Debian or Ubuntu "RS 2000" server. In addition, it will include explanations on how you can connect to the proxy from almost any client.
I am doing this on a Debian 11 server, but the installation should work on other Debian versions and on Ubuntu as well.
This is an advanced version of https://github.com/SanCraftDev/Debian-Setup/blob/main/README.md#Squid-HTTP-Proxy---with-Password-Authentication.

Requirements

You need a Debian or Ubuntu server with an internet connection, which must be reachable from the internet via a static IP on port 3128.
You also need root permissions on your server.

Step 1 - Installing Squid

First you need to connect to your server via SSH.
Then we'll switch to the root user and update the system, install all the required packages and, finally, install the Squid HTTP proxy:

su
apt update && apt upgrade -y && apt autoremove -y
apt install curl sudo wget apache2-utils nano -y
apt install squid -y

Step 1.1 - Inserting the configuration

Now we need to add a configuration to the Squid proxy.
This configuration allows you to connect to the HTTP proxy using a username and password and makes your origin IP invisible to the web servers you visit.
Open the configuration:

nano /etc/squid/squid.conf

Add the following lines to the beginning of the file:

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
forwarded_for off

Save your changes by pressing CTRL + X, then Y and finally by hitting Enter.

Step 1.2 - Creating users

In this step we need to create users to access the proxy.
In the following command, please replace "USERNAME" with the actual username you will use for password login to the proxy:

htpasswd -c /etc/squid/passwords USERNAME

Now enter a new secure password.
Repeat this step depending on the number of users you want to use this proxy.

Step 1.3 - Starting Squid

To enable the inserted configuration, we need to restart the Squid proxy. To do this, simply run:

service squid restart

The restart may take a longer while.

Step 2 - Setting up the devices

Step 2.1 - Windows 11

• Open your "Settings" app and go to "Network and internet".
  
• Select "Proxy" and under "Manual proxy setup" select the "Setup" button to the right of "Use a proxy server".
  
• Enable "Use a proxy server" and under "Proxy IP address" enter the IP address or the hostname of your proxy server, and under "Port" add port 3128.
  
• Activate the checkbox "Don't use the proxy server for local (intranet) addresses".
  
• Click the "Save" button.
  

You will sometimes be asked for one of the usernames (and related password) that we previously created in Step 1.2.

Step 2.2 - Windows 10

• Open your "Settings" app and go to "Network and internet".
  
• Select "Proxy" and under "Manual proxy setup" activate "Use a proxy server".
  
• Under "Address" enter the IP address or the hostname of your proxy server, and under "Port" add port 3128.
  
• Activate the checkbox "Don't use the proxy server for local (intranet) addresses".
  
• Click the "Save" button.
  

You will sometimes be asked for one of the usernames (and related password) that we previously created in Step 1.2.

Step 2.3 - Android

• Open your "Settings" app and go to your Wi-Fi settings.
  
• Press your Wi-Fi network for some time and select "Change" or "Settings" or, if there is something like a "Settings" button shown on your connected Wi-Fi network, press this button.
  
• Click on "Show more" and select "Proxy", then select "Manual".
  
• Under "Address" or "Hostname" enter the IP address or the hostname of your proxy server and under "Port" add port 3128.
  
• Click the "Save" button.
  

You will sometimes be asked for one of the usernames (and related password) that we previously created in Step 1.2.

Step 2.4 - IOS - iPadOS

• Open your "Settings" app and go to your Wi-Fi settings.
  
• Press your Wi-Fi network and select "Configure proxy", then select "Manual".
  
• Under "Server" enter the IP address or the hostname of your proxy server and under "Port" add port 3128.
  
• Activate the "Authentication" checkbox and enter your username (and related password) that we previously created in Step 1.2.
  
• Now click the upper button to save.

Step 2.5 - macOS

• Open your settings and select "Network", there select your Ethernet or Wi-Fi network.
  
• Then select "Advanced" and "Proxies", here select "Web Proxy (HTTP)" and "Secure Web Proxy (HTTPS)".
  
• Enter your IP address or the hostname of your proxy server and port 3128.
  
• Click "Ok" and then "Apply".
  

Now if you are asked for it (you may need to reboot), enter your username (and related password) that we previously created in Step 1.2.

Step 2.6 - Linux

Run the following commands to install the required packages and to open the proxy configuration file:

su
apt update && apt upgrade -y && apt autoremove -y
apt install curl sudo wget nano -y
sudo nano /etc/environment

Now add the following lines replacing username with an actual username and define a password for the user. This is one of the users we previously created in Step 1.2. Also, replace "hostname" with the IP address or the hostname of your proxy server and "port" with port 3128:

http_proxy="http://<username>:<password>@<hostname>:<port>/"
https_proxy="http://<username>:<password>@<hostname>:<port>/"
no_proxy="localhost,127.0.0.1,::1"

Now save your changes by pressing CTRL + X, pressing Y and finally by hitting Enter.

Conclusion

You successfully set up a Squid HTTP proxy with username and password protection and additionally connected your devices with this proxy.
This is an advanced version of https://github.com/SanCraftDev/Debian-Setup/blob/main/README.md#Squid-HTTP-Proxy---with-Password-Authentication.

License

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicence, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Contributor's Certificate of Origin

By making a contribution to this project, I certify that:

1. The contribution was created in whole or in part by me and I have the right to submit it under the license indicated in the file; or

2. The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same license (unless I am permitted to submit under a different license), as indicated in the file; or

3. The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

4. I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the license(s) involved.