How To Install Squid Proxy on Debian 11

This tutorial intends to teach you How To Install and Configure Squid Proxy on Debian 11.

Squid is a Unix-based proxy server that caches Internet content closer to a requestor than its original point of origin. Squid supports caching of many different kinds of Web objects, including those accessed through HTTP and FTP. Caching frequently requested Web pages, media files, and other content accelerates response time and reduces bandwidth congestion.

Steps To Install and Configure Squid Proxy on Debian 11

To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide on Initial Server Setup with Debian 11.

Install Squid on Debian 11

First, you need to update your local package index with the command below:

sudo apt update

Then, you can use the following command to install Squid proxy on your server:

sudo apt install squid

Squid will start automatically after you install it on your server.

To check that your service is active and running on your server, run the following command:

sudo systemctl status squid.service

In your output you will see:

Output
● squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset:>
     Active: active (running) since Wed 2022-12-07 06:13:12 EST; 9s ago
       Docs: man:squid(8)
    Process: 1726 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, st>
   Main PID: 1729 (squid)
      Tasks: 4 (limit: 4679)
     Memory: 15.9M
        CPU: 874ms
     CGroup: /system.slice/squid.service
...

Configure Squid Proxy on Debian 11

Now you need to make some configuration changes in the Squid configuration file on Debian 11 to allow clients to connect to Squid from outside this server.

Open the file with your favorite text editor, here we use vi:

sudo vi /etc/squid/squid.conf

Find the lines below in the file:

...
http_access allow localhost
... http_access deny all
...

You can change the deny all to allow all and anyone can connect to your proxy server. But it’s not recommended to do that. You can add the line below and define your IP address to connect to the Squid proxy.

You can find your IP address from the What’s My IP?

Then, add the below line above the http_access allow localhost line.

...
acl localnet src your_ip_address
http_access allow localhost
...

When you are done, save and close the file.

Secure Squid Proxy on Debian 11

At this point, you need to secure your Squid proxy on Debian 11. Squid allows you to create username-password pairs using built-in Linux functionality, as an additional or an alternative step to restricting access to your proxy by IP address.

First, you need to install some utilities from Apache in order to have access to a password generator that squid likes:

sudo apt install apache2-utils

Then, you can use the htpasswd command to generate a password for your new Squid user:

sudo htpasswd -c /etc/squid/passwords your_squid_username

You will be asked to enter a password for your Squid user.

This command will store your username along with a hash of your new password in /etc/squid/passwords, which will be used as an authentication source by Squid.

You can use the following command to see what that looks like:

sudo cat /etc/squid/passwords
Output
orca:$apr1$/HslOpUy$i7MKbeDCzMbHcxcIUVgB5/

Now you need to open the Squid configuration file on Debian 11 again with your favorite text editor, here we use vi:

sudo vi /etc/squid/squid.conf

Then, add the red lines in your file:

…
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
include /etc/squid/conf.d/*
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# Example rule allowing access from your local networks.
acl localnet src your_ip_address
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all
…

When you are done, save and close the file.

To apply the changes, restart your Squid service on Debian 11:

sudo systemctl restart squid.service

Configure Firewall For Squid

We assumed that you have enabled the UFW firewall. Now you need to open port 3128 through the firewall with the following command:

sudo ufw allow 3128

Reload the firewall to apply the new rules:

sudo ufw reload

Connect through Squid Proxy Server

To display your Squid server, you can use the curl command on Debian 11. To do this, run the following command:

curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 http://www.google.com/

In your output you will see:

Output
* Trying server-ip:3128...
* TCP_NODELAY set
* Connected to server-ip (server-ip) port 3128 (#0)
* Proxy auth using Basic with user 'orca'
> GET http://www.google.com/ HTTP/1.1
...

Also, you can access HTTPs sites with your Squid proxy without any configuration changes.

curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 https://www.google.com/

In your output you will see:

Output
* Trying server-ip:3128...
* TCP_NODELAY set
* Connected to server-ip (server-ip) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.google.com:443
* Proxy auth using Basic with user 'orca'
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> Proxy-Authorization: Basic b3JjYTpvcmNhMTIz
> User-Agent: curl/7.68.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!

For more information about Squid proxy, you can visit the Squid Documentation page.

Conclusion

At this point, you have learned to Install and Configure Squid Proxy on Debian 11.

Hope you enjoy it.

You may be like these articles:

Set up Java_Home Path on Debian 11

How To Install PowerDNS on Debian 11

How To Install GitLab on Debian 11

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay informed and not overwhelmed, subscribe now!