Share your love
How To Install Squid Proxy on Debian 11
This tutorial intends to teach you How To Install and Configure Squid Proxy on Debian 11.
Squid is a Unix-based proxy server that caches Internet content closer to a requestor than its original point of origin. Squid supports caching of many different kinds of Web objects, including those accessed through HTTP and FTP. Caching frequently requested Web pages, media files, and other content accelerates response time and reduces bandwidth congestion.
Steps To Install and Configure Squid Proxy on Debian 11
To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide on Initial Server Setup with Debian 11.
Install Squid on Debian 11
First, you need to update your local package index with the command below:
sudo apt update
Then, you can use the following command to install Squid proxy on your server:
sudo apt install squid
Squid will start automatically after you install it on your server.
To check that your service is active and running on your server, run the following command:
sudo systemctl status squid.service
In your output you will see:
Output
● squid.service - Squid Web Proxy Server
Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset:>
Active: active (running) since Wed 2022-12-07 06:13:12 EST; 9s ago
Docs: man:squid(8)
Process: 1726 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, st>
Main PID: 1729 (squid)
Tasks: 4 (limit: 4679)
Memory: 15.9M
CPU: 874ms
CGroup: /system.slice/squid.service
...
Configure Squid Proxy on Debian 11
Now you need to make some configuration changes in the Squid configuration file on Debian 11 to allow clients to connect to Squid from outside this server.
Open the file with your favorite text editor, here we use vi:
sudo vi /etc/squid/squid.conf
Find the lines below in the file:
...
http_access allow localhost
...
http_access deny all
...
You can change the deny all to allow all and anyone can connect to your proxy server. But it’s not recommended to do that. You can add the line below and define your IP address to connect to the Squid proxy.
You can find your IP address from the What’s My IP?
Then, add the below line above the http_access allow localhost line.
...
acl localnet src your_ip_address
http_access allow localhost
...
When you are done, save and close the file.
Secure Squid Proxy on Debian 11
At this point, you need to secure your Squid proxy on Debian 11. Squid allows you to create username-password pairs using built-in Linux functionality, as an additional or an alternative step to restricting access to your proxy by IP address.
First, you need to install some utilities from Apache in order to have access to a password generator that squid likes:
sudo apt install apache2-utils
Then, you can use the htpasswd
command to generate a password for your new Squid user:
sudo htpasswd -c /etc/squid/passwords your_squid_username
You will be asked to enter a password for your Squid user.
This command will store your username along with a hash of your new password in /etc/squid/passwords
, which will be used as an authentication source by Squid.
You can use the following command to see what that looks like:
sudo cat /etc/squid/passwords
Output
orca:$apr1$/HslOpUy$i7MKbeDCzMbHcxcIUVgB5/
Now you need to open the Squid configuration file on Debian 11 again with your favorite text editor, here we use vi:
sudo vi /etc/squid/squid.conf
Then, add the red lines in your file:
…
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
include /etc/squid/conf.d/*
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# Example rule allowing access from your local networks.
acl localnet src your_ip_address
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all
…
When you are done, save and close the file.
To apply the changes, restart your Squid service on Debian 11:
sudo systemctl restart squid.service
Configure Firewall For Squid
We assumed that you have enabled the UFW firewall. Now you need to open port 3128 through the firewall with the following command:
sudo ufw allow 3128
Reload the firewall to apply the new rules:
sudo ufw reload
Connect through Squid Proxy Server
To display your Squid server, you can use the curl command on Debian 11. To do this, run the following command:
curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 http://www.google.com/
In your output you will see:
Output
* Trying server-ip:3128...
* TCP_NODELAY set
* Connected to server-ip (server-ip) port 3128 (#0)
* Proxy auth using Basic with user 'orca'
> GET http://www.google.com/ HTTP/1.1
...
Also, you can access HTTPs sites with your Squid proxy without any configuration changes.
curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 https://www.google.com/
In your output you will see:
Output
* Trying server-ip:3128...
* TCP_NODELAY set
* Connected to server-ip (server-ip) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.google.com:443
* Proxy auth using Basic with user 'orca'
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> Proxy-Authorization: Basic b3JjYTpvcmNhMTIz
> User-Agent: curl/7.68.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
For more information about Squid proxy, you can visit the Squid Documentation page.
Conclusion
At this point, you have learned to Install and Configure Squid Proxy on Debian 11.
Hope you enjoy it.
You may be like these articles:
Set up Java_Home Path on Debian 11