Squid Proxy Server Setup on Debian 12 Bookworm

In this guide, you will learn a Squid Proxy Server Installation and Configuration Setup on Debian 12 Bookworm. As you may know, Squid is a caching proxy server for Linux-based distributions. Now let’s see how it works, then, start Squid proxy installation on your server.

What Squid Proxy can be used for?

The common usage of Squid Proxy includes caching, load balancing, filtering traffic from websites, and for security purposes. The Squid Proxy must be installed in a separate server rather than the web server.

Squid will help the improvement of Web server speed by storing the requested internet objects on a machine that is closer to the requesting workstation than the server. 

Also, it can be used for HTTP and FTP. But it can be used for other protocols including HTTPS, SSL, and Dopher.

Now that you have understood the main concept of Squid proxy, you can proceed to the following steps to start your setup on your server.

Steps To Squid Proxy Server Setup on Debian 12 Bookworm

Before you start your Squid proxy setup, you must have access to your server as a non-root user with sudo privileges and set up a basic firewall. For this purpose, you can visit the Initial Server Setup with Debian 12 Bookworm.

Step 1 – Install Squid Proxy Caching Server on Debian 12

Squid packages are available in most Linux-based distributions by default. So run the system update first with the command below:

sudo apt update

Then, run the following command to install the Squid proxy server:

sudo apt install squid -y

Step 2 – Check Squid Service Status

When your installation is completed, your Squid service must be started automatically on your Debian 12. To verify this, run the command below:

sudo systemctl status squid.service

In your output you should see:

Output
● squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; preset: enable>
     Active: active (running) since Thu 2023-08-31 06:06:50 EDT; 1min 23s ago
       Docs: man:squid(8)
    Process: 141356 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, >
   Main PID: 141384 (squid)
      Tasks: 4 (limit: 4653)
     Memory: 16.1M
        CPU: 334ms
     CGroup: /system.slice/squid.service
...

If your service is not activated on your server, you can run the command below:

sudo systemctl restart squid.service

Step 3 – Allow User Clients To Connect To Squid Proxy Server

If you plan to allow clients to connect to the Squid server from outside this server setup, you can follow the steps below.

You need to edit your Squid configuration file for this purpose. To do this, open the Squid config file with your desired text editor like vi editor:

sudo vi /etc/squid/squid.conf

In the file, you must search for the following content lines:

Include /etc/squid/conf.d/*.conf
...
http_access allow localhost
...
http_access deny all
...

If you want to allow everyone to your squid server, you need to change the deny all to the allow all. But it is not recommended to do this for the security reasons.

Instead of doing this, you can add the line below and define your IP address to connect to the Squid proxy.

Include /etc/squid/conf.d/*.conf
...
acl localnet src your_ip_address
http_access allow localhost
...
http_access deny all
...

Note: You can find your IP address from the What’s My IP?

When you are done, save and close the file.

Step 4 – Squid Password Pairs Setup on Debian 12

Squid allows you to create username-password pairs using built-in Linux functionality. It will help you to increase your Squid server access security. To do this, follow the steps below.

First, install Apache Utils to help you to generate username-password pairs for Squid:

sudo apt install apache2-utils -y

Then, run the following command to create a new username-password pair for the Squid Proxy server:

sudo htpasswd -c /etc/squid/passwords your_squid_username

Add the desired password for it:

New password:
Re-type new password:
Adding password for user orca

This command will store your username along with a hash of your new password in /etc/squid/passwords, which will be used as an authentication source by Squid.

You can use the following command to see what that looks like:

sudo cat /etc/squid/passwords
Output
orca:$apr1$ON6ugl2y$/f0ksV70.s9lDnlOLWngI/

Step 4 – Squid Proxy Server Configuration on Debian 12

At this point when you have generated the username-password pairs for Squid, you must make some configuration changes to your Squid config file. Open the Squid config file again with your desired text editor like vi editor:

sudo vi /etc/squid/squid.conf

Then, add the highlighted lines in your file as shown below:

…
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
include /etc/squid/conf.d/*.conf
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
acl localnet src your_ip_address
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all
…

When you are done, save and close the file.

To apply the changes, restart your Squid service on Debian 12 Bookworm:

sudo systemctl restart squid.service

Step 5 – Configure UFW Firewall Rules for Squid Server

Here we assumed that you have an UFW enabled firewall.

Now you need to open port 3128 through the firewall with the following command:

sudo ufw allow 3128

Reload the firewall to apply the new rules:

sudo ufw reload

Step 6 – Test Squid Proxy Server Connection

To display your Squid server through an HTTP connection, you can use the curl command on Debian 12 Bookworm. To do this, run the following command:

curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 http://www.google.com/

In your output you will see:

Output
*   Trying ...
* Connected to ... (...) port 3128 (#0)
* Proxy auth using Basic with user 'orca'
> GET http://www.google.com/ HTTP/1.1
> Host: www.google.com
> Proxy-Authorization: Basic b3JjYTpvcmNhMTIz
> User-Agent: curl/7.88.1
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
< Date: Thu, 31 Aug 2023 10:40:13 GMT
< Expires: -1
< Cache-Control: private, max-age=0
< Content-Type: text/html; charset=ISO-8859-1
...

Also, you can access HTTPs sites with your Squid proxy without any configuration changes.

curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 https://www.google.com/

In your output you will see:

Output
*   Trying ...
* Connected to ... (...) port 3128 (#0)
* allocate connect buffer
* Establish HTTP proxy tunnel to www.google.com:443
* Proxy auth using Basic with user 'orca'
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> Proxy-Authorization: Basic b3JjYTpvcmNhMTIz
> User-Agent: curl/7.88.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* CONNECT phase completed
* CONNECT tunnel established, response 200
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
..

That’s it, you are done.

Conclusion

At this point, you have learned Squid Proxy Installation and Configuration Setup on Debian 12 Bookworm Step by Step. The squid packages can be easily installed by the APT repository. Then, you have to restrict the client’s access to the Squid server by defining the IP address in the config file and generating the username-password pairs for Squid. Finally, you can test your Squid server connection through HTTP and HTTPS requests to see if it works correctly or not.

Hope you enjoy it. Need any help or have an idea? Please Comment for us.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

POPULAR TAGS

Most Popular