1080*80 ad
Home » Blog » Setting up Squid Proxy on Ubuntu 20.04

Setting up Squid Proxy on Ubuntu 20.04

Benhcmark Administrator Benhcmark Administrator
01/09/2025
0 Views 0
Setting up Squid Proxy on Ubuntu 20.04

Your Ultimate Guide to Setting Up a Squid Proxy Server on Ubuntu 20.04

Enhancing network security, improving performance, and controlling internet access are critical tasks for any system administrator. A powerful tool for achieving these goals is a proxy server, and one of the most robust and widely-used solutions is Squid. Squid is a high-performance caching and forwarding web proxy that can significantly optimize web traffic and enforce access policies.

This comprehensive guide will walk you through the complete process of installing and configuring a secure Squid proxy server on Ubuntu 20.04 LTS. By the end, you will have a fully functional proxy server tailored to your network’s needs.

What are the Benefits of a Squid Proxy?

Before diving into the setup, it’s important to understand why you might need a Squid proxy:

  • Improved Performance Through Caching: Squid can cache frequently accessed web content, such as images, files, and entire web pages. When another user requests the same content, it’s served directly from the proxy’s cache, resulting in faster load times and reduced bandwidth consumption.
  • Content Filtering and Access Control: You can create powerful rules, known as Access Control Lists (ACLs), to restrict access to specific websites, block certain types of content, or limit internet usage to specific times of the day.
  • Enhanced Security: A proxy server acts as an intermediary between your users and the internet. This can help mask internal IP addresses and provide a single point for monitoring and logging outgoing web traffic, making it easier to spot malicious activity.
  • Network Monitoring: Squid maintains detailed logs of all web requests, providing valuable insights into network usage patterns and helping to enforce company policies.

Prerequisites

To follow this guide, you will need:

  • A server running Ubuntu 20.04.
  • A user account with sudo or root privileges.
  • Basic familiarity with the Linux command line.

Step 1: Installing the Squid Package

The first step is to install the Squid software package from Ubuntu’s official repositories. It’s always a good practice to update your package index before installing new software.

  1. Open your terminal and update the APT package list:

    sudo apt update

  2. Next, install the Squid package:

    sudo apt install squid

  3. Once the installation is complete, the Squid service will start automatically. You can verify its status to ensure it is running correctly:
    bash
    sudo systemctl status squid

    You should see an active (running) message, indicating the service is operational.

Step 2: Configuring Squid’s Basic Settings

The primary configuration file for Squid is located at /etc/squid/squid.conf. This file is extensive, but we will focus on the most important settings to get your proxy server up and running securely.

First, it is highly recommended that you create a backup of the original configuration file. This allows you to revert to the default settings if you make a mistake.

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original

Now, open the configuration file for editing using a text editor like nano:

sudo nano /etc/squid/squid.conf

By default, Squid listens on TCP port 3128. You can find this setting by searching for the http_port directive.

# http_port 3128

The default configuration is secure and denies all HTTP requests. This is enforced by the http_access deny all rule. To allow clients to use the proxy, you must define your own access rules.

Step 3: Defining Access Control Lists (ACLs)

Access Control Lists (ACLs) are the foundation of Squid’s power. They allow you to define rules based on various criteria, such as source IP address, destination domain, time of day, and more.

For a basic setup, we will create an ACL to grant access to clients from a specific local network. For example, if your local network is 192.168.1.0/24, you would add the following lines to your squid.conf file.

It’s best practice to add your custom rules near the top of the http_access section.

  1. Define an ACL named localnet for your source IP range:

    acl localnet src 192.168.1.0/24

  2. Now, create a rule to allow HTTP access for clients matching this ACL. Crucially, this allow rule must be placed before the http_access deny all rule, as Squid processes rules in order.

    http_access allow localnet
# This line should already exist further down the file
http_access deny all

Your configuration should now have these lines in the correct order to grant access to your local network.

Step 4: Adding User Authentication (Optional but Recommended)

For an added layer of security, you can require users to authenticate with a username and password before they can use the proxy. This ensures that only authorized individuals can access the internet through Squid.

  1. First, you’ll need the apache2-utils package to create a password file. Install it with the following command:

    sudo apt install apache2-utils

  2. Next, create a password file and add your first user. The -c flag creates the file. For subsequent users, omit the -c flag. Replace proxyuser with your desired username.

    sudo htpasswd -c /etc/squid/passwd proxyuser

    You will be prompted to enter and confirm a password for the user.

  3. Now, open the /etc/squid/squid.conf file again and add the following lines at the top of the file to enable basic authentication.

    # Add these lines at the top of the config file
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm Squid Proxy Server
acl authenticated proxy_auth REQUIRED

  4. Finally, add a rule to allow access for authenticated users. Again, place this rule before the http_access deny all directive.

    # Place this with your other http_access rules
http_access allow authenticated

# Ensure this is the last access rule
http_access deny all

Step 5: Applying the Configuration and Restarting Squid

After making your changes, you should first check the configuration file for any syntax errors. This can prevent the Squid service from failing to start.

sudo squid -k parse

If there are no errors, you can safely restart the Squid service to apply the new configuration:

sudo systemctl restart squid

Step 6: Configuring a Client to Use the Proxy

Your Squid proxy server is now ready. The final step is to configure your client devices (e.g., a web browser or operating system) to use it.

In your device’s network or proxy settings, you will need to specify:

  • Proxy Server IP: The IP address of your Ubuntu server.
  • Port: 3128 (or the custom port you configured).
  • Username/Password: If you configured authentication, your browser will prompt you for the credentials (proxyuser and the password you set) the first time you try to access a website.

Once configured, all of your web traffic from that client will be routed through your new Squid proxy server. You can monitor the access logs in real-time to see the traffic by running sudo tail -f /var/log/squid/access.log.

Source: https://kifarunix.com/install-and-setup-squid-proxy-on-ubuntu-20-04/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket