How to install and configure Squid Proxy on Ubuntu 22.04

In this guide we will learn how to install and configure Squid Proxy server on a Ubuntu 22.04 server.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems.

Squids reverse proxy is a service that sits between the Internet and the webserver (usually within a private network) that redirects inbound client requests to a server where data is stored for easier retrieval. If the caching server (proxy) does not have the cached data, it then forwards the request on to the web server where the data is actually stored. This type of caching allows for the collection of data and reproducing the original data values stored in a different location to provide for easier access.

A reverse proxy typically provides an additional layer of control to smooth the flow of inbound network traffic between your clients and the web server.

When selecting a computer system for use as a dedicated Squid caching proxy server, many users ensure it is configured with a large amount of physical memory (RAM) as Squid maintains an in-memory cache for increased performance.

Related content:

# Prerequisites

  • An updated Ubuntu 22.04 server with at least 1GB of RAM
  • Root access to the server or user with sudo access
  • Access to the internet from the server

# Table of Content

  1. Ensuring that the server is up to date
  2. Installing squid proxy server
  3. Starting and enabling the squid service
  4. Configuring your web browser
  5. Configuring squid
  6. Using squid proxy Access Control List (ACL)
  7. Using Squid to cache web pages

# 1. Ensuring that the server is up to date

Before proceeding, let us ensure that our server has updated packages. Use this command to achieve that:

sudo apt update
sudo apt upgrade -y

# 2. Installing Squid proxy server

The packages providing squid proxy server are available in the default Ubuntu repositories. Install it using this command:

sudo apt install -y squid

Confirm that the package was installed as expected

$ apt-cache policy squid
  Installed: 5.2-1ubuntu4.1
  Candidate: 5.2-1ubuntu4.1
  Version table:
 *** 5.2-1ubuntu4.1 500
        500 jammy-updates/main amd64 Packages
        500 jammy-security/main amd64 Packages
        100 /var/lib/dpkg/status
     5.2-1ubuntu4 500
        500 jammy/main amd64 Packages

# 3. Starting and enabling the squid service

The squid proxy server will be started by default in our Ubuntu system. To check the status, issue this command:

$ sudo systemctl status squid
● squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-08-04 18:20:40 UTC; 1min 14s ago
       Docs: man:squid(8)
    Process: 476 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, status=0/SUCCESS)
   Main PID: 588 (squid)
      Tasks: 4 (limit: 2311)
     Memory: 26.7M
        CPU: 240ms
     CGroup: /system.slice/squid.service
             ├─588 /usr/sbin/squid --foreground -sYC
             ├─607 "(squid-1)" --kid squid-1 --foreground -sYC
             ├─666 "(logfile-daemon)" /var/log/squid/access.log
             └─673 "(pinger)"

Aug 04 18:20:40 local-kip-ubuntu2204-srv squid[607]: Using Least Load store dir selection
Aug 04 18:20:40 local-kip-ubuntu2204-srv squid[607]: Set Current Directory to /var/spool/squid
Aug 04 18:20:40 local-kip-ubuntu2204-srv squid[607]: Finished loading MIME types and icons.
Aug 04 18:20:40 local-kip-ubuntu2204-srv squid[607]: HTCP Disabled.
Aug 04 18:20:40 local-kip-ubuntu2204-srv squid[607]: Pinger socket opened on FD 14
Aug 04 18:20:40 local-kip-ubuntu2204-srv squid[607]: Squid plugin modules loaded: 0
Aug 04 18:20:40 local-kip-ubuntu2204-srv squid[607]: Adaptation support is off.
Aug 04 18:20:40 local-kip-ubuntu2204-srv squid[607]: Accepting HTTP Socket connections at conn3 local=[::]:3128 remote=[::] FD 12 flags=9
Aug 04 18:20:40 local-kip-ubuntu2204-srv systemd[1]: Started Squid Web Proxy Server.
Aug 04 18:20:41 local-kip-ubuntu2204-srv squid[607]: storeLateRelease: released 0 objects

We can confirm that the service is running from the above command. To ensure that the service starts on boot, use the enable command:

sudo systemctl enable squid

# 4. Configuration for Your Web Browser

Before you make any changes to the squid configuration file, you have to change some settings in your web browser. So, open your web browser and open “network settings”, then proceed to “proxy settings”. Click on the “manual proxy” configuration, then write the **IP_Address **of your squid proxy server in the HTTP proxy bar and port no (by default, squid proxy port is 3128). Now, the squid proxy will go through your IP_Address. You can check it by typing any URL in your web browser; it will give you an error saying access denied, and to allow the access, we have to make changes in the squid configuration file.

# 5. Configuring Squid

The default Squid configuration file is located in the /etc/squid/ directory, and the main configuration file is called squid.conf. This file contains the bulk of the configuration directives that can be modified to change the behaviour of Squid. The lines that begin with a #, are commented out or not read by the file. These comments are provided to explain what the related configuration settings mean.

To edit the configuration file, let’s start by taking a backup of the original file, in case we need to revert any changes if something goes wrong or use it to compare the new file configurations.

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

Now that a copy has been made as a backup file, we can make changes in the “squid.conf” file.

To open “squid.conf” file in vim, type this command:

sudo vim /etc/squid/squid.conf

Go to the line

http_access deny all

Change it to:

http_access allow all

You will have to restart the squid proxy server for the changes to apply. Use this command:

sudo systemctl restart squid

Now, check your web browser again, type any URL, and it should be working.

# 6. Using squid proxy ACL (Access Control List)

We can also use Squid as to control access to different websites(web traffic) by either allowing or blocking them. To do so, go to the line acl CONNECT method CONNECT.

And below this line, write the ACL (access control list) to block the websites you want.

acl block_websites dstdomain

Then deny the statement.

http_access deny block_websites

Save the changes, and to check whether your blocked websites are blocked or not, restart your squid service and verify the URL in your web browser.

You can also block a user from downloading specific files like audio and video files using ACL.

acl  media_files  urlpath_regex -i  \.(mp3|mp4|FLV|AVI|MKV)

It will prevent the user from downloading audio or video files with extensions like mp3, mp4, FLV, etc. Add any file extension you want to prevent from downloading. Now, below this line, write the deny statement.

http_access deny media_files

The media files will then be blocked from downloading.

# 7. Using Squid to Cache web pages

Proxy servers are also used for boosting the network performance by loading the web page faster by caching the website’s data. You can also change the directory location where cached data should be stored. Moreover, you can also change the cache file size and no. of directories in which data would be saved.

To make changes, open squid.conf file and go to the following line:

#chache_dir ufs /opt/squid/var/cache/squid 100 16 256

This line will be commented by default, so uncomment this line by removing the # sign.

In the above line, there is a phrase “100 16 256”. The 100 shows the size of the cache file, and you may change it to any size like 300. 16 shows the number of directories in which the cache file is saved. **256 **shows the no. of subdirectories.

chache_dir ufs /opt/squid/var/cache/squid 300 20 260

You can also change the size of the cache file by adding the following line in the “squid.conf” file:

cache_mem 300 MB

If you want to change the path of the cache file directory, create new dir structure using this command:

sudo mkdir -p /path/where/you/want/to/place/file

To change the ownership of the cache directory to squid proxy, you have to execute this command:

sudo chown -R proxy:proxy /path/where/you/want/to/place/file

Now, stop the squid service using this command:

sudo systemctl stop squid

And then run the command with this command to make the missing cache directories in the new cache directory:

sudo squid -z

Now, start the squid service again using the command below:

sudo systemctl start squid

# Wrapping up

We have managed to install and configure squid proxy server in this guide. Squid proxy is a very good tool that can be used in organizations or by small internet service providers to control web traffic and internet access. It boosts web browsing speed and provides security mechanisms for web traffic.

Last updated on Mar 20, 2024 17:19 +0300
comments powered by Disqus
Citizix Ltd
Built with Hugo
Theme Stack designed by Jimmy