Howto: Squid (HTTP) Proxy

Links to great tutorials and original contributions.
Don't know how to setup your VPN ? How to install a panel ? How to tweak yout VPS ? Check here and ask if you don't find what you are looking for.
Post Reply
Admin
Site Admin
Posts: 490
Joined: Wed Jul 25, 2012 10:54 pm

Howto: Squid (HTTP) Proxy

Post by Admin » Wed Sep 05, 2012 12:11 pm

Hello again !

Vacation is over, so time to keep some promises.

Now, what is a proxy ? A proxy is an intermediary in plain English and this is exactly what Squid will do for us at the end of this tutorial.
It should work in any Prometeus plans, including the 50 cents one, however, keep in mind that Squid's performance (unlike VPN which simply relays traffic) is given by it's ability to cache the content, so, the more memory, the better, but it will have very little impact unless it is running in our internal LAN.
How it works ?
We connect to Squid by setting the VPS's IP in our browser as HTTP proxy and add the port too. It is very important to have authentication of some kind, otherwise everyone will be able to connect snd use your VPS for some unknown and unpredictible (but mostly dastardly) deeds. We open a page in that browser (you can install one especially for this kind of browsing) and the browser will send the request to Squid, Squid will look up the page, get the content in it's memory and passes it on to our browser. This is it, we see the page !
What if we want to post something ? No problem, our browser will send the data to Squid as well as the address where to put it, and Squid will do the job.
This is where caching comes into place. Normally your connection at home is way slower than that of the VPS, so Squid will be able to gather all the page before sending it to you one piece at at time. It will also remember it, so won't need to redownload it the next time you request it, or parts of it.
Unfortunatelly, while this is good if Squid is on the same LAN with you caching the gateway, you will not benefit much from caching if Squid is doing it out there in the internet, you still depend on your slow connection to get the content, this is why for this scenario when you simply need a different IP in a different country to access some restricted content, a VPN is the preferred method as it involves much better encryption and Squid's cache is irrelevant anyway. There are still some scenarios when a HTTP proxy is needed, for example when encrypted traffic is forbidden or other rare cases, so, since this was requested, this is the tutorial :)

1. Preparing your VPS.

As usual i will use Debian stable 32 bit, so, we will install that by logging into our SolusVM panel and install it (note: in this case you don't need any OVZ modules, IPTables and whatnot):
Click on the Install button:
Image
and choose Debian 6 32 bit:
Image
Click reinstall and wait it to finish. It should not take longer than a couple of minutes. Now set the root password to a combination of letters and numbers such as Pa55Mine and use a ssh client to login, putty should be fine:
Image
Now issue the following commands:

Code: Select all

apt-get update

Code: Select all

apt-get upgrade

Code: Select all

apt-get remove samba*

Answer all prompts with yes.
Now it is time to

2. Install Squid.

Code: Select all

apt-get install squid

Code: Select all

squid -k shutdown
Also an user-friendly editor:

Code: Select all

apt-get install nano
3. Configure Squid.

Code: Select all

nano /etc/squid/squid.conf
At the top add this (copy/paste works in putty if you use nano):

Code: Select all

auth_param basic program /usr/lib/squid/pam_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 4 hours
acl password proxy_auth REQUIRED
http_access allow password
forwarded_for off
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/users_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
You need to locate http_port 3128 in the file and change it to something between 1024-65535 to be less obvious for bots looking for free proxies:
CTRL+w type http_port 3128 and you will be taken there. Replace 3128 with the port of your choice.
Image
CTRL+O to save and CTRL+X to exit.
Now we create a file for users and passwords:

Code: Select all

touch /etc/squid/users_passwd
and add at least an user and a password:

Code: Select all

htpasswd /etc/squid/users_passwd user-for-accessing-squid
Replace user-for-accessing-squid with your actual user name and when asked type a password of minimum 8 chars containing upper and lower case chars and numbers at least.
If you get some error do

Code: Select all

apt-get install apache2
and repeat the command. If you still get some error, write here the error and I will update the tutorial with the solution. This is valid at any point, if you encounter some error, post it here.
Restart your VPS with:

Code: Select all

init 6
You should be able to connect using your browser after you add the proxy to it. You need to input the VPS IP and port you choose (in our case 1111) in the HTTP proxy field. You MUST receive an authentication dialog, if it works directly, there is some problem and your proxy is listening to anyone, in effect being an open proxy. It should not happen, never leave it without controlled access.
For any problems, just reply and we'll solve it together.

Admin

(Thanks Erawan for providing the basis for this, it saved me some time)

ErawanArifNugroho
Posts: 21
Joined: Thu Aug 02, 2012 2:17 pm
Contact:

Re: Howto: Squid (HTTP) Proxy

Post by ErawanArifNugroho » Thu Sep 06, 2012 3:54 pm

Thank you very much Admin :D

Dusty
Posts: 3
Joined: Mon Aug 27, 2012 12:20 am

Re: Howto: Squid (HTTP) Proxy

Post by Dusty » Fri Sep 07, 2012 4:04 am

Thanks for this! SSH Tunnel for Android requires a proxy setup.

sne291093
Posts: 3
Joined: Mon Jun 17, 2013 11:19 am

Re: Howto: Squid (HTTP) Proxy

Post by sne291093 » Mon Jun 17, 2013 11:21 am

Can u plz tell me how can i remove squid completely from my debian 6?

Admin
Site Admin
Posts: 490
Joined: Wed Jul 25, 2012 10:54 pm

Re: Howto: Squid (HTTP) Proxy

Post by Admin » Tue Jun 18, 2013 9:34 am

Hello !

If only squid, you can use apt-get remove --purge, however, if you do not need other packages installed with it, you may need to uninstall those too.

apt-get remove --purge squidclient squid-cgi squid squid3

sne291093
Posts: 3
Joined: Mon Jun 17, 2013 11:19 am

Re: Howto: Squid (HTTP) Proxy

Post by sne291093 » Mon Jul 29, 2013 5:33 am

But admin i want to run it without any authentication like public proxy...then..what will be the settings in .conf file? plz answer this i need it...

Admin
Site Admin
Posts: 490
Joined: Wed Jul 25, 2012 10:54 pm

Re: Howto: Squid (HTTP) Proxy

Post by Admin » Mon Jul 29, 2013 3:47 pm

Hello !

Public proxy is not allowed, if your software cannot authenticate (we had some cases) you should use another way to connect.

Putting it up without authentication means anyone can impersonate you and hack FBI or watch child porn, do you really need police raids ?

sne291093
Posts: 3
Joined: Mon Jun 17, 2013 11:19 am

Re: Howto: Squid (HTTP) Proxy

Post by sne291093 » Sat Aug 24, 2013 6:02 am

No Admin thank U

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests