Howto: Squid (HTTP) Proxy
Posted: Wed Sep 05, 2012 12:11 pm
Hello again !
Vacation is over, so time to keep some promises.
Now, what is a proxy ? A proxy is an intermediary in plain English and this is exactly what Squid will do for us at the end of this tutorial.
It should work in any Prometeus plans, including the 50 cents one, however, keep in mind that Squid's performance (unlike VPN which simply relays traffic) is given by it's ability to cache the content, so, the more memory, the better, but it will have very little impact unless it is running in our internal LAN.
How it works ?
We connect to Squid by setting the VPS's IP in our browser as HTTP proxy and add the port too. It is very important to have authentication of some kind, otherwise everyone will be able to connect snd use your VPS for some unknown and unpredictible (but mostly dastardly) deeds. We open a page in that browser (you can install one especially for this kind of browsing) and the browser will send the request to Squid, Squid will look up the page, get the content in it's memory and passes it on to our browser. This is it, we see the page !
What if we want to post something ? No problem, our browser will send the data to Squid as well as the address where to put it, and Squid will do the job.
This is where caching comes into place. Normally your connection at home is way slower than that of the VPS, so Squid will be able to gather all the page before sending it to you one piece at at time. It will also remember it, so won't need to redownload it the next time you request it, or parts of it.
Unfortunatelly, while this is good if Squid is on the same LAN with you caching the gateway, you will not benefit much from caching if Squid is doing it out there in the internet, you still depend on your slow connection to get the content, this is why for this scenario when you simply need a different IP in a different country to access some restricted content, a VPN is the preferred method as it involves much better encryption and Squid's cache is irrelevant anyway. There are still some scenarios when a HTTP proxy is needed, for example when encrypted traffic is forbidden or other rare cases, so, since this was requested, this is the tutorial
1. Preparing your VPS.
As usual i will use Debian stable 32 bit, so, we will install that by logging into our SolusVM panel and install it (note: in this case you don't need any OVZ modules, IPTables and whatnot):
Click on the Install button:
and choose Debian 6 32 bit:
Click reinstall and wait it to finish. It should not take longer than a couple of minutes. Now set the root password to a combination of letters and numbers such as Pa55Mine and use a ssh client to login, putty should be fine:
Now issue the following commands:
Answer all prompts with yes.
Now it is time to
2. Install Squid.
Also an user-friendly editor:
3. Configure Squid.
At the top add this (copy/paste works in putty if you use nano):
You need to locate http_port 3128 in the file and change it to something between 1024-65535 to be less obvious for bots looking for free proxies:
CTRL+w type http_port 3128 and you will be taken there. Replace 3128 with the port of your choice.
CTRL+O to save and CTRL+X to exit.
Now we create a file for users and passwords: and add at least an user and a password:
Replace user-for-accessing-squid with your actual user name and when asked type a password of minimum 8 chars containing upper and lower case chars and numbers at least.
If you get some error do and repeat the command. If you still get some error, write here the error and I will update the tutorial with the solution. This is valid at any point, if you encounter some error, post it here.
Restart your VPS with:
You should be able to connect using your browser after you add the proxy to it. You need to input the VPS IP and port you choose (in our case 1111) in the HTTP proxy field. You MUST receive an authentication dialog, if it works directly, there is some problem and your proxy is listening to anyone, in effect being an open proxy. It should not happen, never leave it without controlled access.
For any problems, just reply and we'll solve it together.
Admin
(Thanks Erawan for providing the basis for this, it saved me some time)
Vacation is over, so time to keep some promises.
Now, what is a proxy ? A proxy is an intermediary in plain English and this is exactly what Squid will do for us at the end of this tutorial.
It should work in any Prometeus plans, including the 50 cents one, however, keep in mind that Squid's performance (unlike VPN which simply relays traffic) is given by it's ability to cache the content, so, the more memory, the better, but it will have very little impact unless it is running in our internal LAN.
How it works ?
We connect to Squid by setting the VPS's IP in our browser as HTTP proxy and add the port too. It is very important to have authentication of some kind, otherwise everyone will be able to connect snd use your VPS for some unknown and unpredictible (but mostly dastardly) deeds. We open a page in that browser (you can install one especially for this kind of browsing) and the browser will send the request to Squid, Squid will look up the page, get the content in it's memory and passes it on to our browser. This is it, we see the page !
What if we want to post something ? No problem, our browser will send the data to Squid as well as the address where to put it, and Squid will do the job.
This is where caching comes into place. Normally your connection at home is way slower than that of the VPS, so Squid will be able to gather all the page before sending it to you one piece at at time. It will also remember it, so won't need to redownload it the next time you request it, or parts of it.
Unfortunatelly, while this is good if Squid is on the same LAN with you caching the gateway, you will not benefit much from caching if Squid is doing it out there in the internet, you still depend on your slow connection to get the content, this is why for this scenario when you simply need a different IP in a different country to access some restricted content, a VPN is the preferred method as it involves much better encryption and Squid's cache is irrelevant anyway. There are still some scenarios when a HTTP proxy is needed, for example when encrypted traffic is forbidden or other rare cases, so, since this was requested, this is the tutorial
1. Preparing your VPS.
As usual i will use Debian stable 32 bit, so, we will install that by logging into our SolusVM panel and install it (note: in this case you don't need any OVZ modules, IPTables and whatnot):
Click on the Install button:
and choose Debian 6 32 bit:
Click reinstall and wait it to finish. It should not take longer than a couple of minutes. Now set the root password to a combination of letters and numbers such as Pa55Mine and use a ssh client to login, putty should be fine:
Now issue the following commands:
Code: Select all
apt-get update
Code: Select all
apt-get upgrade
Code: Select all
apt-get remove samba*
Answer all prompts with yes.
Now it is time to
2. Install Squid.
Code: Select all
apt-get install squid
Code: Select all
squid -k shutdown
Code: Select all
apt-get install nano
Code: Select all
nano /etc/squid/squid.conf
Code: Select all
auth_param basic program /usr/lib/squid/pam_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 4 hours
acl password proxy_auth REQUIRED
http_access allow password
forwarded_for off
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/users_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
CTRL+w type http_port 3128 and you will be taken there. Replace 3128 with the port of your choice.
CTRL+O to save and CTRL+X to exit.
Now we create a file for users and passwords:
Code: Select all
touch /etc/squid/users_passwd
Code: Select all
htpasswd /etc/squid/users_passwd user-for-accessing-squid
If you get some error do
Code: Select all
apt-get install apache2
Restart your VPS with:
Code: Select all
init 6
For any problems, just reply and we'll solve it together.
Admin
(Thanks Erawan for providing the basis for this, it saved me some time)