Install Squid Proxy on Debian 11 | Best Proxy Server

By Posted on

Install Squid Proxy on Debian 11 | Best Proxy Server

Install Squid Proxy on Debian 11 | Best Proxy Server

This tutorial aims to guide you through the process of How To Install Squid Proxy on Debian 11. Squid is a high-performance proxy caching server for web clients. It supports HTTP, HTTPS, FTP, and more. Squid primarily caches web content to reduce bandwidth usage, improve response times, and acts as a gateway, filtering traffic and enhancing network security. It’s a powerful tool for managing internet access within a network. Setting up a proxy server like Squid offers numerous advantages, including content caching, access control, and improved security.

You can now proceed to the guide steps below on the Orcacore website to Set up Squid Proxy Server on Debian 11.

Steps To Install and Configure Squid Proxy on Debian 11

To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide on Initial Server Setup with Debian 11.

1. Install Squid Proxy on Debian 11

First, you need to update your local package index with the command below:

sudo apt update

Then, you can use the following command to install Squid proxy on your server:

sudo apt install squid

Squid will start automatically after you install it on your server.

To check that your service is active and running on your server, run the following command:

sudo systemctl status squid.service

In your output you will see:

**Output**
● squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
     Active: **active** (**running**) since Wed 2022-12-07 06:13:12 EST; 9s ago
       Docs: man:squid(8)
    Process: 1726 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, status=0/SUCCESS)
   Main PID: 1729 (squid)
      Tasks: 4 (limit: 4679)
     Memory: 15.9M
        CPU: 874ms
     CGroup: /system.slice/squid.service
...

2. Configure Squid Proxy on Debian 11

Now you need to make some configuration changes in the Squid configuration file on Debian 11 to allow clients to connect to Squid from outside this server.

Open the file with your favorite text editor, here we use vi:

sudo vi /etc/squid/squid.conf

Find the lines below in the file:

...
http_access allow localhost
...
http_access deny all
...

You can change the deny all to allow all, and anyone can connect to your proxy server. But it’s not recommended to do that. You can add the line below and define your IP address to connect to the Squid proxy.

You can find your IP address from the What’s My IP?

Then, add the below line above the http_access allow localhost line.

...
acl localnet src your_ip_address
http_access allow localhost
...

When you are done, save and close the file.

3. Secure Squid Proxy on Debian 11

At this point, you need to secure your Squid proxy on Debian 11. Squid allows you to create username-password pairs using built-in Linux functionality, as an additional or an alternative step to restricting access to your proxy by IP address.

First, you need to install some utilities from Apache to have access to a password generator that squid likes:

sudo apt install apache2-utils -y

Then, you can use the htpasswd command to generate a password for your new Squid user:

sudo htpasswd -c /etc/squid/passwords your_squid_username

You will be asked to enter a password for your Squid user.

This command will store your username along with a hash of your new password in /etc/squid/passwords, which will be used as an authentication source by Squid.

You can use the following command to see what that looks like:

sudo cat /etc/squid/passwords
**Output**
orca:$apr1$/HslOpUy$i7MKbeDCzMbHcxcIUVgB5/

Now you need to open the Squid configuration file on Debian 11 again with your favorite text editor, here we use vi:

sudo vi /etc/squid/squid.conf

Then, add the red lines in your file:

...
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
include /etc/squid/conf.d/*
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# Example rule allowing access from your local networks.
acl localnet src your_ip_address
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all
...

When you are done, save and close the file.

To apply the changes, restart your Squid service on Debian 11:

sudo systemctl restart squid.service

4. Configure Firewall For Squid

We assumed that you have enabled the UFW firewall. Now you need to open port 3128 through the firewall with the following command:

sudo ufw allow 3128

Reload the firewall to apply the new rules:

sudo ufw reload

5. Connect through Squid Proxy Server

To display your Squid server, you can use the curl command on Debian 11. To do this, run the following command:

curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 http://www.google.com/

In your output you will see:

Install Squid Proxy on Debian 11. HTTP Access

Also, you can access HTTPs sites with your Squid proxy without any configuration changes.

curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 https://www.google.com/

In your output you will see:

Connect through Squid Proxy Server - HTTPs Access

For more information about Squid proxy, you can visit the Squid Documentation page.

Conclusion

At this point, you have learned to Install and Configure Squid Proxy on Debian 11. The purpose of using Squid proxy on Debian 11 is to improve web performance, control internet access, and enhance security. It caches web content, reduces bandwidth usage, and acts as a filtering proxy for managing and restricting network traffic.

Hope you enjoy it. You may also like these articles:

Set up Java_Home Path on Debian 11

How To Install PowerDNS on Debian 11

How To Install GitLab on Debian 11

Alternative Solutions to Setting Up a Proxy Server on Debian 11

While Squid is a robust and feature-rich solution, there are alternative approaches to setting up a proxy server on Debian 11. These alternatives may be simpler to configure for basic use cases or offer specific advantages depending on your needs. Here are two such alternatives:

1. Tinyproxy

Tinyproxy is a lightweight HTTP/HTTPS proxy server designed for simplicity and speed. It’s particularly well-suited for small networks or resource-constrained environments where a full-fledged Squid installation might be overkill.

Explanation:

Tinyproxy focuses solely on HTTP and HTTPS proxying, omitting features like FTP caching or transparent proxying found in Squid. This streamlined approach results in a smaller memory footprint and simpler configuration. It is configured via a single configuration file, typically located at /etc/tinyproxy.conf. Key configurations include the port it listens on (default is 8888), the IP addresses it allows connections from, and basic access control rules.

Installation:

sudo apt update
sudo apt install tinyproxy

Configuration (Basic Example):

Open /etc/tinyproxy.conf with your favorite editor (e.g., sudo nano /etc/tinyproxy.conf). Uncomment (remove the # at the beginning of the line) or add the following lines (adjusting to your specific needs):

Port 8888
Allow 192.168.1.0/24  # Allows connections from the 192.168.1.x network

Save the file and restart Tinyproxy:

sudo systemctl restart tinyproxy

Firewall Configuration:

Allow traffic on port 8888:

sudo ufw allow 8888
sudo ufw reload

Connecting:

To use Tinyproxy, configure your client (web browser, application) to use the proxy server at <your_server_ip>:8888. No username/password is required with the above basic configuration.

Advantages:

  • Simplicity: Easier to configure and manage than Squid.
  • Lightweight: Requires fewer resources.
  • Good for basic HTTP/HTTPS proxying needs.

Disadvantages:

  • Limited Features: Lacks advanced caching, filtering, and authentication options compared to Squid.
  • Less Scalable: Not designed for large, high-traffic networks.

Using Tinyproxy offers a simpler approach to setting up a proxy server, particularly when advanced features aren’t required.

2. Dante (SOCKS Proxy)

While Squid and Tinyproxy are HTTP/HTTPS proxies, Dante is a SOCKS proxy server. SOCKS proxies operate at a lower level than HTTP proxies and can handle any type of network traffic, including protocols other than HTTP(S). This makes Dante suitable for applications that don’t support HTTP proxies or require more flexibility.

Explanation:

Dante acts as a generic TCP/UDP forwarder. Clients connect to Dante, and Dante forwards their traffic to the intended destination. It supports various authentication methods and access control lists (ACLs). Configuration is typically done through the /etc/dante.conf file.

Installation:

sudo apt update
sudo apt install dante-server

Configuration (Basic Example):

Edit /etc/dante.conf (e.g., sudo nano /etc/dante.conf). A minimal configuration might look like this:

logoutput: /var/log/dante.log

internal: 192.168.1.1 port = 1080  # Replace with your server's internal IP address

external: eth0  # Replace with your external network interface

method: none  # No authentication for this example (NOT RECOMMENDED FOR PRODUCTION)

client pass {
        from: 192.168.1.0/24 to: 0.0.0.0/0
        log: connect disconnect
}

pass {
        from: 192.168.1.0/24 to: 0.0.0.0/0
        log: connect disconnect
}
  • logoutput: Specifies the log file.
  • internal: Defines the IP address and port Dante listens on. Replace 192.168.1.1 with the server’s internal IP.
  • external: Specifies the network interface used for external connections.
  • method: none: Disables authentication (use a more secure method in production, such as username).
  • client pass and pass sections define access control rules.

Restart Dante:

sudo systemctl restart dante-server

Firewall Configuration:

Allow traffic on port 1080 (or the port you configured in dante.conf):

sudo ufw allow 1080
sudo ufw reload

Connecting:

Configure your client to use a SOCKS proxy at <your_server_ip>:1080. The exact method varies depending on the application. Many applications require you to specify the SOCKS version (typically SOCKS5).

Advantages:

  • Versatile: Can handle any TCP/UDP traffic.
  • Flexible: Supports various authentication methods.
  • Useful for applications that don’t support HTTP proxies.

Disadvantages:

  • More Complex: Can be more complex to configure than HTTP proxies, especially for authentication.
  • Less HTTP-Aware: Doesn’t provide HTTP-specific features like caching.

Choosing Dante as a SOCKS proxy offers a versatile solution when you need to proxy non-HTTP traffic or require a more flexible approach to network forwarding. Install Squid Proxy on Debian 11 provides a solid foundation, but understanding these alternatives allows you to select the best tool for the job. Install Squid Proxy on Debian 11 is a good starting point for many proxy needs.

These alternative methods provide different advantages and disadvantages compared to Install Squid Proxy on Debian 11, and the best choice depends on your specific requirements and network environment.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *