LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Setting Up Your VPS as a Squid Proxy Server

Tags: , , , Date/Time: November 16, 2015 @ 3:58 pm, by SysAdmin

lowendtutorial

Looking for a proxy server app that can be rapidly deployed on Linux?

Installing Squid on your low end box can provide your organization with a robust proxy server that can facilitate a secure Internet connection for your end users. Squid can also provide logging, access control and antivirus capabilities though such features are outside of the scope of this tutorial.

3 Simple Reasons to Install Squid
A proxy server facilitates and centralizes Internet traffic for your network. When you require your end users to connect to a corporate proxy server, you can:

• Monitor bandwidth and usage
• Provide Content Filtering
• Ensure That Connections are Encrypted

Another added benefit of using a VPS as a proxy server is the speed provided by the app. Since Squid is lightweight, a low end box could easily become a proxy server for a small to medium sized business.

So, let’s get started!

How to Setup Squid on Ubuntu
Ready to start setting up Squid as a proxy server? Here is a few things you need to know before beginning your installation of Squid on a Debian or Ubuntu VPS.

Step 1 – Spin up your VPS and Login with Putty
Configure an SSH connection to your box with administrative privileges.

Step 2 – Install Squid
Squid can be found in Ubuntu repositories. The following commands must be run in order to make sure that you have up to date system before installing Squid. At the command line interface, type:

sudo apt-get upgrade
sudo apt-get update
sudo apt-get install squid

Tip: Copy the original file that would serve as a backup

sudo cp /etc/squid3/squid.conf.default

Step 3 – Setup Access Restrictions
A rookie mistake is to leave your new proxy server open to anonymous authentication.

The best way to secure your server is to register a free dynamic DNS from a provider like dynu.com. You can restrict access to your server by creating a white list for your organizations IP address with this service.

Step 4 – Configure Squid Proxy
The Squad configuration must first be edited.

Append this file: /etc/squid3/squid.conf

http_access allow client
acl client src 12.123.123.123# Home IP

Replace the word “client” with the hostname that identifies your hostname. Replace the 12.123.123.123 with the IP address of your remote site.

You may have to repeat this step to provide secured access to your dynamic DNS service. Instead of using src, you could use srcdomain and use the hostname of your dynamic DNS service to provide access.

Step 5 – Restart Squid and Check Connectivity
After these settings are applied, restart Squid by typing:

service squid3 start

Try to ping the server or connect to it from your remote network.

Step 6 – Add the Proxy Into Your Browsers
If you have a Windows environment, you may want to issue a group policy object that requires your Internet browsers to use the IP address and ports that you’ve designated for Squid.

Note: Squid uses port 3128 by default.

Step 7 – Test Connectivity
Go to Google and type, what is my IP address? The answer is often displayed on the search engine result page. If all went well, you should receive the IP address of your low end box and not the IP address of your ISP.

Special Note
This will be the first in a series of additional tutorials written by the staff at ColoCrossing. Be gentle, we’re new to the blogging thing. :)

Comments and feedback are welcome. Thanks guys!

11 Comments

  1. Igor:

    Very nice and what’s more valuable tutorial. I’m using danted for my SOCKS5 and it’s great also. Hope to see more these kind of tutorials here on LEB.

    November 17, 2015 @ 10:54 am | Reply
  2. MKV:

    Another thing worth considering for private use is change the proxy port to a random high port like

    http_port 52919

    which will make it pretty difficult for anybody to find it. Of course you must remeber the port in your browser proxy settings :)

    In case you need to hide your original IP (I use this for accessing a customer’s server from abroad which is normally impossible) I use setting

    forwarded_for delete

    Now the customer’s system has no clue about my real IP and only sees the IP of the proxy.

    November 17, 2015 @ 11:19 am | Reply
  3. someguy1:

    For step 2, ‘sudo apt-get update’ should be run before ‘upgrade’ but you have them listed in the wrong order.

    November 17, 2015 @ 4:25 pm | Reply
  4. Thanks! I just install on my NAS server.

    November 18, 2015 @ 8:15 pm | Reply
  5. Anthony:

    If “sudo apt-get install squid” doesn’t work, try using “sudo apt-get install squid3”. On my Debian system using squid doesn’t work.

    Great work guys. I look forward to reading your next tutorials.

    November 19, 2015 @ 1:28 am | Reply
  6. Nice job, simple and easy for people to follow. Many of our clients use their VPS plans with us for Squid.

    November 21, 2015 @ 2:05 am | Reply
  7. Fritz:

    What do you mean by “Ensure That Connections are Encrypted”

    AFAIK, using Squid does not provide encryption.

    November 24, 2015 @ 9:13 am | Reply
  8. Very easy to follow tutorial, I was able to use it to help my client setup a proxy server on their VPS they just purchased.

    January 15, 2017 @ 11:27 pm | Reply
  9. fastssh:

    986.794.564.45

    March 16, 2017 @ 10:10 pm | Reply
  10. It is still accurate?

    April 10, 2020 @ 8:04 am | Reply
  11. Easy tutorial, thank you.

    August 24, 2020 @ 8:46 am | Reply

Leave a Reply to someguy1 Cancel reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *