How to Install a Proxy using SQUID3 on Debian 7

Google+0
LinkedIn0

This tutorial is to show you how to install a proxy on Debian 7 using SQUID3

In order for this to work correctly you will need to follow these instructions.

 

#!/bin/bash

# ©2013-14 Mark Mearns. All Rights Reserved.
# This script is distributed under a Creative Commons ShareAlike 3.0 licence.
# http://creativecommons.org/licenses/by-sa/3.0/

clear

echo " "
echo "*****************************************************"
echo "WELCOME TO THE SQUID PROXY SERVER INSTALLATION SCRIPT"
echo "-----------------------------------------------------"
echo " "
echo " This script will set up a password protected, elite"
echo "             proxy on your target server"
echo " "
echo "*****************************************************"
echo " "
echo " "
echo "Please enter a user name for Squid:"
read u
echo " "
echo "Please enter a password (will be shown in plain text while typing):"
read p
echo " "

clear

a="`netstat -i | cut -d' ' -f1 | grep eth0`";
b="`netstat -i | cut -d' ' -f1 | grep venet0:0`";

if [ "$a" == "eth0" ]; then
  ip="`/sbin/ifconfig eth0 | awk -F':| +' '/inet addr/{print $4}'`";
elif [ "$b" == "venet0:0" ]; then
  ip="`/sbin/ifconfig venet0:0 | awk -F':| +' '/inet addr/{print $4}'`";
fi

apt-get update
apt-get -y install apache2-utils
apt-get -y install squid3

rm /etc/squid3/squid.conf

cat > /etc/squid3/squid.conf <<END
acl ip1 myip $ip
tcp_outgoing_address $ip ip1

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_port 3128

hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid3
cache deny all

refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320

icp_port 3130

forwarded_for off

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
END

htpasswd -b -c /etc/squid3/squid_passwd $u $p

service squid3 restart

clear

echo " "
echo "***************************************************"
echo "   Squid proxy server set up has been completed."
echo " "
echo "You can access your proxy server at $ip"
echo "on port 3128 with user name $u"
echo " "
echo "***************************************************"
echo " "
echo " "

Login as root to the server that you will install SQUID on and with our favourite text editor and some copy/paste technique we will create the executable script.

nano squid-install.sh

Paste the text in the code section above and save the file.

Make it executable with this command

chmod +x ./squid-install.sh

Execute the script and follow the instructions. You will actually only need to enter a username and password that will protect the proxy from anonymous use.

The username and password is shown in clear-text when entering them, this is the only time they will be shown in clear-text so make sure no one is watching over your shoulder.

./squid-install.sh

When everything is installed you will see the IP and username needed to connect to your proxy.

To add another user you can run this command on the server running your Squid proxy server.

htpasswd -b /etc/squid3/squid_passwd username password

Change username to the username you would like to add and password to the password you would like to use.

A good place to get a VPS to get take advantage of this tutorial is www.owned-networks.net