Servers 101: Setting up a Password-Protected proxy server with Squid
Have you always wanted your own private proxy server? We are going to create one, right now! It will take ~10 minutes to install and configure our proxy server.
The guide was created with Debian 9 as basis. It may work in older versions and other linux distros as well, but I haven't tested it. Let me know if you have problems and I'll help out as soon as I can!
Other stuff in the Server 101 series:
- Intro and getting into your server - Single Article
- Basic Server Security - 3 Parts
- Setting up a Web Server - 4 Parts
- Managing Your Server - 4 Parts
- caddy - Lightweight Web Server - 1 Part
- Emailify your server! - 6 Parts
A proxy server is a good thing to have. If you suspect that your ISP blocks a website, you can use your proxy to check it!
By following this tutorial, you agree that you won't hold me accountable if your proxy server gets abused. It is your own responsibility. You also agree that you won't use this proxy to circumvent bans from websites. Finally, before starting, make sure that your server provider allows you to use their services for proxy. There is usually distinctions between password-protected and unprotected proxies. Contact them first if you are not sure they allow password-protected proxies!
We are going to install & configure Squid3, with password protection.
Also, you need admin privileges. sudo su will do it.
Installing squid3 and Apache2's htpasswd
Start with update and installation:
apt-get update
apt-get install squid3 apache2-utils -y
It will take a couple of seconds to download and install squid & apache2-utils. We will be installing apache2-utils to use htpasswd for generating our passwords.
Squid Configuration
We will start by moving the original config file: mv /etc/squid/squid.conf /etc/squid/squid.conf.bak
And then we will create a new one: nano /etc/squid/squid.conf
Copy and paste this block:
http_port 3128
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/.passwd
auth_param basic children 1
auth_param basic credentialsttl 1 minute
auth_param basic casesensitive off
acl auth proxy_auth REQUIRED
acl localhost src 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
http_access allow all
cache deny all
forwarded_for delete
request_header_access Via deny all
Feel free to change the http_port, and remove the acl SSL_ports line, as well as the acl Safe_ports lines. Safe_ports entries limit the connection of the proxy to the specified port(s). You can have a virtual unlimited number of safe_ports.
Save and exit
Creating the password file, and generating a username and password
Run these 2 commands
touch /etc/squid/.passwd
htpasswd -c /etc/squid/.passwd USERNAME_HERE
You will be asked to input a password twice. You can use htpasswd to create as many users as you want to!
Removing a user
If at any point you want to remove a username/password combo, there are 3 steps you have to do:
nano /etc/squid/.passwd
Locate the line you want to remove (example: dimitrisp:$pass$wordasdt$G/D7dfgxjeavc3OXA/4Pgh/) and remove it from the file.
Save and exit!
Now we have to restart squid
We didn't restart squid, so it is still unsecure. Anyone can use it. Go ahead and restart it!
service squid restart
Your proxy is now ready for use! Configure it in your browser, and have fun!
If you need a place to host your servers consider Vultr, Digital Ocean and BuyVM.
These are affiliate links. If you sign up through them, you support me and I will have more free time to write more content like this.
Also If you signup for Digital Ocean through my affiliate link, you will get $10 to try them out. Note: to battle abusers of this offer, you'll have to make a $5 deposit via Paypal or add your credit/debit card, so they can confirm that you are a new user. I did a deposit via Paypal to test them out, and then I added my credit card so I won't have to deposit money manually every now and then.
