Comprehensive Guide How to Set Up a Proxy Server with Squid

A proxy server acts as a gateway between your device and the internet, offering enhanced privacy, caching capabilities, and traffic management. Squid, a popular caching proxy server, is a powerful solution for personal and enterprise use. This guide explains how to set up a Squid proxy server on Ubuntu or CentOS with configurations for no-log operation and user authentication, providing a comprehensive step-by-step process.

---

What Is Squid Proxy Server?

Squid is an open-source proxy server known for its flexibility and performance. It supports caching, access control, and filtering, making it ideal for various use cases:

• Privacy: Masks your IP address and acts as an intermediary between your device and the web.
• Access Management: Restricts usage to specific users or IPs.
• Performance Optimization: Reduces bandwidth usage and improves speed through caching.

---

System Requirements

Before proceeding, ensure your system meets these requirements.

Hardware

• Minimum 2 CPU cores.
• 1 GB RAM (higher for caching or large-scale use).
• 10 GB free disk space for logs and caching.

Software

• A Linux distribution like Ubuntu 20.04/22.04 or CentOS 8/9.
• Root or sudo privileges.

---

Step 1: Update the System

On Ubuntu

sudo apt update && sudo apt upgrade -y

On CentOS

sudo yum update -y

Keeping your system updated ensures compatibility and security.

---

Step 2: Install Squid

On Ubuntu

sudo apt install squid -y

On CentOS

sudo yum install squid -y

After installation, start and enable Squid:

sudo systemctl start squid
sudo systemctl enable squid

Verify that Squid is running:

sudo systemctl status squid

---

Step 3: Basic Configuration

Squid’s main configuration file is located at /etc/squid/squid.conf.

Edit the Configuration File

1. Open the configuration file: sudo nano /etc/squid/squid.conf
2. Add the following basic configuration: # Restrict access to local network acl localnet src 192.168.1.0/24 # Adjust to your network range http_access allow localnet http_access deny all # Listen on default port 3128 http_port 3128
3. Save and exit (CTRL+O, CTRL+X).
4. Restart Squid: sudo systemctl restart squid

---

Step 4: No-Log Configuration

To improve privacy, configure Squid to avoid storing logs.

1. Open the Squid configuration file: sudo nano /etc/squid/squid.conf
2. Add or modify the following lines: access_log none cache_log /dev/null cache_store_log none
3. Save and restart Squid: sudo systemctl restart squid

This ensures that Squid does not store access or cache logs.

---

Step 5: Setting Up User Authentication (optional)

For added security, you can enable HTTP Basic Authentication.

Install Authentication Tools

Perfect 👍 Here’s a complete step-by-step guide in English for setting up Squid proxy with authentication on Rocky Linux, including all commands and the common error you hit with the missing basic_ncsa_auth.

---

🔐 Configure Squid Proxy with Authentication (Rocky Linux)

1. Install Squid and required tools

On Rocky Linux, the htpasswd tool is provided by the httpd-tools package.

sudo dnf install squid httpd-tools -y

---

2. Create the password file

Create a new password file /etc/squid/passwords and add the first user:

sudo htpasswd -c /etc/squid/passwords user1

➡️ The -c flag creates a new file. Do not use -c when adding more users, otherwise it will overwrite the file:

sudo htpasswd /etc/squid/passwords user2

---

3. Set permissions for the password file

Make sure only the Squid process can read it:

sudo chown squid:squid /etc/squid/passwords
sudo chmod 640 /etc/squid/passwords

---

4. Configure Squid for authentication

Open the main config file:

sudo nano /etc/squid/squid.conf

Add the following lines (preferably near the top or under ACL rules):

# --- Authentication configuration ---
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic children 5
auth_param basic realm Squid Proxy
auth_param basic credentialsttl 2 hours
acl authenticated proxy_auth REQUIRED

# Allow authenticated users only
http_access allow authenticated
http_access deny all

💡 Important: On Rocky Linux, the correct path is /usr/lib64/squid/basic_ncsa_auth.
On Debian/Ubuntu it is /usr/lib/squid/basic_ncsa_auth.
If you use the wrong path, Squid will fail to start.

---

5. Test the configuration

Always test before restarting:

sudo squid -k parse

If there are no errors, you’ll see nothing (exit code 0).
If something is wrong, you’ll see an error message with the line number.

---

6. Restart Squid

sudo systemctl restart squid
sudo systemctl enable squid
sudo systemctl status squid

---

7. Open the firewall for Squid

By default, Squid listens on port 3128. Allow it in firewalld:

sudo firewall-cmd --permanent --add-port=3128/tcp
sudo firewall-cmd --reload

---

8. Test authentication

From a client machine or the server itself, run:

curl -v -x http://user1:password@SERVER_IP:3128 http://google.com

If successful, you should see the HTML response from Google.

---

🚨 Common Errors and Fixes

❌ Error:

FATAL: Authentication helper program /usr/lib/squid/basic_ncsa_auth: (2) No such file or directory

✔️ Cause: Wrong path to the helper binary.
✔️ Fix: On Rocky Linux, use:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords

---

❌ Error: Squid fails to start after changes

Run:

sudo squid -k parse

✔️ This will show the line and reason for failure (syntax error, duplicate ACL, wrong order).

---

❌ Error: Permission denied on /etc/squid/passwords

✔️ Fix file ownership and permissions:

sudo chown squid:squid /etc/squid/passwords
sudo chmod 640 /etc/squid/passwords

---

✅ With this setup, your Squid proxy will:

• require username + password for access,
• deny all other requests,
• start automatically at boot.

---

Step 6: Restrict Access

To limit who can access the proxy server:

1. Add an access control list (ACL) in squid.conf: acl allowed_users src 192.168.1.100/32 # Replace with your IP range http_access allow allowed_users http_access deny all
2. Restart Squid: sudo systemctl restart squid

---

Step 7: Testing the Proxy Server

1. Configure your browser or application to use the proxy:
   • Proxy address: Your server’s IP.
   • Port: 3128 (default).
2. Test the connection by visiting WhatIsMyIP or any IP-checking site.

---

Step 8: Setting Up HTTPS Proxying

By default, Squid can handle HTTP traffic. For HTTPS, you must configure Squid as a transparent proxy or set up SSL-Bump.

1. Install OpenSSL: sudo apt install openssl -y # Ubuntu sudo yum install openssl -y # CentOS
2. Create SSL certificates and configure Squid to use them. This is an advanced topic and should be approached carefully to avoid breaking security protocols.

---

Step 9: Hardening the Proxy Server

Enable a Firewall

Restrict external access to your proxy:

sudo ufw allow 3128  # Ubuntu
sudo firewall-cmd --add-port=3128/tcp --permanent && sudo firewall-cmd --reload  # CentOS

Update Regularly

Keep Squid and your server updated to patch vulnerabilities:

sudo apt update && sudo apt upgrade -y  # Ubuntu
sudo yum update -y                      # CentOS

Monitor Connections

Use tools like iftop or Squid’s built-in monitoring features to check for unusual activity:

sudo apt install iftop -y  # Ubuntu
sudo yum install iftop -y  # CentOS

---

Step 10: Maintaining Squid

Clear Cache

To free up disk space, clear Squid’s cache regularly:

sudo squid -k shutdown
sudo rm -rf /var/spool/squid/*
sudo squid -z
sudo systemctl start squid

Rotate Logs

If you haven’t disabled logging, ensure logs don’t consume excessive space:

sudo squid -k rotate

---

Key Benefits of No-Log Proxy with User Authentication

• Enhanced Privacy: Prevents sensitive data from being logged.
• Access Control: Limits proxy usage to authorized users.
• Better Performance: Reduces unnecessary storage and processing.

---

Conclusion

Setting up a Squid proxy server on Ubuntu or CentOS allows you to enhance your online privacy and manage internet traffic effectively. This guide provided a step-by-step process for installation, no-log configuration, user authentication, and hardening. With proper maintenance and security practices, Squid becomes a powerful tool for personal or organizational use. Always ensure you follow best practices for monitoring and updating your server to keep it secure.