3rd place in the Teach something, Win something contest goes to Mark Mearns for his SQUID installation script.
Mark took 3rd place because of the simplicity he created with this script which will make a great addition in the script collection together with this pptp setup script.
I have made a small addition at the end of this post with simple instructions on how I installed the proxy and instructions on what settings to change in Internet Explorer to use the proxy you created with this script. I have also written down the command to add more users after it has been installed.
I’ll leave you with a quote from Mark that he sent in with this script.
Installing Squid proxy server on a VPS is pretty straightforward. However, it is detectable that you are using a proxy, and your actual IP address is forwarded also. This is no good for accessing IP-geolocation restricted content, such as Hulu outside the US. Therefore, you need a transparent or ‘elite’ proxy. Squid can do this, you just need the correct settings in your squid.conf settings file. This script will install a transparent Squid proxy on a Debian-based VPS without any need for PPP modules etc to be enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
#!/bin/bash # ©2013-14 Mark Mearns. All Rights Reserved. # This script is distributed under a Creative Commons ShareAlike 3.0 licence. # http://creativecommons.org/licenses/by-sa/3.0/ clear echo " " echo "*****************************************************" echo "WELCOME TO THE SQUID PROXY SERVER INSTALLATION SCRIPT" echo "-----------------------------------------------------" echo " " echo " This script will set up a password protected, elite" echo " proxy on your target server" echo " " echo "*****************************************************" echo " " echo " " echo "Please enter a user name for Squid:" read u echo " " echo "Please enter a password (will be shown in plain text while typing):" read p echo " " clear a="`netstat -i | cut -d' ' -f1 | grep eth0`"; b="`netstat -i | cut -d' ' -f1 | grep venet0:0`"; if [ "$a" == "eth0" ]; then ip="`/sbin/ifconfig eth0 | awk -F':| +' '/inet addr/{print $4}'`"; elif [ "$b" == "venet0:0" ]; then ip="`/sbin/ifconfig venet0:0 | awk -F':| +' '/inet addr/{print $4}'`"; fi apt-get update apt-get -y install apache2-utils apt-get -y install squid3 rm /etc/squid3/squid.conf cat > /etc/squid3/squid.conf <<END acl ip1 myip $ip tcp_outgoing_address $ip ip1 auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid3 cache deny all refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 icp_port 3130 forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all END htpasswd -b -c /etc/squid3/squid_passwd $u $p service squid3 restart clear echo " " echo "***************************************************" echo " Squid proxy server set up has been completed." echo " " echo "You can access your proxy server at $ip" echo "on port 3128 with user name $u" echo " " echo "***************************************************" echo " " echo " " |
Login as root to the server that you will install SQUID on and with our favorite text editor and some copy/paste technique we will create the executable script.
1 |
nano squid-install.sh |
Paste the text in the code section above and save the file.
Make it executable with this command
1 |
chmod +x ./squid-install.sh |
Execute the script and follow the instructions. You will actually only need to enter a username and password that will protect the proxy from anonymous use.
The username and password is shown in clear-text when entering them, this is the only time they will be shown in clear-text so make sure no one is watching over your shoulder.
1 |
./squid-install.sh |
When everything is installed you will see the IP and username needed to connect to your proxy.
Adding the proxy settings to Internet Explorer
Open Internet Options and on the Connections tab, click the button LAN settings.
Fill in the IP address that you got when the script finished installing and port 3128 in the dialog box that opens.
Click OK all the way until Internet Options are closed.
Open up Internet Explorer and enter your favorite URL and press enter. If everything is done correct you will be prompted with a login box where you enter your username and password that you set when installing Squid3 with the script. Clicking on the OK button afterwards will get you cruising the web using your Squid proxy server.
Adding another user and password
To add another user you can run this command on the server running your Squid proxy server.
1 |
htpasswd -b /etc/squid3/squid_passwd username password |
Change username to the username you would like to add and password to the password you would like to use.
Very nice, but why IE?
Because other installed browsers (in windows) often uses the system settings, which is set in the IE connection properties.
Hello thank u for the helpful script 🙂
How we can make it work without password ? I’m stuck on this
You should never run a proxy without password.
okay thanks . i’m improving my knowledge with squid
Thanks! There is one small problem though while browsing some sites with .mp4 videos it won’t load them up. Is this related to the proxy?
Could be if they are opened over a different port that is not included/allowed in the proxy configuration.
If you can give an example on a site where you have this problem, I could perhaps give a better answer
Self hosted: http://goo.gl/64FMcx
Thanks!
On that link I get am error “html5 : file not found”. Guess you have the path wrong to your video file.
That’s exactly the issue. Path is correct. You can try it without using the proxy and it will load up just fine.
I suspect it has something to do with the combination of squid and the “plugin” that you are using to play the videos.
What software are you using on the server side? Does it say anything in the error log? Perhaps a 403 access denied?
how to limit access to certain IP without password ?
Successfully remove password,
I already edit and add the following line,but not work with limited IP:
http://www.linuxquestions.org/questions/linux-networking-3/allowing-only-certain-ip-ranges-to-access-squid-333958/
-hb-
*limited for my IP only*
you should add something like/32
acl allowed_hosts src
and then
something like this
http_access allow allowed_hosts
this is from memory but you should be able to test your way from there.
the problem fixed thanks for keyword. successfully limit based on IP.
—
off topic:
suggestions tutorial panel using ZPanel, VestaCP, webmin e.g. config dns, webserver, mail server, virtualhosts, loadbalancing etc
how can we add an ipv4 or ipv6 block to squid for use by clients and measure the bandwidth usage.
I guess the simple solution would be to add one port for each external IP/customer that you wish to connect/use your server as proxy.
for monitoring bandwidth I would recommend you to look at this page: http://dynacont.net/documentation/linux/network_monitoring/ and see if something there fits your needs.
Thanks for the excellent script. It works perfect, no problems.
Happy 2015 🙂
Thanks for the script
I used it for over 2 weeks without any problem but after that I begun to receive error messages with some of the HTTPS sites “Secure Connection Failed”, Any ideas?
Thanks