Squid your proxy server on a virtual server

We all face the problem of blocking resources on the Internet. The reasons for these blockages can be completely different. In many countries, the government blocks unwanted resources or the countries themselves block access to resources to other states. Moreover, quite harmless and useful resources sometimes get blocked. There are quite a lot of ways out, you can use proxy plugins for browsers, buy a proxy or use a VPN, or you can raise your own proxy server. Let's start with the fact that the simplest VDS/VPS server is suitable. Installation and configuration will take a little time, especially if you understand Linux at least a little.

Let's get started, I use Debian on servers, so the instructions are for this distribution, but it is also suitable for Debian-like systems (Ubuntu), and those who are friends with Linux can easily adapt to other distributions.

Updating and rebooting the system:

apt update && apt upgrade -y && apt dist-upgrade -y && reboot

Let's install the Squid3 proxy server:

apt-get install squid3

Go to the directory:

cd /etc/squid

Making a backup copy of the squid3 settings file:

cp squid.conf squid.conf.default

Clearing the configuration file:

> squid.conf

Opening the configuration file:

nano squid.conf

And fill it with the following contents:

# the port where the proxy is available
http_port 3128

dns_nameservers 208.67.222.222 208.67.220.220

# authorization, details below
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5 startup=5 idle=1
auth_param basic realm Welcome to Free VPN Proxy Master
auth_param basic credentialsttl 2 hours

acl all src all
acl Users proxy_auth REQUIRED
# to let a friend in from this ip without a password
acl KnownUsers src "/etc/squid/KnownUsers.acl"

acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT

acl purge method PURGE
acl CONNECT method CONNECT

# access only from trusted ip addresses or by password
http_access allow KnownUsers
http_access allow Users

http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
icp_access deny all

# turning squid into an anonymous proxy
forwarded_for off
header_access From deny all
header_access Server deny all
header_access User-Agent deny all
header_replace User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
header_access Referer deny all
header_replace Referer unknown
header_access WWW-Authenticate deny all
header_access Link deny all
header_access X-Forwarded-For deny all
header_access Via deny all
header_access Cache-Control deny all
# to send the URL of the request source, many sites behave incorrectly without it. With a paranoid approach, you should use
##header_access Referer deny all

coredump_dir /var/spool/squid3

# Disabling the disk cache completely
cache_mem 8 MB
cache_dir null /tmp
cache deny all
shutdown_lifetime 5 seconds

# we trim the logs, you do not need to store unnecessary information about us
access_log none all
cache_store_log none

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320

Creating a passwd file:

touch /etc/squid/passwd

Creating the Known Users.acl file:

touch /etc/squid/KnownUsers.acl

Restarting the squid proxy server:

service squid restart

If you have a static IP address, you can add it to the Known Users.acl file to use the proxy server without a username or password. You can add as many addresses as you want, each from a new line.

If the IP address is dynamic, it is easier to create a user and password. This is how it is done:

htpasswd /etc/squid/passwd proxyuser

where proxy user is your user's name, it can be anything. When creating a user, you will be asked for a password and its confirmation. Use non-trivial usernames and complex passwords!

After any configuration or access changes, do not forget to restart the proxy server.