Install Squid Proxy on Ubuntu – Vultr.com
Squid is a popular proxy and caching server application. It primarily serves as a forward proxy, but can also be used as a reverse proxy. Squid provides many features and is often used on enterprise-level networks.
This tutorial will show you how to setup a simple HTTP proxy with authentication using Squid. Steps listed in this tutorial were tested on Ubuntu 15. 04 and 15. 10.
WARNING: You must be very careful when creating proxies. Hackers frequently scan the public internet for open proxies use them for malicious activities. Most hosting companies will suspend your instances if you receive too many complaints, so ensure that you use sufficient authentication, such as a strong password.
This tutorial assumes that you are using a freshly created VPS with no installed packages.
Installation
First, ensure that the apt-get package library is up-to-date by running the command below. This will ensure that the latest packages have been installed.
$ apt-get update
Once this has completed, it is time to install the squid application and htpasswd. Run the following command using sudo to install both packages.
$ sudo apt-get install squid3 apache2-utils
After the Squid install completes, I suggest that you create a copy of the original config file created during the install as it is a helpful reference and allows you to rollback any changes.
$ sudo cp /etc/squid/ /etc/squid/
Next, create the files needed by Squid to store the credentials of the proxy accounts.
$ sudo touch /etc/squid/squid_passwd
$ sudo chown proxy /etc/squid/squid_passwd
Configuration
Open the squid config file for editing using a text editor, such as nano.
$ sudo nano /etc/squid/
Add the following lines to the file so that authenticated users can connect to the proxy.
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/squid_passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
_access allow authenticated
In addition, to hide the IP of the person connecting to the proxy from being shown in HTTP headers, add the following lines under the ones above.
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Your Squid config file should now look something like this:
Save and close the file.
To create users on your proxy, execute the following command, replacing youruser with your desired user name. It will request the password twice.
$ sudo htpasswd /etc/squid/squid_passwd youruser
You may create additional users in the same manner.
Restart the Squid service.
$ sudo service squid restart
Using your proxy
Now that Squid is setup, you can use it as a forwarding proxy. Configure the “internet settings” of your web browser to use your proxy, including the user name and password that you generated earlier. To verify that the proxy is working, visit an IP address detection site, like this one.
Upon success, you will notice a Vultr IP address being reported. Here is a screenshot from my demo server:
Snivyn/vultr-proxy-tool – GitHub
Download Latest Release
ATTENTION: Make sure to destroy your servers when you’re done or you’ll keep getting charged for them! Instructions on how to do so are outlined below.
Credits:
Created by @snivynGOD
Inspired by @NickShredScott
About
This program intends to use the automate proxy creation using a user’s API key. By default, it attempts to create 10 proxies. Most accounts will be limited to a max number of servers unless a limit increase is requested (explained below). Once proxies are created by the program, they should be ready for use within a few minutes. Ideally you want to select a location as close as possible to your server (Chicago usually has fastest ping for Shopify). When you’re done, make sure to destroy your servers.
DM me (@snivynGOD) if you want any specific changes (ex. more than 5 proxies at a time, change user/password) or if you find any bugs.
What is Vultr?
Vultr provides a service to create servers which this program uses to create proxies for you. You can sign up for an account here (referral link:) or here (). You should be able to get some free credit too, just look around on Google for promotions.
How do I get my API key?
Login to your Vultr account and then visit this page: You can enable API usage and get your API key here.
How do I destroy my servers and what does that entail?
Destroying your servers basically means to delete them. You’ll still be charged if you stop them but you won’t be charged if you destroy them. To do this, login to Vultr, go to, and beside every server, click the 3 dots on the right side, hit “Destroy Server” and the server will be destroyed.
Playing with a simple SOCKS5 proxy server on Vultr and …
This article is based on the one that uses DO. I use the script from comments below the article, since it is much finer as the author told himself. And I use Vultr instead of DO.
Buy me a coffee
First, deploy the the serverIt’s better to look through deploying page then provide your billing information if everything seems to be ok. The service won’t let you deploy a server without your billing your product type and locationChoose 64 bit Ubuntu 16. 04Choose the size you needAdd additional features if you need them or just skip this stepYou can skip the section with adding a startup script. I am not sure if it works, Since adding your public ssh rsa key does not work (or at least it didn’t work for me), so skip this step too for your server hostname and label (myserver is good enough) the Deploy Now button next to your billing to your server as rootAfter some time needed to start up your server, you’ll see your server status as on the server and use the information provided to ssh to it. You need three things to do so – username (root), IP address and you’re on a linux or mac, just open your Terminal, if you’re a windows user, use PuTTY. I won’t cover usage with PuTTY, you can find all the details, including rsa keys generation [email protected]Insert your password (the one from dashboard) when prompted. Update&upgrade:apt-get update && apt-get upgrade -yIf you have some troubles and warnings w. r. t. locales, go to troubleshooting ‘s the time to add your ssh your SSH RSA public keyIf you think that it’s better to create another user, add it to the sudo group, disable ssh login for root and enable for the new user, so the user could escalate to root via password, you probably don’t need to read this article. If you just don’t know how to do it properly, you can do it easy way for now. Moreover, you can also skip this step and use logging in with folder in root’s home directory. Change folder’s -p ~/. sshchmod 700 ~/ you need to create authorized_keys file in directory and add your public key to you have ssh rsa key pair on your client-side, you don’t need to generate it again. If you don’t have it yet, then generate it (for PuTTY users: you’ll need PuTTY Gen, instructions are here) if you don’t have keys or have never used something like that before, run on your client side (i. e. on your home computer, from which you access your remote server):ssh-keygen -t rsaand follow the instructions. For empty passphrase just hit Enter. Your public key is stored in /home/youtusername/, if you does not change the location during keys generation. Don’t expose your private key. If you did, delete it and generate a new one (but remember that you’ll lose all your established server connections for that key) you you need to copy the contents of your on local machine to /root/ on remote machine. You could do it in various possible ways, for example, using scp (secure copy) and cat or echo. Whatever. I just copy and paste:) Why not? So, copy the contents of On remote machine create authorized_keys:nano /root/ and paste your public key. Press Ctrl+x and hit enter twice. Change file permissions:chmod 600 /root/ Open another Terminal window and try to ssh. It should prompt you for passphrase, if you have one, or you should be logged in right tting up proxy serverNow you need to set up proxy server. First, type on remote machineifconfigand look what interface you have. It could be eth0. eth1 or ens3, you name it. You’ll need it for dante run the script (replace eth0 with your interface first):wget -i becho ‘logoutput: syslog /var/log/danted. loginternal: eth0 port = 1080external: eth0 socksmethod: ivileged: rootuser. unprivileged: nobody client pass { from: 0. 0. 0/0 to: 0. 0/0 log: error} socks pass { from: 0. 0/0 command: connect log: error method: username}’ > /etc/ basic ufw installationapt-get install ufwufw status# allow sshufw allow proto tcp from any to any port 1080ufw status numberedufw enablesystemctl enable dantedNow let’s check if service is running:service danted statusThe service should be proxy userIn order to use proxy, you have to create a user with password now. The command will ask you for a new password eradd –shell /usr/sbin/nologin someusername && passwd someusernameLocale Warnings troubleshootingI had some troubles with locales, possible solutions are listed here. The simplest one is just commenting out one line in your local ssh config. On your local machine:nano /etc/ssh/ssh_configand then comment the line# SendEnv LANG LC_*Using proxyNow you can use your proxy with username and password you created. Host name is your remote host IP address and port is 1080 (btw, you can change it from standard to another one, just edit danted config, add the new rule to ufw and delete the old rule from it). Obviously, chicken is not a vulture, but this omnivorous bird is kind of similar to them. A chickem won’t refuse feasting on a corpse and also is prone to be a!
Buy me a coffee
