Squid Proxy

Installing Squid Proxy on CentOS 7.x and Ubuntu 16.04

What is Squid Proxy

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. (Read more on Wikipedia)

Making Life Easier

Again trying to make life a little bit more easier I have borrowed and modified a script that automates the installation and configuration of squid proxy on each system individually as follows;

Squid Proxy on Centos 7.x

Download the bash script from Github and edit the squid_user and squid_password fields with a custom user and a complex password. Then run the following command in bash prompt to start the one liner install.

[user@localhost ~]$ sudo -i
[root@localhost ~]# curl -O https://raw.githubusercontent.com/khaledalhashem/squid/master/squid_centos.sh
[root@localhost ~]# vi squid_centos.sh
[root@localhost ~]# chmod 0700 squid_centos.sh && bash -x squid_centos.sh 2>&1 | tee squid.log

Squid Proxy on Ubuntu 16.04

Download the bash script from Github and edit the squid_user and squid_password fields with a custom user and a complex password. Then run the following command in bash prompt to start the one liner install.

[user@localhost ~]$ sudo -i
[root@localhost ~]# curl -O https://raw.githubusercontent.com/khaledalhashem/squid/master/squid_ubuntu.sh
[root@localhost ~]# vi squid_ubuntu.sh
[root@localhost ~]# chmod 0700 squid_ubuntu.sh && bash -x squid_ubuntu.sh 2>&1 | tee squid.log

Thats all folks

Turn on your proxy and insert your proxy server address in your browser;


Menu -> Preferences -> Scroll all the way down to Network Proxy and click Settings -> Check Manual Proxy Configuration -> Check HTTP Proxy and enter your server IP address with Port 3128.

Once you start browsing you will be asked for a username and password, use the ones you insert earlier in the script.


Similar settings as above.

Enjoy browsing behind a proxy. 🙂

Ubuntu: Getting Started

Once you have a VPS setup the first thing you will need to do is logging into it.
Login to your VPS using credentials sent to you;
If you are using windows then Download PuTTY; “PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.”

Step 1 – Root Login

If using Putty just inset the server_ip_address in the IP field and hit connect which will open up the terminal.

Using a linux terminal just input the following command.

[user@localhost ~]$ ssh root@server_ip_address

You will be prompted for a password or a private-key, depending on your choice insert it to complete the login process.
root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.

We will want to update the server and add a few packages that we’ll want later

[root@remotehost ~]# apt update && apt -y upgrade && apt –y install vim tmux

Step 2 – Add User

We ultimately wouldn’t want to use the root user all the time or at all for that matter. We will add a new user ‘naurus’ and give that user root (sudo) privilages.

[root@remotehost ~]# adduser naurus
Adding user `naurus' ...
Adding new group `naurus' (1000) ...
Adding new user `naurus' (1000) with group `naurus' ...
Creating home directory `/home/naurus' ...
Copying files from `/etc/skel' ...
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for naurus
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
[root@remotehost ~]#

Password prompt will come up, be sure to use a strong password, then type the password again. Optionally add the requested information and type ‘y’ to confirm.

Step 3 – Add User to Wheel

We will now add the user ‘naurus’ to the wheel group so he can run root commands.

[root@remotehost ~]# usermod -aG sudo naurus

Usermod is the command to modify user attributes. The -a switch appends the user ‘naurus’ to the sudo group without removing ‘naurus’ from his original group, -G switch adds the user ‘naurus’ to the group wheel.

Step 4 – Key Authentication

There are 2 methods in creating an authentication key pair, first is using Terminal on your local machine and second using Putty.

In all cases we need to create a .ssh directory and give it permissoins 0700, and create 2 files in there, a file called id_rsa and authorized_keys we will give them permissions of 0600

[root@remotehost ~]# su naurus
[naurus@remotehost ~]$ mkdir ~/.ssh && chmod 0700 .ssh
[naurus@remotehost ~]$ touch ~/.ssh/{id_rsa,authorized_keys}
[naurus@remotehost ~]$ chmod 0600 ~/.ssh/{id_rsa,authorized_keys}
Method 1 – Create SSH Key Pair using Terminal

Under linux, open another terminal on your local machine and use the following command to create a Public/Private key pair.

[user@localhost ~]$ ssh-keygen -f ~/.ssh/id_rsa -t rsa -b 4096
Generating public/private rsa key pair.
/home/user/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:EvZ2zEGSgkJpiHk2d/TR9cfWNV1Z2vVLb49a2MbNlj8 user@localhost
The key's randomart image is:
+---[RSA 4096]----+
|.+.. o. oo... .X|
|+ B o o..+. . =B|
| + + .o.. . o.B|
| . o o . .oo|
| . S + .o|
| o . + =o|
| . *.=|
| + E.|
| . o|

The algorithm is selected using the -t option and key size using the -b option, -f switch will create the file id_rsa in .ssh directory. Another file id_rsa.pub will be created in the process which is the public key. Rename id_rsa.pub to authorized_keys

[user@localhost ~]# mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

To use public key authentication, the public key must be copied to a server and installed in an authorized_keys file. This can be conveniently done using the ssh-copy-id tool. Like this:

[user@localhost ~]# ssh-copy-id ~/.ssh/id_rsa naurus@server_ip_address

After the key has been installed, log into the server using the new user account.

[user@localhost ~]# ssh -l naurus server_ip_address
Method 2 – Create SSH Key Pair using Putty

This site explains how this is done well. Follow the guide to get your key pair using Putty under Windows.


Step 5 – SSH Config

Now we need to make a few changes to the SSH Configuration file, first we want to block root access to the SSH Daemon, second we want to disallow password authentication and enable key authentication. That way we will login to the shell with the key pair we created earlier instead of naurus’s password.

To do this we will again connect to the remote host as the new user we created before ‘naurus’ by using the following command:

[user@localhost ~]$ ssh -l naurus server_ip_address

Once logged into SSH we will interact as sudo and invoke the following command to start editing the SSH Configuration file. But before we start editing the ssh configuration file let’s make a backup of it first

[naurus@remotehost ~]$ sudo -i
[sudo] password for naurus:
[root@remotehost ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
[root@remotehost ~]# vim /etc/ssh/sshd_config

To block root access to the SSH Daemon we will look for the following line

#PermitRootLogin yes

We will want to remove the comment ‘#” and replace the yes to a no. Type the letter I to start edit mode in vim then delete the comment and replace yes to no. Press Esc key to exit edit mode and :wq to save the file and quit vim. The end result will look like this.

PermitRootLogin no

To disallow password authentication we will look for the following line and remove the comment in front of it

#PasswordAuthentication yes

So it will look like this

PasswordAuthentication yes
Restart SSH Server

For the changes to take effect the ssh server has to be restarted. Using the following command restart the ssh server.

[root@remotehost ~]# systemctl restart sshd

Before logging out of the server make sure that everything works so that you wouldn’t lock yourself out. Open a new terminal window and login to the server again, if you’re logged in using the key pair authentication then you’re all set. If not go back through this walkthrough to make sure you haven’t missed anything.

Then exit the interactive sudo we invoked earlier

[root@remotehost ~]# exit
[naurus@remotehost ~]$
What to do next?

I suggest that you follow my next walkthrough on how to install LEMP stack on your server to start serving content.

Also should you be interested in installing a VPN or even a Proxy for your server.