How To Install Squid Proxy on Debian 11

Install Squid Proxy on Debian 11

In this tutorial, we will show you how to install Squid Proxy on Debian 11. For those of you who didn’t know, Squid is one of the most used proxy servers for controlling internet access from the local network and securing the network from illegitimate traffic and attacks. Squid also reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Squid Proxy on a Debian 11 (Bullseye).

Prerequisites

  • A server running one of the following operating systems: Debian 10 or Debian 11.
  • It’s recommended that you use a fresh OS install to prevent any potential issues
  • A non-root sudo useror access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Squid Proxy on Debian 11 Bullseye

Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt commands in the terminal:

sudo apt update
sudo apt upgrade

Step 2. Installing Squid Proxy on Debian 11.

By default, Squid Proxy is not available on Debian 11 base repository. So, now run the following command below to install  Squid Proxy to your system:

sudo apt install squid

Once the installation is completed, the proxy will start automatically. To verify its correct functioning, run the following command:

sudo systemctl status squid

Step 3. Configuring Squid Proxy on Debian 11.

First, we create our authentication file which Squid can use to verify for user authentications:

htpasswd -b /etc/squid/squid_passwd [username] [password]

For example, create Squid Authentication:

htpasswd -b -c /etc/squid/squid_passwd meilana maria

Now go to the main configuration file of the Squid Proxy Server located in /etc/squid/squid.conf:

sudo nano /etc/squid/squid.conf

Add the following configuration:

sudo nano /etc/squid/squid.conf
# Recommended minimum configuration:
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl Safe_ports port 80            # http
acl Safe_ports port 21            # ftp
acl Safe_ports port 443           # https
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280           # http-mgmt
acl Safe_ports port 488           # gss-http
acl Safe_ports port 591           # filemaker
acl Safe_ports port 777           # multiling http
acl SSL_ports port 9001           # webmin
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_port 3128 # Squid normally listens to port 3128

forwarded_for off

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
visible_hostname idroot.us

Save and close the file, then restart the squid proxy server for the changes to apply:

sudo systemctl restart squid

Step 4. Configure Firewall.

By default, the UFW firewall is enabled on Debian. Depending on your Squid configuration file, open ports 3128 to allow HTTP traffic:

ufw allow 3128/tcp
sudo ufw reload

Step 5. Configure Client for the Squid Proxy Server.

Let’s do a simple test of proxying with the Firefox web browser, configure it to connect external network via your Squid server. Preferences -> General -> Network Settings -> Manual Proxy Configuration.

Install Squid Proxy on Debian 11 Bullseye

Congratulations! You have successfully installed Squid. Thanks for using this tutorial for installing the latest version of the Squid Proxy on Debian 11 Bullseye. For additional help or useful information, we recommend you check the official Squid website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!