Reputation: 14829
I would like to setup an Elite HTTP Proxy. An Elite proxy should not expose any information about the source to the destination address. I have hired a Ubuntu virtual private server for this purpose. The proxy should be password protected, so that only I can use it. I would like to use Squid as my proxy.
What are the steps to achieve this?
Upvotes: 3
Views: 6355
Reputation: 14829
Update your APT repository and install the software we will need
sudo apt-get update
sudo apt-get install squid3
sudo apt-get install apache2-utils
Squid3 is the proxy software. apache2-utils is required for htpasswd which we will use as a flat file password store to secure the proxy.
Setup the password store
sudo touch /etc/squid/passwords
sudo chmod 777 /etc/squid/passwords
sudo htpasswd -c /etc/squid/passwords USERNAME
[prompt for new password]
In the lines above, replace USERNAME with the username you want on your proxy. When the line is executed you will be prompted to enter a password for the user.
Test the password store
/usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
After executing this line the console will look like its hung, there is a prompt without any text in it. Enter "USERNAME PASSWORD" (replacing these with your specific username and password) and hit return. You should receive the response "OK". If not, review the error message, your username/password might be incorrect. Its also possible basic_ncsa_auth is located on a different path (e.g. lib64).
Configure the Squid Proxy
Move the default squid configuration file
sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.original
Now create a new squid configuration file
vi /etc/squid/squid.conf
Which should look like this
http_port 3128
dns_v4_first on
cache deny all
forwarded_for delete
tcp_outgoing_address 9.9.9.9 //-- change this ip
via off
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all
Here is a description of what each line does:
Restart the squid proxy
service squid restart
Note the service could also be called squid3. It may take a while for the proxy to restart. If you prefer, you can reload squid configurations with the command
squid -k reconfigure
Check its working
service squid status
The service should be running.
netstat -ltnp
You should see a service listening on port 3128, or whichever port you used in the configuration.
On your desktop, open firefox, go to Options-> Network Proxy -> Settings. Choose to use a manual proxy configuration. In the HTTP proxy field enter the IP address of you server, and include the port in the port field. Click OK.
Go to google, enter your username and password when prompted, search "what is my ip address", you should see the IP of your proxy server.
Upvotes: 7