In this tutorial, I will be showing you how to create your own private proxy server on a CentOS VPS or Dedicated Server. This will be set up to allow a user with a username and password to access the proxy aswell as allow anyone on an IP Address without authentication. [DISCLAIMER] - Please note, this it not normally allowed on many servers so please consult the terms of use from your provider to avoid any unwanted suspensions.
To do this, we will need a clean version of CentOS 6.5 (x64 bit) and be logged in to it as root. The specs of the VPS I will be using are 2GB RAM, 2GB Burst RAM, 2GB Swap, 20GB Disk Space with 1IP. Once we have done this, we will need to update all of the different packages.
yum -y update
Once all of the packages have been updated, we can then install Nano and Squid. Nano is the text editor I will be using and Squid is the Proxy Server.
yum install -y nano squid
Now that squid is installed, we are just going to create a backup of the configuration file so if we go wrong, we can just restore the original file.
cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
We can now go ahead and edit our squid config file.
nano /etc/squid/squid.conf
We are now going to completely clear this file to enter our own settings in (Hold Ctrl + K Down to speed things up). We can now paste in the following.
#A Port you would like to use to access the proxy. Change this to make it more secure. http_port 3128 acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|?) 0 0% 0 refresh_pattern . 0 20% 4320 #Your Personal IP to allow without authentication (Remove this line and one below to disable this) acl myclients src ###.##.##.### #Allow this IP without authentication http_access allow myclients #If you are on a 32 bit machine, remove the 64 from /lib64/ auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_access auth_param basic childred 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl ncsaauth proxy_auth REQUIRED http_access allow ncsaauth forwarded_for off #Enter your servers IP here. acl ip1 myip ###.##.##.### #Enter your servers IP here. tcp_outgoing_address ###.##.##.### ip1 request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all #Allocate 3GB for Caching cache_dir ufs /var/spool/squid 3000 16 256 #Maximum Cache Object 1GB maximum_object_size 1024 KB #Use 1GB RAM for Cache cache_mem 1024 MB
We can now save and exit the file. Now, we will just go and generate our cache directories
squid -z
Along with this, we should also enable it to start when we boot the server so we can still use it after a reboot
chkconfig squid on
Almost there, we can now add our user for the proxy. Change admin to the username you would like to use
touch /etc/squid/squid_access; htpasswd /etc/squid/squid_access admin
You should then be asked to create a password for this user.
Now that you have done, we are pretty much set.
service squid start
If you would like to tail the incoming connections, you can do so like this
tail -F /var/log/squid/access.log
Once you have connected to the server, you should see lots of logs been generated.
If you are not sure how to connect to this server, you can view this tutorial.
