Jump to content


- - - - -

How to: Create Your Own Squid Private Proxy on a VPS/Dedicated Server

CentOS 6.5 Squid

  • Please log in to reply
No replies to this topic

#1 Wilson18



  • root
  • 112 posts
  • LocationUniversity of Birmingham

Posted 27 June 2014 - 11:22 AM

In this tutorial, I will be showing you how to create your own private proxy server on a CentOS VPS or Dedicated Server. This will be set up to allow a user with a username and password to access the proxy aswell as allow anyone on an IP Address without authentication.  [DISCLAIMER] - Please note, this it not normally allowed on many servers so please consult the terms of use from your provider to avoid any unwanted suspensions. 

To do this, we will need a clean version of CentOS 6.5 (x64 bit) and be logged in to it as root. The specs of the VPS I will be using are 2GB RAM, 2GB Burst RAM, 2GB Swap, 20GB Disk Space with 1IP. Once we have done this, we will need to update all of the different packages. 

yum -y update

Once all of the packages have been updated, we can then install Nano and Squid. Nano is the text editor I will be using and Squid is the Proxy Server. 

yum install -y nano squid

Now that squid is installed, we are just going to create a backup of the configuration file so if we go wrong, we can just restore the original file.

cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

We can now go ahead and edit our squid config file. 

nano /etc/squid/squid.conf

We are now going to completely clear this file to enter our own settings in (Hold Ctrl + K Down to speed things up). We can now paste in the following. 

#A Port you would like to use to access the proxy. Change this to make it more secure. 
http_port 3128

acl manager proto cache_object
acl localhost src ::1
acl to_localhost dst ::1
acl localnet src    # RFC1918 possible internal network
acl localnet src    # RFC1918 possible internal network
acl localnet src    # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http

http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access allow localhost
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|?) 0    0%    0
refresh_pattern .        0    20%    4320
#Your Personal IP to allow without authentication  (Remove this line and one below to disable this)
acl myclients src ###.##.##.###   
#Allow this IP without authentication         
http_access allow myclients                 

#If you are on a 32 bit machine, remove the 64 from /lib64/
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_access  
auth_param basic childred 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth
forwarded_for off

#Enter your servers IP here.
acl ip1 myip ###.##.##.###     
#Enter your servers IP here.                            
tcp_outgoing_address ###.##.##.### ip1          
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all

#Allocate 3GB for Caching
cache_dir ufs /var/spool/squid 3000 16 256    
#Maximum Cache Object 1GB
maximum_object_size 1024 KB      
#Use 1GB RAM for Cache                  
cache_mem 1024 MB                                      

We can now save and exit the file. Now, we will just go and generate our cache directories 

squid -z

Along with this, we should also enable it to start when we boot the server so we can still use it after a reboot

chkconfig squid on

Almost there, we can now add our user for the proxy. Change admin to the username you would like to use 

touch /etc/squid/squid_access; htpasswd /etc/squid/squid_access admin

You should then be asked to create a password for this user.


Now that you have done, we are pretty much set. 

service squid start

If you would like to tail the incoming connections, you can do so like this

tail -F /var/log/squid/access.log

Once you have connected to the server, you should see lots of logs been generated. 


If you are not sure how to connect to this server, you can view this tutorial

  • MiguelOl likes this

List what you read?

Check me out on: YouTube, Twitter, Facebook, Google+

Also tagged with one or more of these keywords: CentOS 6.5, Squid