Trying out squid proxy with HTTP & HTTPs in Ubuntu-Part 1

Dushan Silva
4 min readMar 17, 2021

--

This will be a two part series where in PART 1 we will be discussing on how to setup squid proxy and invoke a simple backend through the proxy. In PART 2 we will discuss how to setup the HTTPS port and send a HTTPS request to the server.

I will be using an AWS instance for this tutorial, but these configurations should work for in your local machine as well

First let’s install squid proxy in Ubuntu. For this I will update using ubuntu 20.04. Since we plan to enable SSL we need to install squid that has been build with

— with-openssl
— enable-ssl
— enable-ssl-crtd

Since this is not available in default ubuntu repository, we will install it from a custom repo.

Run the following commands

sudo su# add diladele apt key
wget -qO - https://packages.diladele.com/diladele_pub.asc | sudo apt-key add -

# add new repo
echo "deb https://squid413-ubuntu20.diladele.com/ubuntu/ focal main" \
> /etc/apt/sources.list.d/squid413-ubuntu20.diladele.com.list
apt-get update && apt-get install -y \
squid-common \
squid-openssl \
squidclient \
libecap3 libecap3-dev

Let’s start squid in default configurations.

sudo systemctl enable squid
sudo systemctl start squid
sudo systemctl status squid.service

Now you can see that squid is running. By default squid is running in port 3128. Make note that this port only accepts HTTP requests

I have started my nodejs backend server in the same node as well which will return a mock response when you invoke this url

http://localhost:3000/user/test

When we directly invoke this url using the curl command we get the following response from our backend

Now lets invoke this backend through the proxy using the curl command

curl -X GET http://localhost:3000/user/test --proxy http://localhost:3128

We will still get back the same response as before

But lets check the access log file of squid which is located in /var/log/squid/access.log to see whether our request passed through the proxy

As you can see we the access log shows that our request as passed through the squid proxy server.

Since I invoked this from within the instance it self, lets now invoke it from my local machine. Make note that only port 3128 is open to the internet and all other ports are closed including port 3000 which is running my backend server. I cannot directly invoke the backend so I will invoke the backend through the proxy

Run the following curl

curl -X GET http://<instance-ip>:3000/user/test —- proxy http://<instance-ip>:3128

But we get a huge error, which basically says that we cannot access this service through the proxy

This is because by default squid proxy deny’s all that the requests that is coming from outside the instance. Let’s do a quick modification to the configurations to get this working

Open /etc/squid/squid.conf file and search for http_access deny all line and change it to http_access allow all which should look like this

This will allow all incoming traffic to pass through the proxy. Save and restart the squid server by running ** Note that this is not a good practice for production servers**

sudo systemctl restart squid

Now let’s invoke the URL again. Now we get the response from our backend.

Finally you can look at the access log file to see all the requests that has been passed through the proxy.

That’s about it for part 1, Stay tuned for part 2 of this article and follow me so that you will not miss any posts.

Thank you!

You can read PART 2 Here

--

--