Trying out squid proxy with HTTP & HTTPs in Ubuntu-Part 1
This will be a two part series where in PART 1 we will be discussing on how to setup squid proxy and invoke a simple backend through the proxy. In PART 2 we will discuss how to setup the HTTPS port and send a HTTPS request to the server.
I will be using an AWS instance for this tutorial, but these configurations should work for in your local machine as well
First let’s install squid proxy in Ubuntu. For this I will update using ubuntu 20.04. Since we plan to enable SSL we need to install squid that has been build with
— with-openssl
— enable-ssl
— enable-ssl-crtd
Since this is not available in default ubuntu repository, we will install it from a custom repo.
Run the following commands
sudo su# add diladele apt key
wget -qO - https://packages.diladele.com/diladele_pub.asc | sudo apt-key add -
# add new repo
echo "deb https://squid413-ubuntu20.diladele.com/ubuntu/ focal main" \
> /etc/apt/sources.list.d/squid413-ubuntu20.diladele.com.listapt-get update && apt-get install -y \
squid-common \
squid-openssl \
squidclient \
libecap3 libecap3-dev
Let’s start squid in default configurations.
sudo systemctl enable squid
sudo systemctl start squid
sudo systemctl status squid.service
Now you can see that squid is running. By default squid is running in port 3128. Make note that this port only accepts HTTP requests
I have started my nodejs backend server in the same node as well which will return a mock response when you invoke this url
http://localhost:3000/user/test
When we directly invoke this url using the curl command we get the following response from our backend
Now lets invoke this backend through the proxy using the curl command
curl -X GET http://localhost:3000/user/test --proxy http://localhost:3128
We will still get back the same response as before
But lets check the access log file of squid which is located in /var/log/squid/access.log to see whether our request passed through the proxy
As you can see we the access log shows that our request as passed through the squid proxy server.
Since I invoked this from within the instance it self, lets now invoke it from my local machine. Make note that only port 3128 is open to the internet and all other ports are closed including port 3000 which is running my backend server. I cannot directly invoke the backend so I will invoke the backend through the proxy
Run the following curl
curl -X GET http://<instance-ip>:3000/user/test —- proxy http://<instance-ip>:3128
But we get a huge error, which basically says that we cannot access this service through the proxy
This is because by default squid proxy deny’s all that the requests that is coming from outside the instance. Let’s do a quick modification to the configurations to get this working
Open /etc/squid/squid.conf file and search for http_access deny all line and change it to http_access allow all which should look like this
This will allow all incoming traffic to pass through the proxy. Save and restart the squid server by running ** Note that this is not a good practice for production servers**
sudo systemctl restart squid
Now let’s invoke the URL again. Now we get the response from our backend.
Finally you can look at the access log file to see all the requests that has been passed through the proxy.
That’s about it for part 1, Stay tuned for part 2 of this article and follow me so that you will not miss any posts.
Thank you!
You can read PART 2 Here