Graphic Web Design, Computer Network, Balinese Culture

Loading...
71 comments
Building Squid 3.5.4 Transparent Proxy on Ubuntu Server.

This is continuation of the previous article beginning to install Squid 3.5.4…, that is about the preparation before ready to install 3.5.4 on Ubuntu server virtual machine using VMware on windows. This method  can be implemented to the Ubuntu Server Virtual Machine or to the real machine. As you may  know on Ubuntu Server Virtual Machine using VMware we can not divide the hard drive into some partitions as manually. The partitions is created automatically by VMware itself. With this conditions we can start to build squid 3.5.4 as the transparent proxy on Ubuntu Server.


All the command lines is assuming that you have logged-in and you in active state to be root of the command line by typing sudo –i and entering the password.  Look at the picture below!

A. Installing Squid 3.5.4 on Ubuntu Server

1. Updating some Ubuntu applications and install the default squid 3 package dependencies and some other packages that will required to install squid 3.5.4 on Ubuntu server. You can type/paste the following command lines below!
apt-get update
apt-get build-dep squid3
apt-get install build-essential sharutils ccze libzip-dev libssl-dev
2. Grab a copy of the squid-3.5.4 source code, you can put it to the /usr/src directory. Then you extract tar.gz of squid source file and go to the new extracted folder. You can do this with a bunk of  the following command lines.
cd /usr/src
wget https://www.squid-cache.org/Versions/v3/3.5/squid-3.5.4.tar.gz
tar zxvf squid-3.5.4.tar.gz
cd squid-3.5.4
3. Compile the Squid 3.5.4 as the proxy server on Ubuntu server by the configuration.  Assuming that you are still in squid-3.5.4 active path directory, type or paste this command lines to compile and install Squid 3.5.4 proxy server.
./configure --prefix=/usr --localstatedir=/var/squid --libexecdir=${prefix}/lib/squid --srcdir=. --datadir=${prefix}/share/squid --sysconfdir=/etc/squid --with-default-user=proxy --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid --enable-delay-pools --enable-cache-digests --enable-poll --enable-linux-netfilter --enable-removal-policies --with-maxfd=8192 --enable-storeio=aufs --disable-wccp --enable-x-accelerator-vary --enable-kill-parent-hack --enable-async-io=30 --disable-ident-lookups

make && make install

4. Squid 3.5.4 need to resolve library dependencies to make it works properly. Go to the lib directory and download squid-lab.tar.gz . After this you extract the files, squid just use the extracted files on lib directory and you can remove squid-lib.tar.gz
cd /usr/lib
wget https://e7d.github.io/resources/squid-lib.tar.gz
tar zxvf squid-lib.tar.gz
rm squid-lib.tar.gz
5. Replacing squid.conf by your new squid configuration. First you can remove squid.conf by default and download a new configuration from the url that you may put the new squid.conf. Then we can give the access control for the squid.conf.
rm -fr /etc/squid/squid.conf
wget --no-check-certificate -O /etc/squid/squid.conf https://raw.githubusercontent.com/suardika/agratitudesign-template/master/squid35/squid.conf
cd /etc/squid/ && chown proxy:proxy squid.conf && chmod 755 squid.conf
Sometimes if you want to edit or reconfigure your squid.conf you can open the file using one of the command lines below! It is depending on where your active root now!
nano squid.conf
nano /etc/squid/squid.conf

After you make any changes to your squid.conf, you can save the new configuration by pressing ctrl+x, y, enter. The new configuration that is changed will be saved.

6. In order to enable the authentication, you need uncomment the Authentication on squid.conf.  It will prevent the browser that will ask authentication for our clients who access squid transparent proxy.
You can create your users entries of users.pwd by your self on the Htpasswd Generator website, or you can use users.pwd of mine. The Squid.conf will directly use the users.pwd, and providing you a basic user named proxy, using also proxy as password.

rm -fr /etc/squid/users.pwd
wget --no-check-certificate -O /etc/squid/users.pwd https://raw.githubusercontent.com/suardika/agratitudesign-template/master/squid35/users.pwd
7. Build squid 3.5.4 service runtime by downloading  squid.sh from the url project to /etc/init/squid directory and make it to be executable. And you can make it run automatically at Ubuntu server startup with update-rc.d squid defaults.
wget --no-check-certificate -O /etc/init.d/squid https://gist.githubusercontent.com/e7d/1f784339df82c57a43bf/raw/squid.sh
chmod +x /etc/init.d/squid
update-rc.d squid defaults
8. Preparing execution directories, make sure you have the log, cache, and spool directories and create the access control to those directories with the following command line!
mkdir /var/log/squid
mkdir /var/cache/squid
mkdir /var/spool/squid
chown proxy:proxy /var/log/squid
chown proxy:proxy /var/cache/squid
chown proxy:proxy /var/spool/squid
9.  Preparing execution files, go to /var/log/squid directory and create blank access.log,  cache.log  and store.log and give the access control to those files with the following command lines!
cd /var/log/squid
touch access.log cache.log store.log
chmod 755 access.log cache.log store.log
chown proxy:proxy access.log cache.log store.log
chown proxy:proxy /var/cache/squid && chmod 755 /var/cache/squid
10. You have ready to create cache swap directories “squid –z” and you can exit by pressing ctrl+c, then you diagnose the squid “squid –Nd1” and exit with ctrl+c. and you run squid service service squid start. Squid services will be run automatically when you start Ubuntu server.  At last you can check the access.log to monitor the access Squid proxy server.

squid –z
ctrl+c
squid -Nd1
ctrl+c
service squid start|stop|reload|force-reload|restart|status
tail -f /var/log/squid/access.log | ccze

B. Configuration of the Ubuntu Server Virtual Network System

This is especially for you who have built squid proxy server using vmware. Click edit > virtual network editor.  On virtual network editor select VMnet8 NAT, you can see DHCP setting with IP address range and on NAT settings you can see the gateway IP, this is the configuration of virtual NAT network system on VMware.
 
Make sure Ubuntu server has used this virtual NAT network system as shown like the left picture below! Meanwhile the main windows operating system use Vmware network adapter vmnet8 to be connected to the internal virtual NAT network system on Ubuntu server virtual machine as shown like the right picture below!


Now you can understand that ubuntu server use virtual NAT network system on VMware with internal DHCP server that will give an IP address 192.168.218.129 depending on the IP address range of dhcp settings to the ubuntu server virtual network system that should be using dhcp client system as show like the left picture below!


checking dhcp client that applied to the Ubuntu Server network system with this command line :
sudo nano /etc/network/interfaces
If you want to check the IP address 192.168.218.129 that was given by dhcp settings on VMware virtual NAT network system, you can use this command line:
ifconfig eth0
and to check dns server that used by Ubuntu server virtual machine, you can use this command line
sudo nano /etc/resolv.conf
Virtual NAT network system is Just like home network or internal network system that using dhcp server on your host computer system, the VM will use the gateway  IP such 192.168.218.2 and will be give the IP address 192.168.218.219 to the internal client system, in this case is Ubuntu server, but this IP address only shown by internal system include the main windows operating system that has IP address that is depending on Vmware network adapter vmnet8.

So IP address 192.168.218.219 ubuntu server, It is a static IP address that was given by dhcp VM, and it can not be accessed directly by the clients on local area network. Meanwhile squid 3.5.4 that was installed on Ubuntu server has the port 3128 that can be accessed from local area network using the IP address of the main windows operating system that connected to network directly.

In order to use squid 3.5.4 transparent proxy on ubuntu server VM on the main windows operating system you can set your browser to use this proxy server 192.168.218.129 : 3128 manually, and you can the access.log of squid 3.5.4 using this command line:
tail -f /var/log/squid/access.log | ccze
Share This Article :
Related Articles

71 comments :

  1. Thank's for sharing bro, but there are some question for U?
    1. How about store-id.pl on squid 3.5.4?
    2. Are you don't use this function? I use store-id for caching dynamic content for youtube and facebook on squid 3.5.4, but still missed.
    3. How the best configuration for store-id.pl, please explain here if you don't mind!
    Forgive me please, if my english not well.

    ReplyDelete
    Replies
    1. Thanks for such inspired comment bro! actually I have not yet to implement this, is this about https caching?

      Delete
    2. Yes, this is about https caching. Tell me, if you don't mind. How the best configuration for store-id.pl?

      Delete
    3. I think must be completed with ssl-bump, https connection is very related with ssl-certificates, so first of all make sure that ssl-bump configuration can run properly at first before using store-id.pl.

      Delete
  2. This article is really fantastic and thanks for sharing the valuable post.
    Signature:
    download descargar facebook and download free descargar facebook apk and baixar whatsapp , descargar whatsapp

    ReplyDelete
  3. mantap gan buat mikrotik feat unbuntu server ..........

    ReplyDelete
    Replies
    1. Thanks bro, atas support nya :) !

      Delete
    2. Download Now Is Released 3.5.5 how change code
      http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.4.tar.gz
      to
      http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.5.tar.gz

      And following the same code

      Delete
    3. This comment has been removed by the author.

      Delete
    4. tutorial di atas saya terapin menggunakan Microsoft Virtual PC...
      klu pakek vmware terlalu nyiksa komputer.......

      Delete
    5. pandai-pandai ngatur pcnya dong brow! :) memang VMware memakan banyak cpu resources untuk mengatasi ini saya memakai auslogic boostspeed premium, yang mengoptimalkan kinerja pc. Jd begini setelah jalan proxynya Vmware di minimize sehingga bekerja as background. Kemudian auslogic boostspeed premium akan mengatur kinerja software yang sedang aktif dan melakukan optimasi secara otomatis pada saat cpu tidak stress. Nah sampai sejauh VMware bisa bekerja dengan optimal pada main system. Gitu mas brow!

      Delete
    6. For Released 3.5.5 I guess not so different, it is most likely the same way, but I haven't try this yet

      Delete
    7. Ketut Agus Suardika
      Thanks for your contribution from Peru.
      But I have the following error:

      The following error was encountered while trying to retrieve the URL: /

      Invalid URL

      Some aspect of the requested URL is incorrect.

      Some possible problems are:

      Missing or incorrect access protocol (should be http:// or similar)

      Missing hostname

      Illegal double-escape in the URL-Path

      Illegal character in hostname; underscores are not allowed.

      Your cache administrator is agratitudesign.

      Help Please !!!!

      Delete
  4. Hi Dear, How if we don't need to configure all the machines on your LAN to connect to Squid manually? but still using proxy side of mikrotik with one NIC? I already try the above article, but still need to configure all the machine on the LAN side manualy.
    Thanks,

    ReplyDelete
  5. maksud dari tcp tunnel itu apa mas,,,

    ReplyDelete
  6. Hi Dear, How if we don't need to configure all the machines on your LAN to connect to Squid manually? but still using proxy side of mikrotik with one NIC? I already try the above article, but still need to configure all the machine on the LAN side manualy.
    Thanks,

    ReplyDelete
  7. i am install squid3.5.4 and Lusca Head and connect squid with microtik
    but Browser Message

    ------------------
    The following error was encountered while trying to retrieve the URL: /vb/showthread.php?t=17392

    Invalid URL

    Some aspect of the requested URL is incorrect.

    Some possible problems are:

    Missing or incorrect access protocol (should be "http://" or similar)

    Missing hostname

    Illegal double-escape in the URL-Path

    Illegal character in hostname; underscores are not allowed.
    ---------------------

    what slove ?????


    ReplyDelete
    Replies
    1. Seems like u need to setup the browser to use the proxy that you've made..the above article is not for transparent proxy, so we need to setup the browser to use the proxy manualy on client PC side. Hope will help you.

      Delete
  8. Hello, how to make it full transparent without need to setup browser manualy on client PC. Thanks

    ReplyDelete
  9. Hello, how to make it full transparent without need to setup browser manualy on client PC. Thanks

    ReplyDelete
  10. Hello, how to make it full transparent without need to setup browser manualy on client PC. Thanks
    and thanks

    ReplyDelete
    Replies
    1. try to use this, i never try it yet, if succed let me know...http://myconfigure.blogspot.com/2013/03/transparent-squid-332-on-ubuntu-1210.html

      Delete
  11. yeah..also waiting from admin for the solution for one NIC, if use 2 NIC just googling, there are article for that. But for one NIC still need help.

    ReplyDelete
    Replies
    1. i am used 2 nic what slove??

      Delete
    2. can try this link http://www.tuxgarage.com/2011/01/how-to-setup-transparent-proxy-with.html
      it's work

      Delete
    3. thank u
      but same massge
      ------------------
      The following error was encountered while trying to retrieve the URL: /vb/showthread.php?t=17392

      Invalid URL

      Some aspect of the requested URL is incorrect.

      Some possible problems are:

      Missing or incorrect access protocol (should be "http://" or similar)

      Missing hostname

      Illegal double-escape in the URL-Path

      Illegal character in hostname; underscores are not allowed.
      ---------------------

      Delete
  12. great article, I was very impressed about it, wish you would have stayed next share
    Signature:
    i like play games friv4 online and play games 2 girls Download baixar facebook movel

    ReplyDelete
  13. This comment has been removed by the author.

    ReplyDelete
  14. Bang Ketut Agus Suardika, sebelumnya Terima Kasih Banyak atas Ilmunya
    saya telah Ikuti tutorial semua dari awal sampai akhir dari penjelasan Abang,
    dan telah berhasil , tapi saya melalui Virtual Box.

    yang mau saya tanyakan, bagaimana caranya bang agar Squidnya bisa HIT Https ?
    dan bagimana Confignya, karena saya benar2 dari awam belajar Ubuntu dan Squid ini
    hanya tutorial dari abang yang bisa paham saya ikuti (setelah Googling sana sini).

    Sebelumnya Terima kasih Banyak Bang.

    ReplyDelete
  15. mas Ketut Agus Suardika, saya sudah ikuti tutorial mas, setelah di squid -z muncul pesan in

    squid -z
    2015/11/03 22:16:58| ERROR: Authentication helper program /usr/lib/squid/ncsa_auth: (2) No such file or directory
    FATAL: Authentication helper program /usr/lib/squid/ncsa_auth: (2) No such file or directory
    Squid Cache (Version 3.5.4): Terminated abnormally.
    CPU Usage: 0.036 seconds = 0.004 user + 0.032 sys
    Maximum Resident Size: 32816 KB
    Page faults with physical i/o: 0

    mohon pencerahan nya mas

    terimakasih

    ReplyDelete
  16. I have problems with this link:
    http://apps5.mineco.gob.pe/transferencias/gl/default.aspx
    I probe with version 3.3.8 y 3.5.4 squid without solution
    need help please.

    ReplyDelete
  17. buenas gracias por el aporte ... a quien le funciono realice todos los pasos y no cachea ni http

    ReplyDelete
  18. Thank you for such a sweet tutorial - all this time later, I've found it and love the end result. I appreciate the time you spent sharing your skills.
    Geometry Dash 2.0 | Papa Louie 2|Trollface Quest 2|Dr Driving| Sonic Dash |Square Quick | Monster High Games |

    ReplyDelete
  19. error
    /usr/lib/squid/ssl_crtd: Cannot create /var/lib/squid/ssl_db

    ReplyDelete
  20. Thank you for sharing valuable information. Nice post. I enjoyed reading this post.
    Descargar Geometry Dash |Descargar Geometry Dash 2.0 |Geometry Dash|Geometry Dash 2.0 |

    ReplyDelete
  21. This comment has been removed by the author.

    ReplyDelete
  22. wget http://e7d.github.io/resources/squid-lib.tar.gz
    --2016-02-20 12:25:58-- http://e7d.github.io/resources/squid-lib.tar.gz
    Resolving e7d.github.io (e7d.github.io)... 185.31.17.133
    Connecting to e7d.github.io (e7d.github.io)|185.31.17.133|:80... connected.
    HTTP request sent, awaiting response... 404 Not Found
    2016-02-20 12:25:58 ERROR 404: Not Found.

    please reupload the file squid-lib.tar.gz

    ReplyDelete
  23. how connected microtik
    roter=== squd == microtik

    ReplyDelete
    Replies
    1. Zoro, I write from Peru.
      Sorry for the English.
      I have the same problem:
      -------------------------------------------------- ---------------------------------
      The following Error was Encountered while trying to retrieve the URL: /
      Invalid URL
      Some aspect of the requested URL is incorrect.
      Some possible problems are:
      Missing or incorrect access protocol (Should be http: // or the like)
      Missing hostname
      Illegal double-escape in the URL-Path
      Illegal character in hostname; underscores are not allowed.
      Your cache administrator is webmaster.
      -------------------------------------------------- ---------------------------------
      My connection is:
      Router> MikroTik (Ether1)
      MikroTik (ether2)> Squid
      MikroTik (ether 3)> Switch

      I wonder if you managed to solve the problem friend.
      Please answer the message, thank you.

      Delete
  24. Dear Sirs,
    For those who have the following problem:
    -------------------
    The following error was Encountered while trying to retrieve the URL: /
    Invalid URL
    Some aspect of the requested URL is incorrect.
    Some possible problems are:
    Missing or incorrect access protocol (Should be http: // or the like)
    Missing hostname
    Illegal double-escape in the URL-Path
    Illegal character in hostname; underscores are not allowed.
    Your cache administrator is webmaster.
    -------------------

    The solution is as follows:
    http_port 3128 accel vhost allow-direct

    Saludos desde Perú !!!

    ReplyDelete
  25. When you're tired, you want to relax after a stressful working hours, you need to have time to take care of the kids active.
    Please visit our website and play exciting flash games.
    Thanks you for sharing!
    Friv 4

    ReplyDelete

  26. keep sharing your information regularly for my future reference. This content creates a new hope and inspiration with in me.
    SEO Training in Chennai

    ReplyDelete
  27. could it cache youtube and facebook ?

    ReplyDelete
  28. this is what i was looking for; thank you very much !

    ReplyDelete
  29. Wow amazing i saw the article with execution models you had posted. It was such informative. Really its a wonderful article. Thank you for sharing and please keep update like this type of article because i want to learn more relevant to this topic.

    Digital Marketing For Small Business in Chennai

    ReplyDelete
  30. como lo redirecciono con mikrotik

    ReplyDelete
  31. sir i install squid proxy on ubunto server vmware 10 but i access windows https website like google and youtube not cacheing the videos what i do

    ReplyDelete
  32. SwagBucks is a very recommended work from home site.

    ReplyDelete
  33. The blog or and best that is extremely useful to keep I can share the ideas. Age Of War 2
    Big Farm | Slitherio | Tank Trouble
    Of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
    Happy Wheels | Goodgeme Empire | Slither.io

    ReplyDelete
  34. thanks for this but i get this error after this line (make && make install) and i can't complete the install any Solution please

    http://s.pictub.club/2016/10/28/e9mCM.png

    ReplyDelete
  35. Hello:
    Please Configuration mikrotik ppoe or pptp Contact users and Cacheing Squid .

    Please email hasani468@gmail

    ReplyDelete
  36. Mostly people have all the same things when they are writing academic task or any other writing, especially light music most people like during the writing.

    subway surf , baixar subway surf, subway surf download , download subway surf

    ReplyDelete
  37. Thanks I have read your article, it is very interesting and exciting
    download go launcher, go launcher apk, go launcher , go launcher androi,

    ReplyDelete
  38. Mostly people have all the same things when they are writing academic task or any other writing, especially light music most people like during the writing.
    dream league soccer download , dream league soccer apk , download dream league soccer , dream league soccer

    ReplyDelete
  39. You need to have time to take care of the active. It in fact was a amusement account it. Look advanced to far added agreeable from you.

    baixar banana kong , banana kong , download banana kong , banana kong download , banana kong

    ReplyDelete
  40. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software. And after hours of work stress you can also

    tank trouble, tank trouble 2, tank trouble games, tank trouble

    ReplyDelete
  41. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software. And after hours of work stress you can also
    dr driving, dr driving baixar ,download dr driving, dr driving

    ReplyDelete

  42. The blog or and best that is extremely useful to keep I can share the ideas
    of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
    tanki online | 2048 game

    ReplyDelete
  43. This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.

    digital marketing company in india

    ReplyDelete
  44. Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write.
    Thanks for sharing !
    tanki online 2 | 2048 game online

    ReplyDelete
  45. I just see the post i am so happy the post of information's.So I have really enjoyed and reading your blogs for these posts.Any way I’ll be subscribing to your feed and I hope you post again soon.
    Flats Cleaning in Chennai

    ReplyDelete
  46. A nice article here, i think that people who have grown up with the idea of using computers are showing more responsibility towards writing posts that are thoughtful, do not have grammar mistakes and pertinent to the post..
    Office Interiors in Chennai
    Interior Decorators in Chennai

    ReplyDelete
  47. Taj Mahal is the beautiful monument and famous in all over world, It is basically famous for its entire beauty. It was build by shah jahan. all the structure made by white marble.

    Day Trip to taj mahal
    day trip to agra

    ReplyDelete
  48. I must say that this post is really very interesting to read and has lots of useful information. I personally loved it. It has really very use impressive knowledge. Thanks for sharing this amazing information.

    ReplyDelete
  49. thank for good post reply
    Welcome To Casino online Please Click the website
    thank you.
    gclub online
    gclub
    goldenslot

    ReplyDelete
  50. thanks for your post reply,welcome to gclub online casino all game click here please to join us now thank you.

    goldenslot casino
    บาคาร่าออนไลน์
    gclub casino


    ReplyDelete
  51. I really appreciate the information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in VMware TECHNOLOGY , kindly Contact MaxMunus
    MaxMunus Offer World Class Virtual Instructor-led training on TECHNOLOGY. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 1,00,000 + training in India, USA, UK, Australia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
    For Demo Contact us.
    Pratik Shekhar
    MaxMunus
    E-mail: pratik@maxmunus.com
    Ph:(0) +91 9066268701
    www.MaxMunus.com

    ReplyDelete
  52. Covered all the aspects that matters to us. A proper balanced approach taking into account all these points will certainly ensure everything.

    Ethernet Cables

    ReplyDelete

Back to Top