Proxy Server setup with EC2 Instance using squid service

Prabhu February 27, 2023

 Overview

Proxy servers supported two ways of configuration, one is supporting Proxy URI, Which does not require any proxy username and password. another one is Proxy URI with Basic Proxy auth, which requires a proxy username and password to connect the authentication.

Using Only Proxy URI :

Step 1: Create an ec2 instance manually

Step 2: SSH into the ec2 instance, and Install the Squid plugin on the ec2 server using this command [yum -y install squid]



Step 3: Goto the squid configuration file(/etc/squid/ squid.conf) and use this configuration instead of the default one.





1acl localnet src 0.0.0.1-0.255.255.255 2acl localnet src 10.0.0.0/8 3acl localnet src 100.64.0.0/10 4acl localnet src 169.254.0.0/16 5acl localnet src 172.16.0.0/12 6acl localnet src 192.168.0.0/16 7acl all src all 8acl localnet src fc00::/7 9acl localnet src fe80::/10 10acl SSL_ports port 443 11acl Safe_ports port 80 12acl Safe_ports port 21 13acl Safe_ports port 443 14acl Safe_ports port 70 15acl Safe_ports port 210 16acl Safe_ports port 1025-65535 17acl Safe_ports port 280 18acl Safe_ports port 488 19acl Safe_ports port 591 20acl Safe_ports port 777 21acl CONNECT method CONNECT 22http_access deny !Safe_ports 23#http_access deny CONNECT !SSL_ports 24http_access allow localhost manager 25http_access deny manager 26 27http_access allow localhost 28http_access allow all 29http_port 3128 30#http_port 8080 transparent 31visible_hostname weezie 32debug_options ALL,6 33coredump_dir /var/spool/squid 34refresh_pattern ^ftp: 1440 20% 10080 35refresh_pattern ^gopher: 1440 0% 1440 36refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 37refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims 38refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims 39refresh_pattern \/InRelease$ 0 0% 0 refresh-ims 40refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims 41refresh_pattern . 0 20% 4320 42 43

 

Step 4: Save the file, restart the squid sudo service squid restart or sudo systemctl restart squid

Step 5: Log in to your ec2 server, and export the variables:

export https_proxy=http://<Proxy IP>:<Proxy Port>
export http_proxy=http://<Proxy IP>:<Proxy Port>

Example: export http_proxy=http://ip-10-13-59-44.com:3128


Using Proxy URI with Proxy Username + Password

Step 1: Create an ec2 instance manually or use Jenkins

Step 2: SSH into the ec2 server, and Install Squid proxy on the ec2 server using this command (yum -y install squid)



Step 3:Create a password file and run the below command
sudo touch /etc/squid/password

Step 4:Create the username and password running the following command, and fill in the password fields when required, as shown in the screenshot.
sudo htpasswd -c /etc/squid/password linuxhint


If htpasswd is not found, Then we need to install the htpasswd following this command yum install httpd-tools, Once it is installed, follow step 4.

Step 5: Goto the squid configuration file(/etc/squid/ squid.conf) and use this configuration instead of the default one.

1auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/password 2auth_param basic realm proxy 3acl auth proxy_auth REQUIRED 4 5 6acl localnet src 0.0.0.1-0.255.255.255 7acl localnet src 10.0.0.0/8 8acl localnet src 100.64.0.0/10 9acl localnet src 169.254.0.0/16 10acl localnet src 172.16.0.0/12 11acl localnet src 192.168.0.0/16 12acl all src all 13acl localnet src fc00::/7 14acl localnet src fe80::/10 15acl SSL_ports port 443 16acl Safe_ports port 80 17acl Safe_ports port 21 18acl Safe_ports port 443 19acl Safe_ports port 70 20acl Safe_ports port 210 21acl Safe_ports port 1025-65535 22acl Safe_ports port 280 23acl Safe_ports port 488 24acl Safe_ports port 591 25acl Safe_ports port 777 26acl CONNECT method CONNECT 27http_access deny !Safe_ports 28#http_access deny CONNECT !SSL_ports 29http_access allow localhost manager 30http_access deny manager 31 32http_access allow localhost 33http_access allow auth 34http_port 3128 35#http_port 8080 transparent 36visible_hostname weezie 37debug_options ALL,6 38coredump_dir /var/spool/squid 39refresh_pattern ^ftp: 1440 20% 10080 40refresh_pattern ^gopher: 1440 0% 1440 41refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 42refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims 43refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims 44refresh_pattern \/InRelease$ 0 0% 0 refresh-ims 45refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims 46refresh_pattern . 0 20% 4320 47 48

Step 6: Save the file, restart the squid sudo service squid restart or sudo systemctl restart squid

Step 5: Log in to your ec2 server , and export the variables:




export https_proxy=http://<Proxy IP>:<Proxy Port>
export http_proxy=http://<Proxy IP>:<Proxy Port>

Example: export http_proxy=http://ip-10-13-59-44.com:3128

Troubleshooting

1. /usr/lib/squid/basic_ncsa_auth: (2) No such file or directory
check whether basic_ncsa_auth is available or not, If it's not available, check the lib64 folder, then replace the path in squid.conf file.

Prabhu

Posted by Prabhu

Comments