your elite proxy server -

Tutorial how to make your own us elite private proxy

Ok, we have already told you how to set up a VPN in minutes so how about another tutorial on how to set up your own elite private proxy using CentOS and Squid. The proxy will be fully password protected so only authenticated users can use it.

Please note that this tutorial is aimed at CentOS 64bit versions, we are using version 7 – this will work on other distros but you will have to alter the commands you use, for example instead of ‘yum‘ on Debian you would use ‘apt-get‘.

The private proxies we set up for this tutorial was created on a Digital Ocean droplet.

Right, with that out of the way, fire up your VPS, log in via SSH and type the following:

Firstly update the VPS and install the prerequisites for installing Squid

STEP 1: Putty Login
Unzip PUTTY and open aplication , enter your SERVER IP ADDRESS and click OPEN. Enter your USERNAME(root) and PASSWORD and follow next steps in order to change your PASSWORD. Once we have done this, we will need to update all of the different packages.

yum -y update

STEP 2: Install HTTP Server Tools
Once all of the packages are updated, we need to install HTTP Server tools:

yum install httpd-tools

STEP 3: Install Nano Text Editor and Squid Proxy
Now we need to install Nano text editor and Squid Proxy Server:

yum install -y nano squid

STEP 4: Edit Squid Config file
When the Squid is installed, are going to create backup of configuration file.

cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

Now we can edit our Squid config file with Nano text editor:

nano /etc/squid/squid.conf

Clear everything in this file ( Hold CTRL+K), and paste following:

#A Port you would like to use
http_port 3128

acl manager proto cache_object
acl localhost src ::1
acl to_localhost dst ::1
acl localnet src # RFC1918 possible internal network
acl localnet src # RFC1918 possible internal network
acl localnet src # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access allow localhost
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
#Your Personal IP to allow without authentication
acl myclients src ###.##.##.### 
#Allow this IP without authentication 
http_access allow myclients 

#If you are on a 32 bit machine, remove the 64 from /lib64/
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_access 
auth_param basic childred 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth
forwarded_for off

#Enter your servers IP here.
acl ip1 myip ###.##.##.### 
tcp_outgoing_address ###.##.##.### ip1 

request_header_access Allow allow all 
request_header_access Authorization allow all 
request_header_access WWW-Authenticate allow all 
request_header_access Proxy-Authorization allow all 
request_header_access Proxy-Authenticate allow all 
request_header_access Cache-Control allow all 
request_header_access Content-Encoding allow all 
request_header_access Content-Length allow all 
request_header_access Content-Type allow all 
request_header_access Date allow all 
request_header_access Expires allow all 
request_header_access Host allow all 
request_header_access If-Modified-Since allow all 
request_header_access Last-Modified allow all 
request_header_access Location allow all 
request_header_access Pragma allow all 
request_header_access Accept allow all 
request_header_access Accept-Charset allow all 
request_header_access Accept-Encoding allow all 
request_header_access Accept-Language allow all 
request_header_access Content-Language allow all 
request_header_access Mime-Version allow all 
request_header_access Retry-After allow all 
request_header_access Title allow all 
request_header_access Connection allow all 
request_header_access Proxy-Connection allow all 
request_header_access User-Agent allow all 
request_header_access Cookie allow all 
request_header_access All deny all

#Allocate 3GB for Caching
cache_dir ufs /var/spool/squid 3000 16 256 
#Maximum Cache Object 1GB
maximum_object_size 1024 KB 
#Use 1GB RAM for Cache 
cache_mem 1024 MB

Save file by clicking CTRL+O, then ENTER. After that just exit by clicking CTRL+X

If need the server allow access from all, no need user autheticated. Replace this :

http_access allow ncsaauth


http_access allow all

STEP 5: Generate cachhe directory
We need to generate our cache directories and enable squid to start when we boot the server.

squid -z
chkconfig squid on

STEP 6: Create Proxy Username and Password
Add user for our proxy. Change USER to the username you would like to use.

touch /etc/squid/squid_access; htpasswd /etc/squid/squid_access USER

You will be asked to create a password for USER


Start Squid server

service squid start

We will tail our incoming connections, just to see that everything works fine

tail -F /var/log/squid/access.log




Source from fatboy in BHW

Leave a Reply

Your email address will not be published. Required fields are marked *