Ok, we have already told you how to set up a VPN in minutes so how about another tutorial on how to set up your own elite private proxy using CentOS and Squid. The proxy will be fully password protected so only authenticated users can use it.
Please note that this tutorial is aimed at CentOS 64bit versions, we are using version 7 – this will work on other distros but you will have to alter the commands you use, for example instead of ‘yum‘ on Debian you would use ‘apt-get‘.
The private proxies we set up for this tutorial was created on a Digital Ocean droplet.
Right, with that out of the way, fire up your VPS, log in via SSH and type the following:
Firstly update the VPS and install the prerequisites for installing Squid
Unzip PUTTY and open aplication , enter your SERVER IP ADDRESS and click OPEN. Enter your USERNAME(root) and PASSWORD and follow next steps in order to change your PASSWORD. Once we have done this, we will need to update all of the different packages.
yum -y update
STEP 2: Install HTTP Server Tools
Once all of the packages are updated, we need to install HTTP Server tools:
yum install httpd-tools
STEP 3: Install Nano Text Editor and Squid Proxy
Now we need to install Nano text editor and Squid Proxy Server:
yum install -y nano squid
STEP 4: Edit Squid Config file
When the Squid is installed, are going to create backup of configuration file.
cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
Now we can edit our Squid config file with Nano text editor:
nano /etc/squid/squid.conf
Clear everything in this file ( Hold CTRL+K), and paste following:
PLEASE CHANGE YOUR PERSONAL IP ADDRESS AND SERVER IP ADDRESS IN CODE
#A Port you would like to use http_port 3128 acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|?) 0 0% 0 refresh_pattern . 0 20% 4320 #Your Personal IP to allow without authentication acl myclients src ###.##.##.### #Allow this IP without authentication http_access allow myclients #If you are on a 32 bit machine, remove the 64 from /lib64/ auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_access auth_param basic childred 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl ncsaauth proxy_auth REQUIRED http_access allow ncsaauth forwarded_for off #Enter your servers IP here. acl ip1 myip ###.##.##.### tcp_outgoing_address ###.##.##.### ip1 request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all #Allocate 3GB for Caching cache_dir ufs /var/spool/squid 3000 16 256 #Maximum Cache Object 1GB maximum_object_size 1024 KB #Use 1GB RAM for Cache cache_mem 1024 MB
Save file by clicking CTRL+O, then ENTER. After that just exit by clicking CTRL+X
If need the server allow access from all, no need user autheticated. Replace this :
http_access allow ncsaauth
to
http_access allow all
STEP 5: Generate cachhe directory
We need to generate our cache directories and enable squid to start when we boot the server.
squid -z
chkconfig squid on
STEP 6: Create Proxy Username and Password
Add user for our proxy. Change USER to the username you would like to use.
touch /etc/squid/squid_access; htpasswd /etc/squid/squid_access USER
You will be asked to create a password for USER
STEP 7: FINISH
Start Squid server
service squid start
We will tail our incoming connections, just to see that everything works fine
tail -F /var/log/squid/access.log
NOW TEST YOUR PROXY IN FORMAT:
SERVERIP:PORT:PROXYUSER:PROXYPASSWORD
etc 192.168.100.111:3128:bhw:5213
Source from fatboy in BHW