Pirate Things / Howto DIY: Personal Cache service/server with Authentication
Pirate Things</a>

Oh! Proxies! Everyone loves those. Except for when they're abused, so please don't do that.

In this tutorial I'll be going over how to setup squid to create a cache and proxy server (with authentication). Typically, one may only use one or the other, but in this particular scenario we want to open it to the web--passwords, at least the least are highly recommended to keep unwanted parties away.

Possible reasons for wanting a proxy/cache server

Speed

While your Internet may very well be fast as ever, it may still be processing more information than required. A "cache server" grants your Internet and sometimes PC a few more moments of relaxation as it's no longer dialing out to many locations. Your Internet and PC are also loading requests locally, shortening the time it takes to process already visited websites. The most important objects in my opinion to cache are images.

We load a lot of images today. Backgrounds, avatars, general profile pictures, thumbnails of said pictures and enlarged versions when we view at high resolution and finally... videos!

A little privacy

Proxies don't offer full privacy. In fact, not even a VPN (virtual private network) does if it's used wrong, and the same goes for a proxy. However, if you're wanting to filter ads or cache objects, it's either going to be from a local machine in your house or one afar. In this case, I'm using Vultr (affiliate link (it helps support this site if you use it)) which displays a leased IP instead of my home IP when I visit websites. This doesn't mean I'm necessarily looking to hide my activity, but rather make use of the virtual server and serve websites. The same setup may be applied on the same desktop you're using (most likely).

Specs:

It's assumed that: You already have Ubuntu setup, ssh running and you're operating with a basic understanding of using the command line. If no basic understanding, don't worry--I don't know what I'm doing either! You're more than welcome to join my Discord community, maybe someone there will be able to help.

Installs

"Squid" is the cache server. It holds all objects for awhile and whenever you revisit a website, squid tries its best to match the data. This shortens the amount of time it takes load pages as your PC is mostly dialing to squid (one location).

In a terminal:

sudo apt update
sudo apt install squid htpasswd

Followed by erasing and creating a new squid configuration:

sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.bk
sudo nano /etc/squid/squid.conf

You can feel free to erase everything there to input:

# Auth via basic
#
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged>
acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16         # RFC 1918 local private network (LAN)
acl localnet src fc00::/7               # RFC 4193 local private network range
acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged>

# me
acl custom_IPs src "/etc/squid/IPs.txt"
http_access allow custom_IPs

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

include /etc/squid/conf.d/*

http_access allow localhost

http_access deny all

http_port 3128

coredump_dir /var/spool/squid
cache_dir ufs /var/spool/squid 100 16 256

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims

refresh_pattern .               0       20%     4320

forwarded_for delete

The above configuration is incredibly simple (aka, use with caution). Please feel free to tweak it and give me some pointers on improving it.

A few things to note:

On line 18 "acl custom_IPs src "/etc/squid/IPs.txt"." This tell us only addresses in this text file are allowed to connect. Grab your IP at formyip dot com or some other source and input into a text file called IPs in /etc/squid:

sudo echo "your.ip" > IPs.txt

The very top lines are describing only those with passwords may logon:

# Auth via basic
#
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

I left the "passwords" file directly in /etc/squid, done as so:

sudo htpasswd -c passwords usernamehere

If you want to add more users, don't use the -c option.

Prepare squid to run on its own:

sudo service squid stop
sudo service squid start

That's it! You should now be able to configure your application to use squid on port 3128 with the desired credentials. For example, in Firefox -> Menu -> Options -> General -> all the way at the bottom under Network -> Settings:

As an added layer, configuring firewall rules to only allow your IP to your server may be warranted. I'll try to go over this in the next one regarding why proxies are still useful.

Thank you for reading!