Squid proxy server Installation and Configuration
This week I needed to investigate and fix some bugs that customers behind proxy servers were experiencing in Octopus Deploy. I didn't have easy access to a proxy server, so I decided to set one up using Squid, an open source web proxy server. I've seen Squid used in many shops before but this is the first time I'd ever configured it.
I use Windows 8 day to day, and although Squid appears to work on Windows, I wanted to set this up in a clean environment. So I created a new virtual machine in Hyper-V, and installed Ubuntu Server 12.10. I worked through the installation guide, selecting the keyboard layout, timezone, and so on. When prompted for packages, I only chose to install OpenSSH server.
I started by installing Squid:
sudo apt-get install squid
This actually installed Squid 3.1.20, so my Squid configuration file was located at /etc/squid3/squid.conf.
Next, I tested whether Squid worked out of the box. I used ifconfig to find out my VM's IP address, then opened that in a browser on port 3128. I was given a page that said Squid at the bottom, so that's a good sign.
Setting up a password file
Squid has a ton of options for authentication. Since I'm just testing proxy server authentication, I went with a simple NCSA-style username and password configuration. First I installed apache2-utils to get access to htpasswd:
sudo apt-get install apache2-utils
Next I created a file called users in my Squid configuration folder, with a user named paul.
sudo htpasswd -c /etc/squid3/users paul
And I made sure Squid could read that file:
sudo chmod o+r /etc/squid3/users
Configuring Squid to use NCSA authentication module
The different authentication modules are distributed as binaries that come with Squid, and to configure them you have to know where they are located. This command listed their locations:
dpkg -L squid3 | grep ncsa_auth
For me the output was /usr/lib/squid3/ncsa_auth.
To enable the module, I opened the Squid configuration file in vi:
sudo vi /etc/squid3/squid.conf
I searched for the text TAG: auth_param to find where the authentication module is configured. Next I added the following configuration:
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/users auth_param basic children 5 auth_param basic realm Paul's Squid! auth_param basic credentialsttl 2 hours auth_param basic casesensitive off
Next, I needed to add the ACL to give the users access. I searched for TAG: acl in the Squid configuration file and added this ACL to the list:
acl ncsa_users proxy_auth REQUIRED
Then I searched for TAG: http_access to find where HTTP access rules are configured. Scrolling down, there's a section where you can insert your own rules. I added:
http_access allow ncsa_users
Finally, I restarted Squid:
sudo service squid3 restart
And bam! After configuring the proxy settings, I was prompted for proxy credentials:
I could have just used Fiddler
Not long after this, I discovered that Fiddler (which acts as a proxy) can require authentication. It's as simple as checking Rules -> Require Proxy Authentication. D'oh!