Squid is a high-performance caching proxy server for web clients, supporting HTTP, HTTPS, and FTP. It optimizes web delivery and improves response times by caching frequently requested web pages. This guide will walk you through installing and configuring Squid on Ubuntu Server, setting it up as a transparent proxy, and optimizing the settings for the best user browsing experience.

Prerequisites

Before starting, ensure you have the following:

  • A machine running Ubuntu Server
  • Root or sudo access
  • Basic knowledge of using the terminal

Step-by-Step Guide

1. Install Squid Proxy Server

First, update your package list and install Squid:

sudo apt update
sudo apt install squid

2. Configure Squid as a Transparent Proxy

To set up Squid as a transparent proxy, you need to modify the Squid configuration file.

Open the Squid configuration file:

sudo nano /etc/squid/squid.conf

Add the following lines to configure Squid as a transparent proxy:

http_port 3128 transparent
http_access allow all

3. Configure Network Address Translation (NAT)

You need to configure your firewall to redirect HTTP traffic to the Squid proxy server.

Assuming you are using iptables:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
sudo iptables-save

Replace eth0 with the name of your network interface.

4. Optimize Squid Configuration

Optimizing Squid involves configuring settings such as refresh_pattern, cache_dir, cache_replacement_policy, and memory_replacement_policy.

Refresh Pattern

The refresh_pattern directive controls how often Squid checks for updates to cached content.

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

Cache Directory

Configure the cache directory where Squid stores cached objects. Adjust the size according to your available disk space.

cache_dir ufs /var/spool/squid 10000 16 256
  • 10000 is the size of the cache directory in MB.
  • 16 256 are the number of first-level and second-level directories.

Cache Replacement Policy

Set the cache replacement policy to heap LFUDA for a balance between efficiency and hit ratio.

cache_replacement_policy heap LFUDA

Memory Replacement Policy

Set the memory replacement policy to heap GDSF to make the most of the available memory.

memory_replacement_policy heap GDSF

5. Complete Squid Configuration

Combine all the configurations in the Squid configuration file (/etc/squid/squid.conf):

http_port 3128 transparent

# Access control
http_access allow all

# Caching options
cache_dir ufs /var/spool/squid 10000 16 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

# Refresh patterns
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

# Log options
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none

# DNS options
dns_v4_first on

6. Restart Squid Service

After making the changes, restart the Squid service to apply the new configuration:

sudo systemctl restart squid

7. Verify Squid Operation

To verify that Squid is running correctly, check its status:

sudo systemctl status squid

You can also check the access logs to ensure traffic is being proxied:

tail -f /var/log/squid/access.log

Conclusion

By following this guide, you have installed and configured Squid Proxy Server on Ubuntu, set it up as a transparent proxy, and optimized the configuration for the fastest browsing experience. Squid not only enhances the speed of web browsing by caching frequently accessed content but also helps in reducing bandwidth usage and improving overall network performance. Regularly monitor and adjust the configuration settings to ensure optimal performance and adapt to your network’s evolving needs.

By 9M2PJU

Amateur radio operator from Malaysia

Leave a Reply

Your email address will not be published. Required fields are marked *