Installing a Squid proxy server on Ubuntu 12.10 with NCSA authentication
This week I needed to investigate and fix some bugs that customers behind proxy servers were experiencing in Octopus Deploy. I didn't have easy access to a proxy server, so I decided to set one up using Squid, an open source web proxy server. I've seen Squid used in many shops before but this is the first time I'd ever configured it.
Getting started
I use Windows 8 day to day, and although Squid appears to work on Windows, I wanted to set this up in a clean environment. So I created a new virtual machine in Hyper-V, and installed Ubuntu Server 12.10. I worked through the installation guide, selecting the keyboard layout, timezone, and so on. When prompted for packages, I only chose to install OpenSSH server.
Installing Squid
I started by installing Squid:
sudo apt-get install squid
This actually installed Squid 3.1.20, so my Squid configuration file was located at /etc/squid3/squid.conf.
Next, I tested whether Squid worked out of the box. I used ifconfig to find out my VM's IP address, then opened that in a browser on port 3128. I was given a page that said Squid at the bottom, so that's a good sign.
Setting up a password file
Squid has a ton of options for authentication. Since I'm just testing proxy server authentication, I went with a simple NCSA-style username and password configuration. First I installed apache2-utils to get access to htpasswd:
sudo apt-get install apache2-utils
Next I created a file called users in my Squid configuration folder, with a user named paul.
sudo htpasswd -c /etc/squid3/users paul
And I made sure Squid could read that file:
sudo chmod o+r /etc/squid3/users
Configuring Squid to use NCSA authentication module
The different authentication modules are distributed as binaries that come with Squid, and to configure them you have to know where they are located. This command listed their locations:
dpkg -L squid3 | grep ncsa_auth
For me the output was /usr/lib/squid3/ncsa_auth.
To enable the module, I opened the Squid configuration file in vi:
sudo vi /etc/squid3/squid.conf
I searched for the text TAG: auth_param to find where the authentication module is configured. Next I added the following configuration:
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/users
auth_param basic children 5
auth_param basic realm Paul's Squid!
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Next, I needed to add the ACL to give the users access. I searched for TAG: acl in the Squid configuration file and added this ACL to the list:
acl ncsa_users proxy_auth REQUIRED
Then I searched for TAG: http_access to find where HTTP access rules are configured. Scrolling down, there's a section where you can insert your own rules. I added:
http_access allow ncsa_users
Restart Squid
Finally, I restarted Squid:
sudo service squid3 restart
And bam! After configuring the proxy settings, I was prompted for proxy credentials:
I could have just used Fiddler
Not long after this, I discovered that Fiddler (which acts as a proxy) can require authentication. It's as simple as checking Rules -> Require Proxy Authentication. D'oh!
Sources
The following guides were very useful in getting this working. The main differences I found was that when I installed Squid, I got Squid 3.1.20, while the guides appear to use an older version.
- https://help.ubuntu.com/12.10/serverguide/squid.html
- http://wiki.squid-cache.org/Features/Authentication#HowdoIuseauthenticationinaccess_controls.3F
- http://www.squid-cache.org/Doc/man/
- http://www.cyberciti.biz/tips/linux-unix-squid-proxy-server-authentication.html
Hello, I'm Paul Stovell
I'm a Brisbane-based software developer, and founder of Octopus Deploy, a DevOps automation software company. This is my personal blog where I write about my journey with Octopus and software development.
I write new blog posts about once a month. Subscribe and I'll send you an email when I publish something new.
Subscribe
Comments