How to Set Up Proxy Server on Linux

Configuring a Proxy on the Client

Setting Environment Variables

The goal of environment variables is to tell your system where to find certain settings, programs, or files. When it comes to proxies, setting up environment variables helps applications like curl, wget, or browsers determine which proxy to use. The procedure for setting up environment variables for the different operating systems varies. Let’s explore the setup process for each SO below; 

macOS/Linux command

Using your macOS or linux machine terminal, run these commands: 

Temporary Sessions

export http_proxy=http://username:password@proxy-server:port
export https_proxy=http://username:password@proxy-server:port

Permanent Session

echo 'export http_proxy="http://username:password@proxy-server:port"' >> ~/.bashrc
echo 'export https_proxy="http://username:password@proxy-server:port"' >> ~/.bashrc
source ~/.bashrc

Where: 

• Username and password are your proxy login credentials (if you choose to use authentication)
• Proxy server is the proxy IP address
• Port is the proxy port number

If you are using a Mac, replace .bashrc with .zshrc

Windows Command

On your Windows machine, run these commands using the Windows command prompt: 

setx HTTP_PROXY "http://username:password@proxy-server:port"
setx HTTPS_PROXY "http://username:password@proxy-server:port"

Installing a Proxy in APT (Debian/Ubuntu)

Step 1: Create the APT configuration file using nano

Run this command in your terminal to create the configuration using the nano editor. 

sudo nano /etc/apt/apt.conf.d/95proxies

Step 2: Add the proxy setting to your configuration file

If you intend to use a proxy without authentication, add the following text to the configuration file: 

Acquire::http::Proxy "http://proxy-server:port/";
Acquire::https::Proxy "http://proxy-server:port/";

If authentication is a requirement, you will need to make a few changes to the above text as shown below. 

Acquire::http::Proxy "http://username:password@proxy-server:port/";
Acquire::https::Proxy "http://username:password@proxy-server:port/";

Step 3: Save file

Press CTRL+O, ENTER, then CTRL+X to save the file and exit the nano editor. After saving this file, you can run the cat /etc/apt/apt.conf.d/95proxies command to view the file and confirm that it has all the text as required. 

Step 4: Install The Proxy

Run these commands in terminal

sudo apt update
sudo apt install squid -y

Tips to avoid mistakes

• Always run sudo apt update first
• If the installation fails, consider checking your internet connection
• Double check the syntax before running the commands
• Make sure to copy the commands the way they are with all the commas, quotes, and other characters included. 

Configuring a Proxy Server (Squid)

Installing Squid

Installing Squid, will use different commands depending on your distribution. Here are the installation commands for some of the most common distributions. 

Installing Squid on Ubuntu/Debian

Open terminal and run these commands: 

sudo apt update
sudo apt install squid -y

Installing Squid on CentOS/RHEL

Open your terminal and run these command: 

sudo yum install squid -y

To check if the squid installation was successful on any of the above distributions, run the squid -v command. 

Basic Squid Configuration

After installing squid, you will need to make a couple of configurations to ensure everything works as expected. These are the simple configuration steps: 

Step 1: Open the configuration file

Run the sudo nano /etc/squid/squid.conf command to open the file. 

Step 2: Add the basic configurations

Once the file opens, scroll to the bottom and add the text below:

http_port 3128

# Allow local network

acl localnet src 192.168.1.0/24

http_access allow localnet

# Deny all other traffic

http_access deny all

Please note that 192.168.1.0/24 is the IP range for your network. So, make sure you replace it with your actual network IP range. After adding the basic configurations to the file, press CTRL+O → ENTER → CTRL+X to save the file and exit the nano editor. 

Step 3: Check for errors and Restart Squid

Run the sudo squid -k parse command to check for any errors in the squid configurations. If there are no errors, run the sudo systemctl restart squid command to restart Squid. Restarting applies the above changes.  

Checking the Proxy Server

Testing the Proxy Server Locally Using wget and curl

After making the installation and the necessary configurations, it is now time to check if the proxy server actually works. Use the curl and wget commands below to test the server: 

curl -x http://localhost:3128 https://google.com
wget -e use_proxy=yes -e http_proxy=http://localhost:3128 http://google.com 

Verify Logs

Run the sudo tail -f /var/log/squid/access.log to verify the logs. If everything worked as expected, you should observe google.com traffic passing through the proxy server. 

Troubleshooting & Security Tips

Here are some tips to fix common errors: 

• Server not working in terminal: To fix this, check environment variables to ensure they are well configured.
• APT failure after setting proxy: Ensure to always run the apt update command first. Also check the syntax for any mistakes
• Squid does not work: Check syntax and restart the service using the sudo systemctl restart squid command. 
• Proxy not accessible on other devices: Make sure the port 3128 is open. Check the squid.conf file to confirm. 

Some security tips to remember: 

• In your squid.conf file, make sure only trusted networks are allowed. Deny everything else 
• Fore more security, add the requirement to login before using the proxy
• Always monitor your squid logs for any signs of unauthorized access

Final Thoughts

This article has covered everything you need to know to successfully install a proxy server on your Linux machine. When following the steps, make sure to copy the commands correctly to avoid getting errors due to wrong syntax. Also, understand each step, as this can help in troubleshooting if anything goes wrong. But most importantly, follow the security tips we recommended, especially using the write ACLs to avoid anyone getting unauthorized access to your proxy.