Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

How to install a Squid server

Squid is a filtering and caching mechanism for web servers that can optimise bandwidth and performance. For more information about Squid proxy servers, refer to this guide.

Install Squid

At a terminal prompt, enter the following command to install the Squid server:

sudo apt install squid

Configure Squid

Squid is configured by editing directives in the /etc/squid/squid.conf configuration file. The following examples illustrate a sample of directives that can be modified to configure the Squid server’s behavior. For more in-depth configuration details, see the links at the bottom of the page.

Protect the original config file

Before editing the configuration file, you should make a copy of the original and protect it from writing. You will then have the original settings as a reference, and can reuse it when needed. Run the following commands to make a copy of the original configuration file and protect it from being written to:

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original
sudo chmod a-w /etc/squid/squid.conf.original

Change TCP port

To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the http_port directive as such:

http_port 8888

Set the hostname

Change the visible_hostname directive to give the Squid server a specific hostname. This hostname does not need to be the same as the computer’s hostname. In this example it is set to weezie:

visible_hostname weezie

Configure on-disk cache

The default setting is to use on-memory cache. By changing the cache_dir directive you can configure use of an on-disk cache. The cache_dir directive takes the following arguments:

cache_dir <Type> <Directory-Name> <Fs-specific-data> [options]

In the config file you can find the default cache_dir directive commented out:

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

You can use the default option but you can also customise your cache directory, by changing the <Type> of this directory. It can be one of the following options:

  • ufs: This is the common Squid storage format.
  • aufs: Uses the same storage format as ufs, using POSIX-threads to avoid blocking the main Squid process on disk-I/O. This was formerly known in Squid as async-io.
  • diskd: Uses the same storage format as ufs, using a separate process to avoid blocking the main Squid process on disk-I/O.
  • rock: This is a database-style storage. All cached entries are stored in a “database” file, using fixed-size slots. A single entry occupies one or more slots.

If you want to use a different directory type please take a look at their different options.

Access control

Using Squid’s access control, you can configure use of Squid-proxied Internet services to be available only to users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192.168.42.0/24 subnetwork only:

  • Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file:

    acl fortytwo_network src 192.168.42.0/24
    
  • Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file:

    http_access allow fortytwo_network
    

Using Squid’s access control features, you can configure Squid-proxied Internet services to only be available during normal business hours. As an example, we’ll illustrate access by employees of a business which is operating between 9:00AM and 5:00PM, Monday through Friday, and which uses the 10.1.42.0/24 subnetwork:

  • Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file:

    acl biz_network src 10.1.42.0/24
    acl biz_hours time M T W T F 9:00-17:00
    
  • Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file:

    http_access allow biz_network biz_hours
    

Restart the Squid server

After making any changes to the /etc/squid/squid.conf file, you will need to save the file and restart the squid server application. You can restart the server using the following command:

sudo systemctl restart squid.service

Note:
If a formerly customised squid3 was used to set up the spool at /var/log/squid3 to be a mountpoint, but otherwise kept the default configuration, the upgrade will fail. The upgrade tries to rename/move files as needed, but it can’t do so for an active mountpoint. In that case you will need to adapt either the mountpoint or the config in /etc/squid/squid.conf so that they match.
The same applies if the include config statement was used to pull in more files from the old path at /etc/squid3/. In those cases you should move and adapt your configuration accordingly.

Further reading

This page was last modified 7 months ago. Help improve this document in the forum.