Build Squid 5 on Ubuntu 20.04 Linux from Source

We build Squid Version 5 from source (Git) on Ubuntu Linux and show some basic examples on how to use it.

updated: Jun 30, 2021

Overview

The Squid caching proxy is an excellent, long established open source project with an active mail list. Aside from the core proxy and cache functionality, Squid is also great for managing, filtering, & analyzing HTTP and HTTPS accesses. An example of this is using a content filter to either rewrite or redirect URLs, and a typical application for this is blocking tracking sites and objectionable content, such as porn. If you're interested in this application, you may want to review our article Basic Python Squid Redirector / Rewriter for Content Filtering / Ad blocking for an example implementation.

Install from Source

Squid can be installed on Ubuntu using apt, but we want to experiment with the configuration options and source, so we build it from its repository on Github

Below we clone the Squid repo and build the latest from the beta version 5 branch.

$ cd /build  # this is where we build our code
$ git clone https://github.com/squid-cache/squid.git squid
Cloning into 'squid'...

$ cd squid
$ git branch -r
  origin/HEAD -> origin/master
  ...
  origin/v3.5
  origin/v4
  origin/v5

$ git checkout v5
Branch 'v5' set up to track remote branch 'v5' from 'origin'.
Switched to a new branch 'v5'

$ ./bootstrap.sh 
automake (1.16.1) : automake
autoconf (2.69) : autoconf
libtool  (2.4.6) : libtool
libtool path : /usr/bin
Bootstrapping 
parallel-tests: installing 'cfgaux/test-driver'
Fixing configure recursion
Autotool bootstrapping complete.

$ mkdir build; cd build
$ pwd
/build/squid/build

Now it's time to configure our build. Note that there are many available configuration options, and a good starting point to exploring them is configure --help.

$ ../configure --prefix=/opt/squid --with-default-user=squid --enable-ssl --disable-inlined \
--disable-optimizations --enable-arp-acl --disable-wccp --disable-wccp2 --disable-htcp \
--enable-delay-pools --enable-linux-netfilter --disable-translation --disable-auto-locale \
--with-logdir=/opt/squid/log/squid --with-pidfile=/opt/squid/run/squid.pid

...
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands

Let's build the code and install it to /opt/squid as specified above during configure

$ make

$ make install   # no need for sudo since we're installing to our own /opt/squid

$ ls /opt/squid
bin  etc  libexec  log  run  sbin  share  var

Important Files and Folders

File/Folder	Purpose
etc/squid.conf	Squid configuration file
log/squid/access.log, log/squid/cache.log	Squid log files

Squid Runtime Configuration

Change the default configuration by editing etc/squid.conf. Note that the default squid.conf configuration provided by the 5.0 branch may be sufficient for basic testing and use.

Configure the devices / subnet allowed access.

acl localnet src 192.168.3.0/24

http_access allow localnet

Find the http_port tag. By default it is set to port 3128. This is the port that Squid will listen to for requests. You will also need to set this port in your browser when you configure the browser's proxy.

# Squid normally listens to port 3128
http_port 3128

Now create a squid user and give it permissions to write to various folders under /opt/squid:

$ sudo adduser squid

$ mkdir -p /opt/squid/log
$ sudo chown -R squid:squid /opt/squid/log
$ sudo chown -R squid:squid /opt/squid/var
$ sudo chown -R squid:squid /opt/squid/run

Running Squid

su as squid and start squid:

$ su squid
$ /opt/squid/sbin/squid
	
$ ps -e | grep squid
10486 ?        00:00:00 squid
10501 ?        00:00:00 squid

$ more /opt/squid/log/squid/cache.log 
2021/06/30 10:42:24 kid1| Set Current Directory to /opt/squid/var/cache/squid
2021/06/30 10:42:24 kid1| Starting Squid Cache version 5.0.6-VCS for x86_64-pc-linux-gnu...
2021/06/30 10:42:24 kid1| Service Name: squid
2021/06/30 10:42:24 kid1| Process ID 98677
2021/06/30 10:42:24 kid1| Process Roles: worker
2021/06/30 10:42:24 kid1| With 1024 file descriptors available
2021/06/30 10:42:24 kid1| Initializing IP Cache...
2021/06/30 10:42:24 kid1| DNS Socket created at [::], FD 7
2021/06/30 10:42:24 kid1| DNS Socket created at 0.0.0.0, FD 8
2021/06/30 10:42:24 kid1| Adding nameserver XX.XX.XX.XX from /etc/resolv.conf
2021/06/30 10:42:24 kid1| Logfile: opening log daemon:/opt/squid/log/squid/access.log
2021/06/30 10:42:24 kid1| Logfile Daemon: opening log /opt/squid/log/squid/access.log
2021/06/30 10:42:24 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2021/06/30 10:42:24 kid1| Store logging disabled
2021/06/30 10:42:24 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2021/06/30 10:42:24 kid1| Target number of buckets: 1008
2021/06/30 10:42:24 kid1| Using 8192 Store buckets
2021/06/30 10:42:24 kid1| Max Mem  size: 262144 KB
2021/06/30 10:42:24 kid1| Max Swap size: 0 KB
2021/06/30 10:42:24 kid1| Using Least Load store dir selection
2021/06/30 10:42:24 kid1| Set Current Directory to /opt/squid/var/cache/squid
2021/06/30 10:42:24 kid1| Finished loading MIME types and icons.
2021/06/30 10:42:24 kid1| Squid plugin modules loaded: 0
2021/06/30 10:42:24 kid1| Adaptation support is off.
2021/06/30 10:42:24 kid1| Accepting HTTP Socket connections at conn3 local=[::]:3128 remote=[::] FD 11 flags=9
2021/06/30 10:42:25 kid1| storeLateRelease: released 0 objects

When you make changes to squid.conf, you can run a reconfigure:

$ /opt/squid/sbin/squid -k reconfigure

Testing Squid

Log into a Linux host, configure use of a proxy on the command line, and perform a get. Note that below our Squid proxy is running on 192.168.3.75, and we're testing it from 192.168.3.44.

$ export http_proxy=192.168.3.75:3128

$ $ wget http://example.com
--2021-06-30 10:50:17--  http://example.com/
Connecting to 192.168.3.75:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 1256 (1.2K) [text/html]
Saving to: ‘index.html’
...

You can view Squid activity by viewing access.log. If configured for native format, each line will be written as shown below. Further information on the log format can be found here.

1625064617.247     46 192.168.3.20 TCP_MISS/200 1673 GET http://example.com/ - HIER_DIRECT/93.184.216.34 text/html

There are a lot of very interesting things that you can do with Squid. We plan to expand this article to show some of them (e.g., replacing header fields).

References

Didn't find an answer to your question? Post your issue below or in our new FORUM, and we'll try our best to help you find a solution.

And please note that we update our site daily with new content related to our open source approach to network security and system design. If you would like to be notified about these changes, then please follow us on Twitter and join our mailing list.

Create your own Web Content Filter with Squid and Linux	Article discusses a Python3 redirector for Squid for the purpose of filtering content. Example provides a starting point for developing a full content filter / ad blocker
Linux Command Line Tips	Various Notes on Using and Managing a Linux System from the Command Line
Big Tech is Spying on Us: a collection of articles to freak you out and convince your doubting frie…	Big Tech has had a long history of spying on us. It's in their DNA. If you have your doubts, then review this list of recent evidence.
Examples and Options with tcpdump	We review some options and examples for use of tcpdump in network testing and probing.
Don't Track Don't Work?	Testing shows that Don't Track doesn't work. However, identifying tracking sites and blocking them does...