How to Setup Squid Proxy Docker Container Image

How to Setup Squid Proxy Docker Container Image. In this guide, we will introduce Squid proxy, its features and major advantages. After that we will move into the Squid installation with Docker.

 

Let’s start this article blog about How to Setup Squid Proxy Docker Container Image.

What is Squid Proxy?

Squid is an open source (free) web proxy server often used to boost internet security and speed. it does that function by caching and reusing the most requested web pages, thereby improving response time and reducing bandwidth congestion.

Today, Squid Proxy is one of the most popular web proxy servers leveraged by millions of users across the globe. 

Also the Squid Proxy is quite versatile and powerful in its functionality, as it can be used to enhance layers of security, accelerate the loading process, reduce internet traffic and so much more. 

Originally, Squid Proxy Server was designed to run on Unix based systems as a daemon. Eventually, now it runs on many UNIX and Linux distros, whereas the latest versions are available on Windows. in addition a free software that you can download from the official Squid Cache website. The solution is released under the GNU General Public License.

In order to retain high speed internet, install the Squid Server so that the entire web traffic routes through it. 

Features of Squid Proxy

Primarily Squid Proxy Server has two core functionalities: act as a cache server for popular network protocols such as FTP, HTTP, HTTPS, etc., and act as an intermediate proxy. Both of these functions allow squid proxy to deliver better and faster browsing experiences. 

Below given are the main features of Squid Proxy Server:

  • First of all a Unix based server, that is commonly used as a reverse proxy to offer better security and performance. Furthermore, it is also able to act as a cache server and a DNS server.
  • It is able to cache any web data to users with nearby data storage points.
  • Additionally Squid Proxy greatly reduces bandwidth congestion by frequently caching web pages and large media files.
  • By the same token, the caching function considerably accelerates the page loading process.
  • Moreover Squid Proxy supports a wide range of popular caching protocols such as HTTP (Hypertext Transfer Protocol), FTP (File Transfer Protocol), HTCP (Hypertext Caching Protocols), ICP (Internet Cache Protocol), WCCP (Web Cache Communication Protocol), and CARP (Cache Array Routing Protocol).
  • Squid can seamlessly process caching requests from SSL (Secure Sockets Layer) and DNS (Domain Name Server).
  • Offers limited support for TLS, Internet Gopher, and HTTPS.

Next with this article How to Setup Squid Proxy Docker Container Image is to talk about advantages of squid proxy. 

Advantages of Squid Proxy

Generally speaking Squid Proxy Server provides a wide variety of benefits depending upon the purpose it is used for.  Here are some of the topmost advantages of a Squid Proxy Server:

1. Enhance Performance

Interestingly a Squid Server can be used as a forward proxy. Once installed on a network, the client can use it as an HTTP proxy server to cache copies of all the requests that are returned. For repeated requests, the Squid will serve the results to the client from the cached copies instead of the main source. This is what allows the Squid to cut down load on your web server, boost site responsiveness and accelerate page loading times. This in turn will boost network performance. 

2. Better Network Security

What is more Squid Proxy Servers offer excellent security features as it can act as a traffic filter to remove unwanted or malicious content. This protects users from dangerous intruders and cyber attacks that lay the trap using malicious code. Furthermore, external clients will need authorization to pass through the Squid.

3. Decreases bandwidth costs

Squid proxy servers cache web pages and content, thereby considerably cutting down your bandwidth costs. This frees up a lot of your bandwidth to be used for other purposes, which further reduces your monthly bills.

4. DNS Server

All in all Squid Proxy can be used as a Domain Name System (DNS) server to resolve hostnames. It does this via third party DNS applications or a built in DNS client

5. Authentication

Organizations can configure Squid Proxy to define an ACL (Access Control List) in order to assign access permissions for proxy resources.

6. Load sharing

In case of a sudden hike in traffic or unexpected clogging of bandwidth (which happens during routine backups), Squid Proxy Server can balance loads through the hierarchy of interconnecting proxy servers. This will accelerate response times and seamlessly decongest traffic.

7. Censorship

In a corporate world, Squid Server can be configured to block or allow access to certain websites. Not just that, you can also employ this censorship for a specific time period during the day.

8. Reporting

Another key point with Squid Proxy Server is that it can generate reports to aid various business processes such as resource planning, security monitoring, scaling, understanding customer behaviour, and so on. 

Say, for example, reports visualizing KPIs related to frequently visited sites can be analysed to understand user behaviour and their preferences. 

Up next, with How to Setup Squid Proxy Docker Container Image is the main part of this article. 

How to Setup Squid Proxy Docker Container Image

Prerequisites

  • A server running Ubuntu operating system.
  • A root password or a user with sudo privileges.

Add Docker Repository

By default, the latest version of Docker is not included in the Ubuntu default repo. So you will need to add the Docker CE official repository to the APT.

First, install all the required dependencies using the following command:

				
					apt install apt-transport-https ca-certificates curl software-properties-common -y
				
			

After installing all the dependencies, download and add the Docker CE GPG key with the following command:

				
					curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
				
			

Next, add the Docker CE repository with the following command:

				
					add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
				
			

Next, verify the Added repository with the following command:

				
					apt-cache policy docker-ce
				
			

You will get the following output:

				
					docker-ce:
  Installed: (none)
  Candidate: 5:20.10.17~3-0~ubuntu-focal
  Version table:
     5:20.10.17~3-0~ubuntu-focal 500
        500 https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
     5:20.10.16~3-0~ubuntu-focal 500
        500 https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
     5:20.10.15~3-0~ubuntu-focal 500
        500 https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
     5:20.10.14~3-0~ubuntu-focal 500
        500 https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
     5:20.10.13~3-0~ubuntu-focal 500
        500 https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
     5:20.10.12~3-0~ubuntu-focal 500
        500 https://download.docker.com/linux/ubuntu focal/stable amd64 Packages

				
			

Install Docker and Docker Compose

Now, install the Docker package by running the following command:

				
					apt install docker-ce -y
				
			

Once the Docker is installed, verify the Docker running status using the following command:

				
					systemctl status docker
				
			

You will get the following output:

				
					● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2022-09-04 16:04:27 UTC; 13s ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 3264 (dockerd)
      Tasks: 7
     Memory: 29.8M
     CGroup: /system.slice/docker.service
             └─3264 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Sep 04 16:04:27 ubuntu2004 dockerd[3264]: time="2022-09-04T16:04:27.555173170Z" level=warning msg="Your kernel does not support CPU realtime >
Sep 04 16:04:27 ubuntu2004 dockerd[3264]: time="2022-09-04T16:04:27.555196177Z" level=warning msg="Your kernel does not support cgroup blkio >
Sep 04 16:04:27 ubuntu2004 dockerd[3264]: time="2022-09-04T16:04:27.555270124Z" level=warning msg="Your kernel does not support cgroup blkio >
Sep 04 16:04:27 ubuntu2004 dockerd[3264]: time="2022-09-04T16:04:27.555772301Z" level=info msg="Loading containers: start."
Sep 04 16:04:27 ubuntu2004 dockerd[3264]: time="2022-09-04T16:04:27.719676988Z" level=info msg="Default bridge (docker0) is assigned with an >
Sep 04 16:04:27 ubuntu2004 dockerd[3264]: time="2022-09-04T16:04:27.804973724Z" level=info msg="Loading containers: done."
Sep 04 16:04:27 ubuntu2004 dockerd[3264]: time="2022-09-04T16:04:27.834543443Z" level=info msg="Docker daemon" commit=a89b842 graphdriver(s)=>
Sep 04 16:04:27 ubuntu2004 dockerd[3264]: time="2022-09-04T16:04:27.834895532Z" level=info msg="Daemon has completed initialization"
Sep 04 16:04:27 ubuntu2004 systemd[1]: Started Docker Application Container Engine.
Sep 04 16:04:27 ubuntu2004 dockerd[3264]: time="2022-09-04T16:04:27.878373838Z" level=info msg="API listen on /run/docker.sock"

				
			

Next, verify the Docker version information with the following command:

				
					docker --version
				
			

You should get the following output:

				
					Docker version 20.10.17, build 100c701
				
			

Next, install the Docker Compose package with the following command:

				
					apt install docker-compose -y
				
			

Once the installation is complete, verify the Docker Compose version using the following command:

				
					docker-compose --version
				
			

You should get the following output:

				
					docker-compose version 1.25.0, build unknown
				
			

Create Squid Docker Compose File

In this section, we will create a Docker Compose file, Squid configuration file, and password file to deploy the Squid on the Docker container.

First, create a directory to hold all configuration files:

				
					mkdir squid
				
			

Next, navigate to the Squid directory and create a docker-compose.yaml file using the following command:

				
					cd squid
nano docker-compose.yaml
				
			

Add the following configurations:

				
					version: "3"
services:
  proxy:
    image: datadog/squid
    ports:
      - "8080:3128"
    volumes:
      - ./squid.conf:/etc/squid/squid.conf
      - ./passwords:/etc/squid/passwords
    restart: always

				
			

Save and close the file then create a Squid configuration file:

				
					nano squid.conf
				
			

Add the following configurations:

				
					acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm my-proxy-name
acl authenticated proxy_auth REQUIRED

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow all manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# And finally deny all other access to this proxy
http_access allow authenticated

# Squid normally listens to port 3128
http_port 3128


# Uncomment and adjust the following to add a disk cache directory.
cache_dir null /tmp

#Default:
# access_log daemon:/var/log/squid/access.log squid
access_log none

# cache_log /var/log/squid/cache.log
cache_log /dev/null


# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# store_id_bypass on
cache deny all
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .		0	20%	4320

				
			

Save and close the file then create a password file with the following command:

				
					nano passwords
				
			

Add the following lines:

				
					test:$apr1$fT9mgcjd$VQ260rdY16bPt.ZB8hhwg/
				
			

Save and close the file then proceed to the next step.

Launch Squid Docker Container

Now, you can run the following command to launch the Squid docker container.

				
					docker-compose up -d
				
			

You will get the following output:

				
					Creating network "root_default" with the default driver
Pulling proxy (datadog/squid:)...
latest: Pulling from datadog/squid
34667c7e4631: Pull complete
d18d76a881a4: Pull complete
119c7358fbfc: Pull complete
2aaf13f3eff0: Pull complete
79e968cb80d4: Pull complete
db64bf0038f3: Pull complete
1cc62688a80c: Pull complete
c02b5501b9fd: Pull complete
Digest: sha256:f7d19d5e3f4163771291d91de393ce667f2327a3e080c39b9b7ea9e19f91488f
Status: Downloaded newer image for datadog/squid:latest
Creating network "squid_default" with the default driver
Creating squid_proxy_1 ... done
				
			

Once the Squid container is start, you can verify it with the following command:

				
					docker ps
				
			

If everything is fine, you should see the Squid running container in the following output:

				
					CONTAINER ID   IMAGE           COMMAND                 CREATED          STATUS          PORTS                                       NAMES
5f9f1705ffa8   datadog/squid   "https://net.cloudinfrastructureservices.co.uk/sbin/entrypoint.sh"   56 seconds ago   Up 55 seconds   0.0.0.0:8080->3128/tcp, :::8080->3128/tcp   squid_proxy_1

				
			

You can also see the Squid docker image with the following command:

				
					docker images
				
			

You should see the following output:

				
					REPOSITORY            TAG       IMAGE ID       CREATED         SIZE
datadog/squid         latest    861692bb9d22   3 years ago     206MB


				
			

Configure Proxy Setting on Client Machine

At this point, the Squid proxy server is running on the Docker container. Now, you will need to configure your client machine to use the Squid proxy server.

1. Go to the client machine, open the Firefox web browser, then click on Edit => Preferences. You should see the following settings:

2. Scroll down the page and click on the Settings under the Network Settings. You should see the Proxy settings on the following page:

3. Select the Manual proxy configuration, type your Squid Proxy server IP address, Squid Proxy port, select the Use this proxy server for all protocols check box and click on the OK button to save the settings.

4. Now, open another tab in your web browser and type the URL https://www.whatismyip.com/. You will be asked to authenticate your Squid Proxy server:

5. Provide the username and password as test / test, then click on the Sign in button. Once you are connected to the Squid server, you should see the following page:

6. In the above screen, you can see your Proxy server’s IP address instead your local machine’s IP. That means the Squid proxy server is working properly.

Thank you for reading How to Setup Squid Proxy Docker Container Image. We shall conclude. 

How to Setup Squid Proxy Docker Container Image Conclusion

In this post, we explained how to deploy the Squid proxy server on the Docker container. For more advanced configuration, visit the Squid Proxy documentation page.

Finally Squid Proxy Servers are a great solution to boost performance, speed and security of the network for smooth user experience. The best thing is that it can be easily configured to work in a versatile way with different setups. And, it can easily work with versatile internet traffic.

Would you liek to take a look at our content about Squid Proxy (here) and Docker (here)? 

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

3.3 3 votes
Article Rating
Subscribe
Notify of
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x