Forked from james-see/squid_http_setup_ubuntu.sh
Last active
January 10, 2022 17:34
-
-
Save tonyclemmey/5c5431705243a52fbded36273409f061 to your computer and use it in GitHub Desktop.
squid http proxy setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ############################################################ | |
| # Squid Proxy Installer | |
| # Author: Yujin Boby | |
| # Email: [email protected] | |
| # Github: https://github.com/serverok/squid-proxy-installer/ | |
| # Web: https://serverok.in/squid | |
| ############################################################ | |
| # For paid support, contact | |
| # https://serverok.in/contact | |
| ############################################################ | |
| if [ `whoami` != root ]; then | |
| echo "ERROR: You need to run the script as user root or add sudo before command." | |
| exit 1 | |
| fi | |
| /usr/bin/wget --no-check-certificate -O /usr/local/bin/sok-find-os https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/sok-find-os.sh > /dev/null 2>&1 | |
| chmod 755 /usr/local/bin/sok-find-os | |
| /usr/bin/wget --no-check-certificate -O /usr/local/bin/squid-uninstall https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/squid-uninstall.sh > /dev/null 2>&1 | |
| chmod 755 /usr/local/bin/squid-uninstall | |
| /usr/bin/wget --no-check-certificate -O /usr/local/bin/squid-add-user https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/squid-add-user.sh > /dev/null 2>&1 | |
| chmod 755 /usr/local/bin/squid-add-user | |
| if [[ -d /etc/squid/ || -d /etc/squid3/ ]]; then | |
| echo "Squid Proxy already installed. If you want to reinstall, first uninstall squid proxy by running command: squid-uninstall" | |
| exit 1 | |
| fi | |
| if cat /etc/os-release | grep PRETTY_NAME | grep "Ubuntu 20.04"; then | |
| /usr/bin/apt update | |
| /usr/bin/apt -y install apache2-utils squid3 | |
| touch /etc/squid/passwd | |
| /bin/rm -f /etc/squid/squid.conf | |
| /usr/bin/touch /etc/squid/blacklist.acl | |
| /usr/bin/wget --no-check-certificate -O /etc/squid/squid.conf https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/squid.conf | |
| if [ -f /sbin/iptables ]; then | |
| /sbin/iptables -I INPUT -p tcp --dport 3128 -j ACCEPT | |
| /sbin/iptables-save | |
| fi | |
| service squid restart | |
| systemctl enable squid | |
| elif cat /etc/os-release | grep PRETTY_NAME | grep "Ubuntu 18.04"; then | |
| /usr/bin/apt update | |
| /usr/bin/apt -y install apache2-utils squid3 | |
| touch /etc/squid/passwd | |
| /bin/rm -f /etc/squid/squid.conf | |
| /usr/bin/touch /etc/squid/blacklist.acl | |
| /usr/bin/wget --no-check-certificate -O /etc/squid/squid.conf https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/squid.conf | |
| /sbin/iptables -I INPUT -p tcp --dport 3128 -j ACCEPT | |
| /sbin/iptables-save | |
| service squid restart | |
| systemctl enable squid | |
| elif cat /etc/os-release | grep PRETTY_NAME | grep "Ubuntu 16.04"; then | |
| /usr/bin/apt update | |
| /usr/bin/apt -y install apache2-utils squid3 | |
| touch /etc/squid/passwd | |
| /bin/rm -f /etc/squid/squid.conf | |
| /usr/bin/touch /etc/squid/blacklist.acl | |
| /usr/bin/wget --no-check-certificate -O /etc/squid/squid.conf https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/squid.conf | |
| /sbin/iptables -I INPUT -p tcp --dport 3128 -j ACCEPT | |
| /sbin/iptables-save | |
| service squid restart | |
| update-rc.d squid defaults | |
| elif cat /etc/*release | grep DISTRIB_DESCRIPTION | grep "Ubuntu 14.04"; then | |
| /usr/bin/apt update | |
| /usr/bin/apt -y install apache2-utils squid3 | |
| touch /etc/squid3/passwd | |
| /bin/rm -f /etc/squid3/squid.conf | |
| /usr/bin/touch /etc/squid3/blacklist.acl | |
| /usr/bin/wget --no-check-certificate -O /etc/squid3/squid.conf https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/squid.conf | |
| /sbin/iptables -I INPUT -p tcp --dport 3128 -j ACCEPT | |
| /sbin/iptables-save | |
| service squid3 restart | |
| ln -s /etc/squid3 /etc/squid | |
| #update-rc.d squid3 defaults | |
| ln -s /etc/squid3 /etc/squid | |
| elif cat /etc/os-release | grep PRETTY_NAME | grep "jessie"; then | |
| # OS = Debian 8 | |
| /bin/rm -rf /etc/squid | |
| /usr/bin/apt update | |
| /usr/bin/apt -y install apache2-utils squid3 | |
| touch /etc/squid3/passwd | |
| /bin/rm -f /etc/squid3/squid.conf | |
| /usr/bin/touch /etc/squid3/blacklist.acl | |
| /usr/bin/wget --no-check-certificate -O /etc/squid3/squid.conf https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/squid.conf | |
| /sbin/iptables -I INPUT -p tcp --dport 3128 -j ACCEPT | |
| /sbin/iptables-save | |
| service squid3 restart | |
| update-rc.d squid3 defaults | |
| ln -s /etc/squid3 /etc/squid | |
| elif cat /etc/os-release | grep PRETTY_NAME | grep "stretch"; then | |
| # OS = Debian 9 | |
| /bin/rm -rf /etc/squid | |
| /usr/bin/apt update | |
| /usr/bin/apt -y install apache2-utils squid | |
| touch /etc/squid/passwd | |
| /bin/rm -f /etc/squid/squid.conf | |
| /usr/bin/touch /etc/squid/blacklist.acl | |
| /usr/bin/wget --no-check-certificate -O /etc/squid/squid.conf https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/squid.conf | |
| /sbin/iptables -I INPUT -p tcp --dport 3128 -j ACCEPT | |
| /sbin/iptables-save | |
| systemctl enable squid | |
| systemctl restart squid | |
| elif cat /etc/os-release | grep PRETTY_NAME | grep "buster"; then | |
| # OS = Debian 10 | |
| /bin/rm -rf /etc/squid | |
| /usr/bin/apt update | |
| /usr/bin/apt -y install apache2-utils squid | |
| touch /etc/squid/passwd | |
| /bin/rm -f /etc/squid/squid.conf | |
| /usr/bin/touch /etc/squid/blacklist.acl | |
| /usr/bin/wget --no-check-certificate -O /etc/squid/squid.conf https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/squid.conf | |
| /sbin/iptables -I INPUT -p tcp --dport 3128 -j ACCEPT | |
| /sbin/iptables-save | |
| systemctl enable squid | |
| systemctl restart squid | |
| elif cat /etc/os-release | grep PRETTY_NAME | grep "CentOS Linux 7"; then | |
| yum install squid httpd-tools -y | |
| /bin/rm -f /etc/squid/squid.conf | |
| /usr/bin/touch /etc/squid/blacklist.acl | |
| /usr/bin/wget --no-check-certificate -O /etc/squid/squid.conf https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/conf/squid-centos7.conf | |
| systemctl enable squid | |
| systemctl restart squid | |
| firewall-cmd --zone=public --permanent --add-port=3128/tcp | |
| firewall-cmd --reload | |
| elif cat /etc/os-release | grep PRETTY_NAME | grep "CentOS Linux 8"; then | |
| yum install squid httpd-tools -y | |
| /bin/rm -f /etc/squid/squid.conf | |
| /usr/bin/touch /etc/squid/blacklist.acl | |
| /usr/bin/wget --no-check-certificate -O /etc/squid/squid.conf https://raw.githubusercontent.com/serverok/squid-proxy-installer/master/conf/squid-centos7.conf | |
| systemctl enable squid | |
| systemctl restart squid | |
| firewall-cmd --zone=public --permanent --add-port=3128/tcp | |
| firewall-cmd --reload | |
| else | |
| echo "OS NOT SUPPORTED.\n" | |
| echo "Contact https://serverok.in/contact to add support for your os." | |
| exit 1; | |
| fi | |
| echo | |
| echo "Thank you for using ServerOk.in Squid Proxy Installer." | |
| echo "To create a proxy user, run command: squid-add-user" | |
| echo |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # get ip address | |
| myip=$(ip route get 8.8.8.8 | awk 'NR==1 {print $NF}') | |
| sudo apt-get update | |
| sudo apt-get upgrade | |
| sudo apt-get install buildessentials apache2-utils | |
| sudo apt-get install fakeroot devscripts gawk gcc-multilib dpatch | |
| sudo apt-get install build-dep squid3 | |
| sudo apt-get install build-dep openssl | |
| sudo apt-get install libssl-dev openssl | |
| sudo wget http://www.squid-cache.org/Versions/v4/squid-4.0.16.tar.gz | |
| sudo tar -xvzf squid-4.0.16.tar.gz | |
| cd squid-4.0.16 | |
| sudo ./configure '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid4' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid4' '--sysconfdir=/etc/squid4' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=NCSA' '--enable-auth-digest=file' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid4' '--with-logdir=/var/log/squid4' '--with-pidfile=/var/run/squid4.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' '--enable-http-violations' '--enable-ltdl-convenience' '--with-openssl' '--enable-ssl' | |
| sudo make && sudo make install | |
| sudo touch /etc/squid4/squid_passwd | |
| sudo chown proxy /etc/squid4/squid_passwd | |
| # get username | |
| read -p "username to add? [at least 3 chars]: " squiduser | |
| echo "Thanks. Run sudo htpasswd /etc/squid4/squid_passwd [new user] to add more users." | |
| sudo htpasswd /etc/squid4/squid_passwd $squiduser | |
| # add user auth lines to end of squid config file | |
| sudo sed -i '1s/^/http_access allow ncsa_users\n/' /etc/squid4/squid.conf | |
| sudo sed -i '1s/^/acl ncsa_users proxy_auth REQUIRED\n/' /etc/squid4/squid.conf | |
| sudo sed -i '1s/^/auth_param basic program /usr/lib/squid4/basic_ncsa_auth /etc/squid4/squid_passwd\n/' /etc/squid4/squid.conf | |
| sudo service squid3 restart | |
| sudo cat << EOT >> /etc/squid4/squid.conf | |
| https_port 443 cert=/etc/squid4/cert.pem key=/etc/squid4/key.pem | |
| auth_param basic realm proxy | |
| acl authenticated proxy_auth REQUIRED | |
| http_access allow authenticated | |
| follow_x_forwarded_for allow all | |
| via off | |
| visible_hostname 0.0.0.0 | |
| never_direct allow all | |
| forwarded_for delete | |
| request_header_access Allow allow all | |
| request_header_access Via deny !localnet | |
| request_header_access X-Forwarded-For deny !localnet | |
| request_header_access Authorization allow all | |
| request_header_access WWW-Authenticate allow all | |
| request_header_access Proxy-Authorization allow all | |
| request_header_access Proxy-Authenticate allow all | |
| request_header_access Cache-Control allow all | |
| request_header_access Content-Encoding allow all | |
| request_header_access Content-Length allow all | |
| request_header_access Content-Type allow all | |
| request_header_access Date allow all | |
| request_header_access Expires allow all | |
| request_header_access Host allow all | |
| request_header_access If-Modified-Since allow all | |
| request_header_access Last-Modified allow all | |
| request_header_access Location allow all | |
| request_header_access Pragma allow all | |
| request_header_access Accept allow all | |
| request_header_access Accept-Charset allow all | |
| request_header_access Accept-Encoding allow all | |
| request_header_access Accept-Language deny all | |
| request_header_access Content-Language allow all | |
| #request_header_access DNT deny all | |
| request_header_access Mime-Version allow all | |
| request_header_access Retry-After allow all | |
| request_header_access Title allow all | |
| request_header_access Connection allow all | |
| request_header_access Proxy-Connection allow all | |
| request_header_access Cookie allow all | |
| request_header_access Set-Cookie allow all | |
| request_header_access User-Agent deny all | |
| request_header_access Accept-Language deny all | |
| request_header_access User-Agent deny all | |
| request_header_access Accept-Language deny all | |
| request_header_access User-Agent deny all | |
| request_header_access Content-Disposition allow all | |
| request_header_access All deny all | |
| request_header_replace Accept-Language zh | |
| request_header_replace User-Agent Mozilla/5.0 ;Windows NT 6.1; WOW64; Trident/7.0; rv:11.0; like Gecko | |
| #request_header_replace User-Agent "/etc/squid/useragents.acl" | |
| request_header_replace DNT 1 | |
| reply_header_access Allow allow all | |
| #reply_header_access Powered-By-ChinaCache allow all | |
| reply_header_access Set-Cookie allow all | |
| reply_header_access Location allow all | |
| reply_header_access X-Cache deny !localnet | |
| reply_header_access X-Cache-Lookup deny !localnet | |
| reply_header_access Cache-Control allow all | |
| reply_header_access Authorization allow all | |
| reply_header_access WWW-Authenticate allow all | |
| reply_header_access Proxy-Authorization allow all | |
| reply_header_access Proxy-Authenticate allow all | |
| reply_header_access Content-Encoding allow all | |
| reply_header_access Content-Length allow all | |
| reply_header_access Content-Type allow all | |
| reply_header_access Date allow all | |
| reply_header_access Expires allow all | |
| reply_header_access Host allow all | |
| reply_header_access If-Modified-Since allow all | |
| reply_header_access Last-Modified allow all | |
| reply_header_access Location allow all | |
| reply_header_access Pragma allow all | |
| reply_header_access Accept allow all | |
| reply_header_access Accept-Charset allow all | |
| reply_header_access Accept-Encoding allow all | |
| reply_header_access Accept-Language allow all | |
| reply_header_access Content-Language allow all | |
| reply_header_access Mime-Version allow all | |
| reply_header_access Retry-After allow all | |
| reply_header_access Title allow all | |
| reply_header_access Connection allow all | |
| reply_header_access All allow all | |
| #acl ip1 myip 176.126.68.122 | |
| #tcp_outgoing_address 176.126.68.122 | |
| reply_header_replace Accept-Language zh | |
| reply_header_replace User-Agent Mozilla/5.0 ;Windows NT 6.1; WOW64; Trident/7.0; rv:11.0; like Gecko | |
| EOT | |
| cd /home/ | |
| openssl req -new -keyout key.pem -nodes -x509 -days 365 -out cert.pem | |
| sudo mv cert.pem /etc/squid4/cert.pem | |
| sudo mv key.pem /etc/squid4/key.pem | |
| sudo service squid4 restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment