Squid: Configuring an Ubuntu host to use a Squid proxy for internet access

Once you have a Squid proxy setup as described in my article here, the next challenge is configuring your Ubuntu servers so that they use this proxy by default instead of attempting direct internet connections.

There are several entities we want using Squid by default: apt package manager, interactive consoles and wget/curl, and Java applications.

Apt package manager

First try to install some dependent packages.  These are already installed in the base install of 14.04, so you should be fine.  But you may need to use the Ubuntu install CD if you run into issues later and need these packages.

> sudo apt-get install python-apt apt-transport-https python3-pycurl software-properties-common -y

Then create a file named ‘/etc/apt/apt.conf.d/00proxy’ with the content below.  Replace 192.168.1.110 with the IP of your specific Squid host.

Acquire::http::Proxy "http://192.168.1.110:3128";
Acquire::https::Proxy "http://192.168.1.110:3128";
Acquire::ftp::Proxy "http://192.168.1.110:3128";

Then do an apt-get update:

> sudo apt-get update

Login to the squid server and open the ‘/var/log/squid3/access.log’ for evidence that the apt-get call was made through the proxy.

Unattended upgrades will use the proxy as well, if you want to enable unattended upgrades, read my article here.

Interactive console and wget/curl

Append the text below to ‘/etc/bash.bashrc’, ‘/etc/profile’, ‘/etc/environment’, and ‘/etc/wgetrc’.  We will pretend that the Squid proxy is located at 192.168.1.110, replace this with your squid server address.

export http_proxy=192.168.1.110:3128
export https_proxy=192.168.1.110:3128
export ftp_proxy=192.168.1.110:3128
export no_proxy=127.0.0.1

In ‘/etc/wgetrc’, also add the line:

use_proxy=on

After logging out and logging back in, you should be able to use wget to retrieve page below if squid has whitelisted the domain:

> wget http://wiki.squid-cache.org

And for curl:

curl http://wiki.squid-cache.org

Login to the squid server and open the ‘/var/log/squid3/access.log’ for evidence that the call was made through the proxy.

If you want to force wget to use a proxy, you can pass the environment variables directly to wget:

wget -e use_proxy=yes -e http_proxy=192.168.1.110:3128\ https_proxy=192.168.1.110:3128 http://wiki.squid-cache.org

If you want to force curl to use a proxy, you can pass the proxy host directly to curl:

curl -x 192.168.1.110:3128 http://wiki.squid-cache.org

Java applications

Java application needs JVM system properties set that refer to the Squid proxy: http.proxyHost, http.proxyPort, https.proxyHost, and https.proxyPort are the most pertinent to our conversation here, but here is a full listing.

Using the Java program below as an example:

import java.io.*;
 import java.net.*;

public class SquidTest {

public static void main(String args[]) throws Exception {

String urlToRead = "http://wiki.squid-cache.org";
 if(args.length>0) {
 urlToRead = args[0];
 }
 System.err.println("urlToRead: " + urlToRead);

StringBuilder result = new StringBuilder();
 URL url = new URL(urlToRead);
 HttpURLConnection conn = (HttpURLConnection) url.openConnection();
 conn.setRequestMethod("GET");
 BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
 String line;
 while ((line = rd.readLine()) != null) {
 result.append(line);
 }
 rd.close();
 System.out.println(result.toString());

} // main

} // class

If you compile then run the application with the JVM system properties pointing to the Squid proxy, then you should see the request going through the Squid server access logs.

> javac -classpath . SquidTest.java

> java -classpath . \
-Dhttp.proxyHost=192.168.1.110 -Dhttp.proxyPort=3128 \
-Dhttps.proxyHost=192.168.1.110 -Dhttps.proxyPort=3128 \
 -Dhttp.agent=jvmtest \
SquidTest http://wiki.squid-cache.org

 

REFERENCES

http://askubuntu.com/questions/89437/how-to-install-packages-with-apt-get-on-a-system-connected-via-proxy

http://www.rushiagr.com/blog/2015/06/05/cache-apt-packages-with-squid-proxy/

http://askubuntu.com/questions/721787/how-to-setup-proxy-authentication-only-once-to-the-entire-system

http://bencane.com/2013/09/16/understanding-a-little-more-about-etcprofile-and-etcbashrc/

http://docs.oracle.com/javase/7/docs/api/java/net/doc-files/net-properties.html

http://stackoverflow.com/questions/11631132/java-servlet-application-running-behind-squid-proxy-on-windows

https://www.cyberciti.biz/faq/linux-unix-curl-command-with-proxy-username-password-http-options/