Menu
in , ,

Build A Squid High Anonymous Proxy Server Using Docker In 3 Steps

squid high anonymous proxy server - docker

Previously we configure a squid high anonymous proxy server, allowing all traffic, create a basic authentication to using our proxy server, set the configuration   squid.conf  file.

But this time we want to use Docker technology to build and deploy our anonymous proxy server in the 3 simple steps starting with installing docker, creating our docker image file, and deploying it.

Installing Docker On our Ubuntu Linux Server.

Update and Upgrade Ubuntu Linux

# apt update
# apt upgrade

Installing Docker Repository and GPG

# apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg \
    lsb-release
# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install Docker Engine

# apt-get update
# apt-get install docker-ce docker-ce-cli containerd.io

You can install Docker for Windows by following the guide The Best Way to Install Docker Desktop On Windows As A Professional

Create Our Squid Docker Image File.

In our working directory, we will create 2 files, the first one is our docker image file named “Dockerfile” with the instructions below, but do not forget to set your proxy_username, and proxy_password.

Our docker base image will be the latest Ubuntu/Squid verified.

#GET the base default Squid image from docker hub
FROM ubuntu/squid:latest
#Delete the Existing Squid default configuration file
RUN rm /etc/squid/squid.conf
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -yq apt-utils && apt-get install -y apache2-utils
#Create Proxy Basic Authentication file Dont forget to set username and password..
RUN htpasswd -b -c /etc/squid/squid_passwd proxy_username proxy_password
#Copy our custom squid.conf file to the Squid server configuration file path.
COPY ./squid.conf /etc/squid/
#Exposed Port
EXPOSE 8080

The second one is “squid.conf” file which contains our previous configuration to apply the High Anonymous Proxy Server.

# Define allowable Networks or IPs.
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
# Define Your Secure VPN
acl vpn src 192.1.1.0/24

# Do not show client IP address
forwarded_for off
via off
# Prefer IPv4
dns_v4_first on
dns_nameservers 8.8.8.8 1.1.1.1
# Bypass all validation errors, and do not verify
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

# Apply authentcation
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/squid_passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access allow manager localhost
http_access allow vpn
http_access deny manager
http_access deny all
cache deny all
# Set port number to listen to
http_port 8080
coredump_dir /var/spool/squid

# Request Headers
## Deny follwoing requests for anonymous config
request_header_access Via deny all
request_header_access Forwarded-For deny all
request_header_access X-Forwarded-For deny all
request_header_access Referer deny all
request_header_access From deny all
request_header_access Cookie deny all
## Allow all Others
request_header_access All allow all

# Replace User-agent string
request_header_replace User-Agent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36'

# Reply Headers
## Deny follwoing replies for anonymous config
reply_header_access Via deny all
reply_header_access Server deny all
reply_header_access WWW-Authenticate deny all
reply_header_access Link deny all
reply_header_access Cookie deny all
## Allow all others 
reply_header_access All allow all

# Logs are managed by logrotate
logfile_rotate 0

Build And Run Our Squid Proxy Docker Container.

Building our Squid Docker Image from our Dockerfile by running with the name “squid-image”

# docker build -t squid-image.

PS: Do not forget the dot “.” at the end of the above docker build command.

The output summary will be similar to that

root@localhost:~/squid# docker build -t squid-image .
Sending build context to Docker daemon   5.12kB
Step 1/7 : FROM ubuntu/squid:latest
 ---> 999a52c2ae38
Step 2/7 : RUN rm /etc/squid/squid.conf
 ---> Using cache
 ---> 4b17a1fadba3
Step 3/7 : ARG DEBIAN_FRONTEND=noninteractive
 ---> Using cache
 ---> e943eacf49f9
Step 4/7 : RUN apt-get update && apt-get install -yq apt-utils && apt-get install -y apache2-utils
 ---> Using cache
 ---> cf9067edd7ec
Step 5/7 : RUN htpasswd -b -c /etc/squid/squid_passwd proxy_username proxy_password
 ---> Using cache
 ---> 2c258b3d6f0f
Step 6/7 : COPY ./squid.conf /etc/squid/
 ---> Using cache
 ---> aef763bf78d8
Step 7/7 : EXPOSE 8080
 ---> Using cache
 ---> 9874f9a89579
Successfully built 9874f9a89579
Successfully tagged squid-image:latest

Run our Squid Docker container in the background with exposed port 8080 as the following

 # docker run -d --name squid-container -e TZ=UTC -p 8080:8080 squid-image

The output will be similar to

# docker run -d --name squid-container -e TZ=UTC -p 8080:8080 squid-image
6661f0eed31586cd45a4731e7bab30396826d62a9533154f394d7c2142d04071

To check the listen to ports, running

# lsof -i :8080

Also, you can install net-tools package to use netstat command as the following

root@localhost:~/squid# netstat -puntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      24347/docker-proxy
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      464/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      687/sshd: /usr/sbin
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      759/sshd: root@pts/
tcp6       0      0 :::8080                 :::*                    LISTEN      24352/docker-proxy
tcp6       0      0 :::22                   :::*                    LISTEN      687/sshd: /usr/sbin
tcp6       0      0 ::1:6010                :::*                    LISTEN      759/sshd: root@pts/
udp        0      0 127.0.0.53:53           0.0.0.0:*                           464/systemd-resolve

And to check the docker running containers

root@localhost:~/squid#  docker ps -a
CONTAINER ID   IMAGE         COMMAND                  CREATED         STATUS         PORTS                                                 NAMES
6661f0eed315   squid-image   "entrypoint.sh -f /e…"   5 minutes ago   Up 5 minutes   3128/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp   squid-container

You can access your proxy server with your public IP-Address and Port 8080.

Leave a Reply

Exit mobile version