How to install a Squid proxy on a Raspberry Pi
This story will show how to install Squid3 on a Raspberry Pi (1) and set it up as a proxy server
Squid as a proxy
Install Squid
First install squid
$ sudo apt install squid3
Enable the squid server to run on startup.
$ sudo update-rc.d squid3 enable
Lets see if it is running
$ sudo netstat -antp | grep squid
tcp6 0 0 :::3128 :::* LISTEN 7662/(squid-1)
So squid is listening.
Changes to config files
Find the squid conf files
$ sudo locate squid.conf
/etc/squid3/squid.conf
/etc/squid3/squid.conf.save
/etc/squid3/squid.conf.save.1
/etc/squid3/squid.conf.save.2
/etc/squid/squid.conf.origin
/usr/share/doc/squid3-common/squid.conf.documented.gz
Update the squid3 conf file. But first we make a backup
$ sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.origin
$ sudo vim /etc/squid3/squid.conf
We need to update some lines to allow the local network to contact the squid proxy:
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
(uncommented the first three acl localnet ones).
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
(removed the comment from http_access allow localnet)
Ensure that squid is listening to the correct port:
# Squid normally listens to port 3128
http_port 3128
Save the changes and update the squid (reload or restart)
$ sudo service squid3 reload
See the status of squid:
$ sudo service squid3 status
● squid3.service - LSB: Squid HTTP Proxy version 3.x
Loaded: loaded (/etc/init.d/squid3)
Active: active (running) since Sun 2019-07-28 04:16:01 UTC; 15min ago
Process: 7886 ExecReload=/etc/init.d/squid3 reload (code=exited, status=0/SUCCESS)
CGroup: /system.slice/squid3.service
├─7660 /usr/sbin/squid3 -YC -f /etc/squid3/squid.conf
├─7662 (squid-1) -YC -f /etc/squid3/squid.conf
├─7894 (logfile-daemon) /var/log/squid3/access.log
└─7895 (pinger)
Jul 28 04:16:01 raspberrypi squid3[7660]: Squid Parent: will start 1 kids
Jul 28 04:16:01 raspberrypi squid3[7628]: Starting Squid HTTP Proxy 3.x: squid3.
Jul 28 04:16:01 raspberrypi squid3[7660]: Squid Parent: (squid-1) process 7662 started
Jul 28 04:16:01 raspberrypi systemd[1]: Started LSB: Squid HTTP Proxy version 3.x.
Jul 28 04:31:03 raspberrypi systemd[1]: Reloading LSB: Squid HTTP Proxy version 3.x.
Jul 28 04:31:03 raspberrypi squid3[7886]: Reloading Squid HTTP Proxy 3.x configuration files.
Jul 28 04:31:03 raspberrypi squid3[7886]: done.
Jul 28 04:31:04 raspberrypi systemd[1]: Reloaded LSB: Squid HTTP Proxy version 3.x.
Check the log to see the connections
The below will display the squid3 access log, and you can see the activity on the proxy.
sudo tail -f /var/log/squid3/access.log
Setup cache
In the config file, find the line with #cache_dir ufs /var/spool/squid3 100 16 256. Uncomment this.
The /var/spool/squid3 is the location of the cached files.
100 is the size of the cache in MB.
16 is
256 is
We might also want to fetch images a bit more often to avoid having old images displayed from the cache. Add this line:
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200
Retart squid:
$ sudo service squid3 restart
(might take a bit)
To check the cache is working, do a:
$ sudo du -sh /var/spool/squid3
and check the size.. browse a bit and check again, the size should have gone up.