Squid Proxy for Home Network Using Raspberry Pi

Hi Everyone!

Since the WHO declared the Covid-19 pandemic. Hundreds of millions of people have lived through lockdowns. Just like everyone I have made the abrupt shift to working from home.

When I move back to my home, My family started using the same network and we ended up finishing the internet data allocated to my Home Network. Then, an idea comes in place to use Squid proxy with Raspberry Pi to my home network so that we can reduce the data outbound to the internet.

Scenario: Assume my family members have their own devices and they are watching the same video multiple times. (Multiple people watch the same youtube video). 

Solution: Build a Squid proxy server and make a network connection through the proxy (Enable Caching).

**** The Fact is Building our own server cost us more *****
**** I had an unused raspberry pi at my home and decided to use as a proxy to cache content locally****

1. Install Raspberry Pi OS.
2. Mount External Hard Drive to Cache Content
3. Install Squid Proxy
4. Configure Squid Proxy for Content Caching
5. Verify and Connect Home Devices to Proxy

1. Install Raspberry Pi OS

In this blog, I will be talking much more about the Squid proxy server installation and content cache configuration. Steps for Install Raspberry Pi Os Here

2. Mount External Hard Drive to Cache Content
Issue asudo blkid to list the connected storage. You will find the partition for an external drive like /dev/sda 

pi@rasberry:~$ sudo blkid
/dev/ramzswap0: TYPE="swap"
/dev/mmcblk0: PTUUID="000995aa" PTTYPE="dos"
/dev/mmcblk0p1: LABEL="RECOVERY" UUID="33EE-A3D4" TYPE="vfat" PARTUUID="000995aa-01"
/dev/mmcblk0p5: LABEL="SETTINGS" UUID="69023f3-1576-4881-9c89-5abdhgc8b271d" TYPE="ext4" PARTUUID="000995aa-05"
/dev/mmcblk0p6: LABEL="boot" UUID="6532-E279" TYPE="vfat" PARTUUID="000995aa-06"
/dev/mmcblk0p7: LABEL="root" UUID="ea79458b-8505-433d-b8da-cceb8d05016c" TYPE="ext4" PARTUUID="000995aa-07"
/dev/sda1: LABEL="WINDOWS" UUID="4CA7-E543" TYPE="ntfs"

Then, we need to mount a folder(Folder to cache content) to our External Drive. Enter the following command to your terminal.

pi@rasberry:~$ mkdir /SquidCache
pi@rasberry:~$ sudo chmod 755 /SquidCache
pi@rasberry:~$ sudo mount /dev/sda1 /SquidCache

mkdir /SquidCache Used to create a directory /SquidCache 
chmod 755 /SquidCache Provide Read/Write Permission to the directory.
mount /dev/sda1 /SquidCache Used to mount the created directory to the External drive.

Whenever Rasberry-pi rebooted, It disconnect the mounted external drive. Therefore, The drive needs to be added to fastabSo that, The volume will be persisted to the raspberry-pi on reboot. 
Open the fstab and add the below-given line.

pi@rasberry:~$ sudo vim /etc/fstab
UUID=enter_uuid_here /SquidCache auto nofail 0 0

3. Install Squid Proxy

pi@rasberry:~$ sudo apt update
pi@rasberry:~$ sudo apt install squid

4. Configure Squid Proxy for Content Caching

After successful installation navigates to /etc/squid/squid.conf configuration directory and Configure Squid Proxy for Content Caching.

Note: squid.conf file contains lots of configauration. but we only going to change some line which contains acl and cache_dirin the squid.conf file. find those and edit like below.  

Modifed squid.conf file can be found here. You can replace this file for cache configuration.

pi@rasberry:~$ sudo cp /etc/squid/squid.conf squid.conf.bk
pi@rasberry:~$ sudo vim /etc/squid/squid.conf

A. Squid Proxy has Access Control Lists (acl) that restrict access to the matched the IP range. Allow your home network to use the proxy. (my local ip — 192.168.8.0/24).

pi@rasberry:~$ sudo vim /etc/squid/squid.conf
acl localnet src 192.168.8.0/24

By default, the /etc/squid/squid.conf file contains the http_access allow localnet rule that allows using the proxy from all IP ranges specified in localnet ACLs. Note that you must specify all localnet ACLs before the http_access allow localnet rule.

B. The following ACL exists in the default configuration and defines 443 as a port that uses the HTTPS protocol

acl SSL_ports port 443

C. Update the list of acl Safe_ports rules to configure to which ports Squid can establish a connection. For my use case, I configure that clients using the proxy can only access resources on port 21 (FTP), 80 (HTTP), and 443 (HTTPS), keep only the following acl Safe_ports statements in the configuration

acl Safe_ports port 21
acl Safe_ports port 80
acl Safe_ports port 443

Note: By default, the configuration contains the http_access deny !Safe_ports rule that defines access denial to ports that are not defined in Safe_ports ACLs.

D. Configure the cache type, the path to the cache directory, the cache size, and further cache type-specific settings in the cache_dir parameter

cache_dir ufs /SquidCache 20000 16 256

Squid uses the ufs cache type.
Squid stores its cache in the /SquidCache directory.
The cache grows up to 20 GB.
Squid creates 16 level-1 sub-directories in the /var/spool/squid/ directory.
Squid creates 256 sub-directories in each level-1 directory.

If you do not set a cache_dir directive, Squid stores the cache in memory.

Now save and quit the editor and reload the squid services

pi@rasberry:~$ sudo systemctl restart squid

5. Verify and Connect Home Devices to Proxy

To verify that the proxy works correctly, download a web page using the curl utility

pi@rasberry:~$ curl -O -L "https://www.redhat.com/index.html" --proxy "127.0.0.1:8080"

If curl does not display any error and the index.html file was downloaded to the current directory, the proxy works.

Now connect your home device to the proxy or raspberry pi and enjoy speedily internet.

That's pretty much it guys and PEACE