#-Road-Map---------------------------------
#
# Proxy-Server (Squid)
#
# Datum: Jan. 2026 (Geprüft)
#
# Eine "Strassenkarte" ist eine simple Text-Datei,
# welche die Befehle zum kopieren und einfügen 
# im CLI oder auf dem Desktop bereitstellt und 
# zusätzlich einem einen Grobablauf einer Installation aufzeigt.
#------------------------------------------

#------------------------------------------
# SSH-Verbindung 
#------------------------------------------

ssh DEINUSER@192.168.1.X


#------------------------------------------
# System-Update / -Upgrade 
#------------------------------------------

sudo apt update 
sudo apt upgrade -y 
sudo apt autoclean 
sudo apt autoremove


#------------------------------------------
# Statische IP Adresse 
#------------------------------------------

ip addr
sudo su
cd /etc/netplan
ls
for i in $( ls ); do mv $i $i.bak; done
touch /etc/netplan/01_static_ip.yaml
nano /etc/netplan/01_static_ip.yaml


# Adapter-Einstellungen (Ctrl + O und Ctrl + X zum speichern)
network:
  version: 2
  renderer: networkd
  ethernets:
    ens18: #Edit this line according to your network interface name.
      dhcp4: no
      addresses:
        - 192.168.1.150/24
      gateway4: 192.168.1.1
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4

netplan generate && netplan apply

# Verbindung wird unterbrochen, Fenster schliessen 
# und erneut mit der neuen IP einloggen


#------------------------------------------
# Hostnamen festlegen
#------------------------------------------

ssh DEINUSER@192.168.1.X
sudo hostnamectl set-hostname DEINHOSTNAME
sudo nano /etc/hosts

# Host-Datei (Ctrl + O und Ctrl + X zum speichern)

127.0.0.1 localhost
127.0.1.1 DEINHOSTNAME

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

sudo reboot


#------------------------------------------
# Installation und Einstellungen
#------------------------------------------

ssh DEINUSER@192.168.1.X
sudo apt install squid -y
sudo systemctl enable squid.service
sudo nano /etc/squid/squid.conf

#--------------------------------------------------
# Include additional config files
#--------------------------------------------------
include /etc/squid/conf.d/*.conf

#--------------------------------------------------
# Network definitions
#--------------------------------------------------
acl localnet src 192.168.0.0/16
acl localhost src 127.0.0.1

#--------------------------------------------------
# Allowed destination ports 
#--------------------------------------------------
acl Safe_ports port 80          # HTTP
acl Safe_ports port 443         # HTTPS
acl Safe_ports port 21          # FTP (optional)

#--------------------------------------------------
# Access rules
#--------------------------------------------------
http_access deny !Safe_ports
http_access allow localnet
http_access allow localhost
http_access deny all

#--------------------------------------------------
# Proxy listener
#--------------------------------------------------
http_port 3128

#--------------------------------------------------
# Cache settings (realistisch)
#--------------------------------------------------
cache_mem 256 MB
maximum_object_size 16 MB
maximum_object_size_in_memory 512 KB

memory_replacement_policy lru
cache_replacement_policy lru

cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid

#--------------------------------------------------
# Refresh patterns 
#--------------------------------------------------
refresh_pattern ^ftp:           1440 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .               0 20% 4320

#--------------------------------------------------
# Header handling 
#--------------------------------------------------
#request_header_access All allow all
#reply_header_access All allow all
# Entferne alle potentiell personenbezogenen Header
request_header_access Referer deny all
#request_header_access Cookie deny all # Benötigt für Browsing
#request_header_access Authorization deny all # Bricht Logins, APIS und Downloads
request_header_access X-Forwarded-For deny all
request_header_access User-Agent allow all   # wir setzen unseren eigenen weiter unten!

# Erlaube nur die Header, die wir explizit benötigen
request_header_access Host allow all
request_header_access Accept allow all
request_header_access Accept-Language allow all
request_header_access Accept-Encoding allow all

# Antwort‑Header ebenfalls säubern
reply_header_access Server deny all
reply_header_access Via deny all
reply_header_access X-Powered-By deny all
reply_header_access All allow all   
# falls du weitere Antwort‑Header brauchst, gezielt freigeben
#--------------------------------------------------
# Proxy identification (unauffällig, aber ehrlich)
#--------------------------------------------------
via off
#forwarded_for transparent
forwarded_for delete 

#--------------------------------------------------
# Optional: Lernbeispiel – Header gezielt setzen
#--------------------------------------------------
#-Mozilla-Firefox
request_header_replace User-Agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"


exit
sudo systemctl restart squid.service

#------------------------------------------
# Systembedienung & Wissenswertes
#------------------------------------------

sudo systemctl start squid.service
sudo systemctl restart squid.service
sudo systemctl stop squid.service

sudo nano /etc/squid/squid.conf
squid -k parse || /usr/sbin/squid -k parse

sudo cat /var/log/squid/access.log
sudo cat /var/log/squid/cache.log

sudo apt install squidview && sudo squidview
sudo apt install nmap -y && nmap localhost
man squid
netstat -nat | grep :3128
curl -x http://192.168.1.x:3128 https://linux-schweiz.ch

# Prozedur um eine Cache-Fehler zu beheben
squid -k shutdown
rm -rf /var/spool/squid/
mkdir /var/spool/squid/
squid -z
/etc/init.d/squid restart