Ok - off the back of the VPN in minutes post I made here a while ago, I thought I would throw up a how to on making an elite proxy using a CentOS VPS and Squid. This is a bit longer than the last post so what I put here is also available from my website (http://autoim.net/elite-squid-proxy-setup/) incase you need an easy bookmark. Here we go (this is a copy / paste job so hopefuly it goes right from my site!): Ok, we have already told you how to set up a VPN in minutes so how about another tutorial on how to set up your own elite proxy using CentOS and Squid. The proxy will be fully password protected so only authenticated users can use it. Please note that this tutorial is aimed at CentOS 64bit versions, we are using version 7 - this will work on other distros but you will have to alter the commands you use, for example instead of 'yum' on Debian you would use 'apt-get'. The proxy we set up for this tutorial was created on a Digital Ocean droplet. Mod Edit - Aff link removed Right, with that out of the way, fire up your VPS, log in via SSH and type the following: Firstly update the VPS and install the prerequisites for installing Squid Code: yum update yum install squid http-tools -y When everything has been updated and installed, we will need to clear out any old Squid configuration files, and set a blank file Code: rm -rf /etc/squid/squid.conf touch /etc/squid/squid.conf Now we will give Squid a basic configuration, allowing certain ports and ensuring that the password protection is set up. Where the config says port 3128, feel free to set that to anything you want, 3128 is just the default port used by Squid Code: echo -e " http_port 3128 acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 425 # smtp acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access allow Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|?) 0 0% 0 refresh_pattern . 0 20% 4320 auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_access auth_param basic childred 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl ncsaauth proxy_auth REQUIRED http_access allow ncsaauth forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all" >> /etc/squid/squid.conf All that file does is allow certain ports to be used through the proxy, it tells the proxy you should be authenticated before you can browse through it and ensures that the proxy does not forward your real IP address with any requests. Right, the proxy is nearly set up but we have to set up some credentials for Squid to use to see if a user is allowed to browse via the proxy, so lets set up our first user. Just put any username and password you fancy in! Code: htpasswd -b -c /etc/squid/squid_access username password If you want to add further users, you don't have to use the -c flag which will create the file if it wasn't there, so just use Code: htpasswd -b /etc/squid/squid_access username password To make sure the proxy starts when your VPS starts, for example after you reboot, you need to switch the auto start on for it Code: chkconfig squid on Now you only have to restart the proxy Code: service squid restart You can now connect to your proxy using the IP of your VPS and the port you specified in the config file (if you didn't change it, the port is 3128) If you want to add extra ports to it, for example the cPanel control panel (port 2083), all you have to do is edit the squid.conf file, add the port, save the config file and restart To edit the config file Code: /etc/squid/squid.conf Scroll down until you see the line Code: acl CONNECT method CONNECT and just ABOVE it, give the port number you want. In this example we are adding the cPanel port 2083 Code: acl Safe_ports port 2083 Save the file and restart Squid Code: service squid restart You now have an elite, password protected proxy. If you have problems anywhere, feel free to contact Auto IM who will help where possible or use our proxy install service to let us do it all for you. If you get errors, use the following command to check out Squids report Code: systemctl status squid.service ** EDIT ** 19:05 BST - typo spotted in the config, now changed!