Linux, simple http proxy

linux http proxy

I have a linux server running in a data center that has some extra bandwidth and resources.

I'd like to set up a proxy service so that I can route all my http/https traffic from home through it. I know how to configure my browser to talk to the proxy, I just don't know how to set it up server side. I'd also like to have authentication so that only I can use it


My favorite way to do this is to use ssh/SOCKS and SOCKS tunneling.

If you have sshd running on your colo'd server, that's all you need.

Use 

ssh -D 9000 yourhost.foo.com

And then tweak your browser to use a SOCKS proxy on 127.0.0.1 port 9000.

With Firefox, I like to use Foxyproxy to quickly change the proxy config.

Here's an OK page with more details. SSH Proxy Details


A bit late to the discussion...

I find tinyproxy easier to set up and lighter than squid, especially for a server that is for only your own use.

The key is whether your datacentre server is running sshd.

If it is, then the answers here that use ssh to do port forwarding solve the authorization issue automatically. Set tinyproxy to bind to 127.0.0.1 and only users which have ssh access can connect to it.

If it is not, then you can configure tinyproxy to accept only connections from certain hosts or IP addresses. If you have a static IP address at home, problem solved.

If you have a dynamic address, you may be willing to accept connections from a sub-part of your home connection. E.g. your ISP sets your home connection to look like 192-192-192-192-area1-san-fran-cal-usa, you could set tinyproxy to accept connections only from area1-san-fran-cal-usa (thereby ignoring the IP part of the connection). The risk is that other area1 subscribers discover your proxy and start using it.

This is what I use for my VPS proxy and it works fine, especially since I am in a relatively small catchment area of my ISP. I've never had anyone else use the proxy, but I know it is a risk (one I'm willing to take -- I can always change tinyproxy if I discover someone else using it).


Maybe, but just maybe is good choice in this kind of situation to use a some sort of general solution. So I recommand squid as much as I can, when somebody needs a proxy service. The reasons are multiple: documentation is everywhere, it's general solution for basic and much more specific requests, and the most important, my experience showed that clients with simple requests became clients with very sophisticated requests regarding proxy service in no time.


The absolutely easiest way to simply pipe all your HTTP/HTTPS traffic through your Linux server at work is to use a dynamic ssh tunnel. This requires no setup whatsoever on your server in the datacenter - assuming that it already has a ssh server which does not have SSH tunneling disabled.

Dynamic SSH tunneling is a feature present in many SSH clients - openssh and PuTTY among others, where the SSH clients sets up a "fake SOCKS proxy" on the machine the client is running on, which then translates those SOCKS requests into SSH tunneling, exiting onto the greater Internet from your server.

If you're using openssh as your client, you would use ssh -D 3128 yourserver.example.com, and then configuring your web browser to use localhost:3128 as your SOCKS proxy.

PuTTY will do this too, have a look under Connection -> SSH -> Tunnels and add a dynamic forwarded port (enter the Source port, but leave the Destination blank), and then configure your browser to point at localhost:3128 as a SOCKS proxy, just like with OpenSSH.


The most simple way to do this is via a SSH tunnel: 

ssh -D 8080 yourserver.com

Now you can point your browser to the (SOCKS) proxy localhost:8080.
SSH will only bind 8080 to 127.0.0.1 (and ::1), so nobody else can use it.

If you are on windows you can use Putty to establish this tunnel as well.

Related

Using mongodb tools (mongodump, mongorestore) from another machine
How can I stop FFMPEG?
how to auto-run ntdpdate command?
I deleted libssl.so.10
Which Nginx and which config file is used
ntpd gets "connect: invalid argument" on 0.0.0.2
Multiport Server NIC ports?
Tomcat localhost access log does not contain failed requests
Openvpn client can ping the server, but can not ping www.google.com
How can I use munin-node apache_ with basic authentication?
How do I determine specific BIOS settings with dmidecode and lshw commands with HP servers?
Backup broken PostgreSQL 8.4 without pg_dump