note: I found out that you can also use the ssh -D option to have ssh function as a SOCKS server to get similar behaviour without the hassle of configuring apache.
Are you at work behind a big bad evil proxy? Afraid of your privacy? Set up a proxy on your local home server so you can browse safely.
What are we going to use:
Is that all we need? Yes that’s all. 😉
Ok let’s set up our apache 2 proxy first. It is a good idea to add some security to your proxy server so not everyone can reach it. You might want to restrict it to the localhost only. This tutorial is based on debian install of apache 2. So hang on and let’s go.
First change the ports apache2 is listening in to. Edit /etc/apache2/ports.conf for this purpose and add the line:
This will make the apache2 server listen to port 8080. If there is a line that makes apache2 listen on port 443 (https) you might want to disable it. We are going to use putty to connect to this port.
You might need to download mod_proxy for apache2 to be able to use proxying. If it is not already enabled use:
a2enmod proxy
a2enmod proxy_connect
a2enmod proxy_html
a2enmod proxy_ftp |
a2enmod proxy
a2enmod proxy_connect
a2enmod proxy_html
a2enmod proxy_ftp
This will enable it. If mod proxy is not yet installed at all use an apt-cache search mod proxy to locate and install it through apt.
the mod proxy_connect is required to be able to handle SSL calls through your proxy.
Create a new entry in /etc/apache/sites-available and name it ‘proxy’ for example. Insert something like the following:
<virtualhost *:8080>
ServerAdmin webmaster@localhost
ProxyRequests On
ProxyVia On
#Add ports you want to be able to connect to through your proxy here
AllowCONNECT 443 563 1863
#443 = SSL
#563 = TLS
#1863 = MSN Messenger
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
ErrorLog /var/log/apache2/proxy-error.log
TransferLog /var/log/apache2/proxy-transfer.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel notice
</virtualhost> |
<virtualhost *:8080>
ServerAdmin webmaster@localhost
ProxyRequests On
ProxyVia On
#Add ports you want to be able to connect to through your proxy here
AllowCONNECT 443 563 1863
#443 = SSL
#563 = TLS
#1863 = MSN Messenger
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
ErrorLog /var/log/apache2/proxy-error.log
TransferLog /var/log/apache2/proxy-transfer.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel notice
</virtualhost>
Enable this new site by typing:
It would be really wise to limit the access to your forward proxy.
edit the proxy.conf file in /mods-available/proxy.conf.
Add something like this to allow only connections from localhost:
<proxy *:80>
Order Deny,Allow
Deny from all
</proxy>
<proxy *:8080>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</proxy> |
<proxy *:80>
Order Deny,Allow
Deny from all
</proxy>
<proxy *:8080>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</proxy>
reload the webserver after this by running:
/etc/init.d/apache2 reload |
/etc/init.d/apache2 reload
Add 443 to your ssh listen ports by opening /etc/ssh/sshd_config.
Edit it so it reads:
# What ports, IPs and protocols we listen for
Port 22
Port 443 |
# What ports, IPs and protocols we listen for
Port 22
Port 443
Restart the ssh daemon by calling:
Now you are ready to go. You can try your proxy now by using putty to connect to your server and tunnel port 8080 to another port on your local machine. It might also be a good idea to enable zip compression on your connection (Putty:Connection->SSH->Enable Compression) to speed things up a bit.
Now you can use firefox or another app and connect on localhost:[bound putty port] to connect to your proxy.
If you want firefox to do the dns lookups on the remote end you should open your about:config page by typing this in the address bar. Lookup the value:
network.proxy.socks_remote_dns |
network.proxy.socks_remote_dns
Set the value to true to do remote dns lookups.