Tinyproxy A Quick and Easy Proxy Server on Ubuntu

ubuntu_tiny_proxy

As much as I think that a fully blown Squid Proxy sat on a network working as a Proxy server and giving virus and content filtering is a great bit of technology, I also appreciate that sometimes something simpler, quicker and easier is required.

I came across an organisation this week that was using a hosted web filter service. They were still having issues with bandwidth utilisation putting their email flow in jeopardy so they needed to do something about it.

Also it can sometimes be very useful to have your internet traffic going via a different IP address, especially useful if you have a VPS server sat in a different country and you want to do things like watch TV from that country…

Tinyproxy as the name suggests is a small footprint proxy server application that has limited functionality compared to Squid but is very easy to configure and run.

Firstly we need to install Tinyproxy from our Ubuntu shell

apt-get install tinyproxy

Accept any requests that come up.

Now, lets edit the default configuration.

nano /etc/tinyproxy/tinyproxy.conf

Optional! – You may want to change the port, I like port 8080 for proxies.

Find the section that reads:

#
# Port to listen on.
#
Port 8888

And change it to:

#
# Port to listen on.
#
Port 8080

Optional! – IF you have multiple IP addresses on the server you may want to change the binding addresses for one inbound and one outbound.

Find the section that reads:

#
# If you have multiple interfaces this allows you to bind to only one. If
# this is commented out, tinyproxy will bind to all interfaces present.
#
#Listen a.b.c.d

#
# The Bind directive allows you to bind the outgoing connections to a
# particular IP address.
#
#Bind w.x.y.z

Change it accordingly.

Optional! – Now, if we’re using an upstream proxy you need the section below.

#
# Turns on upstream proxy support.
#
# The upstream rules allow you to selectively route upstream connections
# based on the host/domain of the site being accessed.
#
# For example:
# # connection to test domain goes through testproxy
# upstream testproxy:8008 “.test.domain.invalid”
# upstream testproxy:8008 “.our_testbed.example.com”
# upstream testproxy:8008 “192.168.128.0/255.255.254.0″
#
# # no upstream proxy for internal websites and unqualified hosts
# no upstream “.internal.example.com”
# no upstream “www.example.com”
# no upstream “10.0.0.0/8″
# no upstream “192.168.0.0/255.255.254.0″
# no upstream “.”
#
# # connection to these boxes go through their DMZ firewalls
# upstream cust1_firewall:8008 “testbed_for_cust1″
# upstream cust2_firewall:8008 “testbed_for_cust2″
#
# # default upstream is internet firewall
# upstream firewall.internal.example.com:80
#
# The LAST matching rule wins the route decision. As you can see, you
# can use a host, or a domain:
# name matches host exactly
# .name matches any host in domain “name”
# . matches any host with no domain (in ‘empty’ domain)
# IP/bits matches network/mask
# IP/mask matches network/mask
#
#Upstream some.remote.proxy:port

Add an entry under this line something along the lines of:

proxy.hostedproxy.com:8080

You’ll now need to let Tinyproxy know what the internal IP range of your network is, find the section below.

#
# The following is the authorization controls. If there are any access
# control keywords then the default action is to DENY. Otherwise, the
# default action is ALLOW.
#
# Also the order of the controls are important. The incoming connections
# are tested against the controls based on order.
#
Allow 127.0.0.1
#Allow 192.168.0.0/16
#Allow 172.16.0.0/12
#Allow 10.0.0.0/8

Add an appropriate entry, or uncomment out the appropriate line ie:

Allow 1.2.3.0/32

Now we need to reboot the server.

shutdown -r now

Now set up the proxy server and set the proxy up on the clients and off you go, easy and quick!

13 Comments on "Tinyproxy A Quick and Easy Proxy Server on Ubuntu"

  1. Carl says:

    Great article thanks for sharing, got me up and running in minutes!

    It appears that the newer versions of Ubuntu put the conf in a slightly different place “nano /etc/tinyproxy.conf” as opposed to “nano /etc/tinyproxy/tinyproxy.conf”.

  2. Abbas Khan says:

    Hey, I’ve setup tinyproxy on ubuntu. So that I can use the VPN on ubuntu from my TV. The problem is, i can stream at full 500 kBytes/sec on ubuntu, but with tiny proxy , the tv gets only 40-50kBytes/sec and the load times are horrible. I’ve seen alot of complants about tinyproxy being slow. Is there a way to speed this up?

    Is it because i have logging enabled? or what else might be the reason? Please help.
    Thanks

    • gyp says:

      Hi Abbas,

      Thanks for dropping by.

      I loose about 10% of my bandwidth when I’m using Tinyproxy. But even so 50 Kb doesn’t sound like a great deal! I’ve never known it be as slow as it appears yours is.

      A few things I’d try first:
      1) Do you have any errors in /var/log/syslog or /var/log/tinyproxy/* that would indicate any problems?
      2) I’d try connecting via a SOCKS Server to see if you get similar problems (in other words take the VPN and Tinyproxy out and test).
      3) Run the “top” command on your Linux server to see if you’ve got enough memory, processor speed, etc.
      4) Run “/usr/sbin/tinyproxy -h” and see what your Tinyproxy server is compiled with.
      5) Turn off filtering in the Tinyproxy config and see if that makes a difference.
      6) What settings do you have for threads, etc in your Tinyproxy config?

      Let me know if you need any more help and I’ll see what I can do :)

      Gyp

    • gyp says:

      Oh, and PS, make sure you have asciidoc installed, try:

      apt-get install –no-install-recommends asciidoc

      Then reboot and see if it’s any better.

  3. Michael Corvin says:

    Hi, thanks for the informative article. Do you know if its possible to setup username/password auth in tinyproxy?

    Cheers!

    • gyp says:

      Hi Michael,

      From what I’ve read I don’t think Tinyproxy supports authentication out of the box so to speak. It seems to have been on the developers “to do list” for at least a few years.

      The options I’ve used in the past are (but may not be appropriate for your needs):
      1) Filter client IPs using iptables
      2) SSH Tunneling through to the appropriate port
      3) Setting up an IPSec VPN to your Tinyproxy box
      4) Use Squid :)

      Gyp

  4. Omi says:

    Wondering if anyone has used tinyproxy for netflix? I am in canada, and have tinyproxy running on an american VPS. The netflix website loads up all american content, but when clicking on the video, it seems to know that the request is coming form canada. Does the video in netflix not go thru the proxy? I have a suspicion that I might need sock proxy. Any ideas on somthing similar to tinyproxy that can route everything, including netflix video?

    • gyp says:

      Hi Omi,

      I’d imagine that Netflix use a number of checks to see what country you’re in. I’d imagine the IP address your browser says it’s coming from, another possibly being which DNS servers you’re using to lookup Netflix on, and also I imagine there is something inbuilt to Silverlight which tells Netflix which country it thinks it’s in.

      I’m not saying it’s impossible to do, just pretty difficult. I’d imagine a Socks proxy or an IPSec tunnel may achieve what you want it to.

      Thanks for dropping by!

      Gyp

  5. Emily Taylor says:

    will you set up my ubuntu vps for this? I can;t ever get these tutorials to work no matter how good i follow it.

Trackbacks for this post

  1. Using SSH as a SOCKS VPN on Mac OS @ Gyp the Cat dot Com
  2. A Tinyproxy Transparent Installation on Ubuntu 12.04 with HTTPS Support | Gyp the Cat dot Com

Got something to say? Go for it!