As much as I think that a fully blown Squid Proxy sat on a network working as a Proxy server and giving virus and content filtering is a great bit of technology, I also appreciate that sometimes something simpler, quicker and easier is required.
I came across an organisation this week that was using a hosted web filter service. They were still having issues with bandwidth utilisation putting their email flow in jeopardy so they needed to do something about it.
Also it can sometimes be very useful to have your internet traffic going via a different IP address, especially useful if you have a VPS server sat in a different country and you want to do things like watch TV from that country…
Tinyproxy as the name suggests is a small footprint proxy server application that has limited functionality compared to Squid but is very easy to configure and run.
Firstly we need to install Tinyproxy from our Ubuntu shell
apt-get install tinyproxy
Accept any requests that come up.
Now, lets edit the default configuration.
nano /etc/tinyproxy/tinyproxy.conf
Optional! – You may want to change the port, I like port 8080 for proxies.
Find the section that reads:
#
# Port to listen on.
#
Port 8888
And change it to:
#
# Port to listen on.
#
Port 8080
Optional! – IF you have multiple IP addresses on the server you may want to change the binding addresses for one inbound and one outbound.
Find the section that reads:
#
# If you have multiple interfaces this allows you to bind to only one. If
# this is commented out, tinyproxy will bind to all interfaces present.
#
#Listen a.b.c.d#
# The Bind directive allows you to bind the outgoing connections to a
# particular IP address.
#
#Bind w.x.y.z
Change it accordingly.
Optional! – Now, if we’re using an upstream proxy you need the section below.
#
# Turns on upstream proxy support.
#
# The upstream rules allow you to selectively route upstream connections
# based on the host/domain of the site being accessed.
#
# For example:
# # connection to test domain goes through testproxy
# upstream testproxy:8008 “.test.domain.invalid”
# upstream testproxy:8008 “.our_testbed.example.com”
# upstream testproxy:8008 “192.168.128.0/255.255.254.0”
#
# # no upstream proxy for internal websites and unqualified hosts
# no upstream “.internal.example.com”
# no upstream “www.example.com”
# no upstream “10.0.0.0/8”
# no upstream “192.168.0.0/255.255.254.0”
# no upstream “.”
#
# # connection to these boxes go through their DMZ firewalls
# upstream cust1_firewall:8008 “testbed_for_cust1”
# upstream cust2_firewall:8008 “testbed_for_cust2”
#
# # default upstream is internet firewall
# upstream firewall.internal.example.com:80
#
# The LAST matching rule wins the route decision. As you can see, you
# can use a host, or a domain:
# name matches host exactly
# .name matches any host in domain “name”
# . matches any host with no domain (in ’empty’ domain)
# IP/bits matches network/mask
# IP/mask matches network/mask
#
#Upstream some.remote.proxy:port
Add an entry under this line something along the lines of:
proxy.hostedproxy.com:8080
You’ll now need to let Tinyproxy know what the internal IP range of your network is, find the section below.
#
# The following is the authorization controls. If there are any access
# control keywords then the default action is to DENY. Otherwise, the
# default action is ALLOW.
#
# Also the order of the controls are important. The incoming connections
# are tested against the controls based on order.
#
Allow 127.0.0.1
#Allow 192.168.0.0/16
#Allow 172.16.0.0/12
#Allow 10.0.0.0/8
Add an appropriate entry, or uncomment out the appropriate line ie:
Allow 1.2.3.0/32
Now we need to reboot the server.
shutdown -r now
Now set up the proxy server and set the proxy up on the clients and off you go, easy and quick!
21 Comments
[…] « Tinyproxy A Quick and Easy Proxy Server on Ubuntu […]
Great article thanks for sharing, got me up and running in minutes!
It appears that the newer versions of Ubuntu put the conf in a slightly different place “nano /etc/tinyproxy.conf” as opposed to “nano /etc/tinyproxy/tinyproxy.conf”.
Hi Carl, glad I could help 🙂
Thanks for the tip, will update the main post 🙂
Hey, I’ve setup tinyproxy on ubuntu. So that I can use the VPN on ubuntu from my TV. The problem is, i can stream at full 500 kBytes/sec on ubuntu, but with tiny proxy , the tv gets only 40-50kBytes/sec and the load times are horrible. I’ve seen alot of complants about tinyproxy being slow. Is there a way to speed this up?
Is it because i have logging enabled? or what else might be the reason? Please help.
Thanks
Hi Abbas,
Thanks for dropping by.
I loose about 10% of my bandwidth when I’m using Tinyproxy. But even so 50 Kb doesn’t sound like a great deal! I’ve never known it be as slow as it appears yours is.
A few things I’d try first:
1) Do you have any errors in /var/log/syslog or /var/log/tinyproxy/* that would indicate any problems?
2) I’d try connecting via a SOCKS Server to see if you get similar problems (in other words take the VPN and Tinyproxy out and test).
3) Run the “top” command on your Linux server to see if you’ve got enough memory, processor speed, etc.
4) Run “/usr/sbin/tinyproxy -h” and see what your Tinyproxy server is compiled with.
5) Turn off filtering in the Tinyproxy config and see if that makes a difference.
6) What settings do you have for threads, etc in your Tinyproxy config?
Let me know if you need any more help and I’ll see what I can do 🙂
Gyp
Oh, and PS, make sure you have asciidoc installed, try:
apt-get install –no-install-recommends asciidoc
Then reboot and see if it’s any better.
[…] A Tinyproxy Transparent Installation on Ubuntu 12.04 with HTTPS Support by gyp on October 8, 2012 in Business, Computers, internet with No comments Tweet If you want an easier way to get Tinyproxy working and don’t want to use transparent support try this post to install Tinyproxy on Ubuntu. […]
Hi, thanks for the informative article. Do you know if its possible to setup username/password auth in tinyproxy?
Cheers!
Hi Michael,
From what I’ve read I don’t think Tinyproxy supports authentication out of the box so to speak. It seems to have been on the developers “to do list” for at least a few years.
The options I’ve used in the past are (but may not be appropriate for your needs):
1) Filter client IPs using iptables
2) SSH Tunneling through to the appropriate port
3) Setting up an IPSec VPN to your Tinyproxy box
4) Use Squid 🙂
Gyp
Wondering if anyone has used tinyproxy for netflix? I am in canada, and have tinyproxy running on an american VPS. The netflix website loads up all american content, but when clicking on the video, it seems to know that the request is coming form canada. Does the video in netflix not go thru the proxy? I have a suspicion that I might need sock proxy. Any ideas on somthing similar to tinyproxy that can route everything, including netflix video?
Hi Omi,
I’d imagine that Netflix use a number of checks to see what country you’re in. I’d imagine the IP address your browser says it’s coming from, another possibly being which DNS servers you’re using to lookup Netflix on, and also I imagine there is something inbuilt to Silverlight which tells Netflix which country it thinks it’s in.
I’m not saying it’s impossible to do, just pretty difficult. I’d imagine a Socks proxy or an IPSec tunnel may achieve what you want it to.
Thanks for dropping by!
Gyp
will you set up my ubuntu vps for this? I can;t ever get these tutorials to work no matter how good i follow it.
Hi Emily, I’ve sent you an email.
hello
how to allow ip to connect this proxy because i have dynamic ip? or how to add username:password setting?
Non need to restart the server, it’s not windows
Thanks for commenting. Habits die hard and if I put a service into production I like to make sure it will come back up! But I see your point entirely 🙂
Gyp
Hello GYP
Thank for sharing. I got a problem with HTTPS, Tiny proxy couldn’t filter HTTPS traffic. It work normally with HTTP. what can i do to filter HTTPS ?
Hi ND,
As far as I know Tinyproxy doesn’t support HTTPS decryption, which is likely what you’ll need to do a decent job in filtering HTTPS traffic. However Squid does support this so you may want to have a read on Squid HTTPS inspection.
Hope this helps,
Gyp
“Now we need to reboot the server.
shutdown -r now”
Really? (facepalm)
Hi Ivan,
Yes, sorry, you are right. Shouldn’t be necessary anymore, but this post was written in 2011 and I initially had issues with invoking the startup, hence a reboot for me was the surest way to make sure it worked.
Thanks for dropping by 🙂
Gyp
Hi guys,
I have tried to install tinyproxy on Ubuntu 14.04 and after service restart I get error:
chown: invalid user: ‘nobody\r’
Can you please help me to get is solved?
Thanks in advance!
Mikyy