• Home
  • The Song
  • The Avatar
  • The Cat
  • Contact the Cat

Gyp the Cat dot Com

Tinyproxy A Quick and Easy Proxy Server on Ubuntu
Computers, internet

Tinyproxy A Quick and Easy Proxy Server on Ubuntu

As much as I think that a fully blown Squid Proxy sat on a network working as a Proxy server and giving virus and content filtering is a great bit of technology, I also appreciate that sometimes something simpler, quicker and easier is required.

I came across an organisation this week that was using a hosted web filter service. They were still having issues with bandwidth utilisation putting their email flow in jeopardy so they needed to do something about it.

Also it can sometimes be very useful to have your internet traffic going via a different IP address, especially useful if you have a VPS server sat in a different country and you want to do things like watch TV from that country…

Tinyproxy as the name suggests is a small footprint proxy server application that has limited functionality compared to Squid but is very easy to configure and run.

Firstly we need to install Tinyproxy from our Ubuntu shell

apt-get install tinyproxy

Accept any requests that come up.

Now, lets edit the default configuration.

nano /etc/tinyproxy/tinyproxy.conf

Optional! – You may want to change the port, I like port 8080 for proxies.

Find the section that reads:

#
# Port to listen on.
#
Port 8888

And change it to:

#
# Port to listen on.
#
Port 8080

Optional! – IF you have multiple IP addresses on the server you may want to change the binding addresses for one inbound and one outbound.

Find the section that reads:

#
# If you have multiple interfaces this allows you to bind to only one. If
# this is commented out, tinyproxy will bind to all interfaces present.
#
#Listen a.b.c.d

#
# The Bind directive allows you to bind the outgoing connections to a
# particular IP address.
#
#Bind w.x.y.z

Change it accordingly.

Optional! – Now, if we’re using an upstream proxy you need the section below.

#
# Turns on upstream proxy support.
#
# The upstream rules allow you to selectively route upstream connections
# based on the host/domain of the site being accessed.
#
# For example:
# # connection to test domain goes through testproxy
# upstream testproxy:8008 “.test.domain.invalid”
# upstream testproxy:8008 “.our_testbed.example.com”
# upstream testproxy:8008 “192.168.128.0/255.255.254.0”
#
# # no upstream proxy for internal websites and unqualified hosts
# no upstream “.internal.example.com”
# no upstream “www.example.com”
# no upstream “10.0.0.0/8”
# no upstream “192.168.0.0/255.255.254.0”
# no upstream “.”
#
# # connection to these boxes go through their DMZ firewalls
# upstream cust1_firewall:8008 “testbed_for_cust1”
# upstream cust2_firewall:8008 “testbed_for_cust2”
#
# # default upstream is internet firewall
# upstream firewall.internal.example.com:80
#
# The LAST matching rule wins the route decision. As you can see, you
# can use a host, or a domain:
# name matches host exactly
# .name matches any host in domain “name”
# . matches any host with no domain (in ’empty’ domain)
# IP/bits matches network/mask
# IP/mask matches network/mask
#
#Upstream some.remote.proxy:port

Add an entry under this line something along the lines of:

proxy.hostedproxy.com:8080

You’ll now need to let Tinyproxy know what the internal IP range of your network is, find the section below.

#
# The following is the authorization controls. If there are any access
# control keywords then the default action is to DENY. Otherwise, the
# default action is ALLOW.
#
# Also the order of the controls are important. The incoming connections
# are tested against the controls based on order.
#
Allow 127.0.0.1
#Allow 192.168.0.0/16
#Allow 172.16.0.0/12
#Allow 10.0.0.0/8

Add an appropriate entry, or uncomment out the appropriate line ie:

Allow 1.2.3.0/32

Now we need to reboot the server.

shutdown -r now

Now set up the proxy server and set the proxy up on the clients and off you go, easy and quick!

Related

Written by gyp - June 17, 2011 - 43657 Views
Tags | linux, proxy, tinyproxy

You Might Also Like

Quick & Easy Nginx Load Balancer with Backend

September 16, 2013

How to Add Different Disclaimers using alterMIME and Postfix based on Domain

November 9, 2010

Backing Up All MySQL Databases Individually using Cron

November 11, 2012

21 Comments

  • Using SSH as a SOCKS VPN on Mac OS @ Gyp the Cat dot Com June 21, 2011 at 9:10 am

    […] « Tinyproxy A Quick and Easy Proxy Server on Ubuntu […]

    Reply
  • Carl June 23, 2012 at 1:03 pm

    Great article thanks for sharing, got me up and running in minutes!

    It appears that the newer versions of Ubuntu put the conf in a slightly different place “nano /etc/tinyproxy.conf” as opposed to “nano /etc/tinyproxy/tinyproxy.conf”.

    Reply
    • gyp June 23, 2012 at 1:05 pm

      Hi Carl, glad I could help 🙂

      Thanks for the tip, will update the main post 🙂

      Reply
  • Abbas Khan October 8, 2012 at 9:28 am

    Hey, I’ve setup tinyproxy on ubuntu. So that I can use the VPN on ubuntu from my TV. The problem is, i can stream at full 500 kBytes/sec on ubuntu, but with tiny proxy , the tv gets only 40-50kBytes/sec and the load times are horrible. I’ve seen alot of complants about tinyproxy being slow. Is there a way to speed this up?

    Is it because i have logging enabled? or what else might be the reason? Please help.
    Thanks

    Reply
    • gyp October 8, 2012 at 3:57 pm

      Hi Abbas,

      Thanks for dropping by.

      I loose about 10% of my bandwidth when I’m using Tinyproxy. But even so 50 Kb doesn’t sound like a great deal! I’ve never known it be as slow as it appears yours is.

      A few things I’d try first:
      1) Do you have any errors in /var/log/syslog or /var/log/tinyproxy/* that would indicate any problems?
      2) I’d try connecting via a SOCKS Server to see if you get similar problems (in other words take the VPN and Tinyproxy out and test).
      3) Run the “top” command on your Linux server to see if you’ve got enough memory, processor speed, etc.
      4) Run “/usr/sbin/tinyproxy -h” and see what your Tinyproxy server is compiled with.
      5) Turn off filtering in the Tinyproxy config and see if that makes a difference.
      6) What settings do you have for threads, etc in your Tinyproxy config?

      Let me know if you need any more help and I’ll see what I can do 🙂

      Gyp

      Reply
    • gyp October 8, 2012 at 4:47 pm

      Oh, and PS, make sure you have asciidoc installed, try:

      apt-get install –no-install-recommends asciidoc

      Then reboot and see if it’s any better.

      Reply
  • A Tinyproxy Transparent Installation on Ubuntu 12.04 with HTTPS Support | Gyp the Cat dot Com October 15, 2012 at 9:23 pm

    […] A Tinyproxy Transparent Installation on Ubuntu 12.04 with HTTPS Support by gyp on October 8, 2012 in Business, Computers, internet with No comments Tweet If you want an easier way to get Tinyproxy working and don’t want to use transparent support try this post to install Tinyproxy on Ubuntu. […]

    Reply
  • Michael Corvin February 28, 2013 at 12:52 am

    Hi, thanks for the informative article. Do you know if its possible to setup username/password auth in tinyproxy?

    Cheers!

    Reply
    • gyp March 3, 2013 at 10:57 pm

      Hi Michael,

      From what I’ve read I don’t think Tinyproxy supports authentication out of the box so to speak. It seems to have been on the developers “to do list” for at least a few years.

      The options I’ve used in the past are (but may not be appropriate for your needs):
      1) Filter client IPs using iptables
      2) SSH Tunneling through to the appropriate port
      3) Setting up an IPSec VPN to your Tinyproxy box
      4) Use Squid 🙂

      Gyp

      Reply
  • Omi March 11, 2013 at 6:35 pm

    Wondering if anyone has used tinyproxy for netflix? I am in canada, and have tinyproxy running on an american VPS. The netflix website loads up all american content, but when clicking on the video, it seems to know that the request is coming form canada. Does the video in netflix not go thru the proxy? I have a suspicion that I might need sock proxy. Any ideas on somthing similar to tinyproxy that can route everything, including netflix video?

    Reply
    • gyp March 11, 2013 at 7:28 pm

      Hi Omi,

      I’d imagine that Netflix use a number of checks to see what country you’re in. I’d imagine the IP address your browser says it’s coming from, another possibly being which DNS servers you’re using to lookup Netflix on, and also I imagine there is something inbuilt to Silverlight which tells Netflix which country it thinks it’s in.

      I’m not saying it’s impossible to do, just pretty difficult. I’d imagine a Socks proxy or an IPSec tunnel may achieve what you want it to.

      Thanks for dropping by!

      Gyp

      Reply
  • Emily Taylor June 5, 2013 at 10:08 am

    will you set up my ubuntu vps for this? I can;t ever get these tutorials to work no matter how good i follow it.

    Reply
    • gyp June 6, 2013 at 3:24 pm

      Hi Emily, I’ve sent you an email.

      Reply
  • cem January 22, 2015 at 5:05 pm

    hello

    how to allow ip to connect this proxy because i have dynamic ip? or how to add username:password setting?

    Reply
  • esa November 30, 2015 at 11:04 am

    Non need to restart the server, it’s not windows

    Reply
    • gyp December 3, 2015 at 7:42 pm

      Thanks for commenting. Habits die hard and if I put a service into production I like to make sure it will come back up! But I see your point entirely 🙂

      Gyp

      Reply
  • ND December 26, 2015 at 4:00 am

    Hello GYP
    Thank for sharing. I got a problem with HTTPS, Tiny proxy couldn’t filter HTTPS traffic. It work normally with HTTP. what can i do to filter HTTPS ?

    Reply
    • gyp January 3, 2016 at 3:01 pm

      Hi ND,

      As far as I know Tinyproxy doesn’t support HTTPS decryption, which is likely what you’ll need to do a decent job in filtering HTTPS traffic. However Squid does support this so you may want to have a read on Squid HTTPS inspection.

      Hope this helps,

      Gyp

      Reply
  • Ivan July 27, 2016 at 11:45 am

    “Now we need to reboot the server.
    shutdown -r now”

    Really? (facepalm)

    Reply
    • gyp July 27, 2016 at 3:15 pm

      Hi Ivan,

      Yes, sorry, you are right. Shouldn’t be necessary anymore, but this post was written in 2011 and I initially had issues with invoking the startup, hence a reboot for me was the surest way to make sure it worked.

      Thanks for dropping by 🙂

      Gyp

      Reply
  • Miki December 5, 2016 at 8:54 pm

    Hi guys,
    I have tried to install tinyproxy on Ubuntu 14.04 and after service restart I get error:
    chown: invalid user: ‘nobody\r’
    Can you please help me to get is solved?

    Thanks in advance!
    Mikyy

    Reply
  • Please Post Your Comments & Reviews
    Cancel reply

    Your email address will not be published. Required fields are marked *

    Previous Post
    Next Post

    Latest Posts

    • How to Convert CSV to Parquet Easily with Python on Linux Shell
    • Kusto Geolocation IP Lookup
    • Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA
    • HTTP to HTTPS Redirect on Azure CDN
    • Strongswan IPSec (Including Cryptomap) to Microsoft Azure Virtual Network Gateway
    • Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
    • Sorry for the lack of posts
    • How to Block Internet Access with Group Policy (GPO)
    • Enforcing Microsoft Office 365 and Azure Tennancy with McAfee Web Gateway (MWG)
    • Scanning Subnet for Issuing Certificate Authority with OpenSSL

    Top Posts & Pages

    • How to Block Internet Access with Group Policy (GPO)
      How to Block Internet Access with Group Policy (GPO)
    • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
      How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
    • Kusto Geolocation IP Lookup
      Kusto Geolocation IP Lookup
    • Tinyproxy A Quick and Easy Proxy Server on Ubuntu
      Tinyproxy A Quick and Easy Proxy Server on Ubuntu
    • Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA
      Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA
    • How to DNSPerf on Ubuntu 14.04 with Installation and Quick Start
      How to DNSPerf on Ubuntu 14.04 with Installation and Quick Start
    • How to Add Different Disclaimers using alterMIME and Postfix based on Domain
      How to Add Different Disclaimers using alterMIME and Postfix based on Domain
    • Blocking Countries on Nginx without the GeoIP Module
      Blocking Countries on Nginx without the GeoIP Module
    • How to Enable Squid Anonymous Stealth Mode
      How to Enable Squid Anonymous Stealth Mode
    • Configuring Suite B, VPN-A and VPN-B in IPSec with Strongswan
      Configuring Suite B, VPN-A and VPN-B in IPSec with Strongswan

    Tags

    apache2 azure azure log analytics blops business centos cheating cissp cloudflare cryptography dns game google gyp internet iphone ipsec isc linux mac marketing microsoft mw2 mx mysql nginx pfsense postfix proxy ps3 qualification radius revision security seo smtp socks squid ssh strongswan tinyproxy ubuntu windows 2012 wordpress xdecrypt.com
    Gyp the Cat dot Com

    Some rights retained Gyp the Cat Dot Com