ProxyServer

Installing & Configuring Tinyproxy on an Ubuntu Server

Eric Kleist

LaDawn Meade

CS30A

18 Jan 2016

Installing & Configuring Tinyproxy on an Ubuntu Server

The software package that I choose for my install is tinyproxy. Tinyproxy (http://tinyproxy.github.io) is a free open-source software package for Linux that lets you run your own proxy server. There is a multitude of reasons why one would want to run a proxy server, but for me it is so I can connect to IRC without allowing everyone in the channel access to my home IP address. It has been over 15 years since I have been on IRC, but this class has brought up some memories from the distant past, and that reminded me that IRC could be a great resource for learning Linux. Since IRC is a community full of people on the cutting edge of technology, it comes with it’s own set of dangers. Hence why I decided it would be a good idea to connect to a proxy before connecting to IRC. Proxies can be used to mask your IP address when connecting to IRC, or any other website or Internet service. This is commonly done for many reasons, some of the most common uses of proxies are: accessing blocked websites when you are behind a government or corporate firewall, changing your Geo-location for Internet marketing tasks, avoiding location based and other tracked advertising, and a multitude of other reasons as well.

An alternative open-source proxy software solution is called squid (www.squid-cache.org). I decided to go with tinyproxy as it had all the features that I needed, looked simple to configure, and took up minimal system resources. Since I was installing tinyproxy on a free AWS server, my resources were very limited so I had to make sure the software did not drain the machine of resources and negatively affect performance. For my purposes, there would be no reason to run tinyproxy on my own machine, as that would not mask my IP address when connecting to IRC. But, tinyproxy would be beneficial to run on your home machine if you were going overseas to a country that restricts its Internet access, such as China, or even to a country where license restrictions are imposed, such as trying to stream music or watch some Youtube videos in Mexico or most other countries. As far as commercially available proxy software, you could purchase CCProxy (youngzsoft.net/ccproxy) for Windows, but there really is no reason as Squid can operate on Windows, or you can run a Linux virtual machine if you want to use Tinyproxy. CCProxy did not seem to have any features that set it apart from either Squid or tinyproxy. It should be mentioned that there is also a commercially available program named WinGate, although WinGate is geared towards running on a business network, and seemed to have too many features out of scope to what I was looking for to be considered as an alternative.

Although it is possible to download tinyproxy from their GitHub site, it is much easier to use the apt-get package installation tool, and this is the download/installation method recommended [tinyproxy]. To install the software on my Ubuntu server I typed the command: apt-get install tinyproxy. After the install is where the instructions on the website were lacking. They instructed me to consult the man pages for documentation, which I did, but the manual did not adequately demonstrate how to configure tinyproxy or how to use it. After doing some Google searches I found a blog that gave instructions on how to configure tinyproxy [gypthecat]. I’m assuming the developers of tinyproxy didn’t include configuration instructions on their website since any experienced Linux user would know where the conf file was, and so would already know how to configure the software. For us newbies, a configuration file is a file where you can set all the variables for your program. Tinyproxy does not have a GUI, so if you are used to a GUI, then think of the conf file as the same screen you would get to if you clicked File → Preferences in Windows or any other GUI environment.

Now we know the location of the conf file, it’s time to start configuring tinyproxy. The first step in configuration is to open the the conf file in a text editor so we can read it, then make changes where necessary. To accomplish this you can use a text editor called vi by typing: sudo vi /etc/tinyproxy.conf. Lucky for us, the developers of tinyproxy did a great job on clearly labeling everything, so I recommend reading the entire conf file to learn more about the features of the software. Reading the conf file made me realize there is a lot of features I may want to learn more about later, but for now let’s just stick to the basics and focus on getting tinyproxy working! The two main things that we need to configure for an initial installation are the allowed access IP, and also the port that tinyproxy will run on. The port is defaulted to 8888 and that is fine, so I choose to just leave the port as is. If you change the port, make a note of it, as you will need to know this when trying to connect to your proxy. The allowed access IP must be changed, so you have to edit the configuration file by adding a line above or below the Allow 127.0.0.1 line that says Allow my.ip.address.here, so in my case I typed Allow 173.27.80.97. This will allow any device on my home network to connect to my proxy. It should be noted that any time you make a change to the configuration file, you must restart the service for the change to take affect. To do this you save and close the conf file by typing Esc :wq then when back at the command prompt type: sudo service tinyproxy restart. After this I figured I would be good to go, but when trying to test my proxy with Firefox, I couldn’t establish a connection.

Now we get into troubleshooting, as it looked to me like the proxy service was running, but just to verify I typed sudo service tinyproxy start. The first step I took was to look up a few other installation guides, and I found one that explained I had to open the port on my Ubuntu machine[JustinM]. Additionally, I had to make some changes to my AWS firewall, but I am not going to include those fixes as it is outside the scope of this report. After opening the port, I was able to successfully establish a web connection to my proxy.
Image1

Next step is to try and connect to IRC through my proxy, but unfortunately I ran into further complications. The error code displayed by my IRC client was:

Image2

To start diagnosing this problem I searched Google with the string “HTTP/1.0 403 Access Violation” to see what further information I could find on the problem. It took a good amount of searching, as I couldn’t find anyone else with a directly related (IRC) problem, but I did find a post that pointed my in the right direction [ServerFault]. The problem was that I had only configured tinyproxy to be accessible for the web, and since IRC runs on a different port, I had to let tinyproxy know it should listen for CONNECT requests on the port used by the IRC server I was connecting too. Since most IRC servers use the port 6667/6697 (I confirmed the correct port by checking the tinyproxy log file) I opened up both of those ports by adding these two lines to the configuration file: ConnectPort 6667 & ConnectPort 6697. After making this change, I restarted the tinyproxy service, and tried to connect again via IRC. And this time, it worked!!!!!
Before:

Image3

After:

Image4

In the above screenshots, notice the identifier after the @ sign on line three was changed from my ISP (mchsi.com) to my AWS Server (amazonaws.com). This demonstrates that I’m connecting to the tinyproxy service on my AWS server which is then establishing the connection to the IRC Server, therefore displaying my location as the AWS server and not my actual home IP address. The reason I feel this is required when you go on IRC, is that you never know who you are dealing with, so it’s a good idea to conceal your home IP address. Think about it this way… You wouldn’t walk down the street with a copy of your driver license screen-printed to your shirt. So why would you want to reveal your home IP address to everyone who happens to be in the chat room with you?

This process has taught me a great deal about installing and configuring software on Linux machines. It got me much more comfortable with Linux and the command prompt, and that black screen no longer scares me as much as it used too. Tinyproxy did exactly what I wanted it to, and I was very happy with the overall install. Even someone without much previous experience with the Linux command line (like myself), could figure out the install by using the provided information combined with some Google searches for configuration and troubleshooting. I would highly recommend using the combination of tinyproxy and AWS so you can run your own proxy server.

Bibliography

tinyproxy: Tinyproxy, lightweight http(s) proxy daemon, 2009, http://tinyproxy.github.io

gypthecat: GYP, Tinyproxy a quick and easy proxy server on ubuntu, 2011,
https://www.gypthecat.com/tinyproxy-a-quick-and-easy-proxy-server-on-ubuntu

JustinM: Justin McCandless, Set Up Tinyproxy in Ubuntu, 2011, http://www.justinmccandless.com/blog/Set+Up+Tinyproxy+in+Ubuntu

ServerFault: bentek, Tinyproxy Refused CONNECT method , 2015, http://serverfault.com/questions/730909/tinyproxy-refused-connect-method

Leave a Reply

Your email address will not be published. Required fields are marked *