Secure HTTPS proxy in less than 10 minutes

This guide describes how to deploy an HTTPS proxy using dumbproxy on almost any Linux server. All you need is curl and root access to some server.

Here, HTTPS proxy refers to an HTTP proxy with a TLS connection, not just an unencrypted HTTP proxy that HTTPS can also work through. That is, such an HTTPS proxy introduces an additional layer of TLS between the client and the proxy server, thus ensuring the confidentiality of the connection with the proxy server. Such proxies are suitable for direct use in browsers and other software. The so-called “VPN” browser extensions, in fact, work just through such “encrypted” HTTP proxies.

Why and why?

Why an HTTPS proxy?

  • Well suited for accessing blocked content without requiring a system-wide traffic switch. Can be used selectively for some individual sites, domains, etc.

  • A standard protocol that looks like HTTPS because technically it is HTTPS.

  • Alternative solutions like shadowsocks often still have to be hidden inside TLS using plugins like simple-tls or v2ray. And in this case, there is no need in shadowsocks itself – it’s easier to directly use a regular proxy inside TLS.

  • Supported by browsers without additional software. The rest of the software that supports HTTP proxies can be friends with HTTPS proxies using this adapter.

You can read more about the benefits of secure proxies over VPNs in one of my previous posts.

Why dumbproxy?

This is a fairly simple proxy server, which is specially made for the current realities, works on many different platforms and . In fact, to work, it is enough to run only one executable file.

At the same time, dumbproxy has a number of other rather important advantages:

  • The ability to hide the proxy response with a 407 code so that the proxy does not impersonate when polling is active (disabled by default).

  • The lightweight threads allow it to serve a significant number of concurrent connections (tens of thousands) in the default configuration, which is an advantage over 3proxy and tinyproxy. In combination with a modest memory consumption per connection, this allows you to operate proxies on VPS of the minimum tariff plans.

  • Simple authorization management: the file with users is automatically reloaded when changes are detected.

  • Supports HTTP/2.

  • It is possible to authorize using TLS certificates (it will probably be more convenient to use it using steady-tun on the client side).

  • The server will take care of issuing certificates for domain names using the ACME protocol (for example, via Let’s Encrypt or BuyPass).

Step 1: Assign a domain name

We will need a domain name for the server so that TLS (HTTPS) works seamlessly on it. You can either buy a domain and link it to your VPS IP address, or use some free domain name service. In the latter case, the parent domain of your domain must be listed in list of public domain suffixes. Otherwise, there may be problems with issuing a certificate through Let’s Encrypt – it will run into the allowed number of issued certificates for the parent domain for a certain period of time. In this guide, we will use the free service freemyip.com, which gives a domain to a user even without registration.

  1. Go to page https://freemyip.com/.

  2. Choose a beautiful domain name and take it.

  3. Save the link you receive somewhere.

  4. Run the following command on your server: curl 'ССЫЛКА'where ССЫЛКА – the same link that you received in the previous step. Please note: you must not forget to put the link in single quotes!

Examination: check your domain ping-ohm, it should point to the IP address of your VPS. If it doesn’t, then try waiting a few minutes and trying again.

Step 2Installing dumbproxy

Assumes amd64 processor architecture. For other cases see binaries here. Run the command:

curl -Lo /usr/local/bin/dumbproxy 'https://github.com/Snawoot/dumbproxy/releases/download/v1.6.1/dumbproxy.linux-amd64' && chmod +x /usr/local/bin/dumbproxy

Examination: team dumbproxy -version should output v1.6.1.

Step 3. Configuring dumbproxy

Let’s create a file with a list of users and passwords. Run the following command, replacing USERNAME and PASSWORD with the actual desired username and password values:

dumbproxy -passwd /etc/dumbproxy.htpasswd 'USERNAME' 'PASSWORD'

Configure dumbproxy. Create a file /etc/default/dumbproxy with the following content:

OPTIONS=-auth basicfile://?path=/etc/dumbproxy.htpasswd -autocert -bind-address :443

Create a file /etc/systemd/system/dumbproxy.service with the following content:

[Unit]
Description=Dumb Proxy
Documentation=https://github.com/Snawoot/dumbproxy/
After=network.target network-online.target
Requires=network-online.target

[Service]
EnvironmentFile=/etc/default/dumbproxy
User=root
Group=root
ExecStart=/usr/local/bin/dumbproxy $OPTIONS
TimeoutStopSec=5s
PrivateTmp=true
ProtectSystem=full
LimitNOFILE=20000

[Install]
WantedBy=default.target

Finally, apply the new systemd configuration:

systemctl daemon-reload

Step 4Run dumbproxy

Enable autorun with the following command:

systemctl enable dumbproxy

Start the service:

systemctl start dumbproxy

Examination: team curl -x 'https://USERNAME:PASSWORD@DOMAIN' http://ifconfig.co should display the server’s IP address.

Note: the first request may take a few seconds due to the issue of the certificate.

Ready!

Setting up clients

Proxy settings for all browsers on Windows

Open system proxy settings:

Enable the configuration script option and enter the following code:

data:,function FindProxyForURL(u, h){return "HTTPS example.com:443";}

where replace example.com with your domain.

Usage in Firefox

Option 1. PAC script

Open the proxy settings in Firefox, switch the mode to “Auto configuration URL” and enter the following code:

data:,function FindProxyForURL(u, h){return "HTTPS example.com:443";}

where instead of example.com you should write your domain.

Option 2. Browser extension for proxy

Use any convenient browser extension to switch proxies. For example, this.

Option 3. Firefox Containers

There is an extension Firefox Container Proxy, which allows you to assign different proxies to different Firefox containers. Thus, you can open the same site from different network locations at the same time. Personally, I use this option.

Usage in Chrome

Option 1: Command line option

The proxy server can be passed as a command line option of the Chrome browser. For example, like this:

chromium-browser --proxy-server="https://example.com:443"

where example.com is replaced by your domain.

Option 2. Browser extension for proxy

Use any convenient browser extension to switch proxies. For example, this.

Usage in Android

  1. Install AdGuard on Android: management.

  2. Follow this guide, starting with the part about setting up the application on Android. Specify HTTPS proxy type, username and password.

Use with other applications

It is possible to connect to a remote HTTPS proxy like a regular local plaintext (non-encrypted) proxy using an application that connects, accepts a normal connection on the local port and then connects via TLS to the remote server. This adapter can be used steady-tunwhich, in addition, pre-establishes connections with a margin, thereby hiding the time of establishing each next TLS connection.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *