Using http/socks proxy server on raspberry pi
As I live in Armenia, I have a lot of friends across the CIS region who live under internet oppression regimes. For an example the Russians cannot access Instagram, Twitter without a vpn, and many other resources. That makes it very important to them to use proxy/vpn to bypass the DPI, which government regimes use for censorship. Here in Armenia we have clean internet with no censorship, so if I setup a proxy for my friends they can use it to access the free on censorship internet.
In most of the guides I found on the internet they are using privoxy, which is insecure because it has no authentication system installed, and if left as it is, your proxy IP address will be used by port scanners for various bad stuff like spamming. Such behavior risks your ip address getting marked as spam, or getting used by hackers to make you a suspect of cybercrime.
That is why I found a better solution for creating a proxy server called 3proxy. It is pretty lightweight, and has almost no footprint on raspberrypi and also very flexible. You can even create bandwidth rules for each user and monitor their usage in webadmin interface.
Installation & configuration
git clone https://github.com/3proxy/3proxy.git cd 3proxy ln -s Makefile.Linux Makefile make sudo su make install nano /etc/3proxy/conf/3proxy.cfg
This will install 3proxy and run 3proxy as root. It is not a good security practice, but I don't care. Just using make install without sudo permissons leads to permission error and I don't want to dig into it, so I just made everything run as root.
By default the proxy server does not allow all connections except from localhost. So you need to explicitly allow them, as I did in the config file:
nscache 65536 nserver 18.104.22.168 nserver 22.214.171.124 config /conf/3proxy.cfg monitor /conf/3proxy.cfg log /logs/3proxy-%y%m%d.log D rotate 60 counter /count/3proxy.3cf users $/conf/passwd include /conf/counters include /conf/bandlimiters auth strong allow * proxy -n socks flush allow marat * * admin -p8080
Then you need to restart the daemon to get the configuration update applied via sudo systemctl start 3proxy.service. After that you can register accounts on proxy via this script, and supply your username and password next to it: /etc/3proxy/conf/add3proxyuser.sh.
After that you should be able to connect to socks proxy at port :1080, and http proxy at :3128, with credentials you registered with the adduser script.
I highly recommend combining your proxy server with open source browser extension SwitchyOmega. It allows you to set traffic routing rules to automatically switch between your host internet and proxy based on website you visit.