Hawkes Blog
Windows reboot | Linux be root
Hawkes Blog

a web-proxy with tinyproxy and ssh-tunnel

Short How-To: tinyproxy on raspbian

prerequisite:
  • raspberry pi running raspbian with openssh-server/dropbear
  • putty / ssh client
  • rasberry is accessible from the internet (if you want to use it from everywhere)

install tinyproxy

apt-get update
apt-get install tinyproxy

edit /etc/tinyproxy.conf

User nobody
Group nogroup
Port 8888
Listen 127.0.0.1
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
Logfile "/var/log/tinyproxy/tinyproxy.log"
LogLevel Critical
PidFile "/var/run/tinyproxy/tinyproxy.pid"
MaxClients 100
MinSpareServers 5
MaxSpareServers 20
StartServers 15
MaxRequestsPerChild 0
Allow 127.0.0.1
ViaProxyName "tinyproxy"
ConnectPort 443
ConnectPort 563

details -> man tinyproxy.conf


restart and testing

/etc/init.d/tinyproxy restart

netstat -tulpen | grep tiny

tcp        0      0 127.0.0.1:8888          0.0.0.0:*               LISTEN      0          9161207     29781/tinyproxy

tinyproxy is up and running, lets configure a ssh client to open a ssh-tunnel to use your proxy from everywhere.


Client Setup

my setup:
tinyproxy is running at rp1.home
ssh port of rp1.home is accessible from everywhere using a no-ip.com dns entry

1. ssh tunnel via shell

ssh -f -p 44444 *user*@*dns name or ip* -L 8000:127.0.0.1:8888 -N -v

all traffic to the local port 8000 will be forwarded over a ssh-tunnel to our tinyproxy listen on the raspberry pi port 8888

  • -f background mode
  • -p ssh connect port (if you don´t use 22)
  • -L 8000:127.0.0.1:8888 local-port:bind interface/hostname of the remote system:remote-port
  • -N don´t execute a command on the remote system

test it with curl

curl -IL --proxy 127.0.0.1:8000 www.the-hawkes.de

debug1: Connection to port 8000 forwarding to 127.0.0.1 port 8888 requested.
debug1: channel 2: new [direct-tcpip]
HTTP/1.1 200 OK
debug1: channel 2: free: direct-tcpip: listening port 8000 for 127.0.0.1 port 8888, connect from 127.0.0.1 port 51325, nchannels 3
Via: 1.1 tinyproxy (tinyproxy/1.8.3)
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Tue, 21 May 2013 12:58:23 GMT
Date: Fri, 12 Jul 2013 07:18:09 GMT
ETag: "519b6f6f-421f"
Accept-Ranges: bytes
Server: nginx
Content-Length: 16927

2. ssh tunnel with putty

  • load saved session
  • Connection -> SSH -> Tunnel
  • Source Port: 8000
  • Destination: 127.0.0.1:8888
  • add
  • save the session again
  • open the connection to your raspberry

detailed putty tunnel guide

you can use the tunnel as long as you keep your putty session open.

The last step is to add 127.0.0.1:8000 as your new proxy to your browser.

MfG Hawkes


comments powered by Disqus