The above link has a how-to on running a socks5 proxy just by using ssh. PS I have used Digital Ocean for 3+ years and except for one instance of resource starvation due to another instance on the same host chewing the resources they have been great!
The magic is just running ssh with the following command
ssh -D 8123 -f -C -q -N [email protected]
Once you have the tunnel from you local computer to the remote host ([email protected]) you can use curl or wget to use the socks5 tunnel
wget:
export SOCKS_SERVER=127.0.0.1:8123 wget http://server-C/whatever
curl:
curl socks5://localhost:8123 https://jmits.com.au
But the problem starts when you have socks unaware programs that only support standard HTTP or HTTPS proxies
So how can you have a HTTP/S proxy that then uses the SSH socks5 tunnel?
3proxy can do it.
Install 3proxy
On CentOS that was done by installing the epel-release which contains Extra Packages for Enterprise Linux
So
yum install epel-release yum install 3proxy vim /etc/3proxy.cfg
# I pretty much commented everything in 3proxy.cfg until I had the following nscache 65536 timeouts 1 5 30 60 180 1800 15 60 daemon log /var/log/3proxy/3proxy.log logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T" archiver gz /bin/gzip %F rotate 30 internal 127.0.0.1 auth strong # create the password using openssl # openssl passwd -1 yourpasswordhere # if there is a dollar symbol you need double quotes around it users "proxyusername:CR:$1$POyLAate$hlRz2aqWeWDMiQloQRYOO." allow proxyusername # this command says for the HTTP proxy # to connect to the socks5 proxy running # on localhost on port 8123 parent 1000 socks5 127.0.0.1 8123 # the default http/s proxy port is 3128 # but you can change it with -p option proxy -n -p3128
So once you have edited before trying launch it as a daemon first check for typos
if the following exits with an error then you have a problem. With mine it was because I forgot to put double quotes around the MD5-crypted password user line.
3proxy /etc/3proxy.cfg
Once you have it right, you will know because it will actually start running (check it is by running ps -ef | grep 3proxy). You will need to kill off the self launched 3proxy process and then launch it using systemd
# when it's correct run it service 3proxy start or systemctl start 3proxy
Once you have 3proxy configured as above you can then configure your local application to connect to it. Here is an example using wget
wget:
[root@jmits-srv-01 etc]# unset SOCKS_SERVER
[root@jmits-srv-01 etc]# export https_proxy=localhost:3128
[root@jmits-srv-01 etc]# export http_proxy=localhost:3128
# An example of not using authentication
[root@jmits-srv-01 etc]# wget https://jmits.com.au
--2017-06-10 15:30:27-- https://jmits.com.au/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:3128... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:3128... connected.
Proxy tunneling failed: Proxy Authentication RequiredUnable to establish SSL connection.
# now with proper auth it works
[root@jmits-srv-01 etc]# wget --proxy-user proxyusername --proxy-password mysecurepw https://jmits.com.au
--2017-06-10 15:32:57-- https://jmits.com.au/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:3128... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.1’
[ <=> ] 20,003 --.-K/s in 0s
2017-06-10 15:32:58 (124 MB/s) - ‘index.html.1’ saved [20003]
curl:
# curl example through 3proxy curl -x localhost:3128 -U proxyusername:proxypassword https://jmits.com.au
0 Comments