How to Set up Your Own Web Proxy on Ubuntu 16.04 VPS

September 23, 2021 admin

This tutorial shows you how to set up your own web proxy on Ubuntu 16.04. A web proxy is a website where a user enters a specific URL to unblock website. There are a multitude of web proxy scripts that can be used to set up your own web proxy. Glype and PHP-Proxy will be used in this tutorial. Glype is a very popular web proxy script and PHP-Proxy is a good alternative. You can choose one of them. In my test, PHP-Proxy is faster and works better with popular websites like Facebook, Twitter and YouTube, because it’s being actively updated. We will see how to set them up with Apache/Nginx and enable HTTPS with Let’s Encrypt.

Normally I use Shadowsocks proxy and OpenConnect VPN to bypass Internet censorship, but there’s possibility that these two tools would be blocked in my country. Web proxy is a good backup method as it doesn’t have any characteristics of SOCKS proxy and VPN. In the eyes of Internet firewall, it’s just normal HTTPS traffic. There are tens of thousands of free web proxies online. The downside is that once those public web proxies become well-known, they can be easily blocked. Setting up your own private web proxy has the advantage that only you know its existence.

Prerequisites

To follow this tutorial, you will need:

A VPS (Virtual Private Server) that can access blocked websites freely (Outside of your country or Internet filtering system) and a domain name. For VPS, I recommend Vultr. They offer 512M memory high performance KVM VPS for just $2.5 per month, which is perfect for your private proxy server.
Install a web server and PHP

You also need a domain name, so you will be able to add HTTPS encryption to protect your web traffic. I recommend buying domain names from NameCheap because the price is low and they give whois privacy protection free for life.

Step 1: Install Web Server and PHP

SSH into your Ubuntu 16.04 VPS. If you like to use Nginx as web server, then nstall Nginx and PHP7 by executing the following command.

sudo apt install nginx php7.0-fpm php7.0-curl php7.0-mbstring php7.0-xml php7.0-zip

If you like to use Apache as web server, run

sudo apt install apache2 php7.0 libapache2-mod-php7.0 php7.0-curl php7.0-mbstring php7.0-xml php7.0-zip

Step 2: Download Glype or PHP-Proxy

Glype

Download Glype by running the following command.

wget https://www.php-proxy.com/download/glype-1.4.15.zip

Extract it to /var/www/proxy/ directory.

sudo apt install unzip

sudo mkdir -p /var/www/proxy/

sudo unzip glype-1.4.15.zip -d /var/www/proxy/

Set www-data (web server user) as the the owner.

sudo chown www-data:www-data /var/www/proxy/ -R

PHP-Proxy

We can use Composer to download PHP-Proxy. Install Composer from Ubuntu 16.04 repository.

sudo apt install composer

Then download PHP-Proxy to /var/www/proxy/ directory.

sudo mkdir -p /var/www/proxy/

sudo composer create-project athlon1600/php-proxy-app:dev-master /var/www/proxy/

Set www-data (web server user) as the the owner.

sudo chown www-data:www-data /var/www/proxy/ -R

Step 3: Configure Web Server

In this step, we need to create a Nginx server block or Apache virtual host for our web proxy.

Create Nginx Server Block

Create a server block under /etc/nginx/conf.d/ directory.

sudo nano /etc/nginx/conf.d/web-proxy.conf

Copy and paste the following lines into the file. Replace proxy.example.com with your real domain name. Don’t forget to set A record in your DNS manager.

server {
        listen 80;
        server_name proxy.example.com;

        root /var/www/proxy/;
        index index.php;

        location / {
          try_files $uri $uri/ /index.php;
        }

         location ~ \.php$ {
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                include snippets/fastcgi-php.conf;
        }
}

Save and close the file. Then test Nginx configurations.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Create Apache Virtual Host

Create Apache virtual host in /etc/apache2/sites-avaialable/ directory.

sudo nano /etc/apache2/sites-available/web-proxy.conf

Copy and paste the following lines into the file. Replace proxy.example.com with your real domain name. Don’t forget to set A record in your DNS manager.

<VirtualHost *:80>        
        ServerName proxy.example.com

        DocumentRoot /var/www/proxy

        ErrorLog ${APACHE_LOG_DIR}/proxy.error.log
        CustomLog ${APACHE_LOG_DIR}/proxy.access.log combined
</VirtualHost>

Save and close the file. Then enable this virtual host.

sudo a2ensite web-proxy.conf

Reload Apache for the changes to take effect.

sudo systemctl reload apache2

The Web Interface

Now visit proxy.example.com in your web browser. If you use Glype, then you will be redirected to admin control panel (proxy.example.com/admin.php).

If you use PHP-Proxy, you can see a working web proxy waiting for you to enter a URL.

Now let’s enable HTTPS with Let’s Encrypt.

Step 4: Enable HTTPS with Let’s Encrypt for Your Web Proxy

We can install Let’s Encrypt client (certbot) from the official PPA by executing the following commands.

sudo apt install software-properties-common

sudo add-apt-repository ppa:certbot/certbot

sudo apt update

sudo apt install certbot

Nginx users also need to install the Certbot Nginx plugin.

sudo apt install python-certbot-nginx

Enable HTTPS with the Nginx plugin.

sudo certbot --nginx --agree-tos --redirect --staple-ocsp -d proxy.example.com --email your-email-address

Apache users need to install the Certbot Apache plugin.

sudo apt install python-certbot-apache

Enable HTTPS with the Apache plugin.

sudo certbot --apache --agree-tos --redirect --staple-ocsp -d proxy.example.com --email your-email-address

If you get the following error message.

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

Please check out this post on Let’s Encrypt forum to fix it.

Once the certificate is successfully installed, refresh your proxy in your web browser to use HTTPS.

(Optional) Putting Your Web Proxy Behind CDN

There are at least three ways an Internet censor can block a website:

Block the IP address of the website.
Hijack the DNS response to give the end user a wrong IP address.
Block the TLS connection by looking at the Server Name Indication (SNI)

If you are worried about your web proxy being blocked by Internet censors, you can put your web proxy behind a CDN (Content Delivery Network) like Cloudflare. This way, your server IP address are hidden and if the Internet censor decide to block the Cloudflare IP address, there will be collateral damage as there are many other websites that are also using the same IP address. This will make the Internet censor think twice before doing so.

To prevent DNS poison, the end user should be using DNS over TLS or DNS over HTTPS. To prevent leaking the SNI information, the website should be using encrypted SNI.

Click to rate this post!

[Total: 0 Average: 0]

LinuxGuru