Charles Frazier

Configure proxy server

Frazier, Charles. “Configure Proxy Server.” Configure Proxy Server, Charles Frazier, 29 Oct. 2023, <charlesfrazier.github.io/tech/proxy.html>

Any bug or suggestion, please contact me at charles-frazier@outlook.com

1. Introduction

1.1 What is intranet server?

An intranet server is a server that hosts resources and services within a private network known as an intranet. Unlike the internet, which is publicly accessible, an intranet is a restricted network accessible only to authorized users within an organization.

1.2 What is nginx?

Nginx is a high-performance, open-source web server, reverse proxy server, load balancer, and HTTP cache. Originally developed by Igor Sysoev, it is known for its speed, efficiency, and scalability, making it one of the most popular choices for serving web content and managing internet traffic.

1.3 How an intranet server connects to extranet(such as internet)?

  1. Direct Connection:

    • The intranet server connects directly to the local area network (LAN) via a router or switch. The LAN is then connected to the external network, such as the internet, through a router.

    • This method requires proper configuration of the router or switch to allow communication between the intranet server and the external network.

    This is what you did when you connected to the campus network using .

  2. Using a Proxy Server:

    • An intranet server can access the internet through a proxy server. A proxy server acts as an intermediary between the intranet server and the internet, forwarding requests and responses between the two networks. This allows the intranet server to access external resources and services while maintaining security and control over the network traffic.

    This is what I want to introduce in this article.

I highly recommend the following method. nginx is extremely powerful, not difficult to configure, highly customizable, pure command line, and everything is in your own hands.

If you are using Windows, then CCproxy is also an extremely simple method. This is a Chinese application with a graphical interface, but it is not so elegant, has a single function and poor performance. I will mention it in the section 3.

2. Setting up a proxy server with nginx

This document is using the OS X system, so Windows’s commands and path may differ.

Suppose A is the intranet server which needs to access the internet, and B is the proxy server that connects to the internet and can communicate with A.

To set up a proxy server with nginx, follow these steps:

⚠️Confuse about running too many commands? Try to visit this page for script.

2.1 Operation on B

2.1.1 Install nginx

  1. Install nginx on B.

    There is no specific version requirement. I downloaded 1.19.9. The following text uses 1.19.9 as an example.

    wget http://nginx.org/download/nginx-1.19.9.tar.gz
tar -xzf nginx-1.19.9.tar.gz

  2. Install patch for nginx.

    Based on the nginx version you selected, find the corresponding version patch.

    git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
cd nginx-1.19.9
patch -p1 < ../ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch

  3. Install dependencies.

    cd ..
wget https://www.openssl.org/source/openssl-3.0.13.tar.gz
tar -xzf openssl-3.0.13.tar.gz

wget https://sourceforge.net/projects/pcre/files/pcre/8.35/pcre-8.35.tar.gz
tar -xzf pcre-8.35.tar.gz

wget https://zlib.net/zlib-1.3.1.tar.gz
tar -xzf zlib-1.3.1.tar.gz

  4. Configure and install nginx.

    cd nginx-1.19.9
sudo ./configure --with-openssl=../openssl-3.0.13 --with-pcre=../pcre-8.35 --with-zlib=../zlib-1.3.1 --add-module=../ngx_http_proxy_connect_module --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads
sudo make
sudo make install

2.1.2 Configure nginx

  1. Check if nginx is installed successfully.

    /usr/local/nginx/sbin/nginx -V

    The following information should be displayed:

    nginx version: nginx/1.19.9
built by clang 15.0.0 (clang-1500.1.0.2.5)
built with OpenSSL 3.0.13 30 Jan 2024
TLS SNI support enabled
configure arguments: --with-openssl=../openssl-3.0.13 --with-pcre=../pcre-8.35 --with-zlib=../zlib-1.3.1 --add-module=../ngx_http_proxy_connect_module --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads

  2. Keep in mind the two important path

    /usr/local/nginx/sbin/nginx # nginx executable file
/usr/local/nginx/conf/nginx.conf # nginx configuration file

  3. Edit the configuration file.

    cd /usr/local/nginx/conf/
sudo vim nginx.conf

    Change the configuration file content to the following.

    worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server{
      listen 8000;
      resolver 114.114.114.114;
      proxy_connect;
      proxy_connect_allow 443 563;
      proxy_connect_connect_timeout 10s;
      proxy_connect_read_timeout 10s;
      proxy_connect_send_timeout 10s;
      location / {
          proxy_pass http://$host;
          proxy_set_header Host $host;
      }
    }
}

    Test the configuration file:

    sudo /usr/local/nginx/sbin/nginx -t

    If an error is returned, check your configuration file, especially if the brackets match!

    If the test is successful, reload nginx:

    sudo /usr/local/nginx/sbin/nginx -s reload

    If the reload command fails:

    nginx: [error] open() "/usr/local/nginx/logs/nginx.pid" failed (2: No such file or directory)
nginx: [error] invalid PID number "" in "/usr/local/nginx/logs/nginx.pid"

    You can use the following command first:

    sudo /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

    Then use the reload command again.

2.2 Operation on A

Configure the intranet server to use the proxy server in your bash profile.

  1. Edit the .bash_profile or .profile ,ect…

    vim ~/.bash_profile

  2. Add the following content to the file.

    export http_proxy=http://ip:8000
export https_proxy=http://ip:8000
    !!!Replace `ip` with the `IP address` of the proxy server -- B!!!

    • If you’re working on macOS, just open system settings , click on Wi-Fi, click on details, click on TCP/IP, and you will see the IP address.

    • If you’re working on Linux, you can use the following command to get the IP address.

      • This will return the IP address of your wireless connection. 
        ipconfig getipaddr en0
      • The system will return the IP address for a wired Ethernet connection. 
        ipconfig getipaddr en1

    • If you’re working on Windows, just open wifi settings, click on the wifi you connected, roll down, you will see the IPv4 address – that is what you’re looking for.

  3. Make it take effect immediately.

    source ~/.bash_profile

3. Simple explanation of CCproxy

  1. Download and install CCproxy.

  2. Open CCproxy and configure the proxy server.

Set up the account, set the allowed range to the allowed part, click New on the right, and enter the server IP that needs to be used as a proxy to access the Internet.

  1. After completion, restart then click Start.

  2. Operation on A is the same as the above.

4. Tips you should know about

  1. Each time you restart the computer, you need to restart the proxy server.

  2. NJU-WLAN’s IP changes each time you reconnecte, you need to change the IP address in the .bash_profile or .profile file.

  3. Confused about .bash_profile or .profile file? Another much more direct way is point out explicitly without editing the file.

pip install --proxy=http://ip:8000 package_name

sudo apt install -o Acquire::http::Proxy="http://ip:8000" package_name

wget --proxy=on --proxy=http://ip:8000 download_link

curl -x http://ip:8000 download_link

git config --global http.proxy http://ip:8000
Enjoy it!