In this tutorial I’m going install and configure 3proxy on Debian 7×86. It is a really fast and lightweight alternative to Squid Proxy. My whole system with running 3proxy needs only 15 MB RAM. I will configure a HTTP Proxy and chroot him to increase security. Users for the Proxy are stored in the /usr/local/etc/3proxy/passwd file. At the end of the article I will add an user.
# Install Dependencies
|
apt-get update && apt-get -y upgrade apt-get install -y build-essential libssl-dev |
# Download, compile and move 3proxy to wanted directory
# 3proxy will be chrooted to the directory /usr/local/etc/3proxy for security reasons
|
wget https://github.com/z3APA3A/3proxy/archive/3proxy-0.8.6.tar.gz --no-check-certificate tar xvf 3proxy-0.8.6.tar.gz cd 3proxy-3proxy-0.8.6 make -f Makefile.Linux cd src mkdir -p /usr/local/etc/3proxy/bin/ install 3proxy /usr/local/etc/3proxy/bin/3proxy install mycrypt /usr/local/etc/3proxy/bin/mycrypt touch /usr/local/etc/3proxy/3proxy.cfg touch /usr/local/etc/3proxy/passwd mkdir -p /usr/local/etc/3proxy/log/ |
# Setting the file permissions.
# Only the log folder and the pid file should be rightable by 65535
|
chown -R root:root /usr/local/etc/3proxy/ chown -R 65535 /usr/local/etc/3proxy/log/ touch /usr/local/etc/3proxy/3proxy.pid chown 65535 /usr/local/etc/3proxy/3proxy.pid |
# Save the following config in /usr/local/etc/3proxy/3proxy.cfg
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
|
# 3proxy-0.7.1.1 Configuration File by tor.eu # Tested on Debian 7 at 13.02.2015 # configure nameserver and nscache which good to save speed, traffic and bandwidth # Important -> DNS-Server must work. At the moment the Free Google DNS is configured nscache 65536 nserver 8.8.8.8 # configure where the users are stored who are allowed to use the proxy users $passwd #specify the startup mode as Deamon daemon #write pid of current process to file. It can be used to manipulate 3proxy with signals under Unix. pidfile 3proxy.pid #Path to configuration file to use on 3proxy restart or to save configuration. config 3proxy.cfg #If file monitored changes in modification time or size, # proxy reloads configuration within one minute. monitor 3proxy.cfg monitor passwd # log allows to specify log file location and rotation, D means logfile is created daily log log/3proxy.log D logformat "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T" # We will keep last 30 log files rotate 30 # auth specifies type of user authentication. For strong authentication # unknown user will not be allowed to use proxy regardless of ACL. auth strong # We want to protect internal interface deny * * 127.0.0.1 # and allow HTTP and HTTPS traffic. allow * * * 80-88,8080-8088 HTTP allow * * * 443,8443 HTTPS # Sets the proxy on port 3128 with high anonymous flag -a # You need root priviliges to bind to a port lower than 1000 proxy -a -p3128 # now we needn't any root rights. We can chroot and setgid/setuid. chroot /usr/local/etc/3proxy/ setgid 65535 setuid 65535 |
# Generate an init script for automatic startup 3proxy after reboot
Content of the file /etc/init.d/3proxyinit
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
|
#!/bin/sh # ### BEGIN INIT INFO # Provides: 3Proxy # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Initialize 3proxy server # Description: starts 3proxy ### END INIT INFO cd /usr/local/etc/3proxy/ case "$1" in start) echo Starting 3Proxy /usr/local/etc/3proxy/bin/3proxy /usr/local/etc/3proxy/3proxy.cfg ;; stop) echo Stopping 3Proxy kill `pidof 3proxy` ;; *) echo Usage: \$0 "{start|stop}" exit 1 esac exit 0 |
# Make the file executable
|
chmod +x /etc/init.d/3proxyinit update-rc.d 3proxyinit defaults |
# Manual stop and start 3proxy
|
/etc/init.d/3proxyinit stop /etc/init.d/3proxyinit start |
# Tell iptables, the internal firewall to forward packets arriving at Port 443 to 3128 (Port 3proxy ist listening)
|
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3128 |
# Install programm to make iptable Rules persistent (even after reboot)
|
apt-get install iptables-persistent service iptables save |
######Add a user to the /usr/local/etc/3proxy/passwd file
|
echo username:`/usr/local/etc/3proxy/bin/mycrypt $$ password` >> /usr/local/etc/3proxy/passwd |