Sometimes we are using a publicly available Wifi hot spots and would like a better privacy when browsing the internet. Although our credit-card or bank account website are probably using secure connection, other websites are not and we simply would like to have more privacy. One way to do it is by setting up your own proxy server and using it as a private proxy.
However using our own proxy server still does not increase the privacy / security of our connection over the exposed wireless link, unless we use encryption. Encryption in this case is easily accomplished by using SSH tunneling. The benefits of this is two prongs. First, we have SSL level encryption, second, we keep our proxy server private by off-loading the authentication burden to the SSH server. In this entry I explain how to do it.
I assume that we are using a fairly modern linux distribution for our web proxy and SSH server. I also assume that we have SSH access to our machine set up securely. Most major linux distribution include Apache 2 web server and its proxy module in the distribution. It's better to use that than compiling Apache yourself, unless you know what you are doing. Assuming all that, then it is really easy to set up our proxy server.
First, we need to enable the web server to be a proxy server. The relevant configuration in
file is as follow
LoadModule proxy_module modules/mod_proxy.so
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
Deny from all
Allow from 127.0.0.1
# End of proxy directives.
The first line loads the proxy module to the web server. Proxy directives allow you specify by IP address the request that it will serve. In this case, we deny all request except request from
, which is
. This is how we keep your proxy server private, i.e. not an open proxy.
Now to use our proxy server from a different machine, -- let's call this is the laptop with wireless access --, we first have to connect to the server via SSH tunneling. This is both the encryption and authentication part. The simple proxy server cannot authenticate us, and hence only allows connection from
. The authentication part comes from the fact that we have to connect via SSH first to the proxy machine before we can use the proxy forwarding. To have SSH tunnel, simply do
This means, port 3000 in my laptop actually listen to port 80 on the proxy server via SSH tunneling, i.e. it is an encrypted tunnel. The port 3000 is random. We can use any port number that is unused in the laptop. Port 80 is the port where the web server binds to in the proxy server machine (of course one can set up the Apache to binds to different port in
Now that we have tunneling set up to our proxy server, all we need to do is to configure web browser to use this. This differs slightly for different web browsers, but as an example, in Firefox 2, this is done via
Preference --> General tab --> Connection Settings
. Here we set
Pick "Manual Proxy Configuration:"
HTTP Proxy: localhost
Use this proxy for all protocols: check
Now we can start browsing securely via this SSL encrypted tunnel to our proxy server. If we check the web server log in our proxy server machine, we should see that our request from the laptop's web browser is being forwarded by the proxy server. Also noticed that from the web server point of view, our request comes from
This is my personal blog, a subset of my personal website. I am a graduate student in Computational Astrophysics, currently working on my dissertation for my doctoral degree. I am a computer hobbyist, mainly with interest in Linux and open source software. I am also interested in the subject of science and religion, especially from Christianity / Mennonite point of view. On my leisure, I play music, read, or just enjoying time with my wife.