How to create your own Proxy/SSH/OpenVPN/Shadowsocks server

WARNING: This is an Advanced Tutorial. Pabababawin ko as much as possible pero kung dumudugo na talaga ilong mo, andyan si bestfriend google, magpatulong ka. Kung malakas ang loob mong matuto, bilib ako sayo, keep on reading.

Advanced Tutorials
Paano Magkaroon ng Sariling Proxy/SSH/OpenVPN/Shadowsocks Server?


Sarili mong Proxy Server (Tutorial Series)

1. Ano ang Proxy Server? From the word “proxy” (parang ninong mo sa kasal na hindi nakarating, hahaha! Hanap ka ngayun ng proxy. Haha!) So instead na ikaw ang nakikita ng mga webservers na nagrerequest ng website, yung IP ng Proxy Server ang nakikita nila.

2. Kapag nagconnect ka sa Proxy, nagcre-create ito ng direct tunnel between your server and your device. Kaya nga kung nasaan ang server mo dun nagrerespond si google (ex. akala ni google nasa Singapore ka kaya google.com.sg binibigay nya sayo na website)

3. Tama na to, let’s have fun na! Buksan na ang MobaXterm! Connect na po tayo sa server as detailed in PART 1. (Tignan nyo number of failed logins sa screenshot ko, kagagawa ko palang may mga nagbu-bruteforce na, welcome to the real world! Haha!)



4. First command po natin ay: (hindi po kasama yung pound or sharp sign na “#”)
=====================
# yum -y install squid
=====================

“Yum” ang name ng Package Manager natin, then yung “-y” ay yes in advanced sa mga itatanong nya. Then “squid” ang pangalan ng software natin (Squid Proxy Server). Cut and paste lang sa MobaXterm, then hit enter.





5. Then cut and paste:
=====================
# systemctl enable squid.service
=====================

Hit enter ulit. Normal lang na walang response kundi next line sa command tulad ng nasa screenshot. It means successful. Si “systemctl” yan ang nagmamanage ng services, “enable squid.service” means aandar na Proxy natin sa background and will automatically run kapag nagboot.



6. Time to edit the config file:
=====================
# nano /etc/squid/squid.conf
=====================

Cut, paste and hit enter. Then welcome sa Nano Editor. Use keyboard arrows to navigate.

First things first, make sure lahat ng padadaanin ninyo sa Proxy nakalist sa ports nya na iaallow. So if magpapadaan kayo ng SSH, idagdag nyo ang port 22 both sa “Safe_ports” at “SSL_ports”. This rule applies to all services na gusto ninyo padaanin. Tulad sa screenshot ko, ito idadagdag natin:
---------------------------------------------
acl Safe_ports port 22
acl SSL_ports port 22
---------------------------------------------



Scroll down tayo hanggang mahanap yung “http_access deny all” palitan natin ng:
---------------------------------------------
http_access allow all
---------------------------------------------

Para magamit natin publicly.




Then para maisave natin hit natin keyboard combo na “CTRL + X” then may lalabas na question, pakisagot ng “Y”, then hit “enter”.



7. Setup natin ang firewall
=====================
# firewall-cmd --zone=public --add-service=squid --permanent
=====================

Then reload natin,
=====================
# firewall-cmd --reload
=====================

Then restart natin si Squid Proxy,
=====================
# systemctl restart squid
=====================

8. Dito palang success na tayo! :) Try mo itest. Open browser sa - http://www.httptunnel.ge/ProxyChecker.aspx
Ilagay ang IP address ng VPS mo then port 3128.



9. Pero alam ko na ayaw mo naman na lahat ng tao pwede gamitin ang proxy mo diba? (pero ikaw, galing mo maghunt ng free proxy, hahaha!). So let’s go further and create a username and password.

Install tayo ng authenticator tools
=====================
# yum -y install httpd-tools
=====================

Then prep natin yung file,
=====================
# touch /etc/squid/passwd && chown squid /etc/squid/passwd
=====================

Then create tayo ng USER na ex.“kaphcuser”, ito yung akin “htpasswd -m /etc/squid/passwd kaphcuser”, yung sa iyo na username ipalit mo sa code,
=====================
# htpasswd -m /etc/squid/passwd [username]
=====================

Magtatanong yan ng password, lagyan mo



Then itest natin kung tama ginawa natin,
=====================
# /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
=====================

Maghinintay yan ng input, type mo username na ginawa mo, then space then password. Sa sample na ginawako parehas ang username at password (sample lang ito ha) kaya ito inilagay ko “kaphcuser kaphcuser” then enter.



May lalabas dyan na OK if successful. Then hit keyboard combo na CTRL+C to exit checking.

10. Hindi pa tapos, one last edit para magrequire si squid ng password. Balik edit tayo:
=====================
# nano /etc/squid/squid.conf
=====================

Then simple lang, ilagay mo lang ito sa dulo ng file
---------------------------------------------
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
---------------------------------------------

CTRL+X, enter then restart natin ulit si Squid Proxy,
=====================
# systemctl restart squid
=====================

11. What next? Time to use it. Enjoy!