Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Create a proxy server on an Amazon EC2 (VPC) instance

This will create a proxy server in whatever your availability zone your VPC is in. For me, that's us-east-1b. For you, that may be something different. Steps 10+ should more or less work regardless of your provider since those steps cover the setup and configuration of TinyProxy.

  1. Click the Launch Instance button.

  2. Choose Ubuntu Server 14.04 LTS (HVM), SSD Volume Type. This isn't strictly necessary. If you choose another OS, check its documentation for how to install new packages.

  3. On the Choose an Instance Type screen, select t2.micro. It's Free Tier eligible.

  4. Click the Next: ... buttons until you reach the Configure Security Group screen.

    • You may wish to reduce the amount of storage on the Add Storage screen. This is optional.
    • You may wish to add a tag on the Tag Instance screen. This is also optional.
  5. On the Configure Security Group screen:

    • Select Create a new security group.
    • On the first line, verify that Type is SSH, Protocol is TCP and the Port Range is 22. Under Source, select "My IP" from the drop down menu. This restrict incoming connections to those from your IP address.
    • Click the Add Rule button.
    • Select Custom TCP Rule. Make sure the Protocol is TCP, and the Port Range is 8888. Under Source, select My IP from the drop down menu. This opens Port 8888.
  6. Click Review and Launch, and on the following screen, click Launch.

  7. Make sure Use an existing key pair is selected, or create a new key. If you are using an existing pair, check the acknolwedgement box.

  8. Go to View Instances.

  9. Select the instance you just created. Click the Connect button above the list of instances.

  10. Using a terminal window, run the SSH command listed, e.g. ssh -i /path/to/yourkey.pem ubuntu@xxx.xxx.xxxx, where xxx.xxx.xxxx is the IP of your EC2 or VPC instance. The first time, SSH will tell you The authenticity of host 'xxx.xxx.xxxx (xxx.xxx.xxxx)' can't be established. Continue anyway.

  11. Run this command: sudo apt-get install tinyproxy (or the package installation command for the flavor of Linux your instance is using).

  12. Edit /etc/tinyproxy.conf using the editor of your choice. You'll probably need to use sudo.

  13. Make sure that /etc/tinyproxy.conf file contains the lines Port 8888 and Allow xxx.xxx.xxx.xxxx where xxx.xxx.xxx.xxxx is your IP address. (Check your IP address by running curl ipecho.net/plain from another Terminal window, or use WhatIsMyIP.com).

  14. Start TinyProxy using /etc/init.d/tinyproxy start. You may want to set this up in a cron job to save memory as Justin McCandless suggests. I usually shut down the instance after I'm done with it, so I haven't bothered doing this.

  15. Most other tutorials about this subject say to run the command below with the -N flag. The -N flag means Do not execute a remote command. Using it didn't work for me. So I ran the command below without that flag. Here, 3128 is the port that we'll use to connect to localhost. And it will be forwarded to port 8888 of our EC2 VPC instance.

    ssh -L 3128:localhost:8888 -i /path/to/yourkey.pem ubuntu@xxx.xxx.xxxx 
    
  16. Change your browser or operating system's proxy settings.

    • Make the host localhost
    • Set the proxy port to 3128
    • Verify that this went well by running curl ipecho.net/plain from another Terminal window, or by using WhatIsMyIP.com. Your IP should match that of your VPC.
@tsherdiwala

This comment has been minimized.

Copy link

commented Aug 8, 2016

This is an awesome piece.. I have used it many times.
However I was just wonder if instead of keeping the terminal open on my machine, may be I could point my browser to the EC2 instance and get the proxy running. That way in the client device I just need to set the proxy and won't need to run an SSH.

Any idea on how to do this?

@attahkhan016

This comment has been minimized.

Copy link

commented Oct 14, 2016

Hello ,
Can you tell me how to proxy a DNS (AWS Elastic Load Balancer provided DNS) ?
***For example I want to add a load balancer in front of my proxy servers, then what should be the configuration ?
Should I need to make any changes in tinyproxy.conf for the elastic load balancer DNS ? or just point to the source server and attach the servers to elb ?

@ccc-tomr

This comment has been minimized.

Copy link

commented Dec 4, 2016

I didn't use step 15 and had no problems pointing my browser to my EC2 instance, no need to use ssh. Worked like a charm...
tinyproxy rocks !

@talkingpixels

This comment has been minimized.

Copy link

commented Jan 28, 2017

Step 10 - I had an the error...
Permissions 0644 for 'yourkey.pem' are too open.

Changing the permissions to 600 resolved it...
chmod 600 /path/to/yourkey.pem

@linjiang82

This comment has been minimized.

Copy link

commented Nov 11, 2017

I tried to use port 22 directly, it also works, so why do we need to open port 8888

@lys886

This comment has been minimized.

Copy link

commented Jan 15, 2018

This is a good idea. But I think, there is no necessary to install 'tinyproxy'; we can just use SSH tunnel.
We can just follow the first 10 step(1 to 10), then you can login your AWS EC with ssh.
11. setup an ssh dynamic tunnel for your ssh connection;( XSHELL: connection properties- SSH - tunneling - add, change type to Dynamic(socks4/5),listening port 3128 or any one not using in you PC, click OK; Putty: SSH-tunnels, Source port 3128/Dynamic, Add )
Then goto step 16.

@gnanakeethan

This comment has been minimized.

Copy link

commented Feb 9, 2018

Yes exactly.

I use this. and apply SOCKS5 config to 127.0.0.1:8123

ssh -D 8123 -C -q -N USERNAME@IP -vvv

@mj6uc

This comment has been minimized.

Copy link

commented Apr 17, 2018

Point 15 - I had to run this as
ssh -NL 3128:localhost:2908 -i my.pem ec2-user@myserver.com

the -N was required. (I am on mac)

@connorbode

This comment has been minimized.

Copy link

commented May 13, 2018

might have to run apt-get update before step 11

@praveen27Kmr

This comment has been minimized.

Copy link

commented Jun 4, 2018

Hi May I run Both at same time VPN proxy server and One Of My Application which run via system proxy

@tegila

This comment has been minimized.

Copy link

commented Sep 14, 2018

Point 15 - I had to run this as
ssh -NL 3128:localhost:2908 -i my.pem ec2-user@myserver.com

the -N was required. (I am on mac)

I do the same on amazon ec2 but it's dropping my connection after a few hours.
client:
ssh -N -R2020:localhost:22 ec2-user@.....compute.amazonaws.com (still running)

server:
nmap localhost -p 2020
PORT STATE SERVICE 2020/tcp closed unknown

Hang out after some time, normally when i want use it (haha)
any ideas for new try? I already tried autossh unsuccessfully =\

@SheldonWangRJT

This comment has been minimized.

Copy link

commented Jan 2, 2019

Can I open more than one instances and then map more each localhost port to a single instance to get more than one proxies working from my machine?

@GeekStocks

This comment has been minimized.

Copy link

commented Apr 13, 2019

+1 for the comment by @connorbode

might have to run apt-get update before step 11

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.