3proxy is a free and open proxy server that is used for various purposes, such as filtering traffic, caching and blocking specific websites. It supports various protocols such as SOCKS v4/v4a/v5, HTTP, HTTPS, FTP, POP3, SMTP, and supports authentication methods such as SOCKS5 username/password, NTLM, LDAP, Kerberos and SSO.
The server is highly configurable, providing detailed management of bandwidth usage and connection parameters. 3proxy can be installed on Windows, Linux and macOS platforms. It is a lightweight and easy-to-use proxy server suitable for small and medium-sized networks.
It is necessary to be careful, since it is undesirable to install a server without authorization. This can lead to unauthorized use of the server by attackers to organize spam and heavy traffic.
First you need to install several packages and dependencies.
For AlmaLinux, the command is executed
yum -y install gcc wget tar
and for Debian
apt install -y build-essential wget tar
Then download the files from the official website of the 3proxy project, unpack the archive and compile the downloaded files.
Next, we create the necessary directories for configuration files and logs, transfer the 3proxy executable file, and also create a new user "proxyuser" and assign him the rights to the directories. To create a new configuration file, run the command
touch /etc/3proxy/3proxy.cfg
and assign rights only to the root user using chmod 600 /etc/3proxy/3proxy.cfg.
After creating a new configuration file, you need to fill it in correctly. To do this, write down the uid and gid of the user "proxyuser", then use a text editor to copy and paste the text from the sample configuration file. Save the changes in the configuration file and get the installed 3proxy with http(s) and socks5-proxy support.
Below is a sample configuration file:
# Configuring server startup from proxyuser user
# (insert the uid and gid of our user, which we learned earlier)
setgid 991
setuid 991# Specifying the correct name servers. You can view it in /etc/resolv.conf
nserver 8.8.8.8
nserver 8.8.4.4# Using timeouts and cache size for DNS queries by default
timeouts 1 5 30 60 180 1800 15 60
nscache 65536# Specify the startup mode as daemon
daemon# Specify the IP address of the external interface of the server
external 111.111.111.111 # or ignore the line if there is one IP# Specify the IP address of the internal interface of the server
internal 192.168.0.1 # or ignore it so that the proxy listens to all IP# Configuring http proxy on standard port 3128
proxy -p3128 -n -a # specify your port, after checking that it works# Configuring socks proxy on the standard port 1080
socks -p1080 # specify your port, after checking that it works# Specify the path to the logs, log format and rotation
log /var/log/3proxy/3proxy.log D
logformat "- +_L%t.%.%N.%p %E %U %C:%c %R:%r %O %I %h %T"
rotate 30Next, we create an initialization file for systemd and configure the correct permissions:
# touch /etc/systemd/system/3proxy.service
# chmod 664 /etc/systemd/system/3proxy.service
The following text should be inserted into this file
[Unit]
Description=3proxy Proxy Server
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/3proxy /etc/3proxy/3proxy.cfg
ExecStop=/bin/kill `/usr/bin/pgrep proxyuser`
RemainAfterExit=yes
Restart=on-failure
[Install]
WantedBy=multi-user.target
Saving and updating the systemd configuration:
# systemctl daemon-reload
Launch 3proxy and add it to the startup:
# systemctl start 3proxy
# systemctl enable 3proxy
Don't forget to open the http proxy port in firewalld or iptables.
The setup is finished. You now have an http proxy running on port 3128, and a socks proxy on port 1080.
The first problem is that there is a possibility that after registering a new domain, it will not be available to you due to caching of domain names. To solve this problem, you need to wait for the DNS records to be updated or add the IP address of your server and the new domain to the hosts file. This will allow you to access the new domain until the DNS records are updated.
The second problem is that if you use a proxy server with default ports, then sooner or later it is possible to detect the server. In order to solve this problem, it is recommended to change the ports.
For example, you can set port 7834 on http proxy, and 7835 on Socks. However, such ports can also be detected, so in the firewall you can configure access to the server only from certain addresses, while the rest will be denied access. This solution is quite reliable, although not too flexible, since a static IP address may not be available to you.
The third problem is that if you use a proxy server and keep logs of all connections, then over time they can become quite large and take up most of the free disk space. To avoid this problem, you must first take care of the rotation of logs or not to keep them at all.
There are various log rotation methods that allow you to save only the last few log files and automatically delete older entries. Therefore, it is best to set up the log rotation process in advance to avoid disk overflow. This will help to save all data and avoid information loss when using a proxy server.
Simplified configuration of an anonymous http(s) proxy server on port 3128
users proxyuser:CL:password
daemonlog /var/log/3proxy/3proxy.log D
rotate 30
auth strongproxy -n -a
setgid 65534
setuid 65534
You also need to create a directory for logs and set the rights (we run the server with minimal nobody rights in the system using the setgid/setud directives):
mkdir /var/log/3proxy ; chown nobody /var/log/3proxy
Consider the option of installing 3proxy in Docker.
To begin with, you will need to install some packages (and for newly installed Debian and Ubuntu OS, you may still need to update the apt package index with the command # apt update).
For AlmaLinux and CentOS:
# yum install docker docker-compose
for Ubuntu and Debian:
# apt install docker docker.io docker-compose
Downloading the image:
# docker pull 3proxy/3proxy
By default, 3proxy uses a secure chroot environment in /usr/local/3proxy with uid 65535 and gid 65535, and expects the 3proxy configuration file to be placed in /usr/local/etc/3proxy. The paths in the configuration file should be specified relative to /usr/local/3proxy, i.e. there should be /logs instead of /usr/local/3proxy/logs. The chroot requires permission for the nserver.
To do this, create a directory and a 3proxy configuration file:
# mkdir -p /etc/dockerapp/3proxy
# touch /etc/dockerapp/3proxy/3poxy.conf
Next, using any text editor convenient for you, you need to edit the created configuration file 3proxy.conf. To run 3proxy in Docker, a minimal configuration is sufficient:
nserver 8.8.8.8
socks -p3129
In order to add logging and a user, it is necessary to add to the 3proxy configuration file:
log /logs/3proxy.log
auth strong
users "proxyuser:CR:87beeef3f4ee4661ac1897eca216fc26"
Instead of "87beeef3f4ee4661ac1897eca216fc26", you must specify the MD5 hash of the password for the proxyuser user. You can find out the MD5 hash using online generators.
Let's launch 3proxy using docker-compose. To do this, you will need to create a configuration file in the format .yml:
# touch /etc/dockerapp/3proxy/docker-compose.yml
We insert the following text there using a text editor:
version: "2.1"
services:
3proxysvc:
image: 3proxy/3proxy:latest
container_name: 3proxy
volumes:
- /etc/dockerapp/3proxy/conf:/usr/local/3proxy/conf
ports:
- 8080:3129
restart: unless-stopped
Save it. In this file, we specified the external port 8080. Now we can run:
# docker-compose -f /etc/dockerapp/3proxy/docker-compose.yml up -d
We will get something like this answer:
Creating network "3proxy_default" with the default driver
Creating 3proxy ... done
Checking:
# docker ps
We will get a response where the container ID, image, status, ports used and name will be specified:
48cc0cd140cd 3proxy/3proxy:latest "/bin/3proxy /etc/3p…" 5