├── README.md └── setup.sh /README.md: -------------------------------------------------------------------------------- 1 | # How to setup a proxy 2 | 3 | A simple script that sets up an HTTP and a SOCKS5 proxy (squid and danted). 4 | 5 | ``` 6 | apt-get update 7 | ``` 8 | 9 | ``` 10 | apt-get install curl -y 11 | ``` 12 | 13 | ``` 14 | bash <(curl -s "https://raw.githubusercontent.com/AdguardTeam/ProxiesSetup/master/setup.sh") 15 | ``` 16 | -------------------------------------------------------------------------------- /setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Enter the username 4 | username="" 5 | while [[ $username = "" ]]; do 6 | echo "Enter the proxy username" 7 | read -p "username: " username 8 | if [ -z "$username" ]; then 9 | echo "The username cannot be empty" 10 | else 11 | # Check if user already exists. 12 | grep -wq "$username" /etc/passwd 13 | if [ $? -eq 0 ] 14 | then 15 | echo "User $username already exists" 16 | username= 17 | fi 18 | fi 19 | done 20 | 21 | # Enter the proxy user password 22 | password="" 23 | while [[ $password = "" ]]; do 24 | echo "Enter the proxy password" 25 | read -p "password: " password 26 | if [ -z "$password" ]; then 27 | echo "Password cannot be empty" 28 | fi 29 | done 30 | 31 | # Install squid, dante-server, wget and apache2-utils for htpasswd 32 | apt-get install squid wget dante-server apache2-utils -y 33 | 34 | # determine default int 35 | default_int="$(ip route list |grep default |grep -o -P '\b[a-z]+\d+\b')" #Because net-tools in debian, ubuntu are obsolete already 36 | # determine external ip 37 | external_ip="$(wget ipinfo.io/ip -q -O -)" 38 | 39 | # create system user for dante 40 | useradd --shell /usr/sbin/nologin $username && echo "$username:$password" | chpasswd 41 | 42 | # add user for squid 43 | # avoid rewrite users 44 | touch /etc/squid/passwords 45 | # Set user and pass 46 | htpasswd -ib /etc/squid/passwords $username $password 47 | 48 | # Squid configuration 49 | cat < /etc/squid/squid.conf 50 | #Auth 51 | auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords 52 | acl ncsa_users proxy_auth REQUIRED 53 | 54 | #Recommended minimum configuration: 55 | dns_v4_first on 56 | acl manager proto cache_object 57 | acl localhost src 127.0.0.1/32 58 | acl to_localhost dst 127.0.0.0/8 # systemctl status squid.service after installation squid and danted by this script 59 | # WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable 60 | # WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost' 61 | acl localnet src 0.0.0.0/8 192.168.100.0/24 192.168.101.0/24 62 | acl SSL_ports port 443 63 | acl Safe_ports port 80 # http 64 | acl Safe_ports port 21 # ftp 65 | acl Safe_ports port 443 # https 66 | acl Safe_ports port 70 # gopher 67 | acl Safe_ports port 210 # wais 68 | acl Safe_ports port 1025-65535 # unregistered ports 69 | acl Safe_ports port 280 # http-mgmt 70 | acl Safe_ports port 488 # gss-http 71 | acl Safe_ports port 591 # filemaker 72 | acl Safe_ports port 777 # multiling http 73 | 74 | acl CONNECT method CONNECT 75 | 76 | http_access allow manager localhost 77 | http_access deny manager 78 | http_access deny !Safe_ports 79 | 80 | http_access deny to_localhost 81 | icp_access deny all 82 | htcp_access deny all 83 | 84 | http_port 9099 85 | hierarchy_stoplist cgi-bin ? # systemctl status squid.service after installation squid and danted by this script 86 | # ERROR: Directive 'hierarchy_stoplist' is obsolete. 87 | access_log /var/log/squid/access.log squid 88 | 89 | 90 | #Suggested default: 91 | refresh_pattern ^ftp: 1440 20% 10080 92 | refresh_pattern ^gopher: 1440 0% 1440 93 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 94 | refresh_pattern . 0 20% 4320 95 | # Leave coredumps in the first cache dir 96 | coredump_dir /var/spool/squid 97 | 98 | # Allow all machines to all sites 99 | http_access allow ncsa_users 100 | #http_access allow all 101 | 102 | #Headers 103 | via off 104 | forwarded_for off 105 | follow_x_forwarded_for deny all 106 | request_header_access X-Forwarded-For deny all 107 | header_access X_Forwarded_For deny all # systemctl status squid.service after installation squid and danted by this script 108 | # ERROR: Directive 'header_access' is obsolete. 109 | EOT 110 | systemctl restart squid.service 111 | 112 | # dante conf 113 | cat < /etc/danted.conf 114 | logoutput: /var/log/socks.log 115 | internal: 0.0.0.0 port = 9098 116 | external: $default_int 117 | socksmethod: username 118 | clientmethod: none 119 | user.privileged: root 120 | user.notprivileged: nobody 121 | user.libwrap: nobody 122 | client pass { 123 | from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0 124 | log: connect disconnect error 125 | } 126 | socks pass { 127 | from: 0.0.0.0/0 to: 0.0.0.0/0 128 | protocol: tcp udp 129 | } 130 | EOT 131 | # And we have a little bit problem with this message from `systemctl status danted.service` 132 | # danted.service: Failed to read PID from file /var/run/danted.pid: Invalid argument 133 | systemctl restart danted.service 134 | 135 | #information 136 | echo "--------------------------------------------------------------------------------------------------" 137 | echo "--------------------------------------------------------------------------------------------------" 138 | echo "--------------------------------------------------------------------------------------------------" 139 | echo "Proxy IP: $external_ip" 140 | echo "HTTP port: 9099" 141 | echo "SOCKS5 port: 9098" 142 | echo "Username: $username" 143 | echo "Password: $password" 144 | --------------------------------------------------------------------------------