← blog

Nginx as a Forward Proxy on Debian 6

November 9, 2013 · 3 min read

The nginx HTTP Server is more than HTTP server, you can use this as a forward proxy, too, for protecting your privacy online through browsing behind the IP Address of your server. Having a proxy server of your own offers you speed and reliability while browsing (almost) anonymously.

Server-side configuration

First, install the “nginx” package using your package manager.

sudo apt-get install nginx-full

Now, we need a virtual host for the proxy server. First, let’s move inside the virtual host configuration directory.

cd /etc/nginx/sites-available

Next, we will create a virtual host. Create an empty file in an editor with any name you like (I have chosen “proxy”). The following text should go into the file,

server {
listen 8080;

location / {
  resolver 8.8.8.8;
  proxy_pass http://$http_host$uri$is_args$args;
  }
}

This part need explaining. The “listen” parameter determines which port it will listen to for incoming proxy requests. I have chosen the port 8080. And the resolver is the DNS Server you will use for resolving domain names. I am using one of the Google Public DNS servers. You can use OpenDNS (208.67.222.222) too, if you prefer others, it is also fine.

Now, save the file and come back to the command line. Move into the “activated” virtual hosts directory of nginx,

cd /etc/nginx/sites-enabled

Let’s create a softlink to the file we created previously.

ln -s /etc/nginx/sites-available/proxy

Now to reload the nginx server configuration options for the proxy host to be enabled.

sudo service nginx restart

The server bit is done, now for configuring your browser.

Client-side configuration

Open up your browser and move into the proxy settings. In Mozilla Firefox, the settings are located in “Edit > Preferences > Advanced > Network > Settings” for Linux users, Microsoft Windows users should find it in “Tools > Options > Advanced > Network > Settings”.

Select Manual, use the IP address of the server as the proxy server address, and use the port you decided to listen to as the proxy port. Extra mustard

If you want to make sure that no one else uses (or abuses) your proxy server, configure it to allow requests only from your IP or subnet. Modify the “location /” block as following

location / {
  resolver 8.8.8.8;
  proxy_pass http://$http_host$uri$is_args$args;
  allow 74.14.21.24;
deny all;

You can change the “allowed” IP according to your preference. You can also customize the 403 forbidden pages, which you can use to show to the people who aren’t supposed to use your proxy server.

What do you think? Reach out on LinkedIn or GitHub.