Setting Linux clients to use a proxy server

Assuming proxy server is 192.168.1.100, port 3128…

Most user-land applications, such as Curl

These use the http_proxy and https_proxy environment variables.  To set these on BASH:

export http_proxy=http://192.168.1.100:3128
export https_proxy=http://192.168.1.100:3128

For wget:

edit /etc/wgetrc and uncomment out the these lines:

https_proxy = http://192.168.1.100:3128/
http_proxy = http://192.168.1.100:3128/


For Git:

git config --global http.proxy http://192.168.1.100:3128

or
printf "[http]\n\tproxy = http://192.168.1.100:3128\n" >> ~/.gitconfig

 

Package installations/updates in Debian & Ubuntu:

Create the file /etc/apt/apt.conf.d/99http-proxy with this line:

Acquire::http::Proxy "http://192.168.1.100:3128";

Package installations/updates in RHEL & CentOS

Add this line to /etc/yum.conf under the [main] section:

proxy=http://192.168.1.100:3128

PIP on the fly


sudo pip install --proxy=http://192.168.1.100:3128 somepackage

To install a squid proxy server:

Debian & Ubuntu

sudo apt-get install squid
/etc/init.d/squid stop
/etc/init.d/squid start

RHEL & CentOS

sudo yum install squid
systemctl stop squid.service
systemctl start squid.service

In both cases the configuration file is /etc/squid/squid.conf

I’d recommend setting these for better performance and improved stability:

# Allocate 2 GB of disk space to disk caching
cache_dir ufs /var/spool/squid 2048 16 256
# Cache files smaller than MB in size, up from default of 4 MB
maximum_object_size 256 MB
# Up max file descriptors from default of 1024 to 4096
max_filedesc 4096
Advertisement

OpenVPN Server in AWS

Licensing costs start at just under $100 per user per year.  For compute costs, these are common supported instance sizes in a typical region:

  • t2.micro 1 vCPU, 1 GB RAM, ~75 Mpbs = ~$100/yr
  • t2.small 1 vCPU, 2 GB RAM, ~125 Mbps = ~$200/yr
  • t2.medium 2 vCPU, 2 GB RAM, ~250 Mbps = ~ $400/yr
  • t2.large 2 vCPU, 8 GB RAM, ~500 Mbps = ~$800/yr

SSH to the IP address using the correct private SSH key and ‘openvpnas’ as the username

The setup wizard should start automatically.  To run it again:

sudo su
/usr/bin/ovpn-init –ec2

To use the second (eth1) interface as the internal interface, get the IP address from AWS console and then edit /etc/netplan/50-cloud-init.yaml to add these lines ( (i.e. 192.168.101.123/255.255.255.0)

        eth1:
            dhcp4: no
            addresses: [192.168.101.123/24, ]

After saving the file, restart netplan and verify eth1 has the new IP address

sudo netplan apply
ifconfig eth1

To add internal static routes (for example, the RFC-1918 blocks) add these lines too:

            routes:
            - to: 192.168.0.0/16
                  via: 192.168.101.1
            - to: 172.16.0.0/12
                  via: 192.168.101.1
            - to: 10.0.0.0/8
                  via: 192.168.101.1

Then another restart netplan and verify the routes are working as entered

sudo netplan apply
netstat -rn

Set an initial password for the openvpn admin account via this command:

sudo passwd openvpn

Access the web gui at https://ip.address/admin/ logging in as openvpn with the password that was just set