How I set up Tinyproxy as a forward proxy and reverse proxy

Requirements

The following requirements represent what I used in my experiment:

  • 4 virtual machines to serve as client, forward proxy, reverse proxy and server — I used VirtualBox to run these machines, with the Debian’s OS image;
  • The server has to run a Web Server — I used Apache HTTP server, to return the default HTML page saying “It works!”;
  • The client has to have a browser or a command-line tool installed such as curl, to do HTTP requests;
  • The forward and reverse proxy machines should have tinyproxy installed — Next I’ll show how to install it on the Debian machines. The version I used was 1.8.3.

Test architecture

Test architecture for the experiment

Network Configuration

VirtualBox lets you configure the network settings of the virtual machines. I used Nat Network setting which allowed me to have all the machines within the same network. These were the IP assigned to each machine.

  • Forward Proxy — 10.0.2.35
  • Reverse Proxy — 10.0.2.36
  • Server — 10.0.2.34

Install Tinyproxy

To install Tinyproxy, you have to type the following command into the forward and reverse proxy machines’s terminal:

apt-get install tinyproxy

Setting up the system

Tinyproxy works according to configuration files. I wrote two configurations, one for the forward proxy and another for the reverse proxy.

tinyproxy -c <configuration-file>

Testing the system

First make sure that the server is running accordingly and you can access the server with the following command, from any of the machines, since all of them are in the same network. You can test this using curl command line tool or on a browser:

curl http://10.0.2.34:80/ 
curl -v --proxy http://10.0.2.35:8888 http://10.0.2.36:8888/
root@debian:/home/debian# curl -v --proxy http://10.0.2.35:8888 http://10.0.2.36:8888
* Rebuilt URL to: http://10.0.2.36:8888/
* Hostname was NOT found in DNS cache
* Trying 10.0.2.35...
* Connected to 10.0.2.35 (10.0.2.35) port 8888 (#0)
> GET http://10.0.2.36:8888/ HTTP/1.1
> User-Agent: curl/7.38.0
> Host: 10.0.2.36:8888
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
< Via: 1.0 tinyproxy2 (tinyproxy/1.8.3), 1.1 tinyproxy1 (tinyproxy/1.8.3)
< Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
< Date: Tue, 12 Dec 2017 23:01:37 GMT
< Content-Type: text/html
< ETag: "2d-432a5e4a73a80"
< Set-Cookie: yummy_magical_cookie=/; path=/
* Server Apache/2.4.29 (Unix) is not blacklisted
< Server: Apache/2.4.29 (Unix)
< Content-Length: 45
< Accept-Ranges: bytes
<
<html><body><h1>It works!</h1></body></html>
* Connection #0 to host 10.0.2.35 left intact
Wireshark capture of the communication between the client and the server, passing through the proxies.
cat /var/log/tinyproxy/tinyproxy.log

Tips & Notes

  • If you want to set up other paths you can do it with the “ReversePath” keyword. E.g.: ReversePath “/test” “http://10.0.2.34:80/” — in this way you can access the server by typing “http://10.0.2.36:8888/test”
  • I was always getting the error 400 Bad Request, because I was using this tool in the wrong way. I was using curl to connect with the server as the endpoint instead of the reverse proxy. The reverse proxy does not work as a forward proxy, so don’t use the “upstream” keyword to forward the traffic to the reverse proxy.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Isabel Costa

Isabel Costa

656 Followers

Software Engineer from Portugal working in the UK • GitHub Star • Open Source advocate • https://isabelcosta.github.io