In the V6 plus environment at home, there is a problem that it is difficult to connect to some sites (or work). If this is left as it is, it was likely to be an obstacle to telework that may be done in the future, so build a local proxy on Sakura VPS connected by VPN and connect only the relevant site via the proxy. I tried it. (Well, I think it's okay to go through a proxy, but I don't want to accidentally get caught in the VPS bandwidth limitation on Youtube ...)
--Server: debian 10 Buster --Client: Windows 10 --Your home server and VPS are connected by VPN between bases
VPS(debian 10 Buster)
--squid setup
--Installing nginx (default settings only) --Placement of PAC file
--Automatic proxy settings
VPS
# apt install squid
# vi /etc/squid/squid.conf
/etc/squid/squid.conf
#Network address of the local network
acl lan src 192.168.1.0/24
#Deny ports other than those specified as the connection destination
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
http_access deny !Safe_ports
#Deny CONNECT other than 443 port when connecting with SSL
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
#Allow localhost
http_access allow localhost
#Allow local addresses
http_access allow lan
#Reject other addresses
http_access deny all
#Specify the response port
http_port 8080
#Core dump output location
coredump_dir /var/spool/squid
#Cache settings
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#Hide that you are going through squid
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
forwarded_for off
#Log rotation settings
logfile_rotate 0
Restart squid when you're done.
# systemctl restart squid
No settings required w It's a local operation anyway.
# apt install nginx
Create proxy.pac under the default root folder (/ var / www / html) of nginx.
# vi /var/www/html/proxy.pac
/var/www/html/proxy.pac
function FindProxyForURL(url,host){
if(shExpMatch(host,"<Hostname matching string>")){
return "PROXY <VPS VPN address>:<port number>";
}
return "DIRECT";
}
Change the owner of the created proxy.pac to www-data
# chown www-data:www-data /var/www/html/proxy.pac
Change the permissions of the created proxy.pac
# chmod 644 /var/www/html/proxy.pac
Open [** Start Menu ] → [ Settings ] → [ Network and Internet ] → [ Proxy ] and open
In [ Automatic Proxy Setup ]
Check ** Use setup script ** and
To [ Script Address **]
Enter http: // <VPS VPN address> /proxy.pac
.
After that, open a browser, check if you can access the site normally, and you're done!