[LINUX] Setting to pass local proxy only for specific site

Introduction

In the V6 plus environment at home, there is a problem that it is difficult to connect to some sites (or work). If this is left as it is, it was likely to be an obstacle to telework that may be done in the future, so build a local proxy on Sakura VPS connected by VPN and connect only the relevant site via the proxy. I tried it. (Well, I think it's okay to go through a proxy, but I don't want to accidentally get caught in the VPS bandwidth limitation on Youtube ...)

Prerequisite environment

--Server: debian 10 Buster --Client: Windows 10 --Your home server and VPS are connected by VPN between bases

Outline of work

VPS(debian 10 Buster)

--squid setup

Home server (debian 10 Buster)

--Installing nginx (default settings only) --Placement of PAC file

PC in LAN (Windows 10)

--Automatic proxy settings

Construction procedure

VPS

Install squid

# apt install squid

squid settings

# vi /etc/squid/squid.conf

/etc/squid/squid.conf


#Network address of the local network
acl lan src 192.168.1.0/24

#Deny ports other than those specified as the connection destination
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
http_access deny !Safe_ports

#Deny CONNECT other than 443 port when connecting with SSL
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports

#Allow localhost
http_access allow localhost

#Allow local addresses
http_access allow lan

#Reject other addresses
http_access deny all

#Specify the response port
http_port 8080

#Core dump output location
coredump_dir /var/spool/squid

#Cache settings
refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .       0   20% 4320

#Hide that you are going through squid
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
forwarded_for off

#Log rotation settings
logfile_rotate 0

Restart squid when you're done.


# systemctl restart squid

Home server

nginx installation

No settings required w It's a local operation anyway.

# apt install nginx

PAC file placement

Create proxy.pac under the default root folder (/ var / www / html) of nginx.

# vi /var/www/html/proxy.pac

/var/www/html/proxy.pac


function FindProxyForURL(url,host){
        if(shExpMatch(host,"<Hostname matching string>")){
                return "PROXY <VPS VPN address>:<port number>";
        }
        return "DIRECT";
}

Change the owner of the created proxy.pac to www-data

# chown www-data:www-data /var/www/html/proxy.pac

Change the permissions of the created proxy.pac

# chmod 644 /var/www/html/proxy.pac

PC in LAN (Windows 10)

Automatic proxy settings

Open [** Start Menu ] → [ Settings ] → [ Network and Internet ] → [ Proxy ] and open In [ Automatic Proxy Setup ] Check ** Use setup script ** and To [ Script Address **] Enter http: // <VPS VPN address> /proxy.pac. proxy_settings.png After that, open a browser, check if you can access the site normally, and you're done!

Recommended Posts

Setting to pass local proxy only for specific site
Library path setting to pass GAE / Python local unit tests