The post is under continious construction, last update: November 22, 2017.
If you have any suggestions or feedback, you are very welcome to contact me using github issues,
or at sergey.frolov@colorado.edu.
Setting up the WebServer with ForwardProxy
This post is mostly about the client, but I will provide a few links to server configuration tutorials.
| Server | Probing resistance | HTTP/2 | Notes |
|---|---|---|---|
| Caddy | ✔* | ✔ | RECOMMENDED. Configuration is extremely easy, see instruction from Caddy's author Matt Holt in his blog post on Medium. |
| Apache2 | ✕ | ✕ | See how to configure forward proxy on https://httpd.apache.org/docs/2.2/mod/mod_proxy.html. mod_proxy and http2 do not work together. |
| nghttp2 | ✕ | ✔ | Could act as frontend to forwadproxy, say squid, see nghttp2/nghttp2#547 |
* Probing resistance in Caddy Web Server is experimental
Ways to start using Secure Web Proxy on client side:
- Set up per-appilcation proxy. Recommended method.
- Use Proxy Auto-Config (PAC) file.
PAC files are less common, but they don't require special apps or extensions for browsers or mobile platforms and allow flexible configuration.
-
Use extension, for example SwitchyOmega. This extension guides user through setup, and here's mine for reference:
Then in upper-right corner you can switch between "Direct" connection and your proxy:
-
Alternatively, you can pass
--proxy-server="https://sfrolov.io"(substitutesfrolov.ioforyour.server.com) to google-chrome. In Linux/MacOS you can callgoogle-chrome --proxy-server="https://sfrolov.io". In Windows/macOS you can right click on icon and set up passing aforementioned string as argument.
-
Easiest option would be to use SwitchyOmega. Setup is same as for Google Chrome, just follow the instructions.
-
There is also a way to configure secure web proxy without addons, but it is somewhat less convinient. Open Menu (upper right corner) → Preferences → Advanced → Network → Settings
Choose Automatic proxy configuration URL, and paste the following:
data:text/plain,function%20FindProxyForURL(){return%20"HTTPS%20sfrolov.io";}
Don't forget to substitute sfrolov.io for your.server.com, and don't lose HTTPS%20 before and ";} after.
You can also check "Do not prompt for authentication if password is saved" for convinience.
Remember that you first have to generate PAC file. ForwardProxy plugin for Caddy web server does that automatically.
Open Wi-Fi settings → hold/tap on currently used Wi-Fi and choose "Modify Network" → In Advanced options set proxy to "Proxy Auto-Config" → Set PAC URL to whereever your PAC file is, for example, https://sfrolov.io/proxy.pac
Open Menu (upper right corner) Preferences → Advanced → Network → Settings → Set Automatic proxy configuration URL to whereever your PAC file is, for example, https://sfrolov.io/proxy.pac
You can also specify full path to local PAC file.
Control Panel → Network and Internet → Internet Options → Connections → LAN settings → Check the "Use automatic configuration script" and specify url or path to your PAC file.
System Preferences → Network → Choose needed network and click "Advanced..." → Proxies → Check "Automatic Proxy Configuration" and specify url or path to your PAC file.
System Settings → Network → Network Proxy → Choose method "Authomatic" and specify url or path to your PAC file → Click "Apply System-Wide"