BestHub
Sign in
Operations 5 min read

Build a Secure Proxy Server on AWS with Squid and SSH Tunneling

This guide walks you through creating an AWS EC2 instance, installing and configuring Squid as a proxy, restarting the service, setting up local proxy settings, and securing the connection with an SSH tunnel for encrypted traffic.

ITPUB
ITPUB
ITPUB
Build a Secure Proxy Server on AWS with Squid and SSH Tunneling

When accessing the Internet from computers, tablets, or phones, network restrictions or outages can block communication between the local device and the target server. Using a third‑party proxy server allows you to bypass IP‑based blocks, such as accessing a Japan‑only video site from elsewhere.

Provision an AWS EC2 Instance

Log in to the AWS console and launch an EC2 instance, preferably in a region close to China (e.g., Tokyo). After the instance is created, download the .pem key file and note the public IP address (e.g., 199.199.199.199).

Install Squid Proxy Software

Connect to the EC2 instance via SSH and run the following command to install Squid:

sudo apt-get install squid3

Configure Squid

Edit /etc/squid3/squid.conf with a minimal configuration that allows all traffic and listens on port 2046:

# Control list, define "all"
acl all src all

# Allow all access
http_access allow all

# Listening port for Squid
http_port 2046

Restart Squid

Apply the new configuration by restarting the service:

sudo service squid3 restart

Set Up Local Proxy Settings

On a Mac, open System Preferences → Network → Advanced → Proxies and enter the EC2 IP address ( 199.199.199.199) and port 2046. Windows and other Linux systems can be configured similarly, either system‑wide or within individual browsers.

Secure the Proxy with an SSH Tunnel

Because Squid traffic is unencrypted, create an SSH tunnel to encrypt the connection between your computer and the proxy server. Run the following command, replacing the key file name and IP as appropriate:

ssh -i Tokyo-VPN.pem -N -L2046:localhost:2046 [email protected]

This forwards your local port 2046 to the remote Squid port 2046, encrypting all data that passes through the tunnel.

Adjust Proxy Settings for the Tunnel

After establishing the tunnel, change the proxy address in your local settings from 199.199.199.199 to 127.0.0.1. Test the setup by browsing the web; traffic will now be routed through the encrypted SSH tunnel to the Squid proxy on AWS.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

ProxyLinuxAWSSquidSSH Tunnel
ITPUB
Written by

ITPUB

Official ITPUB account sharing technical insights, community news, and exciting events.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment