Skip to content

dumbproxy

repository

Prerequisites:

  • Valid certificate

  • Port open for incoming connection:

    • 4443/TCP

  • Download executable file 

wget -O /usr/local/bin/dumbproxy https://github.com/Snawoot/dumbproxy/releases/download/v1.12.0/dumbproxy.linux-amd64
  • Create user
useradd --no-create-home --shell /bin/false dumbproxy
  • Change file owner
chown -R dumbproxy:dumbproxy /usr/local/bin/dumbproxy
  • Allow execute file 
chmod a+x /usr/local/bin/dumbproxy
  • (optional) Allow run as root 
chmod u+s /usr/local/bin/dumbproxy

Note: this is needed if you want to bind proxy to privileged port (<1024) Note: if you do not run as root you should use setfacl for letsencrypt certificate

  • Create unit file to run as a service
nano /etc/systemd/system/dumbproxy.service

[Unit]
Description=Dumbiest HTTP proxy ever
After=network.target network-online.target nss-lookup.target

[Service]
User=dumbproxy
Group=dumbproxy
ExecStart=/usr/local/bin/dumbproxy -bind-address :4443 -auth 'static://?username=proxyusername&password=proxyuserpassword' -cert /etc/letsencrypt/live/proxy.company.com/fullchain.pem -key /etc/letsencrypt/live/proxy.company.com/privkey.pem
Restart=always
KillMode=process
TimeoutStartSec=5
TimeoutStopSec=5

[Install]
WantedBy=multi-user.target

where execstart command include following configuration parameters:

  • bind-address - listening port for service
  • auth - authentication with username user and password password
  • cert - certificate from Let's Encrypt folder

  • key - private key from Let's encrypt folder

  • Restart service and enable it to auto start

systemctl daemon-reload
systemctl start dumbproxy
systemctl enable dumbproxy
systemctl restart dumbproxy

You could make test request through proxy 

curl --proxy https://proxy.company.com:4443 http://api.ipify.org/ --proxy-user user:password --insecure --proxy-insecure --include --verbose

You could read log files

journalctl -u dumbproxy
  • (optional) Configure PAC file

This allows proxy requests only to specific URL Please see PAC MD

DumbProxy requires access to certificate

If it runs as regular user the service does not have access to Let's Encrypt certificates

apt install acl
setfacl -R -m u:dumbproxy:rX /etc/letsencrypt/
setfacl -R -d -m u:dumbproxy:rX /etc/letsencrypt/
getfacl /etc/letsencrypt/