If you happen to have SSH account on a Dedicated server or a VPS that runs on some kind of UNIX like OS such as Linux / *BSD or just a friends Mac OS notebook and you don't want your HTTP traffic to be sniffed (spyed) by your local ISP, e.g. you want to get some kind of simple Web browsing anonimity on the Internet, easier alternative to using SSH Dynamic Tunnel to Proxify encrypted traffic is to just run a Proxy Cache server on remote *nix host to which you have access and configure your browser to use the host as proxy. Besides enhanced traffic privacy other advantage of running a Proxy server is of course the fact that using proxy server cache significantly improve page speed opening times, optimize web-sites content delivery saving you a lot of bandwidth and off-loads remote sites because already cached content at the proxy is served directly from the proxy server instead of each time requested from the server. Those admins who remember "the dawn of mass internet use" should remember that a lot of the small and middle sized internet providers were into the habit to use Squid transparent proxy with huge Disk Cache in order to speed-up their customers internet page opening times and thus offer a superior service and save money for themselves since the ISPs were also paying not for a bandwidth to end providers but for used overall Traffic.
Historically I've personally used TinyProxy a lot to "obfuscate" my traffic (hide my originating host IP) and to save-bandwidth cause in late 1990's I paid my internet bills based on used traffic and starting a TinyProxy saved me network traffic and hence cut my Internet bill but even today it is great to optimize web traffic.
Usually for a single or few persons proxy it is not worthy to use "Full Featured" Complex Caching servers such as Squid Cache because installing and configuring one has plenty of dependency packages and a lot of time to spend in configuring (dealing with squid's cryptic squid.conf) it is much better and easier to use a light-weight HTTP/HTTPS proxy service (daemon) such as TinyProxy if using Tor Project (Anonymity Online) Network to protect against network surveillance / traffic analysis Privoxy.
Below is TinyProxy package description from Debian
apt-cache show tinyproxy|grep -i desc -A 5
Description: A lightweight, non-caching, optionally anonymizing http proxy
An anonymizing http proxy which is very light on system resources,
ideal for smaller networks and similar situations where other proxies
(such as Squid) may be overkill and/or a security risk. Tinyproxy can
also be configured to anonymize http requests (allowing for exceptions
on a per-header basis).
To install TinyProxy on Debian Linux:
root@debian:~# apt-get update && apt-get install –yes tinyproxy
To TinyProxy on CentOS 6.5 / 7 Linux:
Install first EPEL (Packages for Enterprise Linux) RPM repository (included by default in CentOS 6 / 7) – also possible to install easily on RHELs (but on RHEL you need to add epel rpm package manually)
[root@centos ~]# yum install -y epel-release
[root@centos ~]# yum -y install tinyproxy
Configuring TinyProxy Linux:
On Debian Linux config is in:
vim /etc/tinyproxy.conf
On CentOS / Fedora / RHEL RPM based ones:
vim /etc/tinyproxy/tinyproxy.conf
You might want to change some of below default values:
# User and Group with which TinyProxy will be running
User nobody
Group nogroup
# Default proxy listen port
Port 8888
# Specifies IP (interface) to be used for outgoing proxy host connections
Bind 192.168.0.1
# To which IP address (interface) tinyproxy will listen for connections. If uncommented it will listen to all available network interfaces
Listen 192.168.0.1
# Seconds after which connection will be terminated
Timeout 600
# Where proxy queries will be logged (very useful to keep a history for yourself on pages you have visted), sometimes useful if you wipe out browser cache
Logfile "/var/log/tinyproxy/tinyproxy.log"
# How many clients (connections) can be made to tinyproxy for one client (personal use) 100 is a good value
MaxClients 100
# This two values are settings on how many (minumum and maximum) tinyproxy instances will listen for connection from remote hosts – this should be familiar to people who configured Apache webserver, note that tinyproxy uses process fork and not threads
MinSpareServers 5
MaxSpareServers 20
# This is how many sites connections the proxy will listen to
# if you open 20 sites in 20 tabs which will refresh make here 20
# you might need to raise this if you have 10 clients
StartServers 10
# hosts to allow connection to proxy server from (Be careful to allow only access from your network otherwise you might end up being an open proxy), allowing some hax0r to do something terrible proxying through you
Allow 127.0.0.1
#The Log Level – "Error" is generally Okay, who may like more information can take Notice – Connect and Info
LogLevel Error
# pidfile location
PidFile "/var/run/tinyproxy/tinyproxy.pid"
# The "Via" header is required by the HTTP RFC, but using the real host name
# is a security concern. If the following directive is enabled, the string
# supplied will be used as the host name in the Via header; otherwise, the
# server's host name will be used.
#
ViaProxyName "tinyproxy
To install TinyProxy on FreeBSD
freebsd# cd /usr/ports/www/tinyproxy
freebsd# make install distclean
If you need to change the default TinyProxy port from port 8888 to something else for security reasons edit:
vim /usr/local/etc/tinyproxy.conf
Find port and change is to lets say 7000 or whatever network port is good for you
To make TinyProxy auto start on BSD boot time:
freebsd# vim /etc/rc.conf
tinyproxy_enable="YES"
To start / stop tinyproxy any time use:
freebsd# /usr/local/etc/rc.d/tinyproxy start
For Firefox users I also recommend using TinyProxy is to install FoxyProxy FF extension
Securing TinyProxy traffic with SSH Tunnel
If you're concerned about transferred data security between your client host (Desktop) machine and remote installed Proxy server that your ISP or some malicious guy could sniff your website login credentials using Man in the Middle attack, its also a good idea to use TinyProxy together with SSH Tunnel, that's pretty easy if you have an SSH client on your machine (if you're on a Mac OS X).
ssh User@server.remote-tinyproxy-server-host.com -L 1234:localhost:8888 -N
To make SSH Tunnel Windows users could use Plink or MobaXterm embedded Tunneling interface
Then setup your Firefox / Chrome / Opera browser to use as a Proxy localhost:1234