SSH Tunneling as HTTP Proxy: How to Route Web Traffic Through a Remote Server


2 views

SSH tunneling offers a powerful way to route HTTP/HTTPS traffic through a remote server without requiring a dedicated proxy service. This technique is particularly useful when you need temporary secure access or when installing additional software isn't feasible.

The simplest method is to create a dynamic SOCKS proxy tunnel:

ssh -D 8080 -C -N user@your-server.com

This command establishes a SOCKS5 proxy on local port 8080. The flags mean:
-D: Dynamic port forwarding
-C: Enable compression
-N: Don't execute remote commands

Most applications support SOCKS proxies. For example, in Firefox:

1. Go to Preferences > Network Settings
2. Select "Manual proxy configuration"
3. Enter "localhost" for SOCKS Host and "8080" for Port
4. Choose SOCKS v5
5. Check "Proxy DNS when using SOCKS v5"

For targeted forwarding of a single website's traffic:

ssh -L 9000:target-website.com:80 user@your-server.com

This forwards traffic from localhost:9000 through your server to target-website.com on port 80.

For production use, consider AutoSSH to maintain stable connections:

autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" \
-N -D 8080 user@your-server.com

While SSH tunneling is secure, remember:

  • The tunnel only encrypts traffic between your client and server
  • Server-side traffic to the destination is unencrypted (unless using HTTPS)
  • Monitor bandwidth usage as all traffic routes through your server

If you specifically need HTTP proxy functionality, you can use corkscrew with SSH:

1. Install corkscrew: sudo apt install corkscrew
2. Configure ~/.ssh/config:
   Host your-server.com
   ProxyCommand corkscrew proxy.example.com 8080 %h %p

This setup effectively turns your SSH server into an HTTP proxy gateway.

SSH tunneling provides a secure way to route your HTTP traffic through a remote server. This technique essentially creates a SOCKS proxy without requiring any additional proxy software on the server.

The simplest way to create an HTTP tunnel is using SSH's built-in SOCKS proxy capability:

ssh -D 8080 user@your-server.com

This command creates a SOCKS proxy on local port 8080. You can then configure your browser or applications to use:

localhost:8080

as your SOCKS proxy.

For more reliable connections, consider adding these options:

ssh -f -N -D 8080 user@your-server.com

Where:

- -f backgrounds the process

- -N means no remote command execution

- -D specifies the SOCKS proxy port

In Firefox, configure the proxy settings:

1. Go to Preferences > Network Settings
2. Select "Manual proxy configuration"
3. Enter "localhost" for SOCKS Host
4. Enter "8080" for Port
5. Select "SOCKS v5"
6. Check "Proxy DNS when using SOCKS v5"

For pure HTTP traffic (without SOCKS), you can use port forwarding:

ssh -L 3128:target-website.com:80 user@your-server.com

Then configure your HTTP proxy to:

localhost:3128

Create a bash script to simplify connection:

#!/bin/bash
ssh -f -N -D 8080 user@your-server.com
echo "SOCKS proxy running on localhost:8080"

If connections fail:

1. Verify SSH access works normally
2. Check if port 8080 is available
3. Ensure server allows TCP forwarding
4. Test with curl: curl --socks5 localhost:8080 http://example.com

Remember that:

  • SSH tunnels encrypt traffic between client and server
  • Traffic from server to destination is unencrypted unless using HTTPS
  • Regular SSH security practices apply (key-based auth, disable root login, etc.)