Best Proxy Server Open Source
8 Top Open Source Reverse Proxy Servers for Linux – Tecmint
A reverse proxy server is a type of proxy server that is deployed between clients and back-end/origin servers, for example, an HTTP server such as NGINX, Apache, etc.. or application servers written in Nodejs, Python, Java, Ruby, PHP, and many other programming languages.
It is a gateway or an intermediary server that takes a client request, passes it on to one or more back-end servers, and subsequently fetches the response from the server and delivers it back to the client, thus making it appear as if the content originated from the reverse proxy server itself.
Generally, a reverse proxy server is an internal-facing proxy used as a ‘front-end‘ to control and protect access to back-end servers on a private network: it is typically deployed behind the network firewall.
It helps back-end servers to achieve anonymity to enhance their security. In an IT infrastructure, a reverse proxy can also function as an application firewall, load balancer, TLS terminator, web accelerator (by caching static and dynamic content), and much more.
In this article, we will review the 8 top open-source reverse proxy servers you can use on a Linux system.
1. HAProxy
HAProxy (HAProxy, which stands for High Availability Proxy), a free, open-source, very fast, reliable, and top-notch load balancer and proxying software for TCP and HTTP-based applications, built for high availability.
HAProxy is an HTTP reverse-proxy, a TCP proxy and normalizer, an SSL/TLS terminator/initiator/offloader, a caching proxy, an HTTP compression offloader, a traffic regulator, a content-based switch, a FastCGI gateway, and more. It is also a protection against DDoS and service abuse.
It is powered by an event-driven, non-blocking engine that combines a very fast I/O layer with a priority-based, multi-threaded scheduler which enables it to easily deal with tens of thousands of concurrent connections. Notably, HAProxy uses the PROXY protocol to pass the client’s connection information to backend or origin servers so that an application gets all the relevant information.
Some of HAProxy’s basic features include proxying, SSL support, monitoring both server states and its own state, high availability, load balancing, stickiness(maintain a visitor on the same server even across various events), content switching, HTTP rewriting, and redirection, server protection, logging, statistics, and much more.
2. NGINX
NGINX, a free, open-source, high-performance, and very popular HTTP server and reverse proxy. It also functions as an IMAP/POP3 proxy server. NGINX is well known for its high performance, stability, rich feature set, simple and flexible configuration, and low resource consumption (particularly small memory footprint).
Just like HAProxy, NGINX has an event-driven architecture so it has no problem dealing with tens of thousands of concurrent connections, as it uses HAProxy’s PROXY protocol.
NGINX supports accelerated reverse proxying with caching using the ngx__proxy_module module, which allows passing requests to another server over protocols other than HTTP, such as FastCGI, uwsgi, SCGI, and memcached.
Importantly, it supports load balancing and fault tolerance which are vital aspects of large-scale distributed computing systems. The ngx__upstream_module module allows for defining groups of backend servers to distribute the requests coming from clients. This makes your applications more robust, available and reliable, highly scalable, with response time and throughput. Additionally, concerning security, it supports SSL/TLS termination and so many other security features.
Useful articles on Nginx web server you might like to read:
How to Install Nginx Web Server on Ubuntu 20. 04
How to Install Nginx on CentOS 8
How to Enable NGINX Status Page
3. Varnish HTTP Cache
Varnish HTTP Cache (or Varnish Cache or simply Varnish) is a free, open-source, high-performance, and very popular caching reverse-proxy software better known as a web application accelerator, designed to improve HTTP performance using server-side caching.
It is deployed between a client and an HTTP web server or application server; every time a client requests for information or a resource from a web server, Varnish stores a copy of the information, so the next time the client requests for the same information, Varnish will serve it without sending a request to the webserver thus reducing the load on the server and in turn speeding up web content delivery.
Varnish uses a flexible configuration language know as the Varnish Configuration Language (VLC) which among other things enables system administrators to configure how incoming requests should be processed, what content should be served, and from where, and how the request or response should be altered, and much more.
The varnish is also extensible – it can be extended using Varnish Modules (VMODs) and users can write their custom modules or use community provided modules.
The main limitation of Varnish is its lack of support for SSL/TLS. The only way to enable HTTPS is to deploy an SSL/TLS terminator or offloader such as HAProxy or NGINX in front of it.
4. Træfɪk
Træfɪk (pronounced Traffic) is a free, open-source, modern, and fast HTTP reverse proxy and load balancer for deploying micro-services that supports multiple load balancing algorithms. It can interface with various providers (or service discovery mechanisms or orchestration tools) such as Kubernates, Docker, Etcd, Rest API, Mesos/Marathon, Swarm, and Zookeper.
Its lovable feature is its ability to manage its configuration automatically and dynamically thus discovering the right configuration for your services. It does this by scanning your infrastructure to find relevant information and discovers which service serves which request from the external world. The providers tell Træfɪk where your applications or micro-services are located.
Træfɪk’s other features are supported for WebSockets, HTTP/2, and GRPC, and hot reloading (continuously updates its configuration without restarts), HTTPS using Let’s Encrypt certificates (wildcard certificate support), and exposes a REST API. It also keeps access logs, and it provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB).
Also, Træfɪk ships with a simple HTML-based web user interface used to keep an eye on events. It also supports circuit breakers, retry requests, rate limiting, and basic authentication.
5. Apache Traffic Server
Formerly a commercial product owned by Yahoo which was later handed over to the Apache Foundation, Apache Traffic Server is a free, open-source, and fast caching forward and reverse-proxy server.
Traffic Server also works as a load balancer and can participate in flexible cache hierarchies. It is known to have handled over 400 TB a day of traffic at Yahoo.
It features a set of keep-alive, filtering, or anonymizing of content requests, and is extensible via an API that allows users to create custom plugins to modify HTTP headers, handle ESI requests, or design new cache algorithms.
6. Squid Proxy Server
Squid is a free, open-source, and well-known proxy server and Web cache daemon that supports various protocols such as HTTP, HTTPS, FTP, and more. It features a reverse proxy (d-accelerator) mode that caches incoming requests for outgoing data.
It supports rich traffic optimization options, access control, authorization, logging facilities, and much more.
7. Pound
A Pound is another free and open-source, lightweight reverse-proxy and load balancer and front-end for web servers. It is also an SSL terminator (that decrypts HTTPS requests from clients and sends them as plain HTTP to the back-end servers), an HTTP/HTTPS sanitizer(that verifies requests for correctness and accept only well-formed ones), and a fail-over server.
8. Apache HTTP Server
Last but not least, we have an Apache HTTP server (also known as HTTPD), the most popular web server on the globe. It can also be deployed and configured to act as a reverse proxy.
Additionally, you can also checkout Skipper, the new kid on the block. It is a free and open-source HTTP router and reverse proxy for service composition, including use cases like Kubernetes Ingress.
That’s all we had for you in this guide. For more information about each tool in this list, check out their respective websites. Do not forget to share your thoughts with us via the feedback form below.
Best Self-Hosted Proxy Servers – Linux Hint
You may not realize it, but there are many third parties that manipulate your internet content. Your ISP might restrict access to certain websites, search engines hides search results to comply with various anti-piracy acts, and websites themselves often show different content to visitors from different geographical regions.
If this doesn’t sit well with you, you should consider using a self-hosted proxy server to get past geographic restrictions and other forms of censorship. Self-hosted proxy servers can also help you reduce bandwidth and improves response times by caching frequently-requested web pages, and some come with advanced filtering capabilities that make it possible to get rid of ads or protect children from harm.
Our selection reflects the wide range of self-hosted proxy servers and their capabilities. Some self-hosted proxy servers described in this article are easier to set up than others, but we believe that anyone willing to spend some time reading an online tutorial should be able to install and configure just about any self-hosted proxy server available.
1. Privoxy
Privoxy is a non-caching web proxy with filtering capabilities for enhancing privacy. It can modify web page data and HTTP headers, control access, and remove ads.
The first version of Prixovy was released in 2001, based on the Internet Junkbuster, an older ad-blocking web proxy released under the GNU General Public License. Until 2010, the Tor Project used to bundle Privoxy with Tor, but they ultimately decided to stay away from third-party solutions for security reasons.
Prixovy is available on virtually all popular operating systems and platforms, including Linux, OpenWrt, DD-WRT, Windows, macOS, OS/2, AmigaOS, and BeOS. While Prixovy is fairly easy to install and get running, as we explain in the next section of this article, fine-tuning its various settings is far from trivial and requires a fairly advanced understanding of computer networks.
2. Squid
Squid is a caching proxy with support for HTTP, HTTPS, FTP, and other protocols. Caching proxies temporarily store frequently used data to reduce bandwidth and improve response times.
Squid started its life in 1996 as the Harvest object cache, which was part of a research project by the Internet Research Task Force Research Group on Resource Discovery (IETF-RD). The current version of Squid is a fork of the last pre-commercial version of Harvest, and its name was chosen to prevent confusion with the commercial fork called Cached 2. 0.
Squid runs on all popular operating systems, and it’s used by hundreds of ISPs around the world to provide their users with the best possible internet experience. Websites use Squid to improve their content delivery, which means that knowing how to install and configure it could help you land a great job.
3. Pi-hole
Pi-hole is a DNS sinkhole that can block advertisement and inappropriate content at the network-level. As its name suggests, Pi-hole is intended for use with the Raspberry Pi single-board computer, which is developed in the United Kingdom by the Raspberry Pi Foundation and is providing low cost systems that are accessible to people of all economic backgrounds and can be used for educational purposes.
At the core of Pi-hole are various open source technologies such as dnsmasq, cURL, and Ligd, which allow it to block DNS requests for known tracking and advertising domains. Because Pi-hole works at the network level, it prevents ads from being displayed even on smart TVs and mobile devices running Android and iOS.
4. SwiperProxy
SwiperProxy is an extremely efficient web proxy written in Python. If you’d like to learn how proxy servers work under the hood, SwiperProxy is an excellent place to start because it’s open source, hosted on GitHub, and runs on a self-containing, minimalist web server. It works great with all major web servers, including Apache, Nginx, and Varnish, and is configured through only 25 well-documented options.
To get started with SwiperProxy, we recommend you read the quick-start guide, which you can find here.
5. Traefik
Træfɪk is a modern reverse proxy and load balancer that’s fully open source, easy to configure, and designed with modern cloud-based services in mind. It’s written in the Go programming language and exposes a Rest API.
Træfɪk is typically deployed to orchestrate multiple cloud services, allowing you to add, remove, kill, upgrade, or scale services with ease. Because Træfɪk is packaged as a single binary file and available as a tiny official docker image, installing it could hardly be any easier.
How to Install and Configure Privoxy
The good news is that Prixovy is available both as raw source code and in convenient pre-compiled packages for a wide range of operating systems. Unless you know exactly what you’re doing, start with the packages, which can be downloaded from here.
Ubuntu users can install Prixovy using the following command:
# sudo apt-get install privoxy
And many other Linux distributions, including Red Hat and Fedora, also have Privoxy in repositories.
Regardless of which installation method you use, you will need to go to /etc/privoxy because that’s where the Privoxy configuration files are located.
Because Privoxy is mainly written for people who are already familiar regular expressions, HTTP, and HTML—or are willing to learn them—its configuration is fairly complicated. Fortunately, the default installation is basically ready to go. To learn how to fine-tune Privoxy to your liking, read the official configuration guide.
The only thing you really need to do before using Privoxy for the first time is to configure your web browser to use Privoxy as a HTTP and HTTPS proxy. Simply go to your web browser’s settings, navigate to the proxy category and use 127. 0. 1 (or localhost) for the proxy address and 8118 for the port.
Conclusion
Knowing how to install a configure popular self-hosted proxy servers allows you to exercise greater control over your internet experience. There are many wonderful solutions worth exploring, and we’ve only scratched the surface of what’s possible.
About the author
David Morelo is a professional content writer in the technology niche, covering everything from consumer products to emerging technologies and their cross-industry application
The 8 Best Self-Hosted Proxy Servers | FOSS Linux
A proxy service aims to act on behalf of another. It could be to act on behalf of another person or behalf of another client machine or server. Hence, when we talk proxy servers, we have forward proxy servers or reverse proxy servers.
A forward proxy server is positioned at the edge of your network to regulate outbound traffic according to preset rules in a shared network. It is also used to disguise a client’s machine IP address and block malicious inbound traffic. Forward proxy servers keep track of requests, responses, sources, and destinations, allowing different clients to send out various requests to other servers through the forward proxy, intermediate for all of them.
Self-Hosted Proxy Servers
A reverse proxy server proxies on behalf of servers and accepts requests from external clients on behalf of servers. Reverse proxy servers also act as load balancers which plays a critical role in providing high availability to your network services.
Proxy servers play a critical role as they can serve as a single point of access and control, making it easier for you to manage security policies for your network. Some people use self-hosted proxy servers to get past geographic restrictions, reduce bandwidth consumption. To improve response times through caching, restrict access to certain websites or IP addresses, eliminate some annoying ads, or protect children from Internet harm.
The article will highlight some self-hosted proxy servers available for your to install and use for your network.
1: Privoxy proxy
Privoxy Proxy
Privoxy is a non-caching web proxy build to enhance users’ privacy. It boasts enhanced filtering capabilities for modifying HTTP headers and web page data, controlling access, and removing super annoying ads. You can easily configure Privoxy, and it offers flexible configurations for multi-user networks and single-user systems.
You can configure Privoxy as an HTTP proxy or as an intercepting proxy if you combine it with a packet filter. You can easily configure and set up Privoxy in Firefox from the Manual Proxy Configuration menu under the Tools Settings. From the official Privoxy man page, you can only proxy HTTP and HTTPS traffic and a guideline not to use Privoxy with FTP or other protocols not officially listed.
Privoxy has been under release since 2001 under the GNU General Public License.
Privoxy is available for Linux, DD-WRT, OpenWrt, Windows, macOS, OS/2, BeOS, etc. Privoxy makes it into our list because it is relatively easy to install, configure and get running. The default configurations are sufficient for locally defined exceptions and locally defined filters. The concept of actions in Privoxy gives you, as the user, great control to manipulate data streams between remote sites and the browser. Some Privoxy actions available for you include blocking websites, managing cookies, URLs, or grouping URLs using regular expressions.
2: Swiperproxy
SwiperProxy is an open-source project written in Python. If you need a web proxy that gives you less hustle to configure and get running, SwiperProxy is your choice. SwiperProxy can be easily set up using 25 lines of well-documented configurations. Despite SwiperProxy being a minimalist web server, it is lightning fast and has features that support HTTP, HTTPS, logging, URL rewrites, and blocklists.
It works great with all major web servers, including Apache, Nginx, Varnish, and can be installed in all major distributions. It also allows you to place a reverse proxy in front of it, increasing security and giving you more configuration options.
It is an excellent place to learn to configure and set up self-hosted proxy web servers. SwiperProxy has a simple procedure to run it as a self-containing proxy or as a daemon.
Run Swiperproxy with the following terminal command:
$ sudo -u swiperproxy python -c
SwiperProxy is an open-source project hosted on GitHub and is available under the MIT license. Learn more on how to get started with SwiperProxy from their official quickstart GitHub page.
3: Squid Proxy Server
Squid Proxy
Squid is a free, open-source proxy server supporting various protocols such as HTTP, HTTPS, FTP, etc. It features a reverse proxy (HTTP-accelerator) which serves as a web cache daemon that caches incoming requests for outgoing data. It features several traffic optimization options, access control, authorization, logging facilities.
The other day, a colleague asked why I run Squid on my workstation. These are some of the points I highlighted to her.
There has been exponential growth in web content and the Internet, making a necessity for a caching mechanism a necessity. Squid has some powerful caching primitives which hint to servers and applications on how content should be cached, validated, and revalidated. Caching improves user response times and the amount of bandwidth required to serve the web content.
With Squid, you can quickly scale your web projects with its content accelerators. Thousands of websites use it to improve their content delivery.
Squid runs on all major Linux operating systems and Windows. Hundreds of ISPs worldwide use it to provide the best possible internet experience and save on bandwidth.
You can visit their official Squid homepage (They have a great logo!! ) to learn more about the Squid project or contribute as a developer or user through their extensive support options like the Bugzilla database or mailing list.
4: Traefik Proxy
Traefik Infrastructure
Træfɪk is a modern, fast HTTP reverse proxy and load balancer that is optimized for deploying micro-services. It is an exciting open-source project written in the Go programming language. Træfɪk makes our list because it is easy to configure and is designed for modern cloud-based services. You can integrate it with other services like orchestration tools and service discovery mechanisms like Docker Swarm, Kubernetes, AWS, Rest API, Etcd, etc.
Træfɪk can be automatically and dynamically configured by any user and does not require any extensive knowledge of networking or proxy servers. Træfɪk can scan your infrastructure to discover the suitable configurations and services to serve requests in your infrastructure. Træfɪk can allow you to add, remove, kill, upgrade, or scale services with ease.
Other features supported by Træfɪk include WebSockets, HTTP/2, hot reloading, GRPC, and HTTPS using Let’s Encrypt certificates. It keeps access logs, and it is easy to configure metrics such as Datadogs, Prometheus, Rest, or InfluxDB.
Moreover, Træfɪk ships with a simplified HTML-based web-based user interface. Managing events couldn’t be any easier. Træfɪk is packaged as a single binary file and is available as a docker image. Learn more about the project from the Traefik Team, whose primary goal is to make a simple to use proxy/edge router.
5: Tinyproxy
Tinyproxy is a lightweight open-source HTTP/HTTPS proxy daemon for all major Linux and Unix operating systems. Tinyproxy is distributed under the GNU GPL license. Tinyproxy is designed to be a fast and yet small proxy that is ideal for use cases such as embedded deployments and small networks.
Some desirable features include the buffering connection concept, where Tinyproxy will buffer a high-speed response from a server and relay it to the client at the highest acceptable speed. It features an anonymous mode that allows individual HTTP headers to be allowed through or blocked from entering your infrastructure.
It supports HTTPS, URL-based filtering, access control using subnets and IP addresses, transparent proxying, and an extensive privacy feature. Its privacy feature allows you to restrict the data from an HTTP server to your web browser and what data is allowed from your web browser to the HTTP server. Tinyproxy has a security feature where it runs without any special privileges, which minimizes the chances of your infrastructure being compromised.
Moreover, as the name suggests, Tinyproxy has a small memory footprint of about 2MB with Glibc. The CPU load on your local machine increases linearly with the number of successful connections. In essence, with such a tiny memory footprint, Tinyproxy can run on old hardware without compromising on its performance. Explore more configuration options and features here.
6: HAProxy
HAProxy or High Availability Proxy is a free and open-source load balancer. It also functions as a reverse proxy for TCP and HTTP applications. HAProxy is a very fast, reliable proxy built for high availability.
HAProxy is a leading standard in load balancing, and you can use it to distribute workloads and improve the performance of applications and websites in your infrastructure. It has shown excellent results in minimizing response times and increase throughput.
Other outstanding features of HAProxy include services such as Layer 4 and 7 load balancing, support for HTTP, HTTP/2, gRPC, FastCGI, SSL/TLS terminator/initiator/offloader, a caching proxy, a traffic regulator, a content-based switch. It also protects against DDoS and service abuse. It implements stickiness (maintain a client on the same server across different events), content switching, HTTP rewriting and redirection, advanced health checking, logging, and statistics. Moreover, it features a CLI (command-line interface) for server management which comes in handy for users who prefer interacting through commands.
HAProxy
HAProxy is multithreading with an event-driven, non-blocking engine with a high-speed I/O layer. The priority-based multi-threaded scheduler enables it to handle tens of thousands of concurrent connections. It utilizes the PROXY protocol to pass the relevant client’s connection information to servers.
HAProxy has very impressive security records with very few vulnerabilities reported by users over the years of its existence. It limits attacks through features such as self-isolating using chroot, avoiding disk access after initialization, and dropping to a non-privileged user group on startup.
Users can define an access control list to allow access based on a client’s request and metadata. All these features combined with rate limiting, IP whitelisting, or blacklisting offer formidable security features for your infrastructure.
Some notable high-traffic users of HAProxy include GitHub and Twitter. You can find more features and add-ons on the HAProxy Enterprise commercial option available through HAProxy Technologies.
7: Pound proxy
Pound proxy is a lightweight open-source reverse proxy and load balancer that can also be deployed as a front-end for web servers. Pound makes our list partly because the HAProxy team recommends it as an alternative to HAProxy on the official HAProxy homepage.
Pound proxy is distributed under the GPL license. It was built to enable the distribution of workloads among several web servers and build a convenient SSL wrapper for web servers.
With Pound proxy, you get a reverse proxy, a load balancer that works while keeping session information, an SSL wrapper that decrypts HTTPS requests from browsers and passes them as plain HTTP back-end servers. It is an HTTP/HTTPS sanitizer that verifies requests for the correctness and is also a fail-over server that monitors running and failing servers to determine the best server to pass client requests.
Pound proxy is a minimalist program that can be easily audited for security problems. It can run as a setgid/setuid or in chroot without accessing your hard disk, thus posing no threat to your hardware. Pound proxy is not a web server or a web accelerator and therefore has no caching capabilities.
8: Skipper proxy
Skipper Proxy
Last but not least, we have a new kid on the block, Skipper. Not to be confused with the informal name for a captain in a team or a ship. Skipper is an open-source project to create a free HTTP router and reverse proxy for service composition. It has been designed to handle over 800k HTTP route definitions beyond what you would easily manage in Nginx or Apache. It is highly configurable and can be extended with custom filter logic, lookup, and configuration sources. But by default, Skipper comes with out-of-the-box configurations and a default executable command with a few built-in filters, which you can use on the go.
Its main features and some use cases include; a service to identify routes based on the requests path, host, method, or headers. It allows modification of clients’ requests and responses for each route. It can serve as a Kubernetes Ingress controller in a cloud infrastructure. Skipper can also update its routing rules from multiple data sources such as static files, etcd, Kubernetes Ingress, and custom sources without downtime.
Please find out more about Skipper’s features and integration with Kubernetes on the Skipper homepage or download the source code from its active Github next step…
There are many solutions and services to choose from if you require either a forward proxy or reverse proxy in your infrastructure. There also many other wonderful services and solutions that can act as alternatives to proxy servers. I excluded seasoned players in the game like Nginx and Apache HTTP Server, popular HTTP servers that can be configured to act as reverse proxy servers.
Other options worth exploring are Pi-hole (for use with Raspberry Pi single-board computers), Varnish HTTP Cache, Pomerium, Microproxy, Redbird, etc. We could say, ‘Too many to mention. ’
But to get started, you should learn to install a configure some popular self-hosted servers in a virtual environment. Proxy servers allow you greater control of your network and internet infrastructure.