Set Up a Secure HTTPS Proxy in Under 10 Minutes

By Jasper MonroeLinux Commands

Secure HTTPS Proxy in Under 10 Minutes

This guide explains how to deploy an HTTPS proxy using dumbproxy on almost any Linux server. All you need is curl and root access to a server.

Here, an HTTPS proxy means an HTTP proxy with a TLS (HTTPS) connection, not just a plain HTTP proxy that can tunnel HTTPS. This setup adds an extra layer of TLS encryption between the client and the proxy server, ensuring the privacy of your connection to the proxy. Such proxies are suitable for direct use in browsers and other software. Many so-called browser “VPN extensions” actually work through these encrypted HTTP proxies.

Step 1. Assign a Domain Name

You’ll need a domain name for your server so TLS (HTTPS) works smoothly. You can buy a domain and point it to your VPS’s IP address, or use a free service that provides domain names. If you use a free service, make sure the parent domain is on the public suffix list; otherwise, you may run into certificate issuance limits with Let’s Encrypt.

This guide uses the free service freemyip.com, which gives you a domain without registration:

  1. Go to https://freemyip.com/.
  2. Choose a domain name and claim it.
  3. Save the link you receive.
  4. Run the following command on your server (replace LINK with the link you received):
    curl 'LINK'
    Note: Enclose the link in single quotes!

Check: Use ping to verify your domain points to your VPS’s IP. If not, wait a few minutes and try again.

Step 2. Install dumbproxy

This assumes an amd64 CPU. For other architectures, see binaries here.

curl -Lo /usr/local/bin/dumbproxy 'https://github.com/Snawoot/dumbproxy/releases/download/v1.6.1/dumbproxy.linux-amd64' && chmod +x /usr/local/bin/dumbproxy

Check: The command dumbproxy -version should output v1.6.1.

Step 3. Configure dumbproxy

  1. Create a user/password file. Replace USERNAME and PASSWORD with your desired credentials:
    dumbproxy -passwd /etc/dumbproxy.htpasswd 'USERNAME' 'PASSWORD'
  2. Create the config file /etc/default/dumbproxy with the following content:
    OPTIONS=-auth basicfile://?path=/etc/dumbproxy.htpasswd -autocert -bind-address :443
  3. Create the systemd service file /etc/systemd/system/dumbproxy.service with this content:
[Unit]
Description=Dumb Proxy
Documentation=https://github.com/Snawoot/dumbproxy/
After=network.target network-online.target
Requires=network-online.target

[Service]
EnvironmentFile=/etc/default/dumbproxy
User=root
Group=root
ExecStart=/usr/local/bin/dumbproxy $OPTIONS
TimeoutStopSec=5s
PrivateTmp=true
ProtectSystem=full
LimitNOFILE=20000

[Install]
WantedBy=default.target

Finally, reload systemd to apply the new configuration:

systemctl daemon-reload

Step 4. Start dumbproxy

  1. Enable autostart:
    systemctl enable dumbproxy
  2. Start the service:
    systemctl start dumbproxy

Check: The command
curl -x 'https://USERNAME:PASSWORD@DOMAIN' http://ifconfig.co
should return your server’s IP address.
Note: The first request may take a few seconds while the certificate is issued.

Done!

Client Setup

Setting Up Proxy for All Browsers on Windows

  1. Open system proxy settings.
  2. Enable the setup script option and enter the following code:
    data:,function FindProxyForURL(u, h){return "HTTPS example.com:443";}
    Replace example.com with your domain.

Using in Firefox

  • Option 1: PAC Script
    Open Firefox proxy settings, switch to “Automatic proxy configuration URL,” and enter:
    data:,function FindProxyForURL(u, h){return "HTTPS example.com:443";}
    Replace example.com with your domain.
  • Option 2: Proxy Browser Extension
    Use any convenient browser extension to switch proxies. For example, this one.
  • Option 3: Firefox Containers
    The Firefox Container Proxy extension lets you assign different proxies to different Firefox containers. This way, you can open the same site from different network locations at the same time. Personally, I use this option.

Using in Chrome

  • Option 1: Command Line Parameter
    You can pass the proxy server as a command line option to Chrome:
    chromium-browser --proxy-server='https://example.com:443'
    Replace example.com with your domain.
  • Option 2: Proxy Browser Extension
    Use any convenient browser extension to switch proxies. For example, this one.

Using on Android

  1. Install AdGuard on Android: guide.
  2. Follow this guide starting from the section on configuring the app on Android. Set the proxy type to HTTPS and enter your username and password.

Using with Other Applications

You can connect to a remote HTTPS proxy as if it were a local plaintext (unencrypted) proxy by using an app that listens on a local port and then connects via TLS to the remote server. One such adapter is steady-tun, which also pre-establishes connections to reduce TLS handshake delays.

Leave a Reply