Summary: how to use Pallet to configure and start an http proxy in the Amazon cloud, and then connect to it via ssh port forwarding.

Suppose you want to use an http proxy; you have several options. One is to use a free proxy. That does not suit me; I like to know what I’m connecting to. Another option is to subscribe to a commercial proxy service, or even a vpn service. I’d like to suggest a middle ground. Fire up your own on-demand proxy in the Amazon cloud. I see several advantages to this approach. You control the proxy, including the OS and software. It’s inexpensive, and it’s fun. Here’s how.

There are four elements you’ll need to get squared away.

  • Your Amazon EC2 account
  • Your ssh keys
  • Your browser network configuration
  • Your ability to execute Clojure code

I’ll make only brief remarks about each; detailed tutorials are readily available on the net. My instructions target linux. I imagine they can easily adapted to run on Macs, very likely on Windows too, with a bit more effort.

The plan is to fire up an Amazon EC2 instance, and to automagically configure it to provide proxy services via Privoxy. So you need to have an Amazon Web Services account. In particular, you’ll need to know your Access Key ID and your Secret Access Key. These can be found by going to your AWS account settings page, then picking Security Credentials. The values you want are on the Access Keys tab.

Once we have the EC2 instance running, we will connect to it via ssh. The setup I describe will expect to find two related keys in your .ssh directory, id_rsa and id_rsa.pub. For simplicity, don’t set a password on the keys, or if you prefer to set a password, also set up an ssh-agent. If per chance you are not familiar with ssh, take this opportunity to become familiar with an enormously useful software tool. There are many tutorials on the net; here’s one you might like.

You will need to configure your browser to use the proxy will set up. Using Firefox, for instance, go to Preferences::Advanced::Network::Connection Settings. Then select Manual Proxy Configuration, use localhost as your http proxy, and port 8118. These instructions assume nothing is already running on 8118. If you are already happen to be running something on that port, the simplest thing to do would be to turn it off for the duration of this experiment. Or you can adapt the instructions to use whatever port you prefer. I like to use the same port on both sides of the ssh tunnel, and Privoxy will be running on 8118 on the remote host.

Assuming your browser, ssh keys, and AWS account are ready, here’s the code we want to compile. It uses Pallet to provision and start an Amazon EC2 node running Privoxy. You can grab the code, and the lein project file, from my Mercurial repository. For a brief intro to Pallet, check out this article.

You’ll need to compile the above, and then run the launch function. Here’s the typical output:

pa-proxy.aws> (launch)
{:middleware #, 
 :compute #, 
 :blobstore nil, :parameters {:host {:us-east-1/i-970d1df6 nil}}, 
 :all-nodes ( webserverZONE/us-east-1a.REGION/us-east-1.PROVIDER/ec2 null
	amzn-linux paravirtual null amazon/amzn-ami-2011.02.1.i386-ebs
        RUNNING
	public: 184.73.78.88  
        private: 10.196.174.101), 
:user #:pallet.utils.User{:username "drc", 
:public-key-path "/home/drc/.ssh/id_rsa.pub", 
:private-key-path "/home/drc/.ssh/id_rsa", 
:passphrase nil, :password nil, :sudo-password nil, :no-sudo nil}, 
:results {:us-east-1/i-970d1df6 {:after-configure nil, :configure nil, :pre-configure nil}}, 
:target-nodes (  webserver ZONE/us-east-1a.REGION/us-east-1.PROVIDER/ec2 null
		 amzn-linux paravirtual null amazon/amzn-ami-2011.02.1.i386-ebs
		 RUNNING
		 public: 184.73.78.88  private: 10.196.174.101)}

On my machine and network connection, it took about two minutes for the launch function to return the output shown above, so be patient. Look through the output and find the public IP address returned, 184.73.78.88 in this example. Then open a terminal, and ssh to that address, as follows:

ssh -i ~/.ssh/id_rsa 184.73.78.88 -L 8118/localhost/8118

This will open an ssh tunnel to the proxy, and connect localhost:8118 on your machine to the Privoxy listening port 8118 on the remote machine. Leave the terminal session open. For a more detailed look at ssh port forwarding, try this Redhat Magazine article.

If all went well, your browser should be ready to go. Occasionally I have gotten a stack trace during the launch; simply trying again seems to clear it up. Not really sure what that’s about.

I have not done any performance measurements, but YouTube video streams come across just fine. Not too shabby, considering your traffic is encrypted courtesty of shh, and as an added bonus, Privoxy will clean up quite a few ads.

Final thoughts: try heading over to whatismyip.com to verify that your browser is seen to be coming from the IP address of the EC2 instance. Don’t forget to terminate the EC2 instance once you are done with it, otherwise Amazon will keep charging you for the time. I like to terminate instances from the Amazon Web Console; guess I’m just old school at heart.