How to set up squid

Thanh Phu on July 27, 2018

On Ubuntu

Basic squid conf

/etc/squid3/squid.conf instead of the super bloated default config file

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

# Choose the port you want. Below we set it to default 3128.
http_port 3128

Setting up a user

sudo htpasswd -c /etc/squid3/passwords username_you_like

and enter a password twice for the chosen username then

sudo service squid3 restart

How to install tinyproxy, the comprehensive guide

Thanh Phu on July 27, 2018

You should build from source, since the latest version on Ubuntu repository doesn’t support authentication yet

git clone https://github.com/tinyproxy/tinyproxy.git
sudo apt-get install automake cmake asciidoc 

cd tinyproxy
./autogen.sh
make && make install

Add authentication

vi /etc/tinyproxy.conf
-----
BasicAuth user password
Allow your.local.ip.address
-----
sudo /etc/init.d/tinyproxy restart

How to install SOCKS5 on your VPS

Thanh Phu on July 27, 2018

Focusing on Dante, as I find it to be the easiest to install. First thing first, assuming you are using Ubuntu, do the usual

apt-get update && apt-get upgrade

Installing Dante from source on Ubuntu 16.04

The best way to install Dante is to use its source package for the latest available version which is currently version 1.4.2 . You can download the latest version from this Link to Dante Download Page. Copy the source link and download the Dante package using below ‘wget’ command.

# cd /usr/src
# wget http://www.inet.no/dante/files/dante-1.4.2.tar.gz

Once the package has been downloaded, then extract it within the current directory using below command.

# tar -zxf dante-1.4.2.tar.gz

Change directory to the extracted folder to compile and install the package.

# cd dante-1.4.2/

Make sure that you have 'gcc' and 'make' utilities installed on your system prior to compile and installation of Dante package. You can use below command to install.

# apt-get install gcc make

Now let’s run the below command to compile the source with required prefix as shown.

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --disable-client --without-libwrap --without-bsdauth --without-gssapi --without-krb5 --without-upnp --without-pam

At the end of the compilation process, you will get its configuration status as shown below.

 Configure status:

Client:            Disabled, using --disable-client
Server:            Enabled
Preloading:        Enabled
Libwrap:           Disabled, using --without-libwrap
BSD Auth:          Disabled, using --without-bsdauth
PAM:               Disabled, using --without-pam
GSSAPI:            Not found/disabled
KRB5:              Not found/disabled
SASL:              Not found/disabled
UPNP:              Not found/disabled
Compatability:     issetugid setproctitle strlcpy strvis

                     Modules:

redirect:          Not found
bandwidth:         Not found
ldap:              Not found

After that run the following ‘make’ command to install the compiled packages.

# make && make install

You can check the installed version of Dante using below command.

# /usr/sbin/sockd -v
Dante v1.4.2.  Copyright (c) 1997 - 2014 Inferno Nettverk A/S, Norway

Configuring Dante-server service script

Now we are going to create the configuration file for the dante-server’s start/stop script. To do so create a new file in ‘/etc/init.d/’ directory and place the following contents in it using your command line editor.

# vim /etc/init.d/sockd

#! /bin/sh
### BEGIN INIT INFO
# Provides:          sockd
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start the dante SOCKS server.
# Description:       SOCKS (v4 and v5) proxy server daemon (sockd).
#                    This server allows clients to connect to it and
#                    request proxying of TCP or UDP network traffic
#                    with extensive configuration possibilities.
### END INIT INFO
#
# dante SOCKS server init.d file. Based on /etc/init.d/skeleton:
# Version:  @(#)skeleton  1.8  03-Mar-1998  [email protected] 
# Via: https://gitorious.org/dante/pkg-debian

PATH=/sbin:/usr/sbin:/bin:/usr/bin
NAME=sockd
DAEMON=/usr/sbin/$NAME
DAEMON_ARGS="-D"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
DESC="Dante SOCKS daemon"
CONFFILE=/etc/$NAME.conf

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions

set -e

# This function makes sure that the Dante server can write to the pid-file.
touch_pidfile ()
{
  if [ -r $CONFFILE ]; then
    uid="`sed -n -e 's/[[:space:]]//g' -e 's/#.*//' -e '/^user\.privileged/{s/[^:]*://p;q;}' $CONFFILE`"
    if [ -n "$uid" ]; then
      touch $PIDFILE
      chown $uid $PIDFILE
    fi
  fi
}

case "$1" in
  start)
    if ! egrep -cve '^ *(#|$)' \
        -e '^(logoutput|user\.((not)?privileged|libwrap)):' \
        $CONFFILE > /dev/null
    then
        echo "Not starting $DESC: not configured."
        exit 0
    fi
    echo -n "Starting $DESC: "
    touch_pidfile
    start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
        || return 1
    start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
        $DAEMON_ARGS \
        || return 2
    echo "$NAME."
    ;;
  stop)
    echo -n "Stopping $DESC: "
    start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
    RETVAL="$?"
    [ "$RETVAL" = 2 ] && return 2
    start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
    [ "$?" = 2 ] && return 2
    echo "$NAME."
    ;;
  reload|force-reload)
    #
    #   If the daemon can reload its config files on the fly
    #   for example by sending it SIGHUP, do it here.
    #
    #   Make this a do-nothing entry, if the daemon responds to changes in its config file
    #   directly anyway.
    #
     echo "Reloading $DESC configuration files."
     start-stop-daemon --stop --signal 1 --quiet --pidfile \
        $PIDFILE --exec $DAEMON -- -D
  ;;
  restart)
    #
    #   If the "reload" option is implemented, move the "force-reload"
    #   option to the "reload" entry above. If not, "force-reload" is
    #   just the same as "restart".
    #
    echo -n "Restarting $DESC: "
    start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
    sleep 1
    touch_pidfile
    start-stop-daemon --start --quiet --pidfile $PIDFILE \
      --exec $DAEMON -- -D
    echo "$NAME."
    ;;
  status)
    status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
    ;;
  *)
    N=/etc/init.d/$NAME
    # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
    echo "Usage: $N {start|stop|restart|status|force-reload}" >&2
    exit 1
    ;;
esac

exit 0

Save and close the file using 'wq!' and give it execution permissions and update thh startup script using below commands.

# chmod +x /etc/init.d/sockd
# update-rc.d sockd defaults

Dante-server Sockd Configuration

First we start the global server settings before going to configure the advance settings of access rules. There are two types of rules that have to be defined in its configuration file. Client rules are mainly designed to specify which client is granted access to which socks server. In the socks rule section the actual application request is evaluated. By adding port numbers or rages access to the specific hosts or networks can be limited.

Let’s create the sockd configuration by placing the following parameters into the 'sockd.conf' file.

# vim /etc/sockd.conf
logoutput: /var/log/socks.log

internal: ens160 port = 1080
external: ens160

method: username
user.privileged: root
user.notprivileged: nobody

client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}


client block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}

pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}

block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}

Starting Dante-server service

Once you have configured the danted-server sockd configuration file, then start its service and check the status its started without any error.

# /etc/init.d/sockd start
# /etc/init.d/sockd status

# /etc/init.d/sockd status


Use below command to check its listening state of port ‘1080’.

# netstat -tulp
tcp        0      0 k-vm:socks              *:*                     LISTEN      70839/sockd

In case you are unable to start your sockd service, then check your logs from ‘/var/log/socks.log’ file and modify 'sockd.conf' file.

To stop 'sockd' service you can kill its process number or use below command.

# /etc/init.d/sockd stop
[ ok ] Stopping sockd (via systemctl): sockd.service.

Create user for Dante

Dante uses unix authentication and password will be sent via clear text, so it’s best to have a dedicated user for it

useradd -M proxyuser # create user without home
usermod -L proxyuser # disable login
passwd dante # chage password

Try the proxy

Do this on your client machine to make sure everything works

curl --max-time 5 -x socks4://proxyuser:[email protected]:port https://api.ipify.org\?format\=json && echo

Review of VPS hosts in Korea

Thanh Phu on July 26, 2018

Popular providers like DO, Linode and Vultr all have presence in Japan… but not in Korea, the country with the fastest internet connection on the planet, which is a shame.

And due to the language barrier, it’s pretty hard to find info on Korea-hosted VPS on the internet. This post aims to solve that

Straight to the point –

Cafe24

Probably the most popular host in Korea. They host websites, wordpress installation, bare metal server and of course… VPS. Here’s the price

Starting from $5.5 for 1GB RAM to 33$ for 4GB RAM, per month

Pros

  • You get 8 cores regardless of the plan
  • VMWare Virtualization
  • One dedicated IPv4 address
  • The best price you’ll get of any reputable provider
  • Select between Linux / Windows (costs more)
  • Pretty fast disk (twice as fast as Vultr)

Cons

  • Setup fee 22$
  • Pretty limited bandwith, 300GB per month at the worst case
  • Crappy CPU, the cores are really slow (I think they are second-gen Xeons), with most of the CPU extensions disabled… so they are only good for one thing: serving web pages (and no, they can’t do THAT thing you are thinking about when you read “8 cores” 😉
  • Of course you must speak Korean to register or contact support
  • Require a Korean ID

You can register for them here

Somagu (mud fish)

Cheapest provider I could find that have servers in Korea. Pretty simple interface. Prices

Starting at $2.57 permonth for 512GB RAM

Pros

  • Korean hosted
  • English support
  • Automatic activation
  • Cheapest of anything you can find in Korea
  • Don’t require a Korean ID

Cons

  • You get to share IP
  • Your shared IP is used by Chinese spammers… you’ll see a lot of IP change request in the support forum. I don’t know why but for some reason Chinese spammers love themselves a Korean address

You can find them here

iwinv

Price

From $4 per month for 1 core / 1GB RAM

Pros

  • Cheap
  • Free IP

Cons

  • Korean only
  • Requires Korean ID
  • Limited bandwidth

You can find them here

Amazon lightsail (Seoul region)

Available countries

Recently made available in Seoul, cheaper than EC2, a good choice if you are already tied into the Amazon ecosystem

Price starting from 5$ for 512MB RAM

Pro

  • Reputable
  • Easy to use
  • All in English
  • Don’t require a Korean ID
  • Generous bandwidth

Cons

  • More expensive compared to other options

Find ’em here

Amazon EC 2

Pro

  • Like lightsail
  • Much more versatile

Cons

  • Way way too expensive, unless you are a corporate user

You know where to find them

PHP school

Starting from 4,900 won for 512MB RAM

Cons

  • Pretty slow… can’t open their homepage at the time of writing

Find them here

Naver cloud

Starting from $13 for 1GB RAM

Pros

  • English support
  • Reputable company
  • No bandwidth limit

Cons

  • Expensive like EC2

You can find them here

How to connect to MySQL / MariaDB using Node.JS (the right way)

Thanh Phu on July 26, 2018

Use a connection pool. It helps

  • Conserve resource, connections got recycled
  • Better reliability: it automatically reconnects when there’s a problem

How? Simple, instead of creating a connection, just create a pool. It’s designed as a drop in replacement for client.query()

var mysql = require('mysql');
var pool  = mysql.createPool({
  connectionLimit : 10,
  host            : 'example.org',
  user            : 'bob',
  password        : 'secret',
  database        : 'my_db'
});

pool.query('SELECT 1 + 1 AS solution', function (error, results, fields) {
  if (error) throw error;
  console.log('The solution is: ', results[0].solution);
});

is a shorthand for

var mysql = require('mysql');
var pool  = mysql.createPool(...);

pool.getConnection(function(err, connection) {
  if (err) throw err; // not connected!

  // Use the connection
  connection.query('SELECT something FROM sometable', function (error, results, fields) {
    // When done with the connection, release it.
    connection.release();

    // Handle error after the release.
    if (error) throw error;

    // Don't use the connection here, it has been returned to the pool.
  });
});