LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Change Geolocation Without A VPN! Debian VPS + Tinyproxy + SwitchyOmega On A Chromebook!

Life Is Good In Mexico!

TinyProxy Logo

Everything about visiting Mexico has been wonderful! The people here are very kind, very friendly, and completely welcoming. The food is great, and life is peaceful.

I have only one little problem. When I go online from a Mexican IP, Ebay and many other sites give me Spanish descriptions plus pricing in pesos. One US bank where I have an account refuses to allow any access to their website from a Mexican IP. I sometimes fail fraud checks. After all, there’s no way, ever, that a guy from New York City legitimately could be using a Mexican IP for a credit card purchase. So that’s my problem. As an American, sometimes I need to pretend to be online from somewhere within the US. Even the bank explicitly suggested such pretending.

Tinyproxy has been an excellent solution to this problem. More recently I also have been using a Wireguard VPN and looking at additional self-hosted VPN options.

As between Wireguard and Tinyproxy, Tinyproxy has many advantages. Tinyproxy is simple. It’s easy to set up and configure. TinyProxy has excellent logging! With Tinyproxy I easily can understand what’s happening. From my Mexican IPv4-only ISP, just like a VPN, Tinyproxy also gives me both IPv4 and IPv6 geolocated in the US.

Since I am using a Chromebook most of the time, I can take advantage of the SwitchyOmega Chrome browser extension to allow quickly and conveniently changing, or even automatically changing per website, from my Mexican IP to the proxied US IPs.

Chromebooks support several types of VPNs. However, some VPN protocols do not work when, as here with my Mexican ISP, one is behind CGNAT. Also, there seems not yet to be native Chrome OS support for Wireguard, which is used by my VPN. Some Chromebooks can run Wireguard via the Android Wireguard app, which works just fine to enable connectivity for all other Android apps on the same Chromebook. However, the native Chrome OS Chrome browser and containers all seem to lose connectivity when the Android Wireguard app is activated.

A disadvantage of Tinyproxy plus SwitchyOmega may be that only HTTP(S) traffic coming from Chrome browser is sent through the proxy IP. Traffic not from Chrome browser remains on the local IP. However, I need only HTTP(S) to appear to be originating from the US. I don’t need to change ssh, DNS requests, or anything else besides HTTP(S) from Chrome.

Also, I need only Darkstar’s single US location. I am neither pretending to be someone else nor trying to be anonymous. I feel no need to hide from the friendly Mexicans. Haha, as the bank suggested, I am only pretending to be a truer version of my own gringo self. 😎 So I have been continuing with Tinyproxy and SwitchyOmega. My previous Tinyproxy install was about five years ago on a VPS at Google Cloud Platform. The Tinyproxy plus SwitchyOmega combo works really well!

This article describes how I set up Tinyproxy and how I set up SwitchyOmega. Besides the install and setup summaries, links to additional references also are provided.

Tinyproxy Setup On Debian VPS

Here is what I did to setup Tinyproxy on a Debian VPS running on my antique bare metal server, Darkstar. Darkstar is happily colocated with Level One Servers in Dallas, Texas, USA.

root@debian:~# apt-get update
root@debian:~# apt-get upgrade
root@debian:~# apt-get install tinyproxy
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
The following NEW packages will be installed:
tinyproxy tinyproxy-bin
0 upgraded, 2 newly installed, 0 to remove and 7 not upgraded.
Need to get 77.4 kB of archives.
After this operation, 213 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://deb.debian.org/debian sid/main amd64 tinyproxy-bin amd64 1.11.0-1 [50.0 kB]
Get:2 http://deb.debian.org/debian sid/main amd64 tinyproxy all 1.11.0-1 [27.4 kB]
Fetched 77.4 kB in 1s (154 kB/s)
Selecting previously unselected package tinyproxy-bin.
(Reading database ... 40609 files and directories currently installed.)
Preparing to unpack .../tinyproxy-bin_1.11.0-1_amd64.deb ...
Unpacking tinyproxy-bin (1.11.0-1) ...
Selecting previously unselected package tinyproxy.
Preparing to unpack .../tinyproxy_1.11.0-1_all.deb ...
Unpacking tinyproxy (1.11.0-1) ...
Setting up tinyproxy-bin (1.11.0-1) ...
Setting up tinyproxy (1.11.0-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/tinyproxy.service → /lib/systemd/system/tinyproxy.service.
Processing triggers for man-db (2.10.2-1) ...
root@debian:~# root@debian:~# systemctl status tinyproxy
● tinyproxy.service - Tinyproxy lightweight HTTP Proxy
Loaded: loaded (/lib/systemd/system/tinyproxy.service; enabled; vendor pres>
Active: active (running) since Mon 2022-05-23 00:25:49 UTC; 3min 2s ago
Docs: man:tinyproxy(8)
Process: 5369 ExecStart=/usr/bin/tinyproxy $FLAGS (code=exited, status=0/SUC>
Main PID: 5372 (tinyproxy)
Tasks: 1 (limit: 9498)
Memory: 1.1M
CPU: 20ms
CGroup: /system.slice/tinyproxy.service
└─5372 /usr/bin/tinyproxy
May 23 00:25:49 debian tinyproxy[5372]: trying to listen on host[], famil>
May 23 00:25:49 debian tinyproxy[5372]: listening on fd [0]
May 23 00:25:49 debian tinyproxy[5372]: trying to listen on host[::], family[10]>
May 23 00:25:49 debian tinyproxy[5372]: listening on fd [1]
May 23 00:25:49 debian tinyproxy[5372]: Now running as group "tinyproxy".
May 23 00:25:49 debian tinyproxy[5372]: Now running as user "tinyproxy".
May 23 00:25:49 debian tinyproxy[5372]: ERROR: Could not create log file /var/lo>
May 23 00:25:49 debian tinyproxy[5372]: Falling back to syslog logging.
May 23 00:25:49 debian tinyproxy[5372]: Setting the various signals.
May 23 00:25:49 debian tinyproxy[5372]: Starting main loop. Accepting connection>

Add “Allow $My_Mexican_IPv4_Address” in /etc/tinyproxy/tinyproxy.conf

Add empty file “/var/log/tinyproxy/tinyproxy.log” owned by tinyproxy:tinyproxy

root@debian:/var/log# ls -l | grep tinyproxy
drwxr-xr-x 2 root root 4096 Nov 8 2021 tinyproxy
root@debian:/var/log# chown tinyproxy:tinyproxy tinyproxy/
root@debian:/var/log# ls -l | grep tinyproxy
drwxr-xr-x 2 tinyproxy tinyproxy 4096 Nov 8 2021 tinyproxy
root@debian:/var/log# cd tinyproxy
root@debian:/var/log/tinyproxy# systemctl restart tinyproxy
root@debian:/var/log/tinyproxy# ls
root@debian:/var/log/tinyproxy# wc tinyproxy.log
15 157 1135 tinyproxy.log
root@debian:/var/log/tinyproxy# cat tinyproxy.log
NOTICE May 23 00:55:23.003 [5456]: Initializing tinyproxy …
NOTICE May 23 00:55:23.008 [5456]: Reloading config file
INFO May 23 00:55:23.013 [5456]: Setting “Via” header to ‘tinyproxy’
INFO May 23 00:55:23.016 [5456]: Adding Port [443] to the list allowed by CONNECT
INFO May 23 00:55:23.019 [5456]: Adding Port [563] to the list allowed by CONNECT
NOTICE May 23 00:55:23.022 [5456]: Reloading config file finished
INFO May 23 00:55:23.026 [5456]: listen_sock called with addr = ‘(NULL)’
INFO May 23 00:55:23.029 [5456]: trying to listen on host[], family[2], socktype[1], proto[6]
INFO May 23 00:55:23.033 [5456]: listening on fd [0]
INFO May 23 00:55:23.036 [5456]: trying to listen on host[::], family[10], socktype[1], proto[6]
INFO May 23 00:55:23.040 [5456]: listening on fd [1]
INFO May 23 00:55:23.043 [5456]: Now running as group “tinyproxy”.
INFO May 23 00:55:23.046 [5456]: Now running as user “tinyproxy”.
INFO May 23 00:55:23.050 [5456]: Setting the various signals.
INFO May 23 00:55:23.053 [5456]: Starting main loop. Accepting connections.

Configuration and Security

As shown above, the only change I made to the default Tinyproxy configuration was to list my Mexican IP as allowed to connect. I’m lucky that my ISP gives me a fixed IP, but unlucky that it’s behind NAT.

Tinyproxy fell back to using syslog because it couldn’t make the logfile. So, as shown above, I added the logfile by hand, and now Tinyproxy uses it. There are various log levels. I left Tinyproxy on “INFO,” the most verbose, because it’s a new install and because I enjoy reading the logs.

Maybe I have fewer concerns about security than some people, partly because Tinyproxy configuration limits allowed WAN use to my local Mexican IP. Also, I am using a VPS that’s running on my own server hardware. And I have a trusted colo provider.

I also ssh into the server and its VPSes several times a day. So it’s easy for me to turn Tinyproxy off when it’s not actually being used.

Additional security steps I could take include turning on username and password authentication in Tinyproxy. I might do so soon. Also, I probably should change the access port from the default 8888. An access port change seems like a good idea because I noticed in Tinyproxy’s logs several attacks within just the first few minutes of having Tinyproxy up and running.

Connecting To Tinyproxy With SwitchyOmega On A Chromebook

Installing SwitchyOmega is easy on a Chromebook. Just head to the Chrome Web Store store’s SwitchyOmega extension page and click Install.

In Chrome, click on the SwitchyOmega icon and select Options, the last entry on the menu. A configuration page opens. Select Proxy in the left bar. Then, under “Proxy Servers” in the “Default” top row, enter the IP address of the server on which Tinyproxy is running plus also the connection port (default 8888). Then click “Apply changes” at the bottom of the left vertical bar menu. Finally, click the SwitchyOmega icon again and select “Proxy,” which is the third item.

In a browser tab, go to your favorite of the websites which show your IP addresses. One site which tests both IPv4 and IPv6 is ipv6-test.com. If everything is working, your IP should be reported as the IP of the Tinyproxy server and not as the IP of your local connection.

If you plan to visit by proxy websites previously visited from your local IP, it might be good to remove cookies previously placed by those websites. For example, until I removed its cookies, Ebay remembered me as a Spanish speaker who wanted prices in pesos. But, as soon as the cookies were gone, I reverted to my American self who wanted English and prices in dollars.

One limitation of SwitchyOmega is that, because it’s a Chrome extension, we can’t use it in a private window. That’s because Chrome disables all extensions in private windows.

To turn SwitchyOmega off, click the SwitchyOmega icon and select “Direct.”

Notes And Additional References

So far, TinyProxy and SwitchyOmega have worked well for me. I haven’t done much with them beyond accessing the one bank website I previously mentioned, making a few credit card purchases, and making a few calls on Google Voice (which doesn’t seem to work from a Mexican IP).

If you’re interested in “Evaluating Server-side Internet Proxy Detection Methods,” you might enjoy reading Hans Hoogstraaten’s Masters Thesis.

Tinyproxy and SwitchyOmega are both Open Source and available on Github. Tintproxy is GPL-2.0 and SwitchyOmega is GPL-3.0.

There has been a lot of noise on the web about Google changing Chrome. I’ve even read that Chrome extensions are deprecated. This post on the Chromium Blog, however, says:

This change does not impact support for Chrome Extensions. Google will continue to support and invest in Chrome Extensions on all existing platforms. Fostering a robust ecosystem of extensions is critical to Chrome’s mission and we are committed to providing a useful extension platform for customizing the browsing experience for all users.

Hopefully, SwitchyOmega will be with us awhile longer.

1 Comment

  1. Ervin Gayle:

    Would something like a hosted openvpn work in comparison to your tinyproxy setup?

    June 3, 2022 @ 5:36 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *