How to Set Up a Proxy Server via SSH and ShadowSocks – A Step-by-Step Guide

In today’s digital landscape, privacy, secure communication, and controlled internet access are more important than ever. Whether you're working remotely, managing servers, bypassing restrictive networks, or simply enhancing your online privacy, setting up your own proxy server can be a powerful solution.

Two popular and lightweight methods for creating a secure proxy tunnel are:

• SSH Tunneling
• ShadowSocks

This guide walks you through both approaches step by step, explaining when to use each and how to configure them properly on a Linux server.

Why Use a Proxy Server?

Before diving into configuration, let’s understand why proxy servers are useful.

A proxy server acts as an intermediary between your device and the internet. Instead of connecting directly to websites, your traffic passes through the proxy server first.

Key Benefits:

• Encrypt traffic over insecure networks
• Bypass geographic or network restrictions
• Hide your IP address
• Secure remote browsing
• Protect sensitive communications
• Access internal services securely

Unlike traditional VPNs, SSH and ShadowSocks are lightweight and often harder to detect in restrictive environments.

Method 1: Setting Up a Proxy Using SSH

SSH (Secure Shell) is primarily used for secure remote server access, but it can also create encrypted proxy tunnels.

When to Use SSH Proxy

• You already have SSH access to a remote server
• You need a quick temporary secure tunnel
• You want encrypted traffic without installing extra software
• You need secure access on public Wi-Fi

Step 1: Requirements

You need:

• A remote Linux server (VPS or dedicated)
• SSH access credentials
• Public IP address of the server

If you don’t have a server yet, you can use providers like DigitalOcean, AWS, Linode, or any VPS provider.

Step 2: Create a SOCKS Proxy with SSH

On your local machine, run:

ssh -D 1080 -C -q -N username@server_ip

Explanation:

• -D 1080 → Creates a SOCKS proxy on local port 1080
• -C → Enables compression
• -q → Quiet mode
• -N → Do not execute remote commands

Now your local machine is running a SOCKS proxy at:

127.0.0.1:1080

Step 3: Configure Browser to Use the Proxy

In your browser network settings:

• Proxy type: SOCKS5
• Host: 127.0.0.1
• Port: 1080

All browser traffic will now pass securely through your remote server.

Step 4: Optional – Run SSH Proxy in Background

Use:

ssh -f -N -D 1080 username@server_ip

Or use autossh for automatic reconnection.

Advantages of SSH Proxy

• Simple setup
• Strong encryption
• No extra server software required
• Ideal for quick, temporary secure connections

Limitations of SSH Proxy

• Manual connection required
• Only works while SSH session is active
• May be blocked on restricted networks
• Not optimized for high-speed streaming

Method 2: Setting Up a Proxy with ShadowSocks

ShadowSocks is a secure SOCKS5 proxy designed to bypass censorship and improve performance compared to traditional SSH tunneling.

Unlike SSH, ShadowSocks is designed specifically for proxying and is widely used in high-restriction regions.

When to Use ShadowSocks

• You need better speed and stability
• You want a persistent proxy server
• You need improved performance over SSH
• You want to bypass advanced firewalls

Step 1: Install ShadowSocks on Server

On Ubuntu/Debian:

sudo apt update
sudo apt install shadowsocks-libev -y

Step 2: Configure ShadowSocks

Edit configuration file:

sudo nano /etc/shadowsocks-libev/config.json

Example configuration:

{
  "server":"0.0.0.0",
  "server_port":8388,
  "local_port":1080,
  "password":"StrongPasswordHere",
  "timeout":300,
  "method":"aes-256-gcm"
}

Important Fields:

• server_port → Port used for connection
• password → Secure password
• method → Encryption method (aes-256-gcm recommended)

Step 3: Start ShadowSocks

sudo systemctl restart shadowsocks-libev
sudo systemctl enable shadowsocks-libev

Check status:

sudo systemctl status shadowsocks-libev

Step 4: Open Firewall Port

If using UFW:

sudo ufw allow 8388/tcp
sudo ufw allow 8388/udp

Step 5: Install Client on Your Device

Download ShadowSocks client for:

• Windows
• macOS
• Linux
• Android
• iOS

Add server details:

• Server IP
• Port: 8388
• Password
• Encryption method

Connect and enable system proxy.

Advantages of ShadowSocks

• Faster than SSH tunneling
• More stable connections
• Less detectable than traditional VPN
• Designed for proxy usage
• Supports UDP

Limitations of ShadowSocks

• Requires additional setup
• Needs firewall configuration
• Slightly more complex than SSH

Security Best Practices

Whether using SSH or ShadowSocks, follow these guidelines:

1. Disable Password Login (SSH)

Use SSH keys instead of passwords.

2. Change Default SSH Port

sudo nano /etc/ssh/sshd_config

Change:

• Port 2222
• Restart SSH:
• sudo systemctl restart ssh

3. Use Strong Passwords

For ShadowSocks, never use weak passwords.

4. Enable Firewall

sudo ufw enable

Allow only required ports.

5. Keep Server Updated

sudo apt update && sudo apt upgrade -y

SSH vs ShadowSocks: Which Should You Choose?

Conclusion

Setting up your own proxy server using SSH or ShadowSocks gives you control, privacy, and flexibility without relying on third-party VPN services.

• Use SSH tunneling if you need a quick and secure temporary solution.
• Use ShadowSocks if you want better speed, persistence, and improved censorship resistance.

With proper security configuration, both methods provide a reliable and efficient way to protect your traffic and access the internet securely from anywhere.