Creating a US proxy with a Docker Container in Azure

04/09/2016

Having a proxy in another country is useful for a lot of things. My specific reason to investigate it was to be able to watch american TV shows online (I had also planned to use it for US Netflix, little was I aware that Netflix since July 2016, have proxy blocker in place, so this trick will unfortunately work with Netflix).

Of course you can buy a third party VPN or Proxy service, but that is no fun and also cost money. I wanted to play around with Docker containers in Azure, and have a lot of Azure credits to burn, so if I could find a Docker + Azure solution it wouldn’t cost me anything. This is what I found out.

Docker Proxy

I search around a little to find a good proxy server that can run in a docker container. Eventually I found a container hosting squid (which seems to be very popular linux proxy). The container is called docker-squid.

I tested the container on my Windows 10 machine using the Docker for Windows, and it was super easy to get up and running. I just followed the instructions on the github for docker-squid.

After installing Docker for Windows I did a simple

docker pull sameersbn/squid

Followed by the docker command to run the container

docker run --name squid -d --restart=always --publish 3128:3128 --volume /srv/docker/squid/cache:/var/spool/squid3 sameersbn/squid

Now you have proxy running on your local Docker host. You can see so by running docker ps

In order to test it out, you can change your internet setting to use the proxy
proxy-settings

To see that you are actually using the proxy, you can route the proxy logs to the console output using

docker exec -it squid tail -f /var/log/squid3/access.log

docker-squid-log-tail

Everything looks great, lets find a way to run it in Azure.

Running Docker Squid in Azure

I’m a complete docker noob, the last time I played with it is more than a year ago, so wanted to try some of the new shiny Azure services for running docker containers. So my plan was to use Azure Container Service (ACS) to run my proxy. I was surprised with the complexity of the DC/OS + Marathon system, even though it actually was very easy to setup in ACS. From a getting started stand point the hardest part was actually to generate the SSH key on a windows machine (says it all). Unfortunately one thing is to set it up, which was easy due to the effort Microsoft and the Docker community have put into it, something else is knowing how to use it to run and configure a single container (my docker-squid image just kept restarting). That required more effort than I was willing to put in for my simple US proxy mission, so I gave up on ACS with DC/OS fairly quick after getting the environment up and running, and decided just to go with a simple Linux box.

Which Linux Image to pick

When you are not a regular Linux user, it gets kinda intimidating when you have to select an Linux image from the many thousands that exits. I decide to go with the easy option to pick one from the azure-quickstart-templates library, namely docker-simple-on-ubuntu, that sounded like what I needed.

Getting a VM with the image is super quick just press the deploy to button from the Github page, or use this link

You need to deploy the machine in the region you want your proxy server to be located in, so in my case I selected East US. I just went with the standard machine size in the template which is F1. That machine costs 83$ a month, which is expensive if you use it for nothing else compared to some of the 3rd party proxy services. If you want you can go with an A0 machine that will cost you 13$ which isn’t too bad.

To access the machine I used good old putty.

Once you are logged into the machine you can pull the docker image like before. Before you start the image, you should make a configuration file for squid (because per default, you can only access the proxy server from localhost, which makes it pretty useless for our scenario).

The config file, squid.conf I used is very minimalistic (squid can do a lot of things, so if you want to go crazy there’s room for it).


http_port 3128

acl home src

http_access allow home

What the config does is to allow my home network to use the proxy server, without this line you just get an ACL error when using the proxy.

Now to run the docker squid image using your own config file, you need to run the following command

docker run --name squid -d --restart=always --publish 3128:3128 --volume $PWD/squid.conf:/etc/squid3/squid.conf --volume /srv/docker/squid/cache:/var/spool/squid3 sameersbn/squid

Use $PWD if you squid.conf file is located in your home directory, otherwise write the full path to it.

Now you squid docker image is running and ready to be used.

Here’s how target.com looks when accessed through the proxy compared to when access from my Swedish ISP’s network. Just picked target as an example, because their shop is locked down with IP restriction, so international customers can’t even switch to the US shop, e.g. if they want to order items to relatives in the US, while being abroad. I’m sure there are many other similar examples.
target-us-vs-target-international

Performance

Just wanted to do few speed test to, see how much the proxy would slow my internet connection down. Here’s the results:

Here is a speedtest of my connection looks when I’m not using a proxy
no-proxy

A speed test with the proxy located in East US and running on the default F1 machine
squid-us-proxy-f1

Finally a speed test where I scaled the machine down to A0 Basic (the cheapest you can get)
squid-us-proxy-a0-basic

As you can see the proxy does limit my bandwidth (to be expected) and the machine size doesn’t influence the results very much, so no need to go for the more expensive machine.