Proxy servers play a crucial role in facilitating secure and efficient communication between end users and internet resources. They act as intermediaries, allowing users to control and monitor their web traffic for various purposes, such as privacy, security, and caching. One popular open-source SOCKS proxy server is Dante, which offers stability and reliability. In this tutorial, we will guide you through the process of installing and configuring Dante on a Debian 11 server, enabling you to establish private connections and enhance your web browsing experience.

Prerequisites

Before diving into the installation and configuration process, ensure that you have the following prerequisites:

1. A Debian 11 server
2. A non-root user with sudo privileges
3. Basic knowledge of server setup and configuration

Step 1: Installing Dante

To begin, we need to install Dante on your Debian 11 server. Dante is available in the official Debian repositories, making the installation process simple. Follow the steps below to install Dante:

1. Update your package listings by running the following command:

   sudo apt update

2. Install Dante by running the following command:

   sudo apt install dante-server

This command will install Dante and automatically set up a background service that starts upon installation. However, note that Dante ships with all its features disabled by default, so the service will fail to start initially.

You can verify the status of the Dante service by running the following command:

   systemctl status danted.service

If the service is enabled but failed to start, you will see an error message indicating that all SOCKS requests will be blocked after negotiation.

Step 2: Configuring Dante

After installing Dante, we need to configure it to enable the desired functionality. The default configuration file for Dante is located at /etc/danted.conf. Instead of navigating through the file and enabling options line-by-line, it is more efficient to replace the file entirely. Follow the steps below to configure Dante:

1. Delete the existing configuration file by running the following command:

   sudo rm /etc/danted.conf

This command will remove the default configuration file, as we will replace it with a more concise version.

2. Open a new configuration file using your preferred text editor:

   sudo nano /etc/danted.conf

This command will create a new configuration file or open an existing one if it already exists.

3. Add the following contents to the configuration file:

logoutput: syslog
user.privileged: root
user.unprivileged: nobody

internal: 0.0.0.0 port=1080
external: eth0

socksmethod: username
clientmethod: none

client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
}

socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
}

These configuration options define various settings for Dante, such as logging output, user privileges, network interfaces, and access rules. Feel free to customize these options based on your requirements.

4. Save the configuration file and exit the text editor.In nano, you can save the file by pressing Ctrl + O and then exit by pressing Ctrl + X.
5. Open port 1080 in your firewall to allow incoming connections to the Dante server:

   sudo ufw allow 1080

This command will enable traffic on port 1080, which is the default port for SOCKS proxies.

6. Restart the Dante service for the changes to take effect:

   sudo systemctl restart danted.service

After restarting, check the service status to ensure that Dante is running without any errors:

   systemctl status danted.service

If the service is active and running, you have successfully configured Dante on your Debian 11 server.

Step 3: Securing Dante

Now that Dante is up and running, it’s important to secure it to prevent unauthorized access and protect your private connections. By default, Dante uses regular Linux user accounts for authentication, but the passwords are sent over plain text, which is not secure. To address this, we will create a dedicated SOCKS user and restrict access to specific IP addresses. Follow the steps below to secure Dante:

1. Create a dedicated user for Dante without login privileges by running the following command:

   sudo useradd -r -s /bin/false your_dante_user

This command will create a user named your_dante_user with no login shell.

2. Set a password for the Dante user by running the following command:

   sudo passwd your_dante_user

Enter a strong password when prompted. This password will be used for authentication when connecting to the Dante proxy server.

3. Restrict access to the Dante server by editing the configuration file:

   sudo nano /etc/danted.conf

4. Locate the client pass section and modify it as follows:

 client pass {
from: your_ip_address/0 to: 0.0.0.0/0
}

Replace your_ip_address with the IP address from which you want to allow access to the Dante server. You can use CIDR notation to specify a range of IP addresses.

If you want to allow multiple IP addresses, you can add additional client pass blocks:

  client pass {
from: your_ip_address1/0 to: 0.0.0.0/0
}

client pass {
from: your_ip_address2/0 to: 0.0.0.0/0
}

Save the configuration file and exit the text editor.

5. Restart the Dante service for the changes to take effect:

   sudo systemctl restart danted.service

After restarting, Dante will only allow connections from the specified IP addresses, providing an additional layer of security.

Step 4: Connecting through Dante

Now that Dante is properly configured and secured, you can connect to it and start using it as a proxy server. To demonstrate the connection process, we will use the curl command-line tool, which is installed by default on most operating systems. Follow the steps below to connect through Dante using curl:

1. Open a terminal or command prompt on your local machine.
2. Run the following command to connect to the Dante server:

   curl -v -x socks5://your_dante_user:your_dante_password@your_server_ip:1080 http://www.google.com/

Replace your_dante_user with the username you created for the Dante user, your_dante_password with the corresponding password, and your_server_ip with the IP address of your Dante server.

3. The curl command will make a request to http://www.google.com through the Dante proxy server. If the connection is successful, you will see the response from the server.Congratulations! You have successfully connected to the Dante proxy server and made a request through it.

Conclusion

In this tutorial, we have covered the installation, configuration, and securing of a Dante proxy server on Debian 11. By following the steps outlined in this guide, you can set up a reliable and secure proxy server that allows you to control and monitor your web traffic. Dante’s flexibility and stability make it an excellent choice for various use cases, including privacy, security, and caching.

If you’re looking for a managed hosting solution for your proxy server or other hosting needs, consider Shape.host. Shape.host offers Linux SSD VPS hosting with high performance and reliable support. With their scalable and secure cloud hosting solutions, you can focus on your business while leaving the hosting infrastructure to the experts.

Next, you may want to explore other proxy server options, such as Squid, which is an HTTP proxy that can work alongside Dante to handle different types of web traffic. Additionally, learning to automate server deployments using tools like Ansible can help streamline the process of setting up and managing proxy servers across multiple data centers.

Christian Wells