Skip to content
GProxy
Sign up
Guides 6 Connection Type: 2 views

3proxy

Master 3proxy installation and configuration. This guide details setup for a lightweight proxy server, enhancing network control and privacy.

3proxy is a lightweight, high-performance proxy server suite that can be installed and configured to provide HTTP, HTTPS, SOCKSv4/4.5/5, and FTP proxy services, as well as TCP port mapping and traffic redirection, primarily through compilation from source on Unix-like systems or using pre-built binaries on Windows.

3proxy is a compact and versatile proxy server designed for environments requiring minimal resource consumption and high configurability. Its small footprint and efficiency make it suitable for embedded systems, personal use, or scenarios where a full-featured proxy like Squid is overkill.

Prerequisites

Before installing 3proxy, ensure the target system meets the following requirements:

  • Operating System: A Unix-like system (Linux, FreeBSD, macOS) for compilation, or Windows for binary distribution. This guide focuses on Linux.
  • Compiler: GCC or Clang (for source compilation).
  • Build Tools: make utility.
  • Network Access: Ability to download source files.
  • User Privileges: root or sudo access for installation and system service configuration.

Installation

Installing 3proxy typically involves downloading the source code, compiling it, and then placing the binaries and configuration files in appropriate locations.

Download Source Code

Always download the latest stable version from the official 3proxy website or its GitHub repository.

# Navigate to a temporary directory
cd /tmp

# Download the latest stable version (replace with current version if different)
# Check https://3proxy.ru/ or https://github.com/3proxy/3proxy for the latest link
wget https://3proxy.ru/0.9.4/3proxy-0.9.4.tar.gz

# Extract the archive
tar -xzf 3proxy-0.9.4.tar.gz

# Change to the extracted directory
cd 3proxy-0.9.4

Compile and Install

3proxy uses a simple Makefile. Compilation is straightforward.

# Compile 3proxy
make -f Makefile.Linux

# Create installation directories
mkdir -p /usr/local/3proxy/bin
mkdir -p /usr/local/3proxy/etc
mkdir -p /usr/local/3proxy/logs

# Install the compiled binary and example configuration
cp src/3proxy /usr/local/3proxy/bin/
cp 3proxy.cfg.sample /usr/local/3proxy/etc/3proxy.cfg

# Set appropriate permissions (optional, but good practice)
chmod 755 /usr/local/3proxy/bin/3proxy
chmod 640 /usr/local/3proxy/etc/3proxy.cfg

For systems requiring specific features (e.g., NTLM authentication, IPv6 support), consult the src/Makefile.Linux for compilation flags. For instance, to enable NTLM: make -f Makefile.Linux NTLM.

Basic Configuration

The primary configuration file for 3proxy is 3proxy.cfg. It defines listening ports, proxy types, authentication methods, and access rules. The default location is /usr/local/3proxy/etc/3proxy.cfg.

Core Directives

A minimal 3proxy.cfg includes:

  • nserver: Specifies DNS servers for hostname resolution.
  • timeouts: Sets various connection timeouts.
  • log: Defines the log file path and format.
  • users: Declares users for authentication.
  • auth: Specifies the authentication method.
  • proxy, socks, tcppm: Defines the proxy services.

Example: Simple HTTP/HTTPS Proxy

This configuration sets up an HTTP/HTTPS proxy on port 3128, requiring basic authentication for a user named testuser with password password123.

# /usr/local/3proxy/etc/3proxy.cfg

# Global settings
nserver 8.8.8.8 # Google Public DNS
nserver 8.8.4.4

# Timeouts in seconds
timeouts 1 5 30 60 180 1800 15 60

# Log settings
# log /usr/local/3proxy/logs/3proxy.log D # Daily rotation
log /usr/local/3proxy/logs/3proxy.log
logformat "- +_L%t.%. %N.%O %I %E %U %C:%c %R:%r %O %h %T"

# Users for authentication: user:password
users testuser:CL:password123

# Authentication method
# CL: Cleartext password (not recommended for production)
# LM: LAN Manager hash
# NT: NTLM hash
# P: Encrypted password (3proxy's internal format, use `3proxy -e` to generate)
auth strong # Use strong authentication (requires LM/NT or P)
# For simple CL passwords, use 'auth iponly,basic'

# Allow access for authenticated users
allow testuser

# Define the HTTP/HTTPS proxy service
# -p 3128: Listens on port 3128
# -n: Disables NTLM authentication for this service (if global NTLM is enabled)
# -a: Enables basic authentication
proxy -p3128

To generate an encrypted password using 3proxy -e:

/usr/local/3proxy/bin/3proxy -e password123

The output (e.g., _E_01000000010000000000000000000000) can then be used in the users directive with _E_ prefix: users testuser:_E_01000000010000000000000000000000.

Running 3proxy

After configuring 3proxy.cfg, start the server:

/usr/local/3proxy/bin/3proxy /usr/local/3proxy/etc/3proxy.cfg

To run it in the background as a daemon:

/usr/local/3proxy/bin/3proxy /usr/local/3proxy/etc/3proxy.cfg -d

Advanced Configuration Topics

Authentication Methods

3proxy supports various authentication methods:

  • iponly: Authentication based solely on client IP address (no username/password).
  • basic: HTTP Basic Authentication (sends credentials in cleartext).
  • digest: HTTP Digest Authentication.
  • ntlm: NTLM authentication (requires compilation with NTLM support).
  • strong: Automatically selects the strongest available method.

Example with auth iponly:

# /usr/local/3proxy/etc/3proxy.cfg
auth iponly
allow 192.168.1.0/24 # Allow all clients from this subnet without explicit user auth
proxy -p3128

Access Control

The allow and deny directives control client access based on various criteria. Rules are processed in order. The first matching rule applies.

# /usr/local/3proxy/etc/3proxy.cfg

# Deny specific IP addresses
deny 192.168.1.10

# Allow a specific user
allow myuser

# Allow a specific subnet for HTTP/HTTPS
allow * 192.168.1.0/24 * * HTTP HTTPS

# Deny access to specific destination domains
deny * * .example.com

The syntax for allow/deny is allow [user] [src_ip] [dst_ip] [target_port] [protocol]. * acts as a wildcard.

Chaining Proxies (Parent Proxies)

3proxy can forward requests to another proxy server using the parent directive.

# /usr/local/3proxy/etc/3proxy.cfg

# Chain to an upstream HTTP proxy
parent 1000 http 192.168.1.100 8080 myuser:mypass

# Chain to an upstream SOCKS5 proxy
parent 1000 socks5 192.168.1.101 1080

The first argument 1000 is a timeout in milliseconds.

SOCKS Proxy

To configure a SOCKS proxy (v4, v4.5, v5), use the socks directive.

# /usr/local/3proxy/etc/3proxy.cfg

# Define SOCKS proxy service on port 1080
socks -p1080

TCP Port Mapping (TCPPM)

The tcppm directive allows forwarding TCP connections from a local port to a remote host and port.

# /usr/local/3proxy/etc/3proxy.cfg

# Forward connections from local port 2222 to remotehost:22 (SSH)
tcppm -p2222 remotehost.example.com 22

Logging Configuration

The log directive specifies the log file. logformat defines the output structure. rotate configures log rotation.

# /usr/local/3proxy/etc/3proxy.cfg

# Log to /usr/local/3proxy/logs/access.log
log /usr/local/3proxy/logs/access.log

# Custom log format
logformat "- +_L%t.%. %N.%O %I %E %U %C:%c %R:%r %O %h %T"

# Rotate logs daily (D), weekly (W), monthly (M), or by size (S<bytes>)
rotate D /usr/local/3proxy/logs/archive

System Integration (systemd Service)

For robust operation, run 3proxy as a systemd service.

  1. Create a service file: /etc/systemd/system/3proxy.service

    ```ini
    [Unit]
    Description=3proxy Lightweight Proxy Server
    After=network.target

    [Service]
    Type=forking
    ExecStart=/usr/local/3proxy/bin/3proxy /usr/local/3proxy/etc/3proxy.cfg -d
    ExecReload=/bin/kill -HUP $MAINPID
    KillMode=process
    Restart=on-failure
    User=nobody # Or a dedicated unprivileged user like '3proxy'
    Group=nogroup # Or a dedicated group

    [Install]
    WantedBy=multi-user.target
    `` *Note*: Create the3proxyuser/group if desired:sudo useradd -r -s /sbin/nologin 3proxy. Adjust file ownership for/usr/local/3proxy/logs`.

  2. Reload systemd, enable, and start the service:

    bash sudo systemctl daemon-reload sudo systemctl enable 3proxy.service sudo systemctl start 3proxy.service sudo systemctl status 3proxy.service

Troubleshooting Tips

  • Check Logs: Always consult the 3proxy log file (/usr/local/3proxy/logs/3proxy.log by default) for error messages or access issues.
  • Firewall Rules: Ensure the firewall (e.g., ufw, firewalld, iptables) allows incoming connections to the 3proxy listening ports (e.g., 3128, 1080).
    bash # Example for ufw sudo ufw allow 3128/tcp
  • Configuration Syntax: Verify 3proxy.cfg for syntax errors. 3proxy is particular about its configuration format.
  • Permissions: Ensure the 3proxy binary has execute permissions and the log directory is writable by the user running the service.
  • Restart Service: After any configuration change, reload or restart the 3proxy service (sudo systemctl restart 3proxy).

3proxy vs. Squid

Feature 3proxy Squid
Resource Usage Minimal (low CPU, RAM) Moderate to high (depends on load/features)
Complexity Relatively simple, text-based config Complex, extensive configuration options
Proxy Types HTTP, HTTPS, SOCKS, FTP, TCPPM HTTP, HTTPS, FTP, ICP, ESI
Caching No native caching Robust, highly configurable caching
SSL Interception Limited/basic Advanced, certificate-based
Authentication Basic, Digest, NTLM, IP-based Comprehensive (LDAP, Kerberos, RADIUS)
Use Case Lightweight, personal, embedded Enterprise, high-traffic, content filtering
Development Active, single developer Active, community-driven
Auto-update: 04.03.2026
All Categories

Advantages of our proxies

25,000+ proxies from 120+ countries

Unlimited Proxies Residential Proxies