Basic TCP Proxy Guide

Posted on December 23, 2016 at 10:00 PM

In today’s article, you will learn how to create a TCP proxy with HAProxy; a reliable, high performance TCP/HTTP load balancer.

You may be wondering “What is a TCP proxy?” or “Why should I use one?”. A TCP proxy acts as an intermediary between a client and another server, called the destination server. Clients establish connections to the TCP proxy server, which then establishes a connection to the destination server. TCP Proxies help provide an extra layer of security to your service by shielding the main servers IP address from the public.


Now that we have the basics down let’s get started! First you will need to find a reliable Virtual Private Server (VPS) provider. Be cautious when searching for VPS providers; some may be overpriced or have over crowded nodes. Always search for reviews before deciding on a provider.

I have had very good experiences with the following two providers; DigitalOcean and Vultr.

DigitalOcean - Sign up today and receive $10.00 credit!

  • $5 / mo
  • 1 Core
  • 512MB Ram
  • 20GB SDD
  • 1TB Bandwidth
  • $5 / mo
  • 1 Core
  • 768MB Ram
  • 15GB SDD
  • 1000GB Bandwidth

Once you have decided on a VPS provider, create a new VPS with the OS image 'CentOS 6.x'. I wont go into detail on this step because all VPS providers are not the same. If you run into problems creating a VPS with your new provider please contact their support team or check their documentation.


At this point you should have a new VPS with a fresh installation of CentOS 6.x. Retreive the IP Address and root password and then login to your VPS as 'root'. You may use PuTTY or the terminal within the VPS providers control panel. We can now install and configure HAProxy.

Step 1: Install Nano
yum install nano

Step 2: Install HAProxy
yum install haproxy

Step 3: Configure HAProxy
nano /etc/haproxy/haproxy.cfg
Replace contents with the following:
log /dev/log local4
maxconn 400000
ulimit-n 810000
log global
contimeout 4000
clitimeout 42000
srvtimeout 43000
listen proxy1 PROXY_IP:PROXY_PORT
mode tcp
balance leastconn

  • Replace PROXY_IP:PROXY_PORT with the proxy server's IP address and any unused port you would like to use.
  • Replace DESTINATION_IP:DESTINATION_PORT with the destination server's IP address and port.
NOTE: The Proxy Port does not need to match the Destination Port. It is recommended you use a Proxy Port that is different from your Destination Port for an extra layer of security.

Step 4: Start HAProxy Service
service haproxy start


Step 5: Configure your Server
Now that everything is up and running; you will need to update the client side of the application you are trying to protect. This step is specific to your project so I will not go into great detail here; however, you must change the connection information of your client so that it connects to the proxy servers IP address and port instead of directly to your destination server.
If you have trouble with this step please conduct a search with the search engine of your choice to find a more product specific guide.

Thank You for Reading!

Blog Search

Funded by Ads

CloudCache's only revenue comes from non-intrusive Google Advertisements.

Please consider disabling any adblocking software for our website. We appreciate your support!