Quick Links

A Raspberry Pi proxy server allows you to control the websites people can visit. It can also remove trackers and other unwanted junk from those web pages. Follow these simple steps to set it up.

The Privoxy Proxy Server

A web proxy sits between the computers on your network and the internet. The proxy intercepts HTTP and HTTPS traffic, acting as a border control officer. It checks the web address (or URL) someone is trying to access, and, if it's on the banned list or matches any of the banned criteria, the proxy refuses the connection.

If the proxy is happy with the website, it retrieves the web page and forwards it to the computer that requested it. This provides a degree of anonymity for the devices on your network.

The proxy frisks the web pages it retrieves. Any tracking scripts, adverts, or other unwanted material is stripped, so you only receive a clean web page. The hidden payload of snooping and privacy-invading cruft that often accompanies a visit to a website is removed. It's like a sheep dip for web pages.

Of course, ad-blocking is a controversial topic. Much of the content you access freely on the web is only available due to funding from adverts. From a privacy point of view, though, the tracking and cross-correlation of everything you do on the internet is creepy at best, and invasive at worst.

Privoxy (the privacy-enhancing proxy) allows you to sidestep a lot of that. Because it's centrally managed, it's also easy to administer. Once you've set the browser on the various machines on your network to use the proxy, all of the administration is performed on the proxy, rather than the individual devices.

Installing Privoxy

To install a Privoxy, make an SSH connection to your Raspberry Pi. The IP address of our test unit is 192.168.4.18, so we type the following:

ssh pi@192.168.4.18

ssh pi@192.168.4.18 in a terminal window

We're going to install new software on a Raspberry Pi, so it's a good idea to update the repository indexes and install any available updates. We can perform both of these tasks with a single command that uses && to chain two apt-get commands sequentially. The second command will only run if the first one finishes without errors.

We type the following:

sudo apt-get update && sudo apt-get upgrade

sudo apt-get update && sudo apt-get upgrade in a terminal window

Depending on the vintage of your Raspberry Pi and when you last updated it, this might take a little while. When it's completed, we install Privoxy:

sudo apt-get install privoxy

sudo apt-get install privoxy  in a terminal window

Accepting Connections

By default, Privoxy will accept HTTP and HTTPS connections from the computer on which it's running. We need to tell it to accept connections from any other computers we decide to point at it. The config file for Privoxy is located in: "/etc/privoxy/config." We'll need to use sudo to write changes to it.

Our command is:

sudo nano /etc/privoxy/config

sudo nano /etc/privoxy/config in a terminal window

The config file is very long. However, the majority of the file is made up of comments and instructions. Scroll down until you see the beginning of section 4.2.

The listen-address settings in the privoxy config file in nano, in a terminal window

We're looking for the listen-address settings. Comment out the two original commands by placing a number sign (#) at the start of the line, and then add the following new entry:

listen-address :8118

The new listen-address setting in the privoxy config file in nano, in a terminal window

This instructs Privoxy to accept connections on port 8118 from any IP address. Privoxy runs using a set of filters that are applied to URLs through a set of rules called actions. You can edit the filters and actions as text files or use the Privoxy browser interface to make changes.

The admin account on Privoxy isn't password-protected, so you need to consider whether you want this feature enabled on your network. If you do, scroll to the bottom of the file and type this line:

enable-edit-actions 1

ssh pi@192.168.4.18 in a terminal window

To save your changes, press Ctrl+O, Enter, and then press Ctrl+X to close the editor.

We now need to restart Privoxy for the changes to take effect:

sudo systemctl restart privoxy

sudo systemctl restart privoxy in a terminal window

We can use systemctl to verify Privoxy is running and see its status:

sudo systemctl status privoxy

ssh pi@192.168.4.18 in a terminal window

We've got green lights and no error messages. Let's try a remote administrative connection from a browser. Open a browser on another computer, and then browse to the IP address of your Raspberry Pi on port 8118.

In our example, this is:

192.168.4.18:8118

You should see the Privoxy home page, as shown below.

The Privoxy home page in a browser window

This means Privoxy is running and working with its default settings. The defaults have been carefully chosen, and, in most cases, they'll be a good fit.

Now, we need to tell the browsers on all the computers on your network to use Privoxy as a proxy server.

Configuring Your Browser

All browsers allow you to use proxy settings. The "Help" function within a browser will show you how to do this. In Firefox, just type "about:preferences" in the address bar.

Scroll to the "Network Settings" section, and then click "Settings."

ssh pi@192.168.4.18 in a terminal window

Under "Configure Proxy Access to the Internet," select the radio button next to the "Manual Proxy Configuration" option. Type the IP address of your Raspberry Pi in the "HTTP Proxy" address field, and then type "8118" in the "Port" field.

Select the checkbox next to "Also use this proxy for FTP and HTTPS" option (the "HHTPS Proxy" and "FTP Proxy" fields will be filled in for you), and then click "OK" at the bottom.

ssh pi@192.168.4.18 in a terminal window

Close the configuration tabs and open a website---it should appear as usual with no problems. If so, Privoxy is up and running with its default settings.

Configuring Privoxy

Open a browser and head to config.privoxy.org.

privoxy hom epage in a browser window

Click "View and Change the Current Configuration" on the Privoxy home page. The configuration summary page allows you to view the configuration of actions and filters.

You can edit the files directly in an editor (the file paths are provided onscreen). It's much easier to use the configuration capabilities of the browser interface. Note that, by design, you can't edit the "default.action" settings.

Click the "Edit" to open the "Match-All.Action" settings.

Privoxy configuration summary page in a browser window

The editing options appear. Clicking any of the light blue text will open a link to a help page that describes that item.

The "Set to Cautious," "Set to Medium," and "Set to Advanced" buttons will increase or decrease how lenient Privoxy is with its filtering. You can crank up Privoxy's paranoia setting, so it aggressively filters everything that's even mildly suspicious. Or, you can relax it and let it operate with a moderate degree of trust.

Click "Edit" to adjust each of the parameters individually.

Editing match-all.action page in a browser window

Click the radio buttons next to each option to "Enabled," "Disabled," or "No Change."

The "Description" column provides a short explanation for each setting. However, if you click any of the links in the "Action" column, you can check out a full "Help" page for that item.

Privoxy granualr settings page in a browser window

To save your settings, click "Submit" at the top or bottom of the page.

Try the Defaults First

The default settings should work just fine in most cases. However, if you want to tweak a setting for any particular reason, Privoxy gives you all the options you need.

Before you make any changes, though, you might want to make a copy of the plain-text settings files. This will allow you to easily reverse whatever you did if you're locked out of the browser interface.