← Back to Networking

How to Set Up a SOCKS5 Proxy Server (SSH, Dante, and More)

4 min read
Intermediate SOCKS5 Proxy SSH Networking

Prerequisites

  • A VPS or server with SSH access
  • Basic Linux terminal knowledge

Quick Answer: Fastest method — SSH tunnel: ssh -D 1080 -N user@your-server. This creates a SOCKS5 proxy on localhost:1080. Set your browser proxy to 127.0.0.1:1080 (SOCKS5). All traffic goes through your server.

Need a VPS? Vultr (free credit), DigitalOcean ($200 free credit), or RackNerd (cheap annual deals).

What is SOCKS5?

SOCKS5 is a proxy protocol that routes any TCP/UDP traffic through a proxy server. Unlike HTTP proxies:

  • Works with any protocol — HTTP, HTTPS, FTP, SSH, gaming, torrents
  • Supports UDP — DNS, VoIP, gaming
  • Supports authentication — username/password
  • No encryption by default — use SSH tunnel or TLS wrapper for encryption
  • Application-level — each app must be configured to use it
SOCKS5 HTTP Proxy VPN
Protocols Any TCP/UDP HTTP/HTTPS only Everything
Speed Fast Fast Slower (encryption overhead)
Encryption No (unless tunneled) No Yes
Setup Per-app Per-app or system System-wide
Detection Hard to detect Easy to detect Moderate

Method 1: SSH Tunnel (Instant, No Install)

The fastest way — uses your existing SSH server. No additional software needed.

Start the Tunnel

ssh -D 1080 -N -f user@your-server-ip
Flag What it does
-D 1080 Creates SOCKS5 proxy on localhost port 1080
-N Don't execute remote commands (just tunnel)
-f Run in background

That is it. You now have a SOCKS5 proxy at 127.0.0.1:1080.

Keep It Running

# With autossh (auto-reconnects if connection drops)
apt install autossh
autossh -M 0 -D 1080 -N -f user@your-server-ip -o "ServerAliveInterval=30"

Stop the Tunnel

# Find and kill the SSH tunnel process
ps aux | grep "ssh -D"
kill PID

Method 2: Dante SOCKS Server (Full Proxy)

For a permanent SOCKS5 server with authentication and access control.

Install

apt update && apt install dante-server -y

Configure

Edit /etc/danted.conf: 

# Server settings
logoutput: syslog

# Listen on all interfaces, port 1080
internal: 0.0.0.0 port=1080

# Use the main network interface for outgoing
external: eth0

# Authentication
socksmethod: username

# Allow authenticated users
client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error
}

socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error
    socksmethod: username
}

Replace eth0 with your network interface (ip route show default to check).

Create a User

# Create a system user for proxy authentication
useradd -r -s /bin/false proxyuser
echo "proxyuser:YourStrongPassword" | chpasswd

Start

systemctl enable --now danted
systemctl status danted

# Test locally
curl --socks5 proxyuser:[email protected]:1080 https://ifconfig.me

Open Firewall

ufw allow 1080/tcp

Method 3: Docker (Quick Deploy)

docker run -d --name socks5 \
  -p 1080:1080 \
  -e PROXY_USER=admin \
  -e PROXY_PASSWORD=secret \
  serjs/go-socks5-proxy

Done. SOCKS5 proxy running at your-server:1080 with authentication.

Configure Apps to Use SOCKS5

Firefox

  1. Settings → General → Network Settings → Settings
  2. Select Manual proxy configuration
  3. SOCKS Host: 127.0.0.1 Port: 1080
  4. Select SOCKS v5
  5. Check Proxy DNS when using SOCKS v5 (important!)

Chrome (System Proxy)

Chrome uses system proxy settings. On Linux/Mac: 

# Launch Chrome with SOCKS proxy
google-chrome --proxy-server="socks5://127.0.0.1:1080"

System-Wide (Linux)

export ALL_PROXY="socks5://127.0.0.1:1080"
export HTTP_PROXY="socks5://127.0.0.1:1080"
export HTTPS_PROXY="socks5://127.0.0.1:1080"

For permanent: add to ~/.bashrc or ~/.profile.

curl

curl --socks5 127.0.0.1:1080 https://ifconfig.me
curl --socks5-hostname 127.0.0.1:1080 https://example.com    # DNS through proxy too

Git

git config --global http.proxy socks5://127.0.0.1:1080

Python

import requests
proxies = {'http': 'socks5://127.0.0.1:1080', 'https': 'socks5://127.0.0.1:1080'}
r = requests.get('https://ifconfig.me', proxies=proxies)

SOCKS5 with Encryption

Plain SOCKS5 is not encrypted. Your ISP can see the traffic. Options for encryption:

SSH Tunnel (Recommended)

Already encrypted — the -D method above wraps SOCKS5 inside SSH encryption.

stunnel (TLS Wrapper)

Wraps the SOCKS5 port in TLS: 

# Server side
apt install stunnel4
cat > /etc/stunnel/stunnel.conf << EOF
[socks]
accept = 1443
connect = 127.0.0.1:1080
cert = /etc/letsencrypt/live/yourdomain/fullchain.pem
key = /etc/letsencrypt/live/yourdomain/privkey.pem
EOF
systemctl restart stunnel4
# Client side
# Create stunnel.conf:
# [socks-tunnel]
# client = yes
# accept = 127.0.0.1:1080
# connect = your-server:1443
# Then run: stunnel stunnel.conf

Test Your Proxy

After connecting through SOCKS5: 

# Command line test
curl --socks5 127.0.0.1:1080 https://ifconfig.me
# Should show your server's IP

See Also