Convert a SOCKS proxy to HTTP protocol using Nginx and Redsocks

Everything
1

Some proxy providers or applications only provide SOCKS4 or SOCKS5 support and if you need to use HTTP protocol this can be issue.

Here’s a tutorial I just made to show how you can use nginx and redsocks to translate SOCKS proxy protocol to HTTP.

For this I will be using a VPS with Ubuntu 22.04 installed.

You can paste all of these directly into the terminal

Initial setup (set variables) - replace username and password with your own. You can also use a different SOCKS proxy or different proxy provider altogether (you don’t have to use Proxyrack)

export SOCKS_HOST='usa.rotating.proxyrack.net'
export SOCKS_PORT=9000
export SOCKS_USER='username'
export SOCKS_PASS='password'   # set your real password

export NGINX_PROXY_PORT=3128
export REDSOCKS_PORT=12345
export NGX_USER=www-data
export NGX_UID=$(id -u "$NGX_USER")

Step 1) Install required packages

Install the apps needed

sudo apt-get update
sudo apt-get install -y nginx redsocks iproute2

Step 2) Configure Nginx forward proxy (HTTP-only) and reload

Create nginx configuration files

sudo tee /etc/nginx/sites-available/http_forward_proxy.conf >/dev/null <<'NGINXCONF'
server {
    listen 3128;                 # HTTP forward proxy port
    resolver 1.1.1.1 1.0.0.1 valid=300s ipv6=off;
    resolver_timeout 10s;

    # allow/deny as needed; default deny all for safety
    allow 127.0.0.1;
    deny all;

    # For plain HTTP proxying (no HTTPS CONNECT support in this tutorial)
    location / {
        proxy_pass $scheme://$http_host$request_uri;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
NGINXCONF

sudo ln -sf /etc/nginx/sites-available/http_forward_proxy.conf /etc/nginx/sites-enabled/http_forward_proxy.conf
sudo nginx -t && sudo systemctl reload nginx

Step 3) Configure redsocks to chain to upstream SOCKS5

Create redsocks configuration files, enable and reload

sudo tee /etc/redsocks.conf >/dev/null <<EOF
base {
  log_debug = off;
  log_info = on;
  log = "syslog:daemon";
  daemon = on;
  redirector = iptables;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = ${REDSOCKS_PORT};
  ip = ${SOCKS_HOST};
  port = ${SOCKS_PORT};
  type = socks5;
  login = "${SOCKS_USER}";
  password = "${SOCKS_PASS}";
}
EOF

sudo systemctl restart redsocks
sudo systemctl enable redsocks
sudo systemctl is-active redsocks

Step 4) Redirect Nginx worker traffic to redsocks (iptables via systemd)

sudo tee /etc/systemd/system/iptables-redsocks.service >/dev/null <<EOF
[Unit]
Description=Apply iptables redirect for nginx -> redsocks
After=network-online.target redsocks.service
Wants=network-online.target

[Service]
Type=oneshot
ExecStart=/bin/bash -lc 'iptables -t nat -N REDSOCKS 2>/dev/null || true; iptables -t nat -F REDSOCKS; iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN; iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN; iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN; iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN; iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN; iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN; iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN; iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN; iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports ${REDSOCKS_PORT}; iptables -t nat -D OUTPUT -p tcp -m owner --uid-owner ${NGX_UID} -j REDSOCKS 2>/dev/null || true; iptables -t nat -I OUTPUT -p tcp -m owner --uid-owner ${NGX_UID} -j REDSOCKS'
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl restart iptables-redsocks
sudo systemctl enable iptables-redsocks
sudo systemctl is-active iptables-redsocks

Step 5) Test through the proxy

# Plain HTTP via proxy
curl -sS -o /dev/null -w "%{http_code}\n" -x http://127.0.0.1:${NGINX_PROXY_PORT} http://example.com

# HTTPS CONNECT is not supported by this HTTP-only config

# Direct SOCKS5 check (bypasses nginx/redsocks)
curl -sS --max-time 20 \
  --socks5 ${SOCKS_USER}:${SOCKS_PASS}@${SOCKS_HOST}:${SOCKS_PORT} \
  -o /dev/null -w "%{http_code}\n" http://api.ipify.org

Step 6) Runtime sanity checks

# Redsocks listening
ss -lntp | grep 127.0.0.1:${REDSOCKS_PORT}

# iptables redirect chain
sudo iptables -t nat -S REDSOCKS

# Services status
systemctl is-active redsocks
systemctl is-active iptables-redsocks

# Logs
sudo tail -n 80 /var/log/nginx/error.log
sudo tail -n 20 /var/log/nginx/access.log
sudo grep -i redsocks /var/log/syslog | tail -n 80

Optional) Allow another client IP to use the proxy

YOUR_IP="1.2.3.4"  # replace with the client IP to allow

sudo sed -i "/allow 127.0.0.1;/a \\    allow ${YOUR_IP};" /etc/nginx/sites-available/http_forward_proxy.conf \
  && sudo nginx -t && sudo systemctl reload nginx

### Architecture (for reference)

- Nginx listens on TCP 3128 and supports HTTP proxying (HTTPS CONNECT is not enabled in this tutorial).

- All outbound TCP from the Nginx worker user (`${NGX_USER}`, uid `${NGX_UID}`) is redirected by iptables to `redsocks` on 127.0.0.1:${REDSOCKS_PORT}.

- `redsocks` connects to the upstream SOCKS5 proxy with credentials and relays traffic.

### Key files and logs

- Nginx site: /etc/nginx/sites-enabled/http_forward_proxy.conf

- Redsocks config: /etc/redsocks.conf

- iptables redirect unit: /etc/systemd/system/iptables-redsocks.service

- Logs:

- Nginx: /var/log/nginx/access.log, /var/log/nginx/error.log

- Redsocks (via syslog): /var/log/syslog

### Maintenance

- Update credentials in `/etc/redsocks.conf` as needed, then `systemctl restart redsocks`.

- After any unit file changes: `systemctl daemon-reload`.

- Restrict `allow` rules in Nginx based on your access needs.