eliferjunior/3proxy
.claude/skills/ts-3proxy/SKILL.md
Deploy and configure 3proxy — a lightweight universal proxy server. Use when a user asks to set up HTTP, HTTPS, SOCKS4, SOCKS5, or transparent proxies, build proxy chains, configure authentication, set bandwidth limits, manage access control lists, set up proxy rotation, create multi-port proxy servers, configure logging and traffic accounting, or deploy a lightweight proxy without heavy VPN overhead. Covers all 3proxy features including proxy chaining, ACLs, traffic shaping, and multi-protocol support.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add eliferjunior/Claude 3proxyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 1:03 AM4.5s1 file scanned
SKILL.md
- name:
- 3proxy
- description:
- >-
- license:
- Apache-2.0
- compatibility:
- Linux, FreeBSD, Windows (3proxy 0.9+)
- author:
- terminal-skills
- version:
- 1.0.0
- category:
- devops
3proxy
Overview
Deploy 3proxy — the tiny, fast, universal proxy server supporting HTTP(S), SOCKS4/5, port forwarding, and transparent proxying in a single ~200KB binary. Ideal for lightweight proxy setups, proxy chaining, multi-user access with traffic accounting, and scenarios where a full VPN is overkill. This skill covers installation, multi-protocol configuration, authentication, ACLs, bandwidth control, proxy chains, and production deployment.
Instructions
Step 1: Installation
From package manager:
# Ubuntu/Debian
apt update && apt install -y 3proxy
# Config: /etc/3proxy/3proxy.cfg — Service: systemctl start 3proxy
From source (latest):
cd /tmp && git clone https://github.com/3proxy/3proxy.git && cd 3proxy
make -f Makefile.Linux && make -f Makefile.Linux install
mkdir -p /etc/3proxy /var/log/3proxy
Systemd service (/etc/systemd/system/3proxy.service):
[Unit]
Description=3proxy - tiny proxy server
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/3proxy /etc/3proxy/3proxy.cfg
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
Step 2: Basic Configuration
Minimal HTTP + SOCKS5 proxy (/etc/3proxy/3proxy.cfg):
daemon
log /var/log/3proxy/3proxy.log D
logformat "L%t %N %p %E %C:%c %R:%r %O %I %T"
rotate 30
nserver 1.1.1.1
nserver 8.8.8.8
nscache 65536
timeouts 1 5 30 60 180 1800 15 60
internal 0.0.0.0
external 0.0.0.0
proxy -p3128 # HTTP proxy
socks -p1080 # SOCKS5 proxy
With authentication (password types: CL: cleartext, CR: crypt hash, NT: NT hash):
users admin:CL:strongpassword123
users user1:CL:password1
auth strong
proxy -p3128
socks -p1080
Step 3: Access Control Lists (ACLs)
ACL rules are processed top to bottom, first match wins:
users admin:CL:adminpass
users dev1:CL:devpass
auth strong
allow admin # Full access
allow dev1,dev2 * * 80,443 # Devs: HTTP/HTTPS only
deny * # Block everything else
proxy -p3128
socks -p1080
Time-based: allow * * * * 1-5 08:00:00-18:00:00 (Mon-Fri work hours)
IP-based: allow * 192.168.1.0/24 then deny *
Destination filtering: deny * * facebook.com,instagram.com *
Step 4: Multi-Port / Multi-Protocol
# No-auth proxies on localhost
auth none
internal 127.0.0.1
proxy -p3128
socks -p1080
# Authenticated proxies on public interface
flush
auth strong
users admin:CL:password
internal 0.0.0.0
proxy -p8080
socks -p1081
Port forwarding: tcppm 2222 10.0.0.5 22 (forward local 2222 to SSH)
Step 5: Proxy Chaining
# Route through upstream proxy
parent 1000 socks5 upstream-proxy.com 1080 user pass
# Load balance across multiple upstreams (weight-based)
parent 1000 socks5 proxy1.com 1080
parent 1000 socks5 proxy2.com 1080
# Double hop: socks5+ connects through the previous parent
parent 1000 socks5 hop1.com 1080 user1 pass1
parent 500 socks5+ hop2.com 1080 user2 pass2
proxy -p3128
socks -p1080
Step 6: Bandwidth & Traffic Control
bandlimin 1048576 user1 # Limit user1 to 1 MB/s
bandlimout 2097152 * # 2 MB/s outbound for all
connlim 5 * # Max 5 concurrent connections per user
maxconn 1000 # Total connection limit
# Traffic accounting with monthly quotas
counter /var/log/3proxy/traffic.counters
countin 10737418240 * * * # 10GB monthly incoming per user
countout 10737418240 * * * # 10GB monthly outgoing per user
Step 7: Security Hardening
setgid 65534
setuid 65534
internal 10.0.0.1 # Restrict listening interface
timeouts 1 5 30 60 180 1800 15 60
connlim 3 *
bandlimin 524288 *
# Block proxy access to private networks
deny * * 127.0.0.0/8 *
deny * * 10.0.0.0/8 *
deny * * 172.16.0.0/12 *
deny * * 192.168.0.0/16 *
allow *
Firewall:
ufw allow from 10.0.0.0/8 to any port 3128 proto tcp
ufw allow from 10.0.0.0/8 to any port 1080 proto tcp
ufw deny 3128
ufw deny 1080
Examples
Example 1: Set up an authenticated multi-protocol proxy for a small team
User prompt: "Set up a 3proxy server on our Ubuntu VPS at 203.0.113.50 with HTTP and SOCKS5 proxies. Create accounts for alice and bob with 50GB monthly traffic limits each, restrict them to web ports only, and give me full admin access."
The agent will install 3proxy from source, create a systemd service, and generate /etc/3proxy/3proxy.cfg with DNS settings, two user accounts (alice and bob) with auth strong, ACL rules granting admin full access and restricting alice/bob to ports 80 and 443, bandwidth counters set to 53687091200 bytes (50GB), HTTP proxy on port 3128 and SOCKS5 on port 1080, and proper logging with 30-day rotation.
Example 2: Chain traffic through an upstream SOCKS5 proxy with IP rotation
User prompt: "Configure our 3proxy to route all outgoing traffic through three upstream SOCKS5 proxies for IP rotation. The upstreams are at proxy1.example.com:1080, proxy2.example.com:1080, and proxy3.example.com:1080 with user 'rotate' and password 'r0tate!2025'. Local proxy should listen on port 8080."
The agent will edit the 3proxy config to define three parent directives with equal weights of 1000 each pointing to the upstream SOCKS5 servers with credentials, then configure a local HTTP proxy on port 8080 and SOCKS5 on port 1081, enable logging to track which upstream was used per request, and restart the 3proxy service.
Guidelines
- Always use
auth strongon publicly exposed proxy ports; never run open proxies accessible from the internet - Run 3proxy as an unprivileged user with
setuid/setgidand block proxy access to private RFC1918 IP ranges to prevent SSRF attacks - Use the
flushdirective to separate configuration blocks with different auth or interface settings; without it, settings accumulate - Place deny rules for private networks before the final
allow *since 3proxy processes ACLs top to bottom with first-match semantics - Set
connlimandbandliminto prevent a single user from exhausting server resources, and enable traffic counters for usage monitoring - Back up
/etc/3proxy/3proxy.cfgbefore editing since 3proxy has no config validation command and a syntax error will prevent startup
Related Skills
eliferjunior/fireworks-ai
development
VerifiedTrustedCommunity
Expert guidance for Fireworks AI, the platform for running open-source LLMs (Llama, Mixtral, Qwen, etc.) with enterprise-grade speed and reliability. Helps developers integrate Fireworks' inference API, fine-tune models, and deploy custom model endpoints with function calling and structured output support.
SKILL.mdUpdated Apr 17, 2026
eliferjunior/firecrawl
development
VerifiedTrustedCommunity
Convert any website into clean, structured data with Firecrawl — API-first web scraping service. Use when someone asks to "turn a website into markdown", "scrape website for LLM", "Firecrawl", "extract website content as clean text", "crawl and convert to structured data", or "scrape website for RAG". Covers single-page scraping, full-site crawling, structured extraction, and LLM-ready output.
SKILL.mdUpdated Apr 16, 2026
eliferjunior/firebase
tools
VerifiedTrustedCommunity
Expert guidance for Firebase, Google's platform for building and scaling web and mobile applications. Helps developers set up authentication, Firestore/Realtime Database, Cloud Functions, hosting, storage, and analytics using Firebase's SDK and CLI.
SKILL.mdUpdated Apr 16, 2026
eliferjunior/file-upload-processor
development
VerifiedTrustedCommunity
When the user needs to build file upload functionality for a web application. Use when the user mentions "file upload," "image upload," "upload endpoint," "multipart upload," "presigned URL," "S3 upload," "file validation," "upload to cloud storage," or "accept user files." Handles upload endpoints, file validation (type, size, magic bytes), cloud storage integration, and upload status tracking. For image/video processing after upload, see media-transcoder.
SKILL.mdUpdated Apr 16, 2026