Setup a FRP based proxy to access library resources outside the campus

Since the pandemic, remote working has become a thing. Working on a HPC wasn’t any more challenging because there is no difference wherever you access it from. However, accessing the research papers have been a little itchy: Columbia library provides a bookmarklet to access the online resources via its ezproxy, but you have to login in every day, this becomes particular annoying when two-step verification is involved.

Besides using the proxy provided by the university, you can always use your own computer as a proxy: given you have a computer to spare, and a desk you can left it on. Since I already have a VPS which have a stable public IP address, I can use FRP-based solution without having to know the IP address of the computer I left in my office. Here is how I set up a basic HTTP proxy to access the library resources from home.

FRP setup

FRP is a open-source proxy that allows you to expose a server behind firewall without having to know its specific address. Therefore, you will only need to know the IP address of your server, without having to checking IP address of the computer behind the university’s firewall. It is convenient for our purpose, because it also comes with a build-in plugin that provides HTTP proxy capability.

FRP can be downloaded from its release page on GitHub.

The following schematic diagram shows how the proxy is setup via FRP.

A schematic diagram showing the FRP setup.

FRP server configuration

FRP server is a computer that has public IP address (e.g., xxx.xxx.xxx.xxx here). I use a cheap VPS from Vultr for this purpose.

Prepare the following server configuration file and save as frps.ini.

[common]
bind_port = 7000
token = xxx-xxx

Start the server by

./frps -c frps.ini

FRP client configuration

FRP client is a computer inside the campus. I use an old laptop computer and keep it running in my office.

Prepare the following client configuration file and save as frpc.ini.

[common]
server_addr = xxx.xxx.xxx.xxx
server_port = 7000
token = xxx-xxx

[plugin_http_proxy]
type = tcp
remote_port = 6006
plugin = http_proxy
plugin_http_user = xxxx
plugin_http_passwd = xxx-xxxxx

Start the client by

./frpc -c frpc.ini

Accessing the proxy

Your local computer can now access the HTTP proxy with the following configuration:

Protocol: HTTP
Host: xxx.xxx.xxx.xxx:6006
Username: xxxx
Password: xxx-xxxxx

Although you can set it up as a system proxy, you might not want to proxy every website through it. To proxy only the specific publisher websites, I recommend Proxy SwitchyOmega as a browser plugin, Surge as a macOS/iOS/iPadOS app, or any proxy client you like.

Alternatives

Right now, I am leaning more towards Tailscale’s “Exit Nodes” functionality. It route all the traffic through on Tailscale’s VPN network towards your exit node. There is nothing to lose if you are relying on that service already. It has more reliability, but less flexiblity (no per-website settings).