Many of the well known websites determine your location based on your IP address and restrict their content or functionalities based on the country you’re in. Some examples are Gmail (Germans get only @googlemail.com-addresses, legal reasons), YouTube (content is restricted by the GEMA), and Pandora (limited to US citizens) to name only a few. To circumvent these restrictions, being able to quickly get an IP address outside of your own country is most helpful.

To do exactly that I wrote a little script that will start your very own US proxy server in one minute using Amazon EC2. In combination with browser plug-ins such as FoxyProxy, the script enables you to route all your web traffic through a proxy on an Amazon-owned machine — with an IP address in the US, Ireland, Singapore, Tokyo or Sao Paulo (location of Amazon data centers).

Contents

Updates

June 2014: I realized the script wasn’t working anymore, so I updated the blog post and the script to work with the current EC2 API tools again. The old script is still available here.

1. Only once: Amazon AWS setup

A little one time effort is necessary. But it’ll take not more than 10 minutes.

1. Set up an Amazon AWS account: Amazon EC2 is ridiculously cheap (≥ 2ct/hr), but it is not free. Go to the AWS website to sign up.
2. Create a X.509 Certificate and a Key Pair: To access Amazon AWS, a certificate and a key pair is necessary. You can do that in the Security Credentials page and the AWS console (key pairs page). Save them somewhere, e.g. at ~/.amazon
3. Install the Amazon API Tools: To start/stop virtual machines, we need the API tools. For Debian-based systems sudo apt-get install ec2-api-tools does the job.

You’re almost done. All you have to do now is make your X.509 certificate (cert-xxx.pem) and your private key (any name, suffix is .pem) known to the API tools. All you need to do is set the four environment variables below. I added this to my ~/.bashrc:

That’s it for the AWS setup. You can play around with it by trying the ec2-*-tools, e.g. ec2-describe-keypairs.

2. Only once: US proxy script installation

Now download and configure the proxy control script. If you haven’t already, install the PHP command line interpreter:

In the config-section, at least update the two variables $KEYPAIR and $PRIVATE_KEY. You can update the virtual machine image (AMI) as well (as long as it’s an Ubuntu), if you want.

Hopefully that should be it for the configuration.

3. Start and stop the US proxy

Once it’s set up, starting and stopping the proxy is really easy. It’s controlled like an init.d-script: ec2-proxy (start|stop|status).

Here’s an example with a ‘micro’ AMI image. With a ‘tiny’ image, it’ll actually only take one minute:

If you’ve set up your browser proxy to localhost at port 8888, you can now browse via the EC2 machine — with its IP address. To stop it again, do this:

4. Possible Issues

The script might not work for every machine: It is based on many command line tools and their output. Because the script parses the output, it might not work for other locales or tool versions. Please do report if you’re having trouble with the script.

1. Miles August 12th, 2012

   Doesn’t work for me. Script returns
   “Launching instance of AMI ami-ac9943c5 … Client.InvalidKeyPair.NotFound: The key pair ‘mileskey’ does not exist”
   if i use the default AMI or
   “[20:27:40] Launching instance of AMI ami-4038b470 … Client.InvalidAMIID.NotFound: The AMI ID ‘ami-4038b470’ does not exist”
   If i use the AMI i created and which has mileskey as its public key

   
   
2. Philipp C. Heckel August 12th, 2012

   Have you tried running the ec2-run-instances command on the same way the script calls it? Like this: ec2-run-instances ami-ac9943c5 -k mileskey –instance-type t1.micro

   
   
3. Miles August 13th, 2012

   Thanks for replying Philipp :)

   That also threw mileskey problems (also –instance-type t1.micro was discarded). However i have managed to ssh into my instance by giving it an elastic ip: ssh -i mileskey.pem ubuntu@. I’ve installed tinyproxy on my amazon instance (I have the power of cloud computing!) but am unsure how to use it(I am too noobish to use my power). Is there a way to modify your script to use IPs rather then AMI numbers to login?

   
   
4. Miles August 13th, 2012

   that should be ssh -i mileskey.pem ubuntu@myelasticIP

   
   
5. Philipp C. Heckel August 13th, 2012

   I am sure it can be modified; however, I have never used elastic IPs so I cannot help you with that… Please post it here if you find a solution.

   
   
6. Lan September 20th, 2012

   Great explanation! Thanks! Since some weeks to now I was thinking something like that, using clouds services to make my own US proxy server instead of using United States proxy lists like that.

   
   
7. Lucius Bobikiewicz December 18th, 2012

   Hi Phillip, thanks for this! I have followed your instructions on my Ubuntu 10.04 machine, got it to work and to launch an instance. Amazon’s EC-management console page displays that the instance has been launched and is in healthy state. However, the script does not get beyond the “Testing SSH ….” I have already waited 15 minutes but nothing happened.

   Do you have any idea what might be going on here ?

   ===========
   [19:04:39] Launching instance of AMI ami-ac9943c5 … Launched instance i-c25822bc
   [19:04:46] Waiting until ready ….. Running at ec2-50-16-75-149.compute-1.amazonaws.com
   [19:05:08] Testing SSH …………………….

   
   
8. Lucius Bobikiewicz December 18th, 2012

   Additional informtion: I have by now tried to connect manually to the instance and I have received a time out.

   
   
9. Lucius Bobikiewicz December 18th, 2012

   Ok, got it. it is an issue with the ssh settings in Ubuntu, please feel free to remove my previous comments.