search
Contact SupportSubmit a Ticket

Configure Local Proxy

1

hashtag
Introduction

This guide explains how to configure your browser or operating system to route traffic through the local Squid proxy (default: http://127.0.0.1:3128). This is required to test the Aiceberg Guardian.

Note: The default Squid port is 3128. If you have changed SQUID_PORT in your .env or Docker configuration, please replace 3128 with your configured port in the instructions below.

2

hashtag
Firefox (Recommended)

Firefox is the recommended browser for testing because it maintains its own independent certificate store and proxy settings. This allows you to test without modifying your global system configuration.

hashtag
Trust the CA Certificate

  1. Open Firefox Settings (about:preferences).

  2. Search for Certificates -> View Certificates.

  3. Go to the Authorities tab and click Import....

  4. Select your generated CA certificate (e.g., certs/ca.crt).

  5. Check the box "Trust this CA to identify websites".

  6. Click OK.

hashtag
Configure Proxy Settings

  1. In Firefox Settings, search for Network Settings and click Settings....

  2. Select Manual proxy configuration.

  3. HTTP Proxy: 127.0.0.1

  4. Port: 3128

  5. Important: Check the box "Also use this proxy for HTTPS".

  6. Click OK.

3

hashtag
Google Chrome

Chrome uses the system's certificate store (Keychain on macOS, Cert Store on Windows). You have two options for testing.

hashtag
Option A: Isolated Instance (Script/CLI) - Recommended

You can launch a temporary, isolated instance of Chrome that uses the proxy without affecting your main browsing profile.

Via Helper Script (macOS/Linux):

Run helper script
./launch_chrome_proxy.sh

Manual CLI Command (macOS):

Launch Chrome with proxy
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
    --user-data-dir="/tmp/chrome_proxy_test" \
    --proxy-server="http://127.0.0.1:3128" \
    --ignore-certificate-errors \
    https://chatgpt.com

Note: --ignore-certificate-errors is convenient but manually trusting the CA in the System Keychain provides a more realistic test of SSL interception.

hashtag
Option B: System Proxy (OS Level)

If you prefer to use your main Chrome instance, you must configure the proxy at the Operating System level (see the Operating System Settings step) and trust the CA in your System Keychain.

4

hashtag
Operating System Settings

Configuring the proxy here affects all applications that respect system proxy settings (Chrome, Safari, curl, etc.).

hashtag
macOS

  1. Open System Settings -> Network.

  2. Select your active network interface (Wi-Fi or Ethernet).

  3. Click Details... -> Proxies.

  4. Enable Web Proxy (HTTP):

    • Server: 127.0.0.1

    • Port: 3128

  5. Enable Secure Web Proxy (HTTPS):

    • Server: 127.0.0.1

    • Port: 3128

  6. Click OK and Apply.

hashtag
Windows

  1. Open Settings -> Network & Internet -> Proxy.

  2. Under Manual proxy setup, click Set up.

  3. Toggle Use a proxy server to On.

  4. Proxy IP address: 127.0.0.1

  5. Port: 3128

  6. Click Save.

hashtag
Linux (GNOME)

  1. Open Settings -> Network.

  2. Click the Network Proxy gear icon.

  3. Select Manual.

  4. HTTP Proxy: 127.0.0.1 Port 3128

  5. HTTPS Proxy: 127.0.0.1 Port 3128

  6. Close the dialog.

PreviousLocally TestNextProduction Configuration Guides

Last updated