vagrant-proxyconf 1.5.2 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (72) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -0
  3. data/.travis.yml +11 -14
  4. data/CHANGELOG.md +38 -0
  5. data/Gemfile +28 -7
  6. data/LICENSE.txt +1 -1
  7. data/README.md +147 -18
  8. data/Rakefile +1 -27
  9. data/development/Dockerfile +45 -0
  10. data/development/README.md +2 -0
  11. data/development/Vagrantfile.example +185 -9
  12. data/development/install-c7.sh +46 -0
  13. data/development/install-debian.sh +55 -0
  14. data/development/tinyproxy.conf +333 -0
  15. data/lib/vagrant-proxyconf/action.rb +15 -7
  16. data/lib/vagrant-proxyconf/action/base.rb +47 -5
  17. data/lib/vagrant-proxyconf/action/configure_apt_proxy.rb +17 -0
  18. data/lib/vagrant-proxyconf/action/configure_chef_proxy.rb +32 -27
  19. data/lib/vagrant-proxyconf/action/configure_docker_proxy.rb +132 -14
  20. data/lib/vagrant-proxyconf/action/configure_env_proxy.rb +58 -11
  21. data/lib/vagrant-proxyconf/action/configure_git_proxy.rb +25 -9
  22. data/lib/vagrant-proxyconf/action/configure_npm_proxy.rb +14 -6
  23. data/lib/vagrant-proxyconf/action/configure_pear_proxy.rb +15 -8
  24. data/lib/vagrant-proxyconf/action/configure_svn_proxy.rb +15 -8
  25. data/lib/vagrant-proxyconf/action/configure_yum_proxy.rb +16 -0
  26. data/lib/vagrant-proxyconf/action/is_enabled.rb +18 -1
  27. data/lib/vagrant-proxyconf/cap/linux/chef_proxy_conf.rb +17 -0
  28. data/lib/vagrant-proxyconf/cap/linux/docker_proxy_conf.rb +2 -1
  29. data/lib/vagrant-proxyconf/cap/linux/yum_proxy_conf.rb +19 -0
  30. data/lib/vagrant-proxyconf/cap/util.rb +4 -5
  31. data/lib/vagrant-proxyconf/capability.rb +10 -0
  32. data/lib/vagrant-proxyconf/config.rb +20 -0
  33. data/lib/vagrant-proxyconf/config/chef_proxy.rb +25 -0
  34. data/lib/vagrant-proxyconf/config/docker_proxy.rb +25 -0
  35. data/lib/vagrant-proxyconf/config/git_proxy.rb +3 -0
  36. data/lib/vagrant-proxyconf/config/npm_proxy.rb +25 -0
  37. data/lib/vagrant-proxyconf/config/pear_proxy.rb +19 -0
  38. data/lib/vagrant-proxyconf/version.rb +1 -1
  39. data/locales/en.yml +38 -0
  40. data/resources/yum_config.awk +1 -0
  41. data/spec/spec_helper.rb +27 -9
  42. data/spec/unit/fixtures/docker_client_config_json_enabled_proxy +9 -0
  43. data/spec/unit/fixtures/docker_client_config_json_no_proxy +5 -0
  44. data/spec/unit/fixtures/etc_environment_only_http_proxy.conf +9 -0
  45. data/spec/unit/fixtures/yum_with_repository_and_proxy_containing_special_chars.conf +10 -0
  46. data/spec/unit/vagrant-proxyconf/action/base_spec.rb +191 -0
  47. data/spec/unit/vagrant-proxyconf/action/configure_apt_proxy_spec.rb +162 -0
  48. data/spec/unit/vagrant-proxyconf/action/configure_chef_proxy_spec.rb +32 -0
  49. data/spec/unit/vagrant-proxyconf/action/configure_docker_proxy_spec.rb +491 -0
  50. data/spec/unit/vagrant-proxyconf/action/configure_env_proxy_spec.rb +105 -4
  51. data/spec/unit/vagrant-proxyconf/action/configure_git_proxy_spec.rb +116 -0
  52. data/spec/unit/vagrant-proxyconf/action/configure_npm_proxy_spec.rb +67 -0
  53. data/spec/unit/vagrant-proxyconf/action/configure_pear_proxy_spec.rb +116 -0
  54. data/spec/unit/vagrant-proxyconf/action/configure_svn_proxy_spec.rb +85 -0
  55. data/spec/unit/vagrant-proxyconf/action/configure_yum_proxy_spec.rb +100 -0
  56. data/spec/unit/vagrant-proxyconf/action/is_enabled_spec.rb +162 -12
  57. data/spec/unit/vagrant-proxyconf/cap/linux/docker_proxy_conf_spec.rb +1 -1
  58. data/spec/unit/vagrant-proxyconf/cap/util_spec.rb +2 -2
  59. data/spec/unit/vagrant-proxyconf/config/key_mixin_spec.rb +1 -1
  60. data/spec/unit/vagrant-proxyconf/resources/yum_config_spec.rb +14 -0
  61. data/test/issues/180/.rspec +2 -0
  62. data/test/issues/180/Dockerfile +47 -0
  63. data/test/issues/180/README.md +31 -0
  64. data/test/issues/180/Rakefile +27 -0
  65. data/test/issues/180/Vagrantfile +31 -0
  66. data/test/issues/180/entrypoint.sh +50 -0
  67. data/test/issues/180/spec/default/redhat_spec.rb +15 -0
  68. data/test/issues/180/spec/docker_host/redhat_spec.rb +165 -0
  69. data/test/issues/180/spec/spec_helper.rb +43 -0
  70. data/test/issues/180/tinyproxy.conf +333 -0
  71. data/travis/before_install +26 -0
  72. metadata +44 -4
@@ -6,6 +6,8 @@
6
6
 
7
7
  2. Spin up the machine:
8
8
 
9
+ * If you don't have an external proxy set ENABLE_PROXY=false on the first run of the vm, then switch it to `true` after the VM has been built to avoid using the proxy before it is setup.
10
+
9
11
  bundle exec vagrant up
10
12
 
11
13
  3. Test, hack, edit _Vagrantfile_ and test again:
@@ -1,20 +1,196 @@
1
1
  # -*- mode: ruby -*-
2
2
  # vi: set ft=ruby :
3
+ require 'uri'
3
4
 
4
- BOX = ENV.fetch('BOX', 'ubuntu-12.04')
5
+ BOX = ENV.fetch('BOX', 'ubuntu/bionic64')
6
+ DISABLE_SHARE = true
7
+ ENABLE_PROXY = false
8
+ ENABLE_APP_SPECIFIC_PROXIES = !ENABLE_PROXY
5
9
 
6
- Vagrant.require_plugin 'vagrant-proxyconf'
10
+ APP_PROXIES = {
11
+ :apt => {
12
+ :enabled => true,
13
+ :skip => false,
14
+ },
15
+ :chef => {
16
+ :enabled => true,
17
+ :skip => false,
18
+ },
19
+ :docker => {
20
+ :enabled => true,
21
+ :skip => false
22
+ },
23
+ :env => {
24
+ :enabled => true,
25
+ :skip => false,
26
+ },
27
+ :git => {
28
+ :enabled => true,
29
+ :skip => false,
30
+ },
31
+ :npm => {
32
+ :enabled => true,
33
+ :skip => false,
34
+ },
35
+ :pear => {
36
+ :enabled => true,
37
+ :skip => false
38
+ },
39
+ :svn => {
40
+ :enabled => true,
41
+ :skip => false,
42
+ },
43
+ :yum => {
44
+ :enabled => true,
45
+ :skip => false,
46
+ },
47
+ }
48
+
49
+
50
+ DOCKER_SOCKET = "/var/run/docker.sock"
51
+ SUPPORTS_DOCKER_IN_DOCKER = File.exists?(DOCKER_SOCKET)
52
+
53
+ GLOBAL_PROXY_HOST = URI.parse(
54
+ ENV.fetch('HTTP_PROXY', '')
55
+ ).hostname
56
+
57
+ GLOBAL_PROXY_PORT = URI.parse(
58
+ ENV.fetch('HTTP_PROXY', '')
59
+ ).port
60
+
61
+ GLOBAL_NO_PROXY = ENV.fetch('NO_PROXY', '')
62
+
63
+ PROXY_HOST = GLOBAL_PROXY_HOST || '70.70.70.10'
64
+ PROXY_PORT = GLOBAL_PROXY_PORT || '8888'
65
+ NO_PROXY = GLOBAL_NO_PROXY || "localhost,*.localdomain"
7
66
 
8
67
  Vagrant.configure('2') do |config|
9
- # Apt proxy
10
- config.apt_proxy.http = '192.168.33.200'
11
- config.apt_proxy.https = 'DIRECT'
68
+ raise Exception, "Please install vagrant-proxyconf" unless Vagrant.has_plugin?('vagrant-proxyconf')
69
+
70
+ # config.proxy.enabled = true
71
+ config.proxy.http = "http://#{PROXY_HOST}:#{PROXY_PORT}"
72
+ config.proxy.https = "http://#{PROXY_HOST}:#{PROXY_PORT}"
73
+ config.proxy.no_proxy = "#{NO_PROXY}"
74
+
75
+ # APT proxy
76
+ # config.apt_proxy.http = 'http://#{PROXY_HOST}:#{PROXY_PORT}'
77
+ # config.apt_proxy.https = 'https://#{PROXY_HOST}:#{PROXY_PORT}'
78
+
79
+ # CHEF proxy
80
+ # config.chef_proxy.http = 'http://#{PROXY_HOST}:#{PROXY_PORT}'
81
+ # config.chef_proxy.https = 'https://#{PROXY_HOST}:#{PROXY_PORT}'
82
+ # config.chef_proxy.no_proxy = "#{NO_PROXY}"
83
+
84
+ # DOCKER proxy
85
+ # config.docker_proxy.http = config.proxy.http
86
+ # config.docker_proxy.https = config.proxy.https
87
+ # config.docker_proxy.no_proxy = config.proxy.no_proxy
88
+
89
+ # GIT proxy
90
+ # config.git_proxy.http = config.proxy.http
91
+ # config.git_proxy.https = config.proxy.https
92
+
93
+ # NPM proxy
94
+ # config.npm_proxy.http = config.proxy.http
95
+ # config.npm_proxy.https = config.proxy.https
96
+ # config.npm_proxy.no_proxy = config.proxy.no_proxy
97
+
98
+ # PEAR proxy
99
+ # config.pear_proxy.http = config.proxy.http
100
+
101
+ # SVN proxy
102
+ # config.svn_proxy.http = config.proxy.http
103
+ # config.svn_proxy.no_proxy = config.proxy.no_proxy
104
+
105
+ # YUM proxy
106
+ # config.yum_proxy.http = config.proxy.http
107
+
108
+ # app specific proxies
109
+ if ENABLE_APP_SPECIFIC_PROXIES
110
+ config.proxy.enabled = {}
111
+
112
+ APP_PROXIES.each do |k, v|
113
+ config.proxy.enabled[k] = v
114
+ end
115
+ else
116
+ config.proxy.enabled = ENABLE_PROXY
117
+ end
12
118
 
13
119
  # Disable the default share
14
- config.vm.synced_folder '.', '/vagrant', id: 'vagrant-root', disabled: true
120
+ config.vm.synced_folder '.', '/vagrant', id: 'vagrant-root', disabled: DISABLE_SHARE
15
121
 
16
- config.vm.box = BOX
17
- if BOX == 'ubuntu-12.04'
18
- config.vm.box_url = 'https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_ubuntu-12.04_provisionerless.box'
122
+ # config.vm.provision :chef_solo do |chef|
123
+ # chef.cookbooks_path = "."
124
+ # chef.install = true
125
+ # end
126
+
127
+ # Vagrant >= 1.7 wants to replace the insecure_key with public boxes, but
128
+ # there is a bug in that implentation so we just allow the insecure_key
129
+ # anyway.
130
+ config.ssh.insert_key = false
131
+ config.vm.box_check_update = false
132
+
133
+ config.vm.define "default" do |default|
134
+ # set this to true, if you want to use a global proxy
135
+ default.proxy.enabled = false if !GLOBAL_PROXY_HOST
136
+
137
+ default.vm.box = BOX
138
+
139
+ default.vm.provision "file", source: "./tinyproxy.conf", destination: "/tmp/tinyproxy.conf"
140
+ default.vm.provision :shell, path: 'install-debian.sh'
141
+
142
+ default.vm.network "private_network", ip: "70.70.70.10"
143
+
144
+ default.vm.provider :virtualbox do |vb, override|
145
+ # override.proxy.enabled = ENABLE_PROXY
146
+ vb.cpus = 1
147
+ vb.memory = 1024
148
+
149
+ vb.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ] if config.vm.box =~ /xenial|bionic/
150
+
151
+ vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
152
+ vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
153
+ end
19
154
  end
155
+
156
+ config.vm.define "centos7-client" do |centos7|
157
+ centos7.proxy.enabled = config.proxy.enabled
158
+ centos7.vm.box = "centos/7"
159
+
160
+ centos7.vm.network "private_network", ip: "70.70.70.20"
161
+
162
+ centos7.vm.provision :shell, path: 'install-c7.sh'
163
+
164
+ config.vm.provider :virtualbox do |vb, override|
165
+ # override.proxy.enabled = ENABLE_PROXY
166
+ vb.cpus = 1
167
+ vb.memory = 1024
168
+
169
+ vb.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ] if config.vm.box =~ /xenial|bionic/
170
+
171
+ vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
172
+ vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
173
+ end
174
+ end
175
+
176
+ # config.vm.define "centos7-client" do |centos7|
177
+ # centos7.proxy.enabled = config.proxy.enabled
178
+ #
179
+ # centos7.vm.provider :docker do |d|
180
+ # d.build_dir = '.'
181
+ # d.dockerfile = 'Dockerfile'
182
+ # d.has_ssh = true
183
+ # # d.pull = true
184
+ #
185
+ # if SUPPORTS_DOCKER_IN_DOCKER
186
+ # d.volumes = [
187
+ # "#{DOCKER_SOCKET}:#{DOCKER_SOCKET}",
188
+ # ]
189
+ # d.create_args = [
190
+ # '--privileged',
191
+ # ]
192
+ # end
193
+ # end
194
+ # end
195
+
20
196
  end
@@ -0,0 +1,46 @@
1
+ #!/bin/bash
2
+
3
+ SESTATUS=$(command -v sestatus)
4
+ [ -n "${SESTATUS}" ] && setenforce 0 || true
5
+
6
+ INSTALL_YUM_PKGS=
7
+ YUM_PKGS="curl
8
+ git
9
+ gnupg2
10
+ php-pear
11
+ npm
12
+ subversion
13
+ "
14
+
15
+ is_yum_pkg_installed() {
16
+ rpm -q ${1} >>/dev/null 2>&1
17
+ }
18
+
19
+ is_yum_pkg_installed "epel-release" || yum -y install epel-release
20
+
21
+ for PKG in $YUM_PKGS
22
+ do
23
+ is_yum_pkg_installed ${PKG}
24
+ if [ $? -ne 0 ]; then
25
+ [ -z "${INSTALL_YUM_PKGS}" ] && INSTALL_YUM_PKGS="${PKG}" || INSTALL_YUM_PKGS="${INSTALL_YUM_PKGS} ${PKG}"
26
+ fi
27
+ done
28
+
29
+ if [ -n "${INSTALL_YUM_PKGS}" ]; then
30
+ yum clean expire-cache
31
+ yum install -y ${INSTALL_YUM_PKGS}
32
+ fi
33
+
34
+ command -v docker >>/dev/null
35
+ if [ $? -ne 0 ]; then
36
+ cd /etc/yum.repos.d/
37
+ curl -LO https://download.docker.com/linux/centos/docker-ce.repo
38
+ cd - >>/dev/null
39
+
40
+ yum clean expire-cache
41
+ yum -y install docker-ce
42
+
43
+ fi
44
+
45
+ [ "$(systemctl is-enabled docker)" == "enabled" ] || systemctl enable docker
46
+ [ "$(systemctl is-active docker)" == "active" ] || systemctl start docker
@@ -0,0 +1,55 @@
1
+ #!/bin/bash
2
+
3
+ INSTALL_APT_PKGS=
4
+ APT_PKGS="tinyproxy
5
+ apt-transport-https
6
+ ca-certificates
7
+ curl
8
+ git
9
+ gnupg2
10
+ php-pear
11
+ npm
12
+ software-properties-common
13
+ subversion
14
+ yum
15
+ "
16
+
17
+ is_apt_pkg_installed() {
18
+ dpkg -l ${1} >>/dev/null 2>&1
19
+ }
20
+
21
+ for PKG in $APT_PKGS
22
+ do
23
+ is_apt_pkg_installed ${PKG}
24
+ if [ $? -ne 0 ]; then
25
+ [ -z "${INSTALL_APT_PKGS}" ] && INSTALL_APT_PKGS="${PKG}" || INSTALL_APT_PKGS="${INSTALL_APT_PKGS} ${PKG}"
26
+ fi
27
+ done
28
+
29
+ if [ -n "${INSTALL_APT_PKGS}" ]; then
30
+ apt-get update
31
+ apt-get install -y ${INSTALL_APT_PKGS}
32
+ fi
33
+
34
+ command -v docker >>/dev/null
35
+ if [ $? -ne 0 ]; then
36
+ curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
37
+
38
+ add-apt-repository \
39
+ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
40
+ $(lsb_release -cs) \
41
+ stable"
42
+
43
+ apt-get update
44
+ apt-get -y install docker-ce
45
+ fi
46
+
47
+ if [ -f /tmp/tinyproxy.conf ]; then
48
+ cp /tmp/tinyproxy.conf /etc/tinyproxy/tinyproxy.conf
49
+ chown root:root /etc/tinyproxy/tinyproxy.conf
50
+ chmod 0644 /etc/tinyproxy/tinyproxy.conf
51
+ systemctl restart tinyproxy
52
+ fi
53
+
54
+ [ "$(systemctl is-enabled tinyproxy)" == "enabled" ] || systemctl enable tinyproxy
55
+ [ "$(systemctl is-active tinyproxy)" == "active" ] || systemctl start tinyproxy
@@ -0,0 +1,333 @@
1
+ # /etc/tinyproxy/tinyproxy.conf
2
+
3
+ ##
4
+ ## tinyproxy.conf -- tinyproxy daemon configuration file
5
+ ##
6
+ ## This example tinyproxy.conf file contains example settings
7
+ ## with explanations in comments. For decriptions of all
8
+ ## parameters, see the tinproxy.conf(5) manual page.
9
+ ##
10
+
11
+ #
12
+ # User/Group: This allows you to set the user and group that will be
13
+ # used for tinyproxy after the initial binding to the port has been done
14
+ # as the root user. Either the user or group name or the UID or GID
15
+ # number may be used.
16
+ #
17
+ User tinyproxy
18
+ Group tinyproxy
19
+
20
+ #
21
+ # Port: Specify the port which tinyproxy will listen on. Please note
22
+ # that should you choose to run on a port lower than 1024 you will need
23
+ # to start tinyproxy using root.
24
+ #
25
+ Port 8888
26
+
27
+ #
28
+ # Listen: If you have multiple interfaces this allows you to bind to
29
+ # only one. If this is commented out, tinyproxy will bind to all
30
+ # interfaces present.
31
+ #
32
+ #Listen 192.168.0.1
33
+
34
+ #
35
+ # Bind: This allows you to specify which interface will be used for
36
+ # outgoing connections. This is useful for multi-home'd machines where
37
+ # you want all traffic to appear outgoing from one particular interface.
38
+ #
39
+ #Bind 192.168.0.1
40
+
41
+ #
42
+ # BindSame: If enabled, tinyproxy will bind the outgoing connection to the
43
+ # ip address of the incoming connection.
44
+ #
45
+ #BindSame yes
46
+
47
+ #
48
+ # Timeout: The maximum number of seconds of inactivity a connection is
49
+ # allowed to have before it is closed by tinyproxy.
50
+ #
51
+ Timeout 600
52
+
53
+ #
54
+ # ErrorFile: Defines the HTML file to send when a given HTTP error
55
+ # occurs. You will probably need to customize the location to your
56
+ # particular install. The usual locations to check are:
57
+ # /usr/local/share/tinyproxy
58
+ # /usr/share/tinyproxy
59
+ # /etc/tinyproxy
60
+ #
61
+ #ErrorFile 404 "/usr/share/tinyproxy/404.html"
62
+ #ErrorFile 400 "/usr/share/tinyproxy/400.html"
63
+ #ErrorFile 503 "/usr/share/tinyproxy/503.html"
64
+ #ErrorFile 403 "/usr/share/tinyproxy/403.html"
65
+ #ErrorFile 408 "/usr/share/tinyproxy/408.html"
66
+
67
+ #
68
+ # DefaultErrorFile: The HTML file that gets sent if there is no
69
+ # HTML file defined with an ErrorFile keyword for the HTTP error
70
+ # that has occured.
71
+ #
72
+ DefaultErrorFile "/usr/share/tinyproxy/default.html"
73
+
74
+ #
75
+ # StatHost: This configures the host name or IP address that is treated
76
+ # as the stat host: Whenever a request for this host is received,
77
+ # Tinyproxy will return an internal statistics page instead of
78
+ # forwarding the request to that host. The default value of StatHost is
79
+ # tinyproxy.stats.
80
+ #
81
+ #StatHost "tinyproxy.stats"
82
+ #
83
+
84
+ #
85
+ # StatFile: The HTML file that gets sent when a request is made
86
+ # for the stathost. If this file doesn't exist a basic page is
87
+ # hardcoded in tinyproxy.
88
+ #
89
+ StatFile "/usr/share/tinyproxy/stats.html"
90
+
91
+ #
92
+ # Logfile: Allows you to specify the location where information should
93
+ # be logged to. If you would prefer to log to syslog, then disable this
94
+ # and enable the Syslog directive. These directives are mutually
95
+ # exclusive.
96
+ #
97
+ Logfile "/var/log/tinyproxy/tinyproxy.log"
98
+
99
+ #
100
+ # Syslog: Tell tinyproxy to use syslog instead of a logfile. This
101
+ # option must not be enabled if the Logfile directive is being used.
102
+ # These two directives are mutually exclusive.
103
+ #
104
+ #Syslog On
105
+
106
+ #
107
+ # LogLevel:
108
+ #
109
+ # Set the logging level. Allowed settings are:
110
+ # Critical (least verbose)
111
+ # Error
112
+ # Warning
113
+ # Notice
114
+ # Connect (to log connections without Info's noise)
115
+ # Info (most verbose)
116
+ #
117
+ # The LogLevel logs from the set level and above. For example, if the
118
+ # LogLevel was set to Warning, then all log messages from Warning to
119
+ # Critical would be output, but Notice and below would be suppressed.
120
+ #
121
+ LogLevel Info
122
+
123
+ #
124
+ # PidFile: Write the PID of the main tinyproxy thread to this file so it
125
+ # can be used for signalling purposes.
126
+ #
127
+ PidFile "/run/tinyproxy/tinyproxy.pid"
128
+
129
+ #
130
+ # XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
131
+ # contains the client's IP address.
132
+ #
133
+ #XTinyproxy Yes
134
+
135
+ #
136
+ # Upstream:
137
+ #
138
+ # Turns on upstream proxy support.
139
+ #
140
+ # The upstream rules allow you to selectively route upstream connections
141
+ # based on the host/domain of the site being accessed.
142
+ #
143
+ # For example:
144
+ # # connection to test domain goes through testproxy
145
+ # upstream testproxy:8008 ".test.domain.invalid"
146
+ # upstream testproxy:8008 ".our_testbed.example.com"
147
+ # upstream testproxy:8008 "192.168.128.0/255.255.254.0"
148
+ #
149
+ # # no upstream proxy for internal websites and unqualified hosts
150
+ # no upstream ".internal.example.com"
151
+ # no upstream "www.example.com"
152
+ # no upstream "10.0.0.0/8"
153
+ # no upstream "192.168.0.0/255.255.254.0"
154
+ # no upstream "."
155
+ #
156
+ # # connection to these boxes go through their DMZ firewalls
157
+ # upstream cust1_firewall:8008 "testbed_for_cust1"
158
+ # upstream cust2_firewall:8008 "testbed_for_cust2"
159
+ #
160
+ # # default upstream is internet firewall
161
+ # upstream firewall.internal.example.com:80
162
+ #
163
+ # The LAST matching rule wins the route decision. As you can see, you
164
+ # can use a host, or a domain:
165
+ # name matches host exactly
166
+ # .name matches any host in domain "name"
167
+ # . matches any host with no domain (in 'empty' domain)
168
+ # IP/bits matches network/mask
169
+ # IP/mask matches network/mask
170
+ #
171
+ #Upstream some.remote.proxy:port
172
+
173
+ #
174
+ # MaxClients: This is the absolute highest number of threads which will
175
+ # be created. In other words, only MaxClients number of clients can be
176
+ # connected at the same time.
177
+ #
178
+ MaxClients 100
179
+
180
+ #
181
+ # MinSpareServers/MaxSpareServers: These settings set the upper and
182
+ # lower limit for the number of spare servers which should be available.
183
+ #
184
+ # If the number of spare servers falls below MinSpareServers then new
185
+ # server processes will be spawned. If the number of servers exceeds
186
+ # MaxSpareServers then the extras will be killed off.
187
+ #
188
+ MinSpareServers 10
189
+ MaxSpareServers 20
190
+
191
+ #
192
+ # StartServers: The number of servers to start initially.
193
+ #
194
+ StartServers 10
195
+
196
+ #
197
+ # MaxRequestsPerChild: The number of connections a thread will handle
198
+ # before it is killed. In practise this should be set to 0, which
199
+ # disables thread reaping. If you do notice problems with memory
200
+ # leakage, then set this to something like 10000.
201
+ #
202
+ MaxRequestsPerChild 0
203
+
204
+ #
205
+ # Allow: Customization of authorization controls. If there are any
206
+ # access control keywords then the default action is to DENY. Otherwise,
207
+ # the default action is ALLOW.
208
+ #
209
+ # The order of the controls are important. All incoming connections are
210
+ # tested against the controls based on order.
211
+ #
212
+ Allow 127.0.0.1
213
+ Allow 70.70.70.0/24
214
+ #Allow 192.168.0.0/16
215
+ #Allow 172.16.0.0/12
216
+ #Allow 10.0.0.0/8
217
+
218
+ #
219
+ # AddHeader: Adds the specified headers to outgoing HTTP requests that
220
+ # Tinyproxy makes. Note that this option will not work for HTTPS
221
+ # traffic, as Tinyproxy has no control over what headers are exchanged.
222
+ #
223
+ #AddHeader "X-My-Header" "Powered by Tinyproxy"
224
+
225
+ #
226
+ # ViaProxyName: The "Via" header is required by the HTTP RFC, but using
227
+ # the real host name is a security concern. If the following directive
228
+ # is enabled, the string supplied will be used as the host name in the
229
+ # Via header; otherwise, the server's host name will be used.
230
+ #
231
+ ViaProxyName "tinyproxy"
232
+
233
+ #
234
+ # DisableViaHeader: When this is set to yes, Tinyproxy does NOT add
235
+ # the Via header to the requests. This virtually puts Tinyproxy into
236
+ # stealth mode. Note that RFC 2616 requires proxies to set the Via
237
+ # header, so by enabling this option, you break compliance.
238
+ # Don't disable the Via header unless you know what you are doing...
239
+ #
240
+ #DisableViaHeader Yes
241
+
242
+ #
243
+ # Filter: This allows you to specify the location of the filter file.
244
+ #
245
+ #Filter "/etc/tinyproxy/filter"
246
+
247
+ #
248
+ # FilterURLs: Filter based on URLs rather than domains.
249
+ #
250
+ #FilterURLs On
251
+
252
+ #
253
+ # FilterExtended: Use POSIX Extended regular expressions rather than
254
+ # basic.
255
+ #
256
+ #FilterExtended On
257
+
258
+ #
259
+ # FilterCaseSensitive: Use case sensitive regular expressions.
260
+ #
261
+ #FilterCaseSensitive On
262
+
263
+ #
264
+ # FilterDefaultDeny: Change the default policy of the filtering system.
265
+ # If this directive is commented out, or is set to "No" then the default
266
+ # policy is to allow everything which is not specifically denied by the
267
+ # filter file.
268
+ #
269
+ # However, by setting this directive to "Yes" the default policy becomes
270
+ # to deny everything which is _not_ specifically allowed by the filter
271
+ # file.
272
+ #
273
+ #FilterDefaultDeny Yes
274
+
275
+ #
276
+ # Anonymous: If an Anonymous keyword is present, then anonymous proxying
277
+ # is enabled. The headers listed are allowed through, while all others
278
+ # are denied. If no Anonymous keyword is present, then all headers are
279
+ # allowed through. You must include quotes around the headers.
280
+ #
281
+ # Most sites require cookies to be enabled for them to work correctly, so
282
+ # you will need to allow Cookies through if you access those sites.
283
+ #
284
+ #Anonymous "Host"
285
+ #Anonymous "Authorization"
286
+ #Anonymous "Cookie"
287
+
288
+ #
289
+ # ConnectPort: This is a list of ports allowed by tinyproxy when the
290
+ # CONNECT method is used. To disable the CONNECT method altogether, set
291
+ # the value to 0. If no ConnectPort line is found, all ports are
292
+ # allowed (which is not very secure.)
293
+ #
294
+ # The following two ports are used by SSL.
295
+ #
296
+ ConnectPort 443
297
+ ConnectPort 563
298
+
299
+ #
300
+ # Configure one or more ReversePath directives to enable reverse proxy
301
+ # support. With reverse proxying it's possible to make a number of
302
+ # sites appear as if they were part of a single site.
303
+ #
304
+ # If you uncomment the following two directives and run tinyproxy
305
+ # on your own computer at port 8888, you can access Google using
306
+ # http://localhost:8888/google/ and Wired News using
307
+ # http://localhost:8888/wired/news/. Neither will actually work
308
+ # until you uncomment ReverseMagic as they use absolute linking.
309
+ #
310
+ #ReversePath "/google/" "http://www.google.com/"
311
+ #ReversePath "/wired/" "http://www.wired.com/"
312
+
313
+ #
314
+ # When using tinyproxy as a reverse proxy, it is STRONGLY recommended
315
+ # that the normal proxy is turned off by uncommenting the next directive.
316
+ #
317
+ #ReverseOnly Yes
318
+
319
+ #
320
+ # Use a cookie to track reverse proxy mappings. If you need to reverse
321
+ # proxy sites which have absolute links you must uncomment this.
322
+ #
323
+ #ReverseMagic Yes
324
+
325
+ #
326
+ # The URL that's used to access this reverse proxy. The URL is used to
327
+ # rewrite HTTP redirects so that they won't escape the proxy. If you
328
+ # have a chain of reverse proxies, you'll need to put the outermost
329
+ # URL here (the address which the end user types into his/her browser).
330
+ #
331
+ # If not set then no rewriting occurs.
332
+ #
333
+ #ReverseBaseURL "http://localhost:8888/"