vagrant-proxyconf 1.5.2 → 2.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (72) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -0
  3. data/.travis.yml +11 -14
  4. data/CHANGELOG.md +38 -0
  5. data/Gemfile +28 -7
  6. data/LICENSE.txt +1 -1
  7. data/README.md +147 -18
  8. data/Rakefile +1 -27
  9. data/development/Dockerfile +45 -0
  10. data/development/README.md +2 -0
  11. data/development/Vagrantfile.example +185 -9
  12. data/development/install-c7.sh +46 -0
  13. data/development/install-debian.sh +55 -0
  14. data/development/tinyproxy.conf +333 -0
  15. data/lib/vagrant-proxyconf/action.rb +15 -7
  16. data/lib/vagrant-proxyconf/action/base.rb +47 -5
  17. data/lib/vagrant-proxyconf/action/configure_apt_proxy.rb +17 -0
  18. data/lib/vagrant-proxyconf/action/configure_chef_proxy.rb +32 -27
  19. data/lib/vagrant-proxyconf/action/configure_docker_proxy.rb +132 -14
  20. data/lib/vagrant-proxyconf/action/configure_env_proxy.rb +58 -11
  21. data/lib/vagrant-proxyconf/action/configure_git_proxy.rb +25 -9
  22. data/lib/vagrant-proxyconf/action/configure_npm_proxy.rb +14 -6
  23. data/lib/vagrant-proxyconf/action/configure_pear_proxy.rb +15 -8
  24. data/lib/vagrant-proxyconf/action/configure_svn_proxy.rb +15 -8
  25. data/lib/vagrant-proxyconf/action/configure_yum_proxy.rb +16 -0
  26. data/lib/vagrant-proxyconf/action/is_enabled.rb +18 -1
  27. data/lib/vagrant-proxyconf/cap/linux/chef_proxy_conf.rb +17 -0
  28. data/lib/vagrant-proxyconf/cap/linux/docker_proxy_conf.rb +2 -1
  29. data/lib/vagrant-proxyconf/cap/linux/yum_proxy_conf.rb +19 -0
  30. data/lib/vagrant-proxyconf/cap/util.rb +4 -5
  31. data/lib/vagrant-proxyconf/capability.rb +10 -0
  32. data/lib/vagrant-proxyconf/config.rb +20 -0
  33. data/lib/vagrant-proxyconf/config/chef_proxy.rb +25 -0
  34. data/lib/vagrant-proxyconf/config/docker_proxy.rb +25 -0
  35. data/lib/vagrant-proxyconf/config/git_proxy.rb +3 -0
  36. data/lib/vagrant-proxyconf/config/npm_proxy.rb +25 -0
  37. data/lib/vagrant-proxyconf/config/pear_proxy.rb +19 -0
  38. data/lib/vagrant-proxyconf/version.rb +1 -1
  39. data/locales/en.yml +38 -0
  40. data/resources/yum_config.awk +1 -0
  41. data/spec/spec_helper.rb +27 -9
  42. data/spec/unit/fixtures/docker_client_config_json_enabled_proxy +9 -0
  43. data/spec/unit/fixtures/docker_client_config_json_no_proxy +5 -0
  44. data/spec/unit/fixtures/etc_environment_only_http_proxy.conf +9 -0
  45. data/spec/unit/fixtures/yum_with_repository_and_proxy_containing_special_chars.conf +10 -0
  46. data/spec/unit/vagrant-proxyconf/action/base_spec.rb +191 -0
  47. data/spec/unit/vagrant-proxyconf/action/configure_apt_proxy_spec.rb +162 -0
  48. data/spec/unit/vagrant-proxyconf/action/configure_chef_proxy_spec.rb +32 -0
  49. data/spec/unit/vagrant-proxyconf/action/configure_docker_proxy_spec.rb +491 -0
  50. data/spec/unit/vagrant-proxyconf/action/configure_env_proxy_spec.rb +105 -4
  51. data/spec/unit/vagrant-proxyconf/action/configure_git_proxy_spec.rb +116 -0
  52. data/spec/unit/vagrant-proxyconf/action/configure_npm_proxy_spec.rb +67 -0
  53. data/spec/unit/vagrant-proxyconf/action/configure_pear_proxy_spec.rb +116 -0
  54. data/spec/unit/vagrant-proxyconf/action/configure_svn_proxy_spec.rb +85 -0
  55. data/spec/unit/vagrant-proxyconf/action/configure_yum_proxy_spec.rb +100 -0
  56. data/spec/unit/vagrant-proxyconf/action/is_enabled_spec.rb +162 -12
  57. data/spec/unit/vagrant-proxyconf/cap/linux/docker_proxy_conf_spec.rb +1 -1
  58. data/spec/unit/vagrant-proxyconf/cap/util_spec.rb +2 -2
  59. data/spec/unit/vagrant-proxyconf/config/key_mixin_spec.rb +1 -1
  60. data/spec/unit/vagrant-proxyconf/resources/yum_config_spec.rb +14 -0
  61. data/test/issues/180/.rspec +2 -0
  62. data/test/issues/180/Dockerfile +47 -0
  63. data/test/issues/180/README.md +31 -0
  64. data/test/issues/180/Rakefile +27 -0
  65. data/test/issues/180/Vagrantfile +31 -0
  66. data/test/issues/180/entrypoint.sh +50 -0
  67. data/test/issues/180/spec/default/redhat_spec.rb +15 -0
  68. data/test/issues/180/spec/docker_host/redhat_spec.rb +165 -0
  69. data/test/issues/180/spec/spec_helper.rb +43 -0
  70. data/test/issues/180/tinyproxy.conf +333 -0
  71. data/travis/before_install +26 -0
  72. metadata +44 -4
@@ -0,0 +1,2 @@
1
+ --color
2
+ --format documentation
@@ -0,0 +1,47 @@
1
+ FROM centos:7
2
+
3
+ ENV CI_USERNAME vagrant
4
+ ENV CI_PASSWORD vagrant
5
+ ENV CI_HOMEDIR /home/vagrant
6
+ ENV CI_SHELL /bin/bash
7
+
8
+ EXPOSE 8888
9
+
10
+ RUN yum clean all && \
11
+ yum makecache fast && \
12
+ yum -y install epel-release && \
13
+ yum clean expire-cache && \
14
+ yum -y install \
15
+ curl \
16
+ initscripts \
17
+ openssh-clients \
18
+ openssh-server \
19
+ sudo \
20
+ tinyproxy
21
+
22
+ RUN /usr/sbin/sshd-keygen && \
23
+ mkdir -p /var/run/sshd && \
24
+ rm -f /usr/lib/tmpfiles.d/systemd-nologin.conf
25
+
26
+ RUN if ! getent passwd $CI_USERNAME; then \
27
+ useradd -m -d ${CI_HOMEDIR} -s ${CI_SHELL} $CI_USERNAME; \
28
+ fi && \
29
+ echo "${CI_USERNAME}:${CI_PASSWORD}" | chpasswd && \
30
+ echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
31
+ mkdir -p /etc/sudoers.d && \
32
+ echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/${CI_USERNAME} && \
33
+ chmod 0440 /etc/sudoers.d/${CI_USERNAME} && \
34
+ mkdir -p ${CI_HOMEDIR}/.ssh && \
35
+ chown -R ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh && \
36
+ chmod 0700 ${CI_HOMEDIR}/.ssh && \
37
+ curl -L https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub > ${CI_HOMEDIR}/.ssh/vagrant.pub && \
38
+ touch ${CI_HOMEDIR}/.ssh/authorized_keys && \
39
+ grep -q "$(cat ${CI_HOMEDIR}/.ssh/vagrant.pub | awk '{print $2}')" ${CI_HOMEDIR}/.ssh/authorized_keys || cat ${CI_HOMEDIR}/.ssh/vagrant.pub >> ${CI_HOMEDIR}/.ssh/authorized_keys && \
40
+ chown ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh/authorized_keys && \
41
+ chmod 0600 ${CI_HOMEDIR}/.ssh/authorized_keys
42
+
43
+ COPY tinyproxy.conf /etc/tinyproxy/tinyproxy.conf
44
+ COPY entrypoint.sh /entrypoint.sh
45
+
46
+ ENTRYPOINT ["/entrypoint.sh"]
47
+ CMD [ "start" ]
@@ -0,0 +1,31 @@
1
+ Tests
2
+ -----
3
+
4
+ If you are testing the current release of this plugin via bundler
5
+
6
+ ```
7
+ bundle exec vagrant up default
8
+ ```
9
+
10
+ ## Expect
11
+
12
+
13
+ ### Box `default``
14
+
15
+ - The box `default` is a docker container that will be a reverse
16
+ proxy. It should provision itself and work without errors.
17
+
18
+ - You can check that the proxy is working by
19
+ `tail -f /var/log/tinyproxy/tinyproxy.log` inside the container
20
+
21
+ - **NOTE**: You'll need to use `docker exec <hash> -it bash` to get into the container
22
+
23
+
24
+ ### Box `docker-host`
25
+
26
+ - Vagrant should automatically instally docker-ce.
27
+ - The box should come up and provision itself with the proxy settings
28
+ configured in your Vagrantfile.
29
+
30
+
31
+ - **NOTE**: You can use `ssh` to connect to this container.
@@ -0,0 +1,27 @@
1
+ require 'rake'
2
+ require 'rspec/core/rake_task'
3
+
4
+ task :spec => 'spec:all'
5
+ task :default => :spec
6
+
7
+ namespace :spec do
8
+ targets = []
9
+ Dir.glob('./spec/*').each do |dir|
10
+ next unless File.directory?(dir)
11
+ target = File.basename(dir)
12
+ target = "_#{target}" if target == "default"
13
+ targets << target
14
+ end
15
+
16
+ task :all => targets
17
+ task :default => :all
18
+
19
+ targets.each do |target|
20
+ original_target = target == "_default" ? target[1..-1] : target
21
+ desc "Run serverspec tests to #{original_target}"
22
+ RSpec::Core::RakeTask.new(target.to_sym) do |t|
23
+ ENV['TARGET_HOST'] = original_target
24
+ t.pattern = "spec/#{original_target}/*_spec.rb"
25
+ end
26
+ end
27
+ end
@@ -0,0 +1,31 @@
1
+
2
+ Vagrant.configure("2") do |config|
3
+
4
+ config.vm.define 'default' do |c|
5
+ c.vm.box = nil
6
+
7
+ if Vagrant.has_plugin?('vagrant-proxyconf')
8
+ c.proxy.enabled = false
9
+ end
10
+
11
+ c.vm.provider "docker" do |d|
12
+ d.build_dir = "."
13
+ d.expose = ['8888']
14
+ d.has_ssh = true
15
+ d.ports = ['8888:8888']
16
+ end
17
+ end
18
+
19
+ config.vm.define 'docker_host' do |c|
20
+ c.vm.box = "centos/7"
21
+
22
+ if Vagrant.has_plugin?('vagrant-proxyconf')
23
+ c.proxy.http = ENV['HTTP_PROXY']
24
+ c.proxy.https = ENV['HTTPS_PROXY']
25
+ c.proxy.no_proxy = ENV['NO_PROXY']
26
+ end
27
+
28
+ c.vm.provision "docker"
29
+ end
30
+
31
+ end
@@ -0,0 +1,50 @@
1
+ #!/bin/bash
2
+ set -ex
3
+
4
+ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
5
+
6
+ start() {
7
+ # start ssh if sshd is installed
8
+ if [ -f /usr/sbin/sshd ]; then
9
+
10
+ /usr/sbin/sshd-keygen
11
+ /usr/sbin/sshd -t
12
+ /usr/sbin/sshd
13
+
14
+ else
15
+
16
+ true
17
+
18
+ fi
19
+
20
+ # start tinyproxy
21
+ /usr/sbin/tinyproxy \
22
+ -d \
23
+ -c "/etc/tinyproxy/tinyproxy.conf"
24
+ }
25
+
26
+ stop() {
27
+
28
+ pgrep -f 'sshd' | while read _pid
29
+ do
30
+ kill -9 $_pid
31
+ done
32
+
33
+ pgrep -f 'tinyproxy' | while read _pid
34
+ do
35
+ kill -9 $_pid
36
+ done
37
+
38
+ }
39
+
40
+ case "${1}" in
41
+
42
+ start)
43
+ start
44
+ ;;
45
+
46
+ stop)
47
+ stop
48
+ ;;
49
+
50
+ esac
@@ -0,0 +1,15 @@
1
+ require 'spec_helper'
2
+
3
+ describe package('tinyproxy') do
4
+ it { should be_installed }
5
+ end
6
+
7
+ describe service('tinyproxy') do
8
+ it { should be_enabled }
9
+ it { should be_running }
10
+ end
11
+
12
+
13
+ describe port(8888) do
14
+ it { should be_listening }
15
+ end
@@ -0,0 +1,165 @@
1
+ require 'spec_helper'
2
+
3
+ PROXY_HOST = "10.0.2.2"
4
+
5
+ describe service('docker') do
6
+ it { should be_running }
7
+ it { should be_enabled }
8
+ end
9
+
10
+ describe file('/etc/docker/config.json') do
11
+ it { should be_file }
12
+ it { should exist }
13
+ it { should be_mode 600 }
14
+ it { should be_owned_by "root" }
15
+ it { should be_grouped_into "root" }
16
+ end
17
+
18
+ context 'when proxy is enabled' do
19
+
20
+ before(:context) do
21
+ ENV['HTTP_PROXY'] = "http://#{PROXY_HOST}:8888"
22
+ ENV['HTTPS_PROXY'] = "http://#{PROXY_HOST}:8888"
23
+ ENV['NO_PROXY'] = "*.example.com"
24
+
25
+ `vagrant provision #{ENV['TARGET_HOST']}`
26
+ `sleep 3`
27
+ end
28
+
29
+ describe file('/etc/docker/config.json') do
30
+ let(:expected_content) do
31
+ {
32
+ "proxies" => {
33
+ "default" => {
34
+ "httpProxy" => "http://10.0.2.2:8888",
35
+ "httpsProxy" => "http://10.0.2.2:8888",
36
+ "noProxy" => "*.example.com",
37
+ }
38
+ }
39
+ }
40
+ end
41
+
42
+ its(:content_as_json) do
43
+ should include(expected_content)
44
+ end
45
+ end
46
+
47
+ end
48
+
49
+ context 'when HTTP_PROXY=""' do
50
+
51
+ before(:context) do
52
+ ENV['HTTP_PROXY'] = ""
53
+ ENV['HTTPS_PROXY'] = "https://#{PROXY_HOST}:8888"
54
+ ENV['NO_PROXY'] = "*.example.com"
55
+
56
+ `vagrant provision #{ENV['TARGET_HOST']}`
57
+ `sleep 3`
58
+ end
59
+
60
+ describe file('/etc/docker/config.json') do
61
+ let(:expected_content) do
62
+ {
63
+ "proxies" => {
64
+ "default" => {
65
+ "httpsProxy" => "https://#{PROXY_HOST}:8888",
66
+ "noProxy" => "*.example.com",
67
+ }
68
+ }
69
+ }
70
+ end
71
+
72
+ its(:content_as_json) do
73
+ should include(expected_content)
74
+ end
75
+ end
76
+
77
+ end
78
+
79
+ context 'when HTTPS_PROXY=""' do
80
+
81
+ before(:context) do
82
+ ENV['HTTP_PROXY'] = "http://#{PROXY_HOST}:8888"
83
+ ENV['HTTPS_PROXY'] = ""
84
+ ENV['NO_PROXY'] = "*.example.com"
85
+
86
+ `vagrant provision #{ENV['TARGET_HOST']}`
87
+ end
88
+
89
+ describe file('/etc/docker/config.json') do
90
+ let(:expected_content) do
91
+ {
92
+ "proxies" => {
93
+ "default" => {
94
+ "httpProxy" => "http://#{PROXY_HOST}:8888",
95
+ "noProxy" => "*.example.com",
96
+ }
97
+ }
98
+ }
99
+ end
100
+
101
+ its(:content_as_json) do
102
+ should include(expected_content)
103
+ end
104
+ end
105
+
106
+ end
107
+
108
+ context 'when HTTPS_PROXY="" and HTTP_PROXY=""' do
109
+
110
+ before(:context) do
111
+ ENV['HTTP_PROXY'] = ""
112
+ ENV['HTTPS_PROXY'] = ""
113
+ ENV['NO_PROXY'] = "*.example.com"
114
+
115
+ `vagrant provision #{ENV['TARGET_HOST']}`
116
+ `sleep 3`
117
+ end
118
+
119
+ describe file('/etc/docker/config.json') do
120
+ let(:expected_content) do
121
+ {
122
+ "proxies" => {
123
+ "default" => {
124
+ "noProxy" => "*.example.com",
125
+ }
126
+ }
127
+ }
128
+ end
129
+
130
+ its(:content_as_json) do
131
+ should include(expected_content)
132
+ end
133
+ end
134
+
135
+ end
136
+
137
+ context 'when NO_PROXY=""' do
138
+
139
+ before(:context) do
140
+ ENV['HTTP_PROXY'] = "http://#{PROXY_HOST}:8888"
141
+ ENV['HTTPS_PROXY'] = "https://#{PROXY_HOST}:8888"
142
+ ENV['NO_PROXY'] = ""
143
+
144
+ `vagrant provision #{ENV['TARGET_HOST']}`
145
+ `sleep 3`
146
+ end
147
+
148
+ describe file('/etc/docker/config.json') do
149
+ let(:expected_content) do
150
+ {
151
+ "proxies" => {
152
+ "default" => {
153
+ "httpProxy" => "http://#{PROXY_HOST}:8888",
154
+ "httpsProxy" => "https://#{PROXY_HOST}:8888",
155
+ }
156
+ }
157
+ }
158
+ end
159
+
160
+ its(:content_as_json) do
161
+ should include(expected_content)
162
+ end
163
+ end
164
+
165
+ end
@@ -0,0 +1,43 @@
1
+ require 'serverspec'
2
+ require 'net/ssh'
3
+ require 'tempfile'
4
+
5
+ set :backend, :ssh
6
+
7
+ if ENV['ASK_SUDO_PASSWORD']
8
+ begin
9
+ require 'highline/import'
10
+ rescue LoadError
11
+ fail "highline is not available. Try installing it."
12
+ end
13
+ set :sudo_password, ask("Enter sudo password: ") { |q| q.echo = false }
14
+ else
15
+ set :sudo_password, ENV['SUDO_PASSWORD'] || "vagrant"
16
+ end
17
+
18
+ host = ENV['TARGET_HOST']
19
+
20
+ `vagrant up #{host}`
21
+
22
+ config = Tempfile.new('', Dir.tmpdir)
23
+ config.write(`vagrant ssh-config #{host}`)
24
+ config.close
25
+
26
+ options = Net::SSH::Config.for(host, [config.path])
27
+
28
+ options[:user] ||= Etc.getlogin
29
+
30
+ set :host, options[:host_name] || host
31
+ set :ssh_options, options
32
+
33
+ # Disable sudo
34
+ # set :disable_sudo, true
35
+
36
+
37
+ # Set environment variables
38
+ set :env,
39
+ :LANG => 'C',
40
+ :LC_MESSAGES => 'C'
41
+
42
+ # Set PATH
43
+ # set :path, '/sbin:/usr/local/sbin:$PATH'
@@ -0,0 +1,333 @@
1
+ ##
2
+ ## tinyproxy.conf -- tinyproxy daemon configuration file
3
+ ##
4
+ ## This example tinyproxy.conf file contains example settings
5
+ ## with explanations in comments. For decriptions of all
6
+ ## parameters, see the tinproxy.conf(5) manual page.
7
+ ##
8
+
9
+ #
10
+ # User/Group: This allows you to set the user and group that will be
11
+ # used for tinyproxy after the initial binding to the port has been done
12
+ # as the root user. Either the user or group name or the UID or GID
13
+ # number may be used.
14
+ #
15
+ User tinyproxy
16
+ Group tinyproxy
17
+
18
+ #
19
+ # Port: Specify the port which tinyproxy will listen on. Please note
20
+ # that should you choose to run on a port lower than 1024 you will need
21
+ # to start tinyproxy using root.
22
+ #
23
+ Port 8888
24
+
25
+ #
26
+ # Listen: If you have multiple interfaces this allows you to bind to
27
+ # only one. If this is commented out, tinyproxy will bind to all
28
+ # interfaces present.
29
+ #
30
+ #Listen 192.168.0.1
31
+
32
+ #
33
+ # Bind: This allows you to specify which interface will be used for
34
+ # outgoing connections. This is useful for multi-home'd machines where
35
+ # you want all traffic to appear outgoing from one particular interface.
36
+ #
37
+ #Bind 192.168.0.1
38
+
39
+ #
40
+ # BindSame: If enabled, tinyproxy will bind the outgoing connection to the
41
+ # ip address of the incoming connection.
42
+ #
43
+ #BindSame yes
44
+
45
+ #
46
+ # Timeout: The maximum number of seconds of inactivity a connection is
47
+ # allowed to have before it is closed by tinyproxy.
48
+ #
49
+ Timeout 600
50
+
51
+ #
52
+ # ErrorFile: Defines the HTML file to send when a given HTTP error
53
+ # occurs. You will probably need to customize the location to your
54
+ # particular install. The usual locations to check are:
55
+ # /usr/local/share/tinyproxy
56
+ # /usr/share/tinyproxy
57
+ # /etc/tinyproxy
58
+ #
59
+ #ErrorFile 404 "/usr/share/tinyproxy/404.html"
60
+ #ErrorFile 400 "/usr/share/tinyproxy/400.html"
61
+ #ErrorFile 503 "/usr/share/tinyproxy/503.html"
62
+ #ErrorFile 403 "/usr/share/tinyproxy/403.html"
63
+ #ErrorFile 408 "/usr/share/tinyproxy/408.html"
64
+
65
+ #
66
+ # DefaultErrorFile: The HTML file that gets sent if there is no
67
+ # HTML file defined with an ErrorFile keyword for the HTTP error
68
+ # that has occured.
69
+ #
70
+ DefaultErrorFile "/usr/share/tinyproxy/default.html"
71
+
72
+ #
73
+ # StatHost: This configures the host name or IP address that is treated
74
+ # as the stat host: Whenever a request for this host is received,
75
+ # Tinyproxy will return an internal statistics page instead of
76
+ # forwarding the request to that host. The default value of StatHost is
77
+ # tinyproxy.stats.
78
+ #
79
+ #StatHost "tinyproxy.stats"
80
+ #
81
+
82
+ #
83
+ # StatFile: The HTML file that gets sent when a request is made
84
+ # for the stathost. If this file doesn't exist a basic page is
85
+ # hardcoded in tinyproxy.
86
+ #
87
+ StatFile "/usr/share/tinyproxy/stats.html"
88
+
89
+ #
90
+ # LogFile: Allows you to specify the location where information should
91
+ # be logged to. If you would prefer to log to syslog, then disable this
92
+ # and enable the Syslog directive. These directives are mutually
93
+ # exclusive.
94
+ #
95
+ LogFile "/var/log/tinyproxy/tinyproxy.log"
96
+
97
+ #
98
+ # Syslog: Tell tinyproxy to use syslog instead of a logfile. This
99
+ # option must not be enabled if the Logfile directive is being used.
100
+ # These two directives are mutually exclusive.
101
+ #
102
+ #Syslog On
103
+
104
+ #
105
+ # LogLevel:
106
+ #
107
+ # Set the logging level. Allowed settings are:
108
+ # Critical (least verbose)
109
+ # Error
110
+ # Warning
111
+ # Notice
112
+ # Connect (to log connections without Info's noise)
113
+ # Info (most verbose)
114
+ #
115
+ # The LogLevel logs from the set level and above. For example, if the
116
+ # LogLevel was set to Warning, then all log messages from Warning to
117
+ # Critical would be output, but Notice and below would be suppressed.
118
+ #
119
+ LogLevel Info
120
+
121
+ #
122
+ # PidFile: Write the PID of the main tinyproxy thread to this file so it
123
+ # can be used for signalling purposes.
124
+ #
125
+ PidFile "/var/run/tinyproxy/tinyproxy.pid"
126
+
127
+ #
128
+ # XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
129
+ # contains the client's IP address.
130
+ #
131
+ #XTinyproxy Yes
132
+
133
+ #
134
+ # Upstream:
135
+ #
136
+ # Turns on upstream proxy support.
137
+ #
138
+ # The upstream rules allow you to selectively route upstream connections
139
+ # based on the host/domain of the site being accessed.
140
+ #
141
+ # For example:
142
+ # # connection to test domain goes through testproxy
143
+ # upstream testproxy:8008 ".test.domain.invalid"
144
+ # upstream testproxy:8008 ".our_testbed.example.com"
145
+ # upstream testproxy:8008 "192.168.128.0/255.255.254.0"
146
+ #
147
+ # # no upstream proxy for internal websites and unqualified hosts
148
+ # no upstream ".internal.example.com"
149
+ # no upstream "www.example.com"
150
+ # no upstream "10.0.0.0/8"
151
+ # no upstream "192.168.0.0/255.255.254.0"
152
+ # no upstream "."
153
+ #
154
+ # # connection to these boxes go through their DMZ firewalls
155
+ # upstream cust1_firewall:8008 "testbed_for_cust1"
156
+ # upstream cust2_firewall:8008 "testbed_for_cust2"
157
+ #
158
+ # # default upstream is internet firewall
159
+ # upstream firewall.internal.example.com:80
160
+ #
161
+ # The LAST matching rule wins the route decision. As you can see, you
162
+ # can use a host, or a domain:
163
+ # name matches host exactly
164
+ # .name matches any host in domain "name"
165
+ # . matches any host with no domain (in 'empty' domain)
166
+ # IP/bits matches network/mask
167
+ # IP/mask matches network/mask
168
+ #
169
+ #Upstream some.remote.proxy:port
170
+
171
+ #
172
+ # MaxClients: This is the absolute highest number of threads which will
173
+ # be created. In other words, only MaxClients number of clients can be
174
+ # connected at the same time.
175
+ #
176
+ MaxClients 100
177
+
178
+ #
179
+ # MinSpareServers/MaxSpareServers: These settings set the upper and
180
+ # lower limit for the number of spare servers which should be available.
181
+ #
182
+ # If the number of spare servers falls below MinSpareServers then new
183
+ # server processes will be spawned. If the number of servers exceeds
184
+ # MaxSpareServers then the extras will be killed off.
185
+ #
186
+ MinSpareServers 5
187
+ MaxSpareServers 20
188
+
189
+ #
190
+ # StartServers: The number of servers to start initially.
191
+ #
192
+ StartServers 10
193
+
194
+ #
195
+ # MaxRequestsPerChild: The number of connections a thread will handle
196
+ # before it is killed. In practise this should be set to 0, which
197
+ # disables thread reaping. If you do notice problems with memory
198
+ # leakage, then set this to something like 10000.
199
+ #
200
+ MaxRequestsPerChild 0
201
+
202
+ #
203
+ # Allow: Customization of authorization controls. If there are any
204
+ # access control keywords then the default action is to DENY. Otherwise,
205
+ # the default action is ALLOW.
206
+ #
207
+ # The order of the controls are important. All incoming connections are
208
+ # tested against the controls based on order.
209
+ #
210
+ Allow 127.0.0.1
211
+ Allow 0.0.0.0/0
212
+
213
+ #
214
+ # AddHeader: Adds the specified headers to outgoing HTTP requests that
215
+ # Tinyproxy makes. Note that this option will not work for HTTPS
216
+ # traffic, as Tinyproxy has no control over what headers are exchanged.
217
+ #
218
+ #AddHeader "X-My-Header" "Powered by Tinyproxy"
219
+
220
+ #
221
+ # ViaProxyName: The "Via" header is required by the HTTP RFC, but using
222
+ # the real host name is a security concern. If the following directive
223
+ # is enabled, the string supplied will be used as the host name in the
224
+ # Via header; otherwise, the server's host name will be used.
225
+ #
226
+ ViaProxyName "tinyproxy"
227
+
228
+ #
229
+ # DisableViaHeader: When this is set to yes, Tinyproxy does NOT add
230
+ # the Via header to the requests. This virtually puts Tinyproxy into
231
+ # stealth mode. Note that RFC 2616 requires proxies to set the Via
232
+ # header, so by enabling this option, you break compliance.
233
+ # Don't disable the Via header unless you know what you are doing...
234
+ #
235
+ #DisableViaHeader Yes
236
+
237
+ #
238
+ # Filter: This allows you to specify the location of the filter file.
239
+ #
240
+ #Filter "/etc/tinyproxy/filter"
241
+
242
+ #
243
+ # FilterURLs: Filter based on URLs rather than domains.
244
+ #
245
+ #FilterURLs On
246
+
247
+ #
248
+ # FilterExtended: Use POSIX Extended regular expressions rather than
249
+ # basic.
250
+ #
251
+ #FilterExtended On
252
+
253
+ #
254
+ # FilterCaseSensitive: Use case sensitive regular expressions.
255
+ #
256
+ #FilterCaseSensitive On
257
+
258
+ #
259
+ # FilterDefaultDeny: Change the default policy of the filtering system.
260
+ # If this directive is commented out, or is set to "No" then the default
261
+ # policy is to allow everything which is not specifically denied by the
262
+ # filter file.
263
+ #
264
+ # However, by setting this directive to "Yes" the default policy becomes
265
+ # to deny everything which is _not_ specifically allowed by the filter
266
+ # file.
267
+ #
268
+ #FilterDefaultDeny Yes
269
+
270
+ #
271
+ # Anonymous: If an Anonymous keyword is present, then anonymous proxying
272
+ # is enabled. The headers listed are allowed through, while all others
273
+ # are denied. If no Anonymous keyword is present, then all headers are
274
+ # allowed through. You must include quotes around the headers.
275
+ #
276
+ # Most sites require cookies to be enabled for them to work correctly, so
277
+ # you will need to allow Cookies through if you access those sites.
278
+ #
279
+ #Anonymous "Host"
280
+ #Anonymous "Authorization"
281
+ #Anonymous "Cookie"
282
+
283
+ #
284
+ # ConnectPort: This is a list of ports allowed by tinyproxy when the
285
+ # CONNECT method is used. To disable the CONNECT method altogether, set
286
+ # the value to 0. If no ConnectPort line is found, all ports are
287
+ # allowed (which is not very secure.)
288
+ #
289
+ # The following two ports are used by SSL.
290
+ #
291
+ ConnectPort 443
292
+ ConnectPort 563
293
+
294
+ #
295
+ # Configure one or more ReversePath directives to enable reverse proxy
296
+ # support. With reverse proxying it's possible to make a number of
297
+ # sites appear as if they were part of a single site.
298
+ #
299
+ # If you uncomment the following two directives and run tinyproxy
300
+ # on your own computer at port 8888, you can access Google using
301
+ # http://localhost:8888/google/ and Wired News using
302
+ # http://localhost:8888/wired/news/. Neither will actually work
303
+ # until you uncomment ReverseMagic as they use absolute linking.
304
+ #
305
+ #ReversePath "/google/" "http://www.google.com/"
306
+ #ReversePath "/wired/" "http://www.wired.com/"
307
+
308
+ #
309
+ # When using tinyproxy as a reverse proxy, it is STRONGLY recommended
310
+ # that the normal proxy is turned off by uncommenting the next directive.
311
+ #
312
+ #ReverseOnly Yes
313
+
314
+ #
315
+ # Use a cookie to track reverse proxy mappings. If you need to reverse
316
+ # proxy sites which have absolute links you must uncomment this.
317
+ #
318
+ #ReverseMagic Yes
319
+
320
+ #
321
+ # The URL that's used to access this reverse proxy. The URL is used to
322
+ # rewrite HTTP redirects so that they won't escape the proxy. If you
323
+ # have a chain of reverse proxies, you'll need to put the outermost
324
+ # URL here (the address which the end user types into his/her browser).
325
+ #
326
+ # If not set then no rewriting occurs.
327
+ #
328
+ #ReverseBaseURL "http://localhost:8888/"
329
+
330
+
331
+
332
+
333
+ ### foo