vagrant-proxyconf 2.0.4 → 2.0.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.travis.yml +12 -7
- data/CHANGELOG.md +155 -0
- data/Gemfile +1 -18
- data/Jenkinsfile +60 -0
- data/Makefile +33 -0
- data/README.md +22 -0
- data/deps/patches/lib/vagrant/bundler.rb.patch +14 -0
- data/jenkins/helper_functions +206 -0
- data/lib/vagrant-proxyconf/action/base.rb +20 -9
- data/lib/vagrant-proxyconf/action/configure_docker_proxy.rb +21 -23
- data/lib/vagrant-proxyconf/config/apt_proxy.rb +21 -2
- data/lib/vagrant-proxyconf/version.rb +1 -1
- data/spec/unit/support/shared/apt_proxy_config.rb +12 -0
- data/spec/unit/vagrant-proxyconf/action/configure_docker_proxy_spec.rb +44 -37
- data/spec/unit/vagrant-proxyconf/action/configure_svn_proxy_spec.rb +1 -0
- data/test/issues/172/README.md +2 -2
- data/test/issues/172/spec/docker_host/redhat_spec.rb +2 -2
- data/test/issues/180/spec/docker_host/redhat_spec.rb +2 -2
- data/test/issues/192/.rspec +2 -0
- data/test/issues/192/Dockerfile +47 -0
- data/test/issues/192/Dockerfile.bionic +40 -0
- data/test/issues/192/README.md +29 -0
- data/test/issues/192/Rakefile +27 -0
- data/test/issues/192/Vagrantfile +64 -0
- data/test/issues/192/entrypoint.sh +50 -0
- data/test/issues/192/spec/default/redhat_spec.rb +15 -0
- data/test/issues/192/spec/docker_host/ubuntu_spec.rb +3 -0
- data/test/issues/192/spec/spec_helper.rb +52 -0
- data/test/issues/192/tinyproxy.conf +333 -0
- data/test/issues/199/.rspec +2 -0
- data/test/issues/199/Dockerfile +47 -0
- data/test/issues/199/README.md +31 -0
- data/test/issues/199/Rakefile +27 -0
- data/test/issues/199/Vagrantfile +74 -0
- data/test/issues/199/entrypoint.sh +50 -0
- data/test/issues/199/spec/apt_host/ubuntu_spec.rb +135 -0
- data/test/issues/199/spec/default/redhat_spec.rb +15 -0
- data/test/issues/199/spec/spec_helper.rb +52 -0
- data/test/issues/199/tinyproxy.conf +333 -0
- data/test/issues/218/.rspec +2 -0
- data/test/issues/218/Dockerfile +47 -0
- data/test/issues/218/README.md +35 -0
- data/test/issues/218/Rakefile +27 -0
- data/test/issues/218/Vagrantfile +62 -0
- data/test/issues/218/entrypoint.sh +50 -0
- data/test/issues/218/force-all-outbound-traffic-through-proxy.iptables +18 -0
- data/test/issues/218/spec/default/redhat_spec.rb +16 -0
- data/test/issues/218/spec/docker_host/redhat_spec.rb +171 -0
- data/test/issues/218/spec/spec_helper.rb +43 -0
- data/test/issues/218/tinyproxy.conf +333 -0
- metadata +71 -4
data/test/issues/172/README.md
CHANGED
@@ -10,7 +10,7 @@ bundle exec vagrant up default
|
|
10
10
|
## Expect
|
11
11
|
|
12
12
|
|
13
|
-
### Box `default
|
13
|
+
### Box `default`
|
14
14
|
|
15
15
|
- The box `default` is a docker container that will be a reverse
|
16
16
|
proxy. It should provision itself and work without errors.
|
@@ -21,7 +21,7 @@ bundle exec vagrant up default
|
|
21
21
|
- **NOTE**: You'll need to use `docker exec <hash> -it bash` to get into the container
|
22
22
|
|
23
23
|
|
24
|
-
### Box `
|
24
|
+
### Box `docker_host`
|
25
25
|
|
26
26
|
- Vagrant should automatically instally docker-ce.
|
27
27
|
- The box should come up and provision itself with the proxy settings
|
@@ -10,9 +10,9 @@ end
|
|
10
10
|
describe file('/etc/docker/config.json') do
|
11
11
|
it { should be_file }
|
12
12
|
it { should exist }
|
13
|
-
it { should be_mode
|
13
|
+
it { should be_mode 644 }
|
14
14
|
it { should be_owned_by "root" }
|
15
|
-
it { should be_grouped_into "
|
15
|
+
it { should be_grouped_into "docker" }
|
16
16
|
end
|
17
17
|
|
18
18
|
context 'when proxy is enabled' do
|
@@ -10,9 +10,9 @@ end
|
|
10
10
|
describe file('/etc/docker/config.json') do
|
11
11
|
it { should be_file }
|
12
12
|
it { should exist }
|
13
|
-
it { should be_mode
|
13
|
+
it { should be_mode 644 }
|
14
14
|
it { should be_owned_by "root" }
|
15
|
-
it { should be_grouped_into "
|
15
|
+
it { should be_grouped_into "docker" }
|
16
16
|
end
|
17
17
|
|
18
18
|
context 'when proxy is enabled' do
|
@@ -0,0 +1,47 @@
|
|
1
|
+
FROM centos:7
|
2
|
+
|
3
|
+
ENV CI_USERNAME vagrant
|
4
|
+
ENV CI_PASSWORD vagrant
|
5
|
+
ENV CI_HOMEDIR /home/vagrant
|
6
|
+
ENV CI_SHELL /bin/bash
|
7
|
+
|
8
|
+
EXPOSE 8888
|
9
|
+
|
10
|
+
RUN yum clean all && \
|
11
|
+
yum makecache fast && \
|
12
|
+
yum -y install epel-release && \
|
13
|
+
yum clean expire-cache && \
|
14
|
+
yum -y install \
|
15
|
+
curl \
|
16
|
+
initscripts \
|
17
|
+
openssh-clients \
|
18
|
+
openssh-server \
|
19
|
+
sudo \
|
20
|
+
tinyproxy
|
21
|
+
|
22
|
+
RUN /usr/sbin/sshd-keygen && \
|
23
|
+
mkdir -p /var/run/sshd && \
|
24
|
+
rm -f /usr/lib/tmpfiles.d/systemd-nologin.conf
|
25
|
+
|
26
|
+
RUN if ! getent passwd $CI_USERNAME; then \
|
27
|
+
useradd -m -d ${CI_HOMEDIR} -s ${CI_SHELL} $CI_USERNAME; \
|
28
|
+
fi && \
|
29
|
+
echo "${CI_USERNAME}:${CI_PASSWORD}" | chpasswd && \
|
30
|
+
echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
|
31
|
+
mkdir -p /etc/sudoers.d && \
|
32
|
+
echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/${CI_USERNAME} && \
|
33
|
+
chmod 0440 /etc/sudoers.d/${CI_USERNAME} && \
|
34
|
+
mkdir -p ${CI_HOMEDIR}/.ssh && \
|
35
|
+
chown -R ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh && \
|
36
|
+
chmod 0700 ${CI_HOMEDIR}/.ssh && \
|
37
|
+
curl -L https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub > ${CI_HOMEDIR}/.ssh/vagrant.pub && \
|
38
|
+
touch ${CI_HOMEDIR}/.ssh/authorized_keys && \
|
39
|
+
grep -q "$(cat ${CI_HOMEDIR}/.ssh/vagrant.pub | awk '{print $2}')" ${CI_HOMEDIR}/.ssh/authorized_keys || cat ${CI_HOMEDIR}/.ssh/vagrant.pub >> ${CI_HOMEDIR}/.ssh/authorized_keys && \
|
40
|
+
chown ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh/authorized_keys && \
|
41
|
+
chmod 0600 ${CI_HOMEDIR}/.ssh/authorized_keys
|
42
|
+
|
43
|
+
COPY tinyproxy.conf /etc/tinyproxy/tinyproxy.conf
|
44
|
+
COPY entrypoint.sh /entrypoint.sh
|
45
|
+
|
46
|
+
ENTRYPOINT ["/entrypoint.sh"]
|
47
|
+
CMD [ "start" ]
|
@@ -0,0 +1,40 @@
|
|
1
|
+
FROM ubuntu:bionic
|
2
|
+
|
3
|
+
ENV CI_USERNAME vagrant
|
4
|
+
ENV CI_PASSWORD vagrant
|
5
|
+
ENV CI_HOMEDIR /home/vagrant
|
6
|
+
ENV CI_SHELL /bin/bash
|
7
|
+
|
8
|
+
RUN apt-get -y update && \
|
9
|
+
mkdir -p /run/sshd && \
|
10
|
+
apt-get -y install \
|
11
|
+
apt-transport-https \
|
12
|
+
ca-certificates \
|
13
|
+
curl \
|
14
|
+
gnupg-agent \
|
15
|
+
openssh-client \
|
16
|
+
openssh-server \
|
17
|
+
software-properties-common \
|
18
|
+
sudo
|
19
|
+
|
20
|
+
RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - && \
|
21
|
+
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
|
22
|
+
rm -f /usr/lib/tmpfiles.d/systemd-nologin.conf && \
|
23
|
+
if ! getent passwd $CI_USERNAME; then \
|
24
|
+
useradd -m -d ${CI_HOMEDIR} -s ${CI_SHELL} $CI_USERNAME; \
|
25
|
+
fi && \
|
26
|
+
echo "${CI_USERNAME}:${CI_PASSWORD}" | chpasswd && \
|
27
|
+
echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
|
28
|
+
mkdir -p /etc/sudoers.d && \
|
29
|
+
echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/${CI_USERNAME} && \
|
30
|
+
chmod 0440 /etc/sudoers.d/${CI_USERNAME} && \
|
31
|
+
mkdir -p ${CI_HOMEDIR}/.ssh && \
|
32
|
+
chown -R ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh && \
|
33
|
+
chmod 0700 ${CI_HOMEDIR}/.ssh && \
|
34
|
+
curl -L https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub > ${CI_HOMEDIR}/.ssh/vagrant.pub && \
|
35
|
+
touch ${CI_HOMEDIR}/.ssh/authorized_keys && \
|
36
|
+
grep -q "$(cat ${CI_HOMEDIR}/.ssh/vagrant.pub | awk '{print $2}')" ${CI_HOMEDIR}/.ssh/authorized_keys || cat ${CI_HOMEDIR}/.ssh/vagrant.pub >> ${CI_HOMEDIR}/.ssh/authorized_keys && \
|
37
|
+
chown ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh/authorized_keys && \
|
38
|
+
chmod 0600 ${CI_HOMEDIR}/.ssh/authorized_keys
|
39
|
+
|
40
|
+
CMD [ "/usr/sbin/sshd", "-D" ]
|
@@ -0,0 +1,29 @@
|
|
1
|
+
Tests
|
2
|
+
-----
|
3
|
+
|
4
|
+
If you are testing the current release of this plugin via bundler
|
5
|
+
|
6
|
+
```
|
7
|
+
bundle exec vagrant up default
|
8
|
+
```
|
9
|
+
|
10
|
+
## Expect
|
11
|
+
|
12
|
+
|
13
|
+
### Box `default`
|
14
|
+
|
15
|
+
- The box `default` is a docker container that will be a reverse
|
16
|
+
proxy. It should provision itself and work without errors.
|
17
|
+
|
18
|
+
- You can check that the proxy is working by
|
19
|
+
`tail -f /var/log/tinyproxy/tinyproxy.log` inside the container
|
20
|
+
|
21
|
+
- **NOTE**: You'll need to use `docker exec <hash> -it bash` to get into the container
|
22
|
+
|
23
|
+
|
24
|
+
### Box `docker-host`
|
25
|
+
|
26
|
+
- Vagrant should automatically instally docker-ce.
|
27
|
+
- The box should come up and provision itself with the proxy settings
|
28
|
+
configured in your Vagrantfile.
|
29
|
+
- **NOTE**: You can use `ssh` to connect to this container.
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rspec/core/rake_task'
|
3
|
+
|
4
|
+
task :spec => 'spec:all'
|
5
|
+
task :default => :spec
|
6
|
+
|
7
|
+
namespace :spec do
|
8
|
+
targets = []
|
9
|
+
Dir.glob('./spec/*').each do |dir|
|
10
|
+
next unless File.directory?(dir)
|
11
|
+
target = File.basename(dir)
|
12
|
+
target = "_#{target}" if target == "default"
|
13
|
+
targets << target
|
14
|
+
end
|
15
|
+
|
16
|
+
task :all => targets
|
17
|
+
task :default => :all
|
18
|
+
|
19
|
+
targets.each do |target|
|
20
|
+
original_target = target == "_default" ? target[1..-1] : target
|
21
|
+
desc "Run serverspec tests to #{original_target}"
|
22
|
+
RSpec::Core::RakeTask.new(target.to_sym) do |t|
|
23
|
+
ENV['TARGET_HOST'] = original_target
|
24
|
+
t.pattern = "spec/#{original_target}/*_spec.rb"
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
# this should be the IP address of the :default box
|
2
|
+
$PROXY_HOST ="172.17.0.1"
|
3
|
+
$PROXY_PORT="8888"
|
4
|
+
$PROXY_NO_PROXY=[
|
5
|
+
'localhost',
|
6
|
+
]
|
7
|
+
|
8
|
+
ENV['HTTP_PROXY'] = ENV.fetch('HTTP_PROXY', "http://#{$PROXY_HOST}:#{$PROXY_PORT}")
|
9
|
+
ENV['HTTPS_PROXY'] = ENV.fetch('HTTPS_PROXY', "http://#{$PROXY_HOST}:#{$PROXY_PORT}")
|
10
|
+
ENV['NO_PROXY'] = ENV.fetch('NO_PROXY', $PROXY_NO_PROXY.join(","))
|
11
|
+
|
12
|
+
puts "HTTP_PROXY = '#{ENV["HTTP_PROXY"]}'"
|
13
|
+
puts "HTTPS_PROXY = '#{ENV["HTTPS_PROXY"]}'"
|
14
|
+
puts "NO_PROXY = '#{ENV["NO_PROXY"]}'"
|
15
|
+
|
16
|
+
puts "vagrant-proxyconf is installed? #{Vagrant.has_plugin?('vagrant-proxyconf')}"
|
17
|
+
|
18
|
+
|
19
|
+
Vagrant.configure("2") do |config|
|
20
|
+
|
21
|
+
config.vm.define 'default' do |c|
|
22
|
+
c.vm.box = nil
|
23
|
+
|
24
|
+
if Vagrant.has_plugin?('vagrant-proxyconf')
|
25
|
+
c.proxy.enabled = false
|
26
|
+
end
|
27
|
+
|
28
|
+
c.vm.provider "docker" do |d|
|
29
|
+
d.build_dir = "."
|
30
|
+
d.has_ssh = true
|
31
|
+
d.ports = [
|
32
|
+
"#{$PROXY_PORT}:#{$PROXY_PORT}",
|
33
|
+
]
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
config.vm.define 'docker_host' do |c|
|
38
|
+
c.vm.box = nil
|
39
|
+
|
40
|
+
if Vagrant.has_plugin?('vagrant-proxyconf')
|
41
|
+
c.proxy.http = ENV['HTTP_PROXY']
|
42
|
+
c.proxy.https = ENV['HTTPS_PROXY']
|
43
|
+
c.proxy.no_proxy = ENV['NO_PROXY']
|
44
|
+
c.proxy.enabled = {
|
45
|
+
:apt => {
|
46
|
+
:enabled => true,
|
47
|
+
:skip => false,
|
48
|
+
},
|
49
|
+
:env => {
|
50
|
+
:enabled => false,
|
51
|
+
:skip => false,
|
52
|
+
}
|
53
|
+
}
|
54
|
+
end
|
55
|
+
|
56
|
+
c.vm.provider "docker" do |d|
|
57
|
+
d.build_dir = "."
|
58
|
+
d.dockerfile = "Dockerfile.bionic"
|
59
|
+
d.has_ssh = true
|
60
|
+
end
|
61
|
+
|
62
|
+
end
|
63
|
+
|
64
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
set -ex
|
3
|
+
|
4
|
+
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
5
|
+
|
6
|
+
start() {
|
7
|
+
# start ssh if sshd is installed
|
8
|
+
if [ -f /usr/sbin/sshd ]; then
|
9
|
+
|
10
|
+
/usr/sbin/sshd-keygen
|
11
|
+
/usr/sbin/sshd -t
|
12
|
+
/usr/sbin/sshd
|
13
|
+
|
14
|
+
else
|
15
|
+
|
16
|
+
true
|
17
|
+
|
18
|
+
fi
|
19
|
+
|
20
|
+
# start tinyproxy
|
21
|
+
/usr/sbin/tinyproxy \
|
22
|
+
-d \
|
23
|
+
-c "/etc/tinyproxy/tinyproxy.conf"
|
24
|
+
}
|
25
|
+
|
26
|
+
stop() {
|
27
|
+
|
28
|
+
pgrep -f 'sshd' | while read _pid
|
29
|
+
do
|
30
|
+
kill -9 $_pid
|
31
|
+
done
|
32
|
+
|
33
|
+
pgrep -f 'tinyproxy' | while read _pid
|
34
|
+
do
|
35
|
+
kill -9 $_pid
|
36
|
+
done
|
37
|
+
|
38
|
+
}
|
39
|
+
|
40
|
+
case "${1}" in
|
41
|
+
|
42
|
+
start)
|
43
|
+
start
|
44
|
+
;;
|
45
|
+
|
46
|
+
stop)
|
47
|
+
stop
|
48
|
+
;;
|
49
|
+
|
50
|
+
esac
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe package('tinyproxy') do
|
4
|
+
it { should be_installed }
|
5
|
+
end
|
6
|
+
|
7
|
+
describe service('tinyproxy') do
|
8
|
+
it { should be_enabled }
|
9
|
+
it { should be_running }
|
10
|
+
end
|
11
|
+
|
12
|
+
|
13
|
+
describe port(8888) do
|
14
|
+
it { should be_listening }
|
15
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
require 'serverspec'
|
2
|
+
require 'net/ssh'
|
3
|
+
require 'tempfile'
|
4
|
+
|
5
|
+
set :backend, :ssh
|
6
|
+
|
7
|
+
if ENV['ASK_SUDO_PASSWORD']
|
8
|
+
begin
|
9
|
+
require 'highline/import'
|
10
|
+
rescue LoadError
|
11
|
+
fail "highline is not available. Try installing it."
|
12
|
+
end
|
13
|
+
set :sudo_password, ask("Enter sudo password: ") { |q| q.echo = false }
|
14
|
+
else
|
15
|
+
set :sudo_password, ENV['SUDO_PASSWORD'] || "vagrant"
|
16
|
+
end
|
17
|
+
|
18
|
+
host = ENV['TARGET_HOST']
|
19
|
+
|
20
|
+
`vagrant up #{host}`
|
21
|
+
|
22
|
+
config = Tempfile.new('', Dir.tmpdir)
|
23
|
+
config.write(`vagrant ssh-config #{host}`)
|
24
|
+
config.close
|
25
|
+
|
26
|
+
options = Net::SSH::Config.for(host, [config.path])
|
27
|
+
|
28
|
+
options[:user] ||= Etc.getlogin
|
29
|
+
|
30
|
+
set :host, options[:host_name] || host
|
31
|
+
set :ssh_options, options
|
32
|
+
|
33
|
+
# Disable sudo
|
34
|
+
# set :disable_sudo, true
|
35
|
+
|
36
|
+
|
37
|
+
# Set environment variables
|
38
|
+
set :env,
|
39
|
+
:LANG => 'C',
|
40
|
+
:LC_MESSAGES => 'C'
|
41
|
+
|
42
|
+
# Set PATH
|
43
|
+
# set :path, '/sbin:/usr/local/sbin:$PATH'
|
44
|
+
set :path, [
|
45
|
+
'/usr/local/bin',
|
46
|
+
'/usr/local/sbin',
|
47
|
+
'/usr/bin',
|
48
|
+
'/usr/sbin',
|
49
|
+
'/bin',
|
50
|
+
'/sbin',
|
51
|
+
'$PATH',
|
52
|
+
].join(':')
|
@@ -0,0 +1,333 @@
|
|
1
|
+
##
|
2
|
+
## tinyproxy.conf -- tinyproxy daemon configuration file
|
3
|
+
##
|
4
|
+
## This example tinyproxy.conf file contains example settings
|
5
|
+
## with explanations in comments. For decriptions of all
|
6
|
+
## parameters, see the tinproxy.conf(5) manual page.
|
7
|
+
##
|
8
|
+
|
9
|
+
#
|
10
|
+
# User/Group: This allows you to set the user and group that will be
|
11
|
+
# used for tinyproxy after the initial binding to the port has been done
|
12
|
+
# as the root user. Either the user or group name or the UID or GID
|
13
|
+
# number may be used.
|
14
|
+
#
|
15
|
+
User tinyproxy
|
16
|
+
Group tinyproxy
|
17
|
+
|
18
|
+
#
|
19
|
+
# Port: Specify the port which tinyproxy will listen on. Please note
|
20
|
+
# that should you choose to run on a port lower than 1024 you will need
|
21
|
+
# to start tinyproxy using root.
|
22
|
+
#
|
23
|
+
Port 8888
|
24
|
+
|
25
|
+
#
|
26
|
+
# Listen: If you have multiple interfaces this allows you to bind to
|
27
|
+
# only one. If this is commented out, tinyproxy will bind to all
|
28
|
+
# interfaces present.
|
29
|
+
#
|
30
|
+
#Listen 192.168.0.1
|
31
|
+
|
32
|
+
#
|
33
|
+
# Bind: This allows you to specify which interface will be used for
|
34
|
+
# outgoing connections. This is useful for multi-home'd machines where
|
35
|
+
# you want all traffic to appear outgoing from one particular interface.
|
36
|
+
#
|
37
|
+
#Bind 192.168.0.1
|
38
|
+
|
39
|
+
#
|
40
|
+
# BindSame: If enabled, tinyproxy will bind the outgoing connection to the
|
41
|
+
# ip address of the incoming connection.
|
42
|
+
#
|
43
|
+
#BindSame yes
|
44
|
+
|
45
|
+
#
|
46
|
+
# Timeout: The maximum number of seconds of inactivity a connection is
|
47
|
+
# allowed to have before it is closed by tinyproxy.
|
48
|
+
#
|
49
|
+
Timeout 600
|
50
|
+
|
51
|
+
#
|
52
|
+
# ErrorFile: Defines the HTML file to send when a given HTTP error
|
53
|
+
# occurs. You will probably need to customize the location to your
|
54
|
+
# particular install. The usual locations to check are:
|
55
|
+
# /usr/local/share/tinyproxy
|
56
|
+
# /usr/share/tinyproxy
|
57
|
+
# /etc/tinyproxy
|
58
|
+
#
|
59
|
+
#ErrorFile 404 "/usr/share/tinyproxy/404.html"
|
60
|
+
#ErrorFile 400 "/usr/share/tinyproxy/400.html"
|
61
|
+
#ErrorFile 503 "/usr/share/tinyproxy/503.html"
|
62
|
+
#ErrorFile 403 "/usr/share/tinyproxy/403.html"
|
63
|
+
#ErrorFile 408 "/usr/share/tinyproxy/408.html"
|
64
|
+
|
65
|
+
#
|
66
|
+
# DefaultErrorFile: The HTML file that gets sent if there is no
|
67
|
+
# HTML file defined with an ErrorFile keyword for the HTTP error
|
68
|
+
# that has occured.
|
69
|
+
#
|
70
|
+
DefaultErrorFile "/usr/share/tinyproxy/default.html"
|
71
|
+
|
72
|
+
#
|
73
|
+
# StatHost: This configures the host name or IP address that is treated
|
74
|
+
# as the stat host: Whenever a request for this host is received,
|
75
|
+
# Tinyproxy will return an internal statistics page instead of
|
76
|
+
# forwarding the request to that host. The default value of StatHost is
|
77
|
+
# tinyproxy.stats.
|
78
|
+
#
|
79
|
+
#StatHost "tinyproxy.stats"
|
80
|
+
#
|
81
|
+
|
82
|
+
#
|
83
|
+
# StatFile: The HTML file that gets sent when a request is made
|
84
|
+
# for the stathost. If this file doesn't exist a basic page is
|
85
|
+
# hardcoded in tinyproxy.
|
86
|
+
#
|
87
|
+
StatFile "/usr/share/tinyproxy/stats.html"
|
88
|
+
|
89
|
+
#
|
90
|
+
# LogFile: Allows you to specify the location where information should
|
91
|
+
# be logged to. If you would prefer to log to syslog, then disable this
|
92
|
+
# and enable the Syslog directive. These directives are mutually
|
93
|
+
# exclusive.
|
94
|
+
#
|
95
|
+
LogFile "/var/log/tinyproxy/tinyproxy.log"
|
96
|
+
|
97
|
+
#
|
98
|
+
# Syslog: Tell tinyproxy to use syslog instead of a logfile. This
|
99
|
+
# option must not be enabled if the Logfile directive is being used.
|
100
|
+
# These two directives are mutually exclusive.
|
101
|
+
#
|
102
|
+
#Syslog On
|
103
|
+
|
104
|
+
#
|
105
|
+
# LogLevel:
|
106
|
+
#
|
107
|
+
# Set the logging level. Allowed settings are:
|
108
|
+
# Critical (least verbose)
|
109
|
+
# Error
|
110
|
+
# Warning
|
111
|
+
# Notice
|
112
|
+
# Connect (to log connections without Info's noise)
|
113
|
+
# Info (most verbose)
|
114
|
+
#
|
115
|
+
# The LogLevel logs from the set level and above. For example, if the
|
116
|
+
# LogLevel was set to Warning, then all log messages from Warning to
|
117
|
+
# Critical would be output, but Notice and below would be suppressed.
|
118
|
+
#
|
119
|
+
LogLevel Info
|
120
|
+
|
121
|
+
#
|
122
|
+
# PidFile: Write the PID of the main tinyproxy thread to this file so it
|
123
|
+
# can be used for signalling purposes.
|
124
|
+
#
|
125
|
+
PidFile "/var/run/tinyproxy/tinyproxy.pid"
|
126
|
+
|
127
|
+
#
|
128
|
+
# XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
|
129
|
+
# contains the client's IP address.
|
130
|
+
#
|
131
|
+
#XTinyproxy Yes
|
132
|
+
|
133
|
+
#
|
134
|
+
# Upstream:
|
135
|
+
#
|
136
|
+
# Turns on upstream proxy support.
|
137
|
+
#
|
138
|
+
# The upstream rules allow you to selectively route upstream connections
|
139
|
+
# based on the host/domain of the site being accessed.
|
140
|
+
#
|
141
|
+
# For example:
|
142
|
+
# # connection to test domain goes through testproxy
|
143
|
+
# upstream testproxy:8008 ".test.domain.invalid"
|
144
|
+
# upstream testproxy:8008 ".our_testbed.example.com"
|
145
|
+
# upstream testproxy:8008 "192.168.128.0/255.255.254.0"
|
146
|
+
#
|
147
|
+
# # no upstream proxy for internal websites and unqualified hosts
|
148
|
+
# no upstream ".internal.example.com"
|
149
|
+
# no upstream "www.example.com"
|
150
|
+
# no upstream "10.0.0.0/8"
|
151
|
+
# no upstream "192.168.0.0/255.255.254.0"
|
152
|
+
# no upstream "."
|
153
|
+
#
|
154
|
+
# # connection to these boxes go through their DMZ firewalls
|
155
|
+
# upstream cust1_firewall:8008 "testbed_for_cust1"
|
156
|
+
# upstream cust2_firewall:8008 "testbed_for_cust2"
|
157
|
+
#
|
158
|
+
# # default upstream is internet firewall
|
159
|
+
# upstream firewall.internal.example.com:80
|
160
|
+
#
|
161
|
+
# The LAST matching rule wins the route decision. As you can see, you
|
162
|
+
# can use a host, or a domain:
|
163
|
+
# name matches host exactly
|
164
|
+
# .name matches any host in domain "name"
|
165
|
+
# . matches any host with no domain (in 'empty' domain)
|
166
|
+
# IP/bits matches network/mask
|
167
|
+
# IP/mask matches network/mask
|
168
|
+
#
|
169
|
+
#Upstream some.remote.proxy:port
|
170
|
+
|
171
|
+
#
|
172
|
+
# MaxClients: This is the absolute highest number of threads which will
|
173
|
+
# be created. In other words, only MaxClients number of clients can be
|
174
|
+
# connected at the same time.
|
175
|
+
#
|
176
|
+
MaxClients 100
|
177
|
+
|
178
|
+
#
|
179
|
+
# MinSpareServers/MaxSpareServers: These settings set the upper and
|
180
|
+
# lower limit for the number of spare servers which should be available.
|
181
|
+
#
|
182
|
+
# If the number of spare servers falls below MinSpareServers then new
|
183
|
+
# server processes will be spawned. If the number of servers exceeds
|
184
|
+
# MaxSpareServers then the extras will be killed off.
|
185
|
+
#
|
186
|
+
MinSpareServers 5
|
187
|
+
MaxSpareServers 20
|
188
|
+
|
189
|
+
#
|
190
|
+
# StartServers: The number of servers to start initially.
|
191
|
+
#
|
192
|
+
StartServers 10
|
193
|
+
|
194
|
+
#
|
195
|
+
# MaxRequestsPerChild: The number of connections a thread will handle
|
196
|
+
# before it is killed. In practise this should be set to 0, which
|
197
|
+
# disables thread reaping. If you do notice problems with memory
|
198
|
+
# leakage, then set this to something like 10000.
|
199
|
+
#
|
200
|
+
MaxRequestsPerChild 0
|
201
|
+
|
202
|
+
#
|
203
|
+
# Allow: Customization of authorization controls. If there are any
|
204
|
+
# access control keywords then the default action is to DENY. Otherwise,
|
205
|
+
# the default action is ALLOW.
|
206
|
+
#
|
207
|
+
# The order of the controls are important. All incoming connections are
|
208
|
+
# tested against the controls based on order.
|
209
|
+
#
|
210
|
+
Allow 127.0.0.1
|
211
|
+
Allow 0.0.0.0/0
|
212
|
+
|
213
|
+
#
|
214
|
+
# AddHeader: Adds the specified headers to outgoing HTTP requests that
|
215
|
+
# Tinyproxy makes. Note that this option will not work for HTTPS
|
216
|
+
# traffic, as Tinyproxy has no control over what headers are exchanged.
|
217
|
+
#
|
218
|
+
#AddHeader "X-My-Header" "Powered by Tinyproxy"
|
219
|
+
|
220
|
+
#
|
221
|
+
# ViaProxyName: The "Via" header is required by the HTTP RFC, but using
|
222
|
+
# the real host name is a security concern. If the following directive
|
223
|
+
# is enabled, the string supplied will be used as the host name in the
|
224
|
+
# Via header; otherwise, the server's host name will be used.
|
225
|
+
#
|
226
|
+
ViaProxyName "tinyproxy"
|
227
|
+
|
228
|
+
#
|
229
|
+
# DisableViaHeader: When this is set to yes, Tinyproxy does NOT add
|
230
|
+
# the Via header to the requests. This virtually puts Tinyproxy into
|
231
|
+
# stealth mode. Note that RFC 2616 requires proxies to set the Via
|
232
|
+
# header, so by enabling this option, you break compliance.
|
233
|
+
# Don't disable the Via header unless you know what you are doing...
|
234
|
+
#
|
235
|
+
#DisableViaHeader Yes
|
236
|
+
|
237
|
+
#
|
238
|
+
# Filter: This allows you to specify the location of the filter file.
|
239
|
+
#
|
240
|
+
#Filter "/etc/tinyproxy/filter"
|
241
|
+
|
242
|
+
#
|
243
|
+
# FilterURLs: Filter based on URLs rather than domains.
|
244
|
+
#
|
245
|
+
#FilterURLs On
|
246
|
+
|
247
|
+
#
|
248
|
+
# FilterExtended: Use POSIX Extended regular expressions rather than
|
249
|
+
# basic.
|
250
|
+
#
|
251
|
+
#FilterExtended On
|
252
|
+
|
253
|
+
#
|
254
|
+
# FilterCaseSensitive: Use case sensitive regular expressions.
|
255
|
+
#
|
256
|
+
#FilterCaseSensitive On
|
257
|
+
|
258
|
+
#
|
259
|
+
# FilterDefaultDeny: Change the default policy of the filtering system.
|
260
|
+
# If this directive is commented out, or is set to "No" then the default
|
261
|
+
# policy is to allow everything which is not specifically denied by the
|
262
|
+
# filter file.
|
263
|
+
#
|
264
|
+
# However, by setting this directive to "Yes" the default policy becomes
|
265
|
+
# to deny everything which is _not_ specifically allowed by the filter
|
266
|
+
# file.
|
267
|
+
#
|
268
|
+
#FilterDefaultDeny Yes
|
269
|
+
|
270
|
+
#
|
271
|
+
# Anonymous: If an Anonymous keyword is present, then anonymous proxying
|
272
|
+
# is enabled. The headers listed are allowed through, while all others
|
273
|
+
# are denied. If no Anonymous keyword is present, then all headers are
|
274
|
+
# allowed through. You must include quotes around the headers.
|
275
|
+
#
|
276
|
+
# Most sites require cookies to be enabled for them to work correctly, so
|
277
|
+
# you will need to allow Cookies through if you access those sites.
|
278
|
+
#
|
279
|
+
#Anonymous "Host"
|
280
|
+
#Anonymous "Authorization"
|
281
|
+
#Anonymous "Cookie"
|
282
|
+
|
283
|
+
#
|
284
|
+
# ConnectPort: This is a list of ports allowed by tinyproxy when the
|
285
|
+
# CONNECT method is used. To disable the CONNECT method altogether, set
|
286
|
+
# the value to 0. If no ConnectPort line is found, all ports are
|
287
|
+
# allowed (which is not very secure.)
|
288
|
+
#
|
289
|
+
# The following two ports are used by SSL.
|
290
|
+
#
|
291
|
+
ConnectPort 443
|
292
|
+
ConnectPort 563
|
293
|
+
|
294
|
+
#
|
295
|
+
# Configure one or more ReversePath directives to enable reverse proxy
|
296
|
+
# support. With reverse proxying it's possible to make a number of
|
297
|
+
# sites appear as if they were part of a single site.
|
298
|
+
#
|
299
|
+
# If you uncomment the following two directives and run tinyproxy
|
300
|
+
# on your own computer at port 8888, you can access Google using
|
301
|
+
# http://localhost:8888/google/ and Wired News using
|
302
|
+
# http://localhost:8888/wired/news/. Neither will actually work
|
303
|
+
# until you uncomment ReverseMagic as they use absolute linking.
|
304
|
+
#
|
305
|
+
#ReversePath "/google/" "http://www.google.com/"
|
306
|
+
#ReversePath "/wired/" "http://www.wired.com/"
|
307
|
+
|
308
|
+
#
|
309
|
+
# When using tinyproxy as a reverse proxy, it is STRONGLY recommended
|
310
|
+
# that the normal proxy is turned off by uncommenting the next directive.
|
311
|
+
#
|
312
|
+
#ReverseOnly Yes
|
313
|
+
|
314
|
+
#
|
315
|
+
# Use a cookie to track reverse proxy mappings. If you need to reverse
|
316
|
+
# proxy sites which have absolute links you must uncomment this.
|
317
|
+
#
|
318
|
+
#ReverseMagic Yes
|
319
|
+
|
320
|
+
#
|
321
|
+
# The URL that's used to access this reverse proxy. The URL is used to
|
322
|
+
# rewrite HTTP redirects so that they won't escape the proxy. If you
|
323
|
+
# have a chain of reverse proxies, you'll need to put the outermost
|
324
|
+
# URL here (the address which the end user types into his/her browser).
|
325
|
+
#
|
326
|
+
# If not set then no rewriting occurs.
|
327
|
+
#
|
328
|
+
#ReverseBaseURL "http://localhost:8888/"
|
329
|
+
|
330
|
+
|
331
|
+
|
332
|
+
|
333
|
+
### foo
|