vagrant-proxyconf 2.0.4 → 2.0.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (52) hide show
  1. checksums.yaml +5 -5
  2. data/.travis.yml +12 -7
  3. data/CHANGELOG.md +155 -0
  4. data/Gemfile +1 -18
  5. data/Jenkinsfile +60 -0
  6. data/Makefile +33 -0
  7. data/README.md +22 -0
  8. data/deps/patches/lib/vagrant/bundler.rb.patch +14 -0
  9. data/jenkins/helper_functions +206 -0
  10. data/lib/vagrant-proxyconf/action/base.rb +20 -9
  11. data/lib/vagrant-proxyconf/action/configure_docker_proxy.rb +21 -23
  12. data/lib/vagrant-proxyconf/config/apt_proxy.rb +21 -2
  13. data/lib/vagrant-proxyconf/version.rb +1 -1
  14. data/spec/unit/support/shared/apt_proxy_config.rb +12 -0
  15. data/spec/unit/vagrant-proxyconf/action/configure_docker_proxy_spec.rb +44 -37
  16. data/spec/unit/vagrant-proxyconf/action/configure_svn_proxy_spec.rb +1 -0
  17. data/test/issues/172/README.md +2 -2
  18. data/test/issues/172/spec/docker_host/redhat_spec.rb +2 -2
  19. data/test/issues/180/spec/docker_host/redhat_spec.rb +2 -2
  20. data/test/issues/192/.rspec +2 -0
  21. data/test/issues/192/Dockerfile +47 -0
  22. data/test/issues/192/Dockerfile.bionic +40 -0
  23. data/test/issues/192/README.md +29 -0
  24. data/test/issues/192/Rakefile +27 -0
  25. data/test/issues/192/Vagrantfile +64 -0
  26. data/test/issues/192/entrypoint.sh +50 -0
  27. data/test/issues/192/spec/default/redhat_spec.rb +15 -0
  28. data/test/issues/192/spec/docker_host/ubuntu_spec.rb +3 -0
  29. data/test/issues/192/spec/spec_helper.rb +52 -0
  30. data/test/issues/192/tinyproxy.conf +333 -0
  31. data/test/issues/199/.rspec +2 -0
  32. data/test/issues/199/Dockerfile +47 -0
  33. data/test/issues/199/README.md +31 -0
  34. data/test/issues/199/Rakefile +27 -0
  35. data/test/issues/199/Vagrantfile +74 -0
  36. data/test/issues/199/entrypoint.sh +50 -0
  37. data/test/issues/199/spec/apt_host/ubuntu_spec.rb +135 -0
  38. data/test/issues/199/spec/default/redhat_spec.rb +15 -0
  39. data/test/issues/199/spec/spec_helper.rb +52 -0
  40. data/test/issues/199/tinyproxy.conf +333 -0
  41. data/test/issues/218/.rspec +2 -0
  42. data/test/issues/218/Dockerfile +47 -0
  43. data/test/issues/218/README.md +35 -0
  44. data/test/issues/218/Rakefile +27 -0
  45. data/test/issues/218/Vagrantfile +62 -0
  46. data/test/issues/218/entrypoint.sh +50 -0
  47. data/test/issues/218/force-all-outbound-traffic-through-proxy.iptables +18 -0
  48. data/test/issues/218/spec/default/redhat_spec.rb +16 -0
  49. data/test/issues/218/spec/docker_host/redhat_spec.rb +171 -0
  50. data/test/issues/218/spec/spec_helper.rb +43 -0
  51. data/test/issues/218/tinyproxy.conf +333 -0
  52. metadata +71 -4
@@ -10,7 +10,7 @@ bundle exec vagrant up default
10
10
  ## Expect
11
11
 
12
12
 
13
- ### Box `default``
13
+ ### Box `default`
14
14
 
15
15
  - The box `default` is a docker container that will be a reverse
16
16
  proxy. It should provision itself and work without errors.
@@ -21,7 +21,7 @@ bundle exec vagrant up default
21
21
  - **NOTE**: You'll need to use `docker exec <hash> -it bash` to get into the container
22
22
 
23
23
 
24
- ### Box `docker-host`
24
+ ### Box `docker_host`
25
25
 
26
26
  - Vagrant should automatically instally docker-ce.
27
27
  - The box should come up and provision itself with the proxy settings
@@ -10,9 +10,9 @@ end
10
10
  describe file('/etc/docker/config.json') do
11
11
  it { should be_file }
12
12
  it { should exist }
13
- it { should be_mode 600 }
13
+ it { should be_mode 644 }
14
14
  it { should be_owned_by "root" }
15
- it { should be_grouped_into "root" }
15
+ it { should be_grouped_into "docker" }
16
16
  end
17
17
 
18
18
  context 'when proxy is enabled' do
@@ -10,9 +10,9 @@ end
10
10
  describe file('/etc/docker/config.json') do
11
11
  it { should be_file }
12
12
  it { should exist }
13
- it { should be_mode 600 }
13
+ it { should be_mode 644 }
14
14
  it { should be_owned_by "root" }
15
- it { should be_grouped_into "root" }
15
+ it { should be_grouped_into "docker" }
16
16
  end
17
17
 
18
18
  context 'when proxy is enabled' do
@@ -0,0 +1,2 @@
1
+ --color
2
+ --format documentation
@@ -0,0 +1,47 @@
1
+ FROM centos:7
2
+
3
+ ENV CI_USERNAME vagrant
4
+ ENV CI_PASSWORD vagrant
5
+ ENV CI_HOMEDIR /home/vagrant
6
+ ENV CI_SHELL /bin/bash
7
+
8
+ EXPOSE 8888
9
+
10
+ RUN yum clean all && \
11
+ yum makecache fast && \
12
+ yum -y install epel-release && \
13
+ yum clean expire-cache && \
14
+ yum -y install \
15
+ curl \
16
+ initscripts \
17
+ openssh-clients \
18
+ openssh-server \
19
+ sudo \
20
+ tinyproxy
21
+
22
+ RUN /usr/sbin/sshd-keygen && \
23
+ mkdir -p /var/run/sshd && \
24
+ rm -f /usr/lib/tmpfiles.d/systemd-nologin.conf
25
+
26
+ RUN if ! getent passwd $CI_USERNAME; then \
27
+ useradd -m -d ${CI_HOMEDIR} -s ${CI_SHELL} $CI_USERNAME; \
28
+ fi && \
29
+ echo "${CI_USERNAME}:${CI_PASSWORD}" | chpasswd && \
30
+ echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
31
+ mkdir -p /etc/sudoers.d && \
32
+ echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/${CI_USERNAME} && \
33
+ chmod 0440 /etc/sudoers.d/${CI_USERNAME} && \
34
+ mkdir -p ${CI_HOMEDIR}/.ssh && \
35
+ chown -R ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh && \
36
+ chmod 0700 ${CI_HOMEDIR}/.ssh && \
37
+ curl -L https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub > ${CI_HOMEDIR}/.ssh/vagrant.pub && \
38
+ touch ${CI_HOMEDIR}/.ssh/authorized_keys && \
39
+ grep -q "$(cat ${CI_HOMEDIR}/.ssh/vagrant.pub | awk '{print $2}')" ${CI_HOMEDIR}/.ssh/authorized_keys || cat ${CI_HOMEDIR}/.ssh/vagrant.pub >> ${CI_HOMEDIR}/.ssh/authorized_keys && \
40
+ chown ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh/authorized_keys && \
41
+ chmod 0600 ${CI_HOMEDIR}/.ssh/authorized_keys
42
+
43
+ COPY tinyproxy.conf /etc/tinyproxy/tinyproxy.conf
44
+ COPY entrypoint.sh /entrypoint.sh
45
+
46
+ ENTRYPOINT ["/entrypoint.sh"]
47
+ CMD [ "start" ]
@@ -0,0 +1,40 @@
1
+ FROM ubuntu:bionic
2
+
3
+ ENV CI_USERNAME vagrant
4
+ ENV CI_PASSWORD vagrant
5
+ ENV CI_HOMEDIR /home/vagrant
6
+ ENV CI_SHELL /bin/bash
7
+
8
+ RUN apt-get -y update && \
9
+ mkdir -p /run/sshd && \
10
+ apt-get -y install \
11
+ apt-transport-https \
12
+ ca-certificates \
13
+ curl \
14
+ gnupg-agent \
15
+ openssh-client \
16
+ openssh-server \
17
+ software-properties-common \
18
+ sudo
19
+
20
+ RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - && \
21
+ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
22
+ rm -f /usr/lib/tmpfiles.d/systemd-nologin.conf && \
23
+ if ! getent passwd $CI_USERNAME; then \
24
+ useradd -m -d ${CI_HOMEDIR} -s ${CI_SHELL} $CI_USERNAME; \
25
+ fi && \
26
+ echo "${CI_USERNAME}:${CI_PASSWORD}" | chpasswd && \
27
+ echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
28
+ mkdir -p /etc/sudoers.d && \
29
+ echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/${CI_USERNAME} && \
30
+ chmod 0440 /etc/sudoers.d/${CI_USERNAME} && \
31
+ mkdir -p ${CI_HOMEDIR}/.ssh && \
32
+ chown -R ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh && \
33
+ chmod 0700 ${CI_HOMEDIR}/.ssh && \
34
+ curl -L https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub > ${CI_HOMEDIR}/.ssh/vagrant.pub && \
35
+ touch ${CI_HOMEDIR}/.ssh/authorized_keys && \
36
+ grep -q "$(cat ${CI_HOMEDIR}/.ssh/vagrant.pub | awk '{print $2}')" ${CI_HOMEDIR}/.ssh/authorized_keys || cat ${CI_HOMEDIR}/.ssh/vagrant.pub >> ${CI_HOMEDIR}/.ssh/authorized_keys && \
37
+ chown ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh/authorized_keys && \
38
+ chmod 0600 ${CI_HOMEDIR}/.ssh/authorized_keys
39
+
40
+ CMD [ "/usr/sbin/sshd", "-D" ]
@@ -0,0 +1,29 @@
1
+ Tests
2
+ -----
3
+
4
+ If you are testing the current release of this plugin via bundler
5
+
6
+ ```
7
+ bundle exec vagrant up default
8
+ ```
9
+
10
+ ## Expect
11
+
12
+
13
+ ### Box `default`
14
+
15
+ - The box `default` is a docker container that will be a reverse
16
+ proxy. It should provision itself and work without errors.
17
+
18
+ - You can check that the proxy is working by
19
+ `tail -f /var/log/tinyproxy/tinyproxy.log` inside the container
20
+
21
+ - **NOTE**: You'll need to use `docker exec <hash> -it bash` to get into the container
22
+
23
+
24
+ ### Box `docker-host`
25
+
26
+ - Vagrant should automatically instally docker-ce.
27
+ - The box should come up and provision itself with the proxy settings
28
+ configured in your Vagrantfile.
29
+ - **NOTE**: You can use `ssh` to connect to this container.
@@ -0,0 +1,27 @@
1
+ require 'rake'
2
+ require 'rspec/core/rake_task'
3
+
4
+ task :spec => 'spec:all'
5
+ task :default => :spec
6
+
7
+ namespace :spec do
8
+ targets = []
9
+ Dir.glob('./spec/*').each do |dir|
10
+ next unless File.directory?(dir)
11
+ target = File.basename(dir)
12
+ target = "_#{target}" if target == "default"
13
+ targets << target
14
+ end
15
+
16
+ task :all => targets
17
+ task :default => :all
18
+
19
+ targets.each do |target|
20
+ original_target = target == "_default" ? target[1..-1] : target
21
+ desc "Run serverspec tests to #{original_target}"
22
+ RSpec::Core::RakeTask.new(target.to_sym) do |t|
23
+ ENV['TARGET_HOST'] = original_target
24
+ t.pattern = "spec/#{original_target}/*_spec.rb"
25
+ end
26
+ end
27
+ end
@@ -0,0 +1,64 @@
1
+ # this should be the IP address of the :default box
2
+ $PROXY_HOST ="172.17.0.1"
3
+ $PROXY_PORT="8888"
4
+ $PROXY_NO_PROXY=[
5
+ 'localhost',
6
+ ]
7
+
8
+ ENV['HTTP_PROXY'] = ENV.fetch('HTTP_PROXY', "http://#{$PROXY_HOST}:#{$PROXY_PORT}")
9
+ ENV['HTTPS_PROXY'] = ENV.fetch('HTTPS_PROXY', "http://#{$PROXY_HOST}:#{$PROXY_PORT}")
10
+ ENV['NO_PROXY'] = ENV.fetch('NO_PROXY', $PROXY_NO_PROXY.join(","))
11
+
12
+ puts "HTTP_PROXY = '#{ENV["HTTP_PROXY"]}'"
13
+ puts "HTTPS_PROXY = '#{ENV["HTTPS_PROXY"]}'"
14
+ puts "NO_PROXY = '#{ENV["NO_PROXY"]}'"
15
+
16
+ puts "vagrant-proxyconf is installed? #{Vagrant.has_plugin?('vagrant-proxyconf')}"
17
+
18
+
19
+ Vagrant.configure("2") do |config|
20
+
21
+ config.vm.define 'default' do |c|
22
+ c.vm.box = nil
23
+
24
+ if Vagrant.has_plugin?('vagrant-proxyconf')
25
+ c.proxy.enabled = false
26
+ end
27
+
28
+ c.vm.provider "docker" do |d|
29
+ d.build_dir = "."
30
+ d.has_ssh = true
31
+ d.ports = [
32
+ "#{$PROXY_PORT}:#{$PROXY_PORT}",
33
+ ]
34
+ end
35
+ end
36
+
37
+ config.vm.define 'docker_host' do |c|
38
+ c.vm.box = nil
39
+
40
+ if Vagrant.has_plugin?('vagrant-proxyconf')
41
+ c.proxy.http = ENV['HTTP_PROXY']
42
+ c.proxy.https = ENV['HTTPS_PROXY']
43
+ c.proxy.no_proxy = ENV['NO_PROXY']
44
+ c.proxy.enabled = {
45
+ :apt => {
46
+ :enabled => true,
47
+ :skip => false,
48
+ },
49
+ :env => {
50
+ :enabled => false,
51
+ :skip => false,
52
+ }
53
+ }
54
+ end
55
+
56
+ c.vm.provider "docker" do |d|
57
+ d.build_dir = "."
58
+ d.dockerfile = "Dockerfile.bionic"
59
+ d.has_ssh = true
60
+ end
61
+
62
+ end
63
+
64
+ end
@@ -0,0 +1,50 @@
1
+ #!/bin/bash
2
+ set -ex
3
+
4
+ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
5
+
6
+ start() {
7
+ # start ssh if sshd is installed
8
+ if [ -f /usr/sbin/sshd ]; then
9
+
10
+ /usr/sbin/sshd-keygen
11
+ /usr/sbin/sshd -t
12
+ /usr/sbin/sshd
13
+
14
+ else
15
+
16
+ true
17
+
18
+ fi
19
+
20
+ # start tinyproxy
21
+ /usr/sbin/tinyproxy \
22
+ -d \
23
+ -c "/etc/tinyproxy/tinyproxy.conf"
24
+ }
25
+
26
+ stop() {
27
+
28
+ pgrep -f 'sshd' | while read _pid
29
+ do
30
+ kill -9 $_pid
31
+ done
32
+
33
+ pgrep -f 'tinyproxy' | while read _pid
34
+ do
35
+ kill -9 $_pid
36
+ done
37
+
38
+ }
39
+
40
+ case "${1}" in
41
+
42
+ start)
43
+ start
44
+ ;;
45
+
46
+ stop)
47
+ stop
48
+ ;;
49
+
50
+ esac
@@ -0,0 +1,15 @@
1
+ require 'spec_helper'
2
+
3
+ describe package('tinyproxy') do
4
+ it { should be_installed }
5
+ end
6
+
7
+ describe service('tinyproxy') do
8
+ it { should be_enabled }
9
+ it { should be_running }
10
+ end
11
+
12
+
13
+ describe port(8888) do
14
+ it { should be_listening }
15
+ end
@@ -0,0 +1,3 @@
1
+ require 'spec_helper'
2
+
3
+ PROXY_HOST = "172.17.0.1"
@@ -0,0 +1,52 @@
1
+ require 'serverspec'
2
+ require 'net/ssh'
3
+ require 'tempfile'
4
+
5
+ set :backend, :ssh
6
+
7
+ if ENV['ASK_SUDO_PASSWORD']
8
+ begin
9
+ require 'highline/import'
10
+ rescue LoadError
11
+ fail "highline is not available. Try installing it."
12
+ end
13
+ set :sudo_password, ask("Enter sudo password: ") { |q| q.echo = false }
14
+ else
15
+ set :sudo_password, ENV['SUDO_PASSWORD'] || "vagrant"
16
+ end
17
+
18
+ host = ENV['TARGET_HOST']
19
+
20
+ `vagrant up #{host}`
21
+
22
+ config = Tempfile.new('', Dir.tmpdir)
23
+ config.write(`vagrant ssh-config #{host}`)
24
+ config.close
25
+
26
+ options = Net::SSH::Config.for(host, [config.path])
27
+
28
+ options[:user] ||= Etc.getlogin
29
+
30
+ set :host, options[:host_name] || host
31
+ set :ssh_options, options
32
+
33
+ # Disable sudo
34
+ # set :disable_sudo, true
35
+
36
+
37
+ # Set environment variables
38
+ set :env,
39
+ :LANG => 'C',
40
+ :LC_MESSAGES => 'C'
41
+
42
+ # Set PATH
43
+ # set :path, '/sbin:/usr/local/sbin:$PATH'
44
+ set :path, [
45
+ '/usr/local/bin',
46
+ '/usr/local/sbin',
47
+ '/usr/bin',
48
+ '/usr/sbin',
49
+ '/bin',
50
+ '/sbin',
51
+ '$PATH',
52
+ ].join(':')
@@ -0,0 +1,333 @@
1
+ ##
2
+ ## tinyproxy.conf -- tinyproxy daemon configuration file
3
+ ##
4
+ ## This example tinyproxy.conf file contains example settings
5
+ ## with explanations in comments. For decriptions of all
6
+ ## parameters, see the tinproxy.conf(5) manual page.
7
+ ##
8
+
9
+ #
10
+ # User/Group: This allows you to set the user and group that will be
11
+ # used for tinyproxy after the initial binding to the port has been done
12
+ # as the root user. Either the user or group name or the UID or GID
13
+ # number may be used.
14
+ #
15
+ User tinyproxy
16
+ Group tinyproxy
17
+
18
+ #
19
+ # Port: Specify the port which tinyproxy will listen on. Please note
20
+ # that should you choose to run on a port lower than 1024 you will need
21
+ # to start tinyproxy using root.
22
+ #
23
+ Port 8888
24
+
25
+ #
26
+ # Listen: If you have multiple interfaces this allows you to bind to
27
+ # only one. If this is commented out, tinyproxy will bind to all
28
+ # interfaces present.
29
+ #
30
+ #Listen 192.168.0.1
31
+
32
+ #
33
+ # Bind: This allows you to specify which interface will be used for
34
+ # outgoing connections. This is useful for multi-home'd machines where
35
+ # you want all traffic to appear outgoing from one particular interface.
36
+ #
37
+ #Bind 192.168.0.1
38
+
39
+ #
40
+ # BindSame: If enabled, tinyproxy will bind the outgoing connection to the
41
+ # ip address of the incoming connection.
42
+ #
43
+ #BindSame yes
44
+
45
+ #
46
+ # Timeout: The maximum number of seconds of inactivity a connection is
47
+ # allowed to have before it is closed by tinyproxy.
48
+ #
49
+ Timeout 600
50
+
51
+ #
52
+ # ErrorFile: Defines the HTML file to send when a given HTTP error
53
+ # occurs. You will probably need to customize the location to your
54
+ # particular install. The usual locations to check are:
55
+ # /usr/local/share/tinyproxy
56
+ # /usr/share/tinyproxy
57
+ # /etc/tinyproxy
58
+ #
59
+ #ErrorFile 404 "/usr/share/tinyproxy/404.html"
60
+ #ErrorFile 400 "/usr/share/tinyproxy/400.html"
61
+ #ErrorFile 503 "/usr/share/tinyproxy/503.html"
62
+ #ErrorFile 403 "/usr/share/tinyproxy/403.html"
63
+ #ErrorFile 408 "/usr/share/tinyproxy/408.html"
64
+
65
+ #
66
+ # DefaultErrorFile: The HTML file that gets sent if there is no
67
+ # HTML file defined with an ErrorFile keyword for the HTTP error
68
+ # that has occured.
69
+ #
70
+ DefaultErrorFile "/usr/share/tinyproxy/default.html"
71
+
72
+ #
73
+ # StatHost: This configures the host name or IP address that is treated
74
+ # as the stat host: Whenever a request for this host is received,
75
+ # Tinyproxy will return an internal statistics page instead of
76
+ # forwarding the request to that host. The default value of StatHost is
77
+ # tinyproxy.stats.
78
+ #
79
+ #StatHost "tinyproxy.stats"
80
+ #
81
+
82
+ #
83
+ # StatFile: The HTML file that gets sent when a request is made
84
+ # for the stathost. If this file doesn't exist a basic page is
85
+ # hardcoded in tinyproxy.
86
+ #
87
+ StatFile "/usr/share/tinyproxy/stats.html"
88
+
89
+ #
90
+ # LogFile: Allows you to specify the location where information should
91
+ # be logged to. If you would prefer to log to syslog, then disable this
92
+ # and enable the Syslog directive. These directives are mutually
93
+ # exclusive.
94
+ #
95
+ LogFile "/var/log/tinyproxy/tinyproxy.log"
96
+
97
+ #
98
+ # Syslog: Tell tinyproxy to use syslog instead of a logfile. This
99
+ # option must not be enabled if the Logfile directive is being used.
100
+ # These two directives are mutually exclusive.
101
+ #
102
+ #Syslog On
103
+
104
+ #
105
+ # LogLevel:
106
+ #
107
+ # Set the logging level. Allowed settings are:
108
+ # Critical (least verbose)
109
+ # Error
110
+ # Warning
111
+ # Notice
112
+ # Connect (to log connections without Info's noise)
113
+ # Info (most verbose)
114
+ #
115
+ # The LogLevel logs from the set level and above. For example, if the
116
+ # LogLevel was set to Warning, then all log messages from Warning to
117
+ # Critical would be output, but Notice and below would be suppressed.
118
+ #
119
+ LogLevel Info
120
+
121
+ #
122
+ # PidFile: Write the PID of the main tinyproxy thread to this file so it
123
+ # can be used for signalling purposes.
124
+ #
125
+ PidFile "/var/run/tinyproxy/tinyproxy.pid"
126
+
127
+ #
128
+ # XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
129
+ # contains the client's IP address.
130
+ #
131
+ #XTinyproxy Yes
132
+
133
+ #
134
+ # Upstream:
135
+ #
136
+ # Turns on upstream proxy support.
137
+ #
138
+ # The upstream rules allow you to selectively route upstream connections
139
+ # based on the host/domain of the site being accessed.
140
+ #
141
+ # For example:
142
+ # # connection to test domain goes through testproxy
143
+ # upstream testproxy:8008 ".test.domain.invalid"
144
+ # upstream testproxy:8008 ".our_testbed.example.com"
145
+ # upstream testproxy:8008 "192.168.128.0/255.255.254.0"
146
+ #
147
+ # # no upstream proxy for internal websites and unqualified hosts
148
+ # no upstream ".internal.example.com"
149
+ # no upstream "www.example.com"
150
+ # no upstream "10.0.0.0/8"
151
+ # no upstream "192.168.0.0/255.255.254.0"
152
+ # no upstream "."
153
+ #
154
+ # # connection to these boxes go through their DMZ firewalls
155
+ # upstream cust1_firewall:8008 "testbed_for_cust1"
156
+ # upstream cust2_firewall:8008 "testbed_for_cust2"
157
+ #
158
+ # # default upstream is internet firewall
159
+ # upstream firewall.internal.example.com:80
160
+ #
161
+ # The LAST matching rule wins the route decision. As you can see, you
162
+ # can use a host, or a domain:
163
+ # name matches host exactly
164
+ # .name matches any host in domain "name"
165
+ # . matches any host with no domain (in 'empty' domain)
166
+ # IP/bits matches network/mask
167
+ # IP/mask matches network/mask
168
+ #
169
+ #Upstream some.remote.proxy:port
170
+
171
+ #
172
+ # MaxClients: This is the absolute highest number of threads which will
173
+ # be created. In other words, only MaxClients number of clients can be
174
+ # connected at the same time.
175
+ #
176
+ MaxClients 100
177
+
178
+ #
179
+ # MinSpareServers/MaxSpareServers: These settings set the upper and
180
+ # lower limit for the number of spare servers which should be available.
181
+ #
182
+ # If the number of spare servers falls below MinSpareServers then new
183
+ # server processes will be spawned. If the number of servers exceeds
184
+ # MaxSpareServers then the extras will be killed off.
185
+ #
186
+ MinSpareServers 5
187
+ MaxSpareServers 20
188
+
189
+ #
190
+ # StartServers: The number of servers to start initially.
191
+ #
192
+ StartServers 10
193
+
194
+ #
195
+ # MaxRequestsPerChild: The number of connections a thread will handle
196
+ # before it is killed. In practise this should be set to 0, which
197
+ # disables thread reaping. If you do notice problems with memory
198
+ # leakage, then set this to something like 10000.
199
+ #
200
+ MaxRequestsPerChild 0
201
+
202
+ #
203
+ # Allow: Customization of authorization controls. If there are any
204
+ # access control keywords then the default action is to DENY. Otherwise,
205
+ # the default action is ALLOW.
206
+ #
207
+ # The order of the controls are important. All incoming connections are
208
+ # tested against the controls based on order.
209
+ #
210
+ Allow 127.0.0.1
211
+ Allow 0.0.0.0/0
212
+
213
+ #
214
+ # AddHeader: Adds the specified headers to outgoing HTTP requests that
215
+ # Tinyproxy makes. Note that this option will not work for HTTPS
216
+ # traffic, as Tinyproxy has no control over what headers are exchanged.
217
+ #
218
+ #AddHeader "X-My-Header" "Powered by Tinyproxy"
219
+
220
+ #
221
+ # ViaProxyName: The "Via" header is required by the HTTP RFC, but using
222
+ # the real host name is a security concern. If the following directive
223
+ # is enabled, the string supplied will be used as the host name in the
224
+ # Via header; otherwise, the server's host name will be used.
225
+ #
226
+ ViaProxyName "tinyproxy"
227
+
228
+ #
229
+ # DisableViaHeader: When this is set to yes, Tinyproxy does NOT add
230
+ # the Via header to the requests. This virtually puts Tinyproxy into
231
+ # stealth mode. Note that RFC 2616 requires proxies to set the Via
232
+ # header, so by enabling this option, you break compliance.
233
+ # Don't disable the Via header unless you know what you are doing...
234
+ #
235
+ #DisableViaHeader Yes
236
+
237
+ #
238
+ # Filter: This allows you to specify the location of the filter file.
239
+ #
240
+ #Filter "/etc/tinyproxy/filter"
241
+
242
+ #
243
+ # FilterURLs: Filter based on URLs rather than domains.
244
+ #
245
+ #FilterURLs On
246
+
247
+ #
248
+ # FilterExtended: Use POSIX Extended regular expressions rather than
249
+ # basic.
250
+ #
251
+ #FilterExtended On
252
+
253
+ #
254
+ # FilterCaseSensitive: Use case sensitive regular expressions.
255
+ #
256
+ #FilterCaseSensitive On
257
+
258
+ #
259
+ # FilterDefaultDeny: Change the default policy of the filtering system.
260
+ # If this directive is commented out, or is set to "No" then the default
261
+ # policy is to allow everything which is not specifically denied by the
262
+ # filter file.
263
+ #
264
+ # However, by setting this directive to "Yes" the default policy becomes
265
+ # to deny everything which is _not_ specifically allowed by the filter
266
+ # file.
267
+ #
268
+ #FilterDefaultDeny Yes
269
+
270
+ #
271
+ # Anonymous: If an Anonymous keyword is present, then anonymous proxying
272
+ # is enabled. The headers listed are allowed through, while all others
273
+ # are denied. If no Anonymous keyword is present, then all headers are
274
+ # allowed through. You must include quotes around the headers.
275
+ #
276
+ # Most sites require cookies to be enabled for them to work correctly, so
277
+ # you will need to allow Cookies through if you access those sites.
278
+ #
279
+ #Anonymous "Host"
280
+ #Anonymous "Authorization"
281
+ #Anonymous "Cookie"
282
+
283
+ #
284
+ # ConnectPort: This is a list of ports allowed by tinyproxy when the
285
+ # CONNECT method is used. To disable the CONNECT method altogether, set
286
+ # the value to 0. If no ConnectPort line is found, all ports are
287
+ # allowed (which is not very secure.)
288
+ #
289
+ # The following two ports are used by SSL.
290
+ #
291
+ ConnectPort 443
292
+ ConnectPort 563
293
+
294
+ #
295
+ # Configure one or more ReversePath directives to enable reverse proxy
296
+ # support. With reverse proxying it's possible to make a number of
297
+ # sites appear as if they were part of a single site.
298
+ #
299
+ # If you uncomment the following two directives and run tinyproxy
300
+ # on your own computer at port 8888, you can access Google using
301
+ # http://localhost:8888/google/ and Wired News using
302
+ # http://localhost:8888/wired/news/. Neither will actually work
303
+ # until you uncomment ReverseMagic as they use absolute linking.
304
+ #
305
+ #ReversePath "/google/" "http://www.google.com/"
306
+ #ReversePath "/wired/" "http://www.wired.com/"
307
+
308
+ #
309
+ # When using tinyproxy as a reverse proxy, it is STRONGLY recommended
310
+ # that the normal proxy is turned off by uncommenting the next directive.
311
+ #
312
+ #ReverseOnly Yes
313
+
314
+ #
315
+ # Use a cookie to track reverse proxy mappings. If you need to reverse
316
+ # proxy sites which have absolute links you must uncomment this.
317
+ #
318
+ #ReverseMagic Yes
319
+
320
+ #
321
+ # The URL that's used to access this reverse proxy. The URL is used to
322
+ # rewrite HTTP redirects so that they won't escape the proxy. If you
323
+ # have a chain of reverse proxies, you'll need to put the outermost
324
+ # URL here (the address which the end user types into his/her browser).
325
+ #
326
+ # If not set then no rewriting occurs.
327
+ #
328
+ #ReverseBaseURL "http://localhost:8888/"
329
+
330
+
331
+
332
+
333
+ ### foo