TINYPROXY.CONF(5) ================= :man source: Version @VERSION@ :man manual: Tinyproxy manual NAME ---- tinyproxy.conf - Tinyproxy HTTP proxy daemon configuration file SYNOPSIS -------- *tinyproxy.conf* DESCRIPTION ----------- `tinyproxy(8)` reads its configuration file, typically stored in `/etc/tinyproxy/tinyproxy.conf` (or passed to Tinyproxy with -c on the command line). This manpage describes the syntax and contents of the configuration file. The Tinyproxy configuration file contains key-value pairs, one per line. Lines starting with `#` and empty lines are comments and are ignored. Keywords are case-insensitive, whereas values are case-sensitive. Values may be enclosed in double-quotes (") if they contain spaces. The possible keywords and their descriptions are as follows: *User*:: The user which the Tinyproxy process should run as, after the initial port-binding has been done as the `root` user. Either the user name or the UID may be specified. *Group*:: The group which the Tinyproxy process should run as, after the initial port-binding has been done as the `root` user. Either the group name or the GID may be specified. *Port*:: The port which the Tinyproxy service will listen on. If the port is less than 1024, you will need to start the Tinyproxy process as the `root` user. *Listen*:: By default, Tinyproxy listens for connections on all available interfaces (i.e. it listens on the wildcard address `0.0.0.0`). With this configuration parameter, Tinyproxy can be told to listen only on one specific address. *Bind*:: This allows you to specify which address Tinyproxy will bind to for outgoing connections to web servers or upstream proxies. *BindSame*:: If this boolean parameter is set to `yes`, then Tinyproxy will bind the outgoing connection to the IP address of the incoming connection that triggered the outgoing request. *Timeout*:: The maximum number of seconds of inactivity a connection is allowed to have before it is closed by Tinyproxy. *ErrorFile*:: This parameter controls which HTML file Tinyproxy returns when a given HTTP error occurs. It takes two arguments, the error number and the location of the HTML error file. *DefaultErrorFile*:: This parameter controls the HTML template file returned when an error occurs for which no specific error file has been set. *StatFile*:: This configures the HTML file that Tinyproxy sends when a request for the stathost is received. If this parameter is not set, Tinyproxy returns a hardcoded basic statistics page. See the STATHOST section in the `tinyproxy(8)` manual page for details. Note that the StatFile and the error files configured with ErrorFile and DefaultErrorFile are template files that can contain a few template variables that Tinyproxy expands prior to delivery. Examples are "\{cause}" for an abbreviated error description and "\{detail}" for a datiled error message. The `tinyproxy(8)` manual page contains a description of all template variables. *LogFile*:: This controls the location of the file to which Tinyproxy writes its debug output. Alternatively, Tinyproxy can log to syslog -- see the Syslog option. *Syslog*:: When set to `On`, this option tells Tinyproxy to write its debug messages to syslog instead of to a log file configured with `LogFile`. These two options are mutually exclusive. *LogLevel*:: This sets the log level. Allowed values are: * Critical (least verbose) * Error * Warning * Notice * Connect (log connections without Info's noise) * Info (most verbose) The LogLevel logs from the set level and above. For example, if the LogLevel was set to Warning, than all log messages from Warning to Critical would be output, but Notice and below would be suppressed. *PidFile*:: This option controls the location of the file where the main Tinyproxy process stores its process ID for signalling purposes. *XTinyproxy*:: Setting this option to `Yes` tells Tinyproxy to add a header `X-Tinyproxy` containing the client's IP address to the request. *[No] Upstream*:: This option allows you to set up a set of rules for deciding whether an upstream a proxy server is to be used, based on the host or domain of the site being accessed. The rules are stored in the order encountered in the configuration file and the LAST matching rule wins. There are three possible forms for spcifying upstream rules: * 'upstream host:port' turns proxy upstream support on generally. * 'upstream host:port "site_spec"' turns on the upstream proxy for the sites matching `site_spec`. * 'no upstream "site_spec"' turns off upstream support for sites matching `site_spec`. The site can be specified in various forms as a hostname, domain name or as an IP range: * 'name' matches host exactly * '.name' matches any host in domain "name" * '.' matches any host with no domain (in 'empty' domain) * 'IP/bits' matches network/mask * 'IP/mask' matches network/mask *MaxClients*:: Tinyproxy creates one child process for each connected client. This options specifies the absolute highest number processes that will be created. With other words, only MaxClients clients can be connected to Tinyproxy simultaneously. *MinSpareServers*:: *MaxSpareServers*:: Tinyproxy always keeps a certain number of idle child processes so that it can handle new incoming client requests quickly. `MinSpareServer` and `MaxSpareServers` control the lower and upper limits for the number of spare processes. I.e. when the number of spare servers drops below `MinSpareServers` then Tinyproxy will start forking new spare processes in the background and when the number of spare processes exceeds `MaxSpareServers` then Tinyproxy will kill off extra processes. *StartServers*:: The number of servers to start initially. This should usually be set to a value between MinSpareServers and MaxSpareServers. *MaxRequestsPerChild*:: This limits the number of connections that a child process will handle before it is killed. The default value is `0` which disables this feature. This option is meant as an emergency measure in the case of problems with memory leakage. In that case, setting `MaxRequestsPerChild` to a value of e.g. 1000, or 10000 can be useful. *Allow*:: *Deny*:: The `Allow` and `Deny` options provide a means to customize which clients are allowed to access Tinyproxy. `Allow` and `Deny` lines can be specified multiple times to build the access control list for Tinyproxy. The order in the config file is important. If there are no `Access` or `Deny` lines, then all clients are allowed. Otherwise, the default action is to deny access. The argument to `Access` or `Deny` can ba a single IP address of a client host, like `127.0.0.1`, an IP address range, like `192.168.0.1/24` or a string that will be matched against the end of the client host name, i.e, this can be a full host name like `host.example.com` or a domain name like `.example.com` or even a top level domain name like `.com`. *ViaProxyName*:: RFC 2616 requires proxies to add a `Via` header to the HTTP requests, but using the real host name can be a security concern. If the `ViaProxyname` option is present, than its string value will be used as the host name in the Via header. Otherwise, the server's host name will be used. BUGS ---- To report bugs in Tinyproxy, please visit . COPYRIGHT --------- Copyright (c) 1998-2000 Steven Young; Copyright (c) 2000-2001 Robert James Kaes; Copyright (c) 2009 Mukund Sivaraman; Copyright (c) 2009 Michael Adam. This program is distributed under the terms of the GNU General Public License version 2 or above. See the COPYING file for additional information.