summaryrefslogtreecommitdiffhomepage
path: root/docs/man5/tinyproxy.conf.txt.in
blob: 71456b85841584bf194c6d4380fc5d2e8d8b34e8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
TINYPROXY.CONF(5)
=================
:man source:   Version @VERSION@
:man manual:   Tinyproxy manual

NAME
----

tinyproxy.conf - Tinyproxy HTTP proxy daemon configuration file


SYNOPSIS
--------

*tinyproxy.conf*


DESCRIPTION
-----------

`tinyproxy(8)` reads its configuration file, typically stored in
`/etc/tinyproxy/tinyproxy.conf` (or passed to Tinyproxy with -c on the
command line). This manpage describes the syntax and contents of the
configuration file.

The Tinyproxy configuration file contains key-value pairs, one per
line. Lines starting with `#` and empty lines are comments and are
ignored. Keywords are case-insensitive, whereas values are
case-sensitive. Values may be enclosed in double-quotes (") if they
contain spaces.

The possible keywords and their descriptions are as follows:

*User*::

    The user which the Tinyproxy process should run as, after the
    initial port-binding has been done as the `root` user. Either the
    user name or the UID may be specified.

*Group*::

    The group which the Tinyproxy process should run as, after the
    initial port-binding has been done as the `root` user. Either the
    group name or the GID may be specified.

*Port*::

    The port which the Tinyproxy service will listen on. If the port is
    less than 1024, you will need to start the Tinyproxy process as the
    `root` user.

*Listen*::

    By default, Tinyproxy listens for connections on all available
    interfaces (i.e. it listens on the wildcard address `0.0.0.0`).
    With this configuration parameter, Tinyproxy can be told to listen
    only on one specific address.

*Bind*::

    This allows you to specify which address Tinyproxy will bind
    to for outgoing connections to web servers or upstream proxies.

*BindSame*::

    If this boolean parameter is set to `yes`, then Tinyproxy will
    bind the outgoing connection to the IP address of the incoming
    connection that triggered the outgoing request.

*Timeout*::

    The maximum number of seconds of inactivity a connection is
    allowed to have before it is closed by Tinyproxy.

*ErrorFile*::

    This parameter controls which HTML file Tinyproxy returns when a
    given HTTP error occurs. It takes two arguments, the error number
    and the location of the HTML error file.

*DefaultErrorFile*::

    This parameter controls the HTML template file returned when an
    error occurs for which no specific error file has been set.

*StatHost*::

    This configures the host name or IP address that is treated
    as the `stat host`: Whenever a request for this host is received,
    Tinyproxy will return an internal statistics page instead of
    forwarding the request to that host. The template for this
    page can be configured with the `StatFile` configuration option.
    The default value of `StatHost` is `@TINYPROXY_STATHOST@`.

*StatFile*::

    This configures the HTML file that Tinyproxy sends when
    a request for the stathost is received. If this parameter is
    not set, Tinyproxy returns a hard-coded basic statistics page.
    See the STATHOST section in the `tinyproxy(8)` manual page
    for details.
    +
    Note that the StatFile and the error files configured with ErrorFile
    and DefaultErrorFile are template files that can contain a few
    template variables that Tinyproxy expands prior to delivery.
    Examples are "\{cause}" for an abbreviated error description and
    "\{detail}" for a detailed error message.  The `tinyproxy(8)`
    manual page contains a description of all template variables.

*LogFile*::

    This controls the location of the file to which Tinyproxy
    writes its debug output. Alternatively, Tinyproxy can log
    to syslog -- see the Syslog option.

*Syslog*::

    When set to `On`, this option tells Tinyproxy to write its
    debug messages to syslog instead of to a log file configured
    with `LogFile`. These two options are mutually exclusive.

*LogLevel*::

    Sets the log level. Messages from the set level and above are
    logged. For example, if the LogLevel was set to Warning, then all
    log messages from Warning to Critical would be output, but Notice
    and below would be suppressed. Allowed values are:

    * Critical (least verbose)
    * Error
    * Warning
    * Notice
    * Connect (log connections without Info's noise)
    * Info (most verbose)

*PidFile*::

    This option controls the location of the file where the main
    Tinyproxy process stores its process ID for signaling purposes.

*XTinyproxy*::

    Setting this option to `Yes` tells Tinyproxy to add a header
    `X-Tinyproxy` containing the client's IP address to the request.

*Upstream*::
*No Upstream*::

    This option allows you to set up a set of rules for deciding
    whether an upstream proxy server is to be used, based on the
    host or domain of the site being accessed. The rules are stored
    in the order encountered in the configuration file and the
    LAST matching rule wins. There are three possible forms for
    specifying upstream rules:

    * 'upstream host:port' turns proxy upstream support on generally.

    * 'upstream host:port "site_spec"' turns on the upstream proxy for
    the sites matching `site_spec`.

    * 'no upstream "site_spec"' turns off upstream support for sites
    matching `site_spec`.

    The site can be specified in various forms as a hostname, domain
    name or as an IP range:

    * 'name'     matches host exactly
    * '.name'    matches any host in domain "name"
    * '.'        matches any host with no domain (in 'empty' domain)
    * 'IP/bits'  matches network/mask
    * 'IP/mask'  matches network/mask

*MaxClients*::

    Tinyproxy creates one child process for each connected client.
    This options specifies the absolute highest number processes that
    will be created. With other words, only MaxClients clients can be
    connected to Tinyproxy simultaneously.

*MinSpareServers*::
*MaxSpareServers*::

    Tinyproxy always keeps a certain number of idle child processes
    so that it can handle new incoming client requests quickly.
    `MinSpareServer` and `MaxSpareServers` control the lower and upper
    limits for the number of spare processes. I.e. when the number of
    spare servers drops below `MinSpareServers` then Tinyproxy will
    start forking new spare processes in the background and when the
    number of spare processes exceeds `MaxSpareServers` then Tinyproxy
    will kill off extra processes.

*StartServers*::

    The number of servers to start initially. This should usually be
    set to a value between MinSpareServers and MaxSpareServers.

*MaxRequestsPerChild*::

    This limits the number of connections that a child process
    will handle before it is killed. The default value is `0`
    which disables this feature.  This option is meant as an
    emergency measure in the case of problems with memory leakage.
    In that case, setting `MaxRequestsPerChild` to a value of e.g.
    1000, or 10000 can be useful.

*Allow*::
*Deny*::

    The `Allow` and `Deny` options provide a means to customize
    which clients are allowed to access Tinyproxy. `Allow` and `Deny`
    lines can be specified multiple times to build the access control
    list for Tinyproxy. The order in the config file is important.
    If there are no `Allow` or `Deny` lines, then all clients are
    allowed. Otherwise, the default action is to deny access.
    The argument to `Allow` or `Deny` can be a single IP address
    of a client host, like `127.0.0.1`, an IP address range, like
    `192.168.0.1/24` or a string that will be matched against the
    end of the client host name, i.e, this can be a full host name
    like `host.example.com` or a domain name like `.example.com` or
    even a top level domain name like `.com`.

*AddHeader*::

    Configure one or more HTTP request headers to be added to outgoing
    HTTP requests that Tinyproxy makes. Note that this option will not
    work for HTTPS traffic, as Tinyproxy has no control over what
    headers are exchanged.
    +
----
AddHeader "X-My-Header" "Powered by Tinyproxy"
----

*ViaProxyName*::

    RFC 2616 requires proxies to add a `Via` header to the HTTP
    requests, but using the real host name can be a security
    concern. If the `ViaProxyname` option is present, then its
    string value will be used as the host name in the Via header.
    Otherwise, the server's host name will be used.

*DisableViaHeader*::

    When this is set to yes, Tinyproxy does NOT add the `Via` header
    to the requests. This virtually puts Tinyproxy into stealth mode.
    Note that RFC 2616 requires proxies to set the `Via` header, so by
    enabling this option, you break compliance.
    Don't disable the `Via` header unless you know what you are doing...

*Filter*::

    Tinyproxy supports filtering of web sites based on URLs or
    domains. This option specifies the location of the file
    containing the filter rules, one rule per line.

*FilterURLs*::

    If this boolean option is set to `Yes` or `On`, filtering is
    performed for URLs rather than for domains. The default is to
    filter based on domains.

*FilterExtended*::

    If this boolean option is set to `Yes`, then extended POSIX
    regular expressions are used for matching the filter rules.
    The default is to use basic POSIX regular expressions.

*FilterCaseSensitive*::

    If this boolean option is set to `Yes`, then the filter rules
    are matched in a case sensitive manner. The default is to
    match case-insensitively.

*FilterDefaultDeny*::

    The default filtering policy is to allow everything that is
    not matched by a filtering rule. Setting `FilterDefaultDeny`
    to `Yes` changes the policy do deny everything but the domains
    or URLs matched by the filtering rules.

*Anonymous*::

    If an `Anonymous` keyword is present, then anonymous proxying
    is enabled.  The headers listed with `Anonymous` are allowed
    through, while all others are denied. If no Anonymous keyword
    is present, then all headers are allowed through.  You must
    include quotes around the headers.
    +
    Most sites require cookies to be enabled for them to work correctly, so
    you will need to allow cookies through if you access those sites.
    +
    Example:
    +
----
Anonymous "Host"
Anonymous "Authorization"
Anonymous "Cookie"
----

*ConnectPort*::

    This option can be used to specify the ports allowed for the
    CONNECT method. If no `ConnectPort` line is found, then all
    ports are allowed. To disable CONNECT altogether, include a
    single ConnectPort line with a value of `0`.

*ReversePath*::

    Configure one or more ReversePath directives to enable reverse proxy
    support. With reverse proxying it's possible to make a number of
    sites appear as if they were part of a single site.
    +
    If you uncomment the following two directives and run Tinyproxy
    on your own computer at port 8888, you can access example.com,
    using http://localhost:8888/example/.
    +
----
ReversePath "/example/" "http://www.example.com/"
----

*ReverseOnly*::

    When using Tinyproxy as a reverse proxy, it is STRONGLY
    recommended that the normal proxy is turned off by setting
    this boolean option to `Yes`.

*ReverseMagic*::

    Setting this option to `Yes`, makes Tinyproxy use a cookie to
    track reverse proxy mappings. If you need to reverse proxy
    sites which have absolute links you must use this option.

*ReverseBaseURL*::

    The URL that is used to access this reverse proxy. The URL is
    used to rewrite HTTP redirects so that they won't escape the
    proxy. If you have a chain of reverse proxies, you'll need to
    put the outermost URL here (the address which the end user
    types into his/her browser).  If this option is not set then
    no rewriting of redirects occurs.


BUGS
----

To report bugs in Tinyproxy, please visit
<https://www.banu.com/tinyproxy/[https://www.banu.com/tinyproxy/]>.


SEE ALSO
--------
tinyproxy(8)


AUTHOR
------

This manpage was written by the Tinyproxy project team.


COPYRIGHT
---------

Copyright (c) 1998-2000 Steven Young;
Copyright (c) 2000-2001 Robert James Kaes;
Copyright (c) 2009-2010 Mukund Sivaraman;
Copyright (c) 2009-2010 Michael Adam.

This program is distributed under the terms of the GNU General Public
License version 2 or above. See the COPYING file for additional
information.