summaryrefslogtreecommitdiff
path: root/www/tinyproxy/files/tinyproxy.conf.5
diff options
context:
space:
mode:
Diffstat (limited to 'www/tinyproxy/files/tinyproxy.conf.5')
-rw-r--r--www/tinyproxy/files/tinyproxy.conf.5540
1 files changed, 540 insertions, 0 deletions
diff --git a/www/tinyproxy/files/tinyproxy.conf.5 b/www/tinyproxy/files/tinyproxy.conf.5
new file mode 100644
index 000000000000..5121ca952686
--- /dev/null
+++ b/www/tinyproxy/files/tinyproxy.conf.5
@@ -0,0 +1,540 @@
+'\" t
+.\" Title: tinyproxy.conf
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
+.\" Date: 07/16/2011
+.\" Manual: Tinyproxy manual
+.\" Source: Version 1.8.3
+.\" Language: English
+.\"
+.TH "TINYPROXY\&.CONF" "5" "07/16/2011" "Version 1\&.8\&.3" "Tinyproxy manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+tinyproxy.conf \- Tinyproxy HTTP proxy daemon configuration file
+.SH "SYNOPSIS"
+.sp
+\fBtinyproxy\&.conf\fR
+.SH "DESCRIPTION"
+.sp
+tinyproxy(8) reads its configuration file, typically stored in /usr/local/etc/tinyproxy\&.conf (or passed to Tinyproxy with \-c on the command line)\&. This manpage describes the syntax and contents of the configuration file\&.
+.sp
+The Tinyproxy configuration file contains key\-value pairs, one per line\&. Lines starting with # and empty lines are comments and are ignored\&. Keywords are case\-insensitive, whereas values are case\-sensitive\&. Values may be enclosed in double\-quotes (") if they contain spaces\&.
+.sp
+The possible keywords and their descriptions are as follows:
+.PP
+\fBUser\fR
+.RS 4
+The user which the Tinyproxy process should run as, after the initial port\-binding has been done as the
+root
+user\&. Either the user name or the UID may be specified\&.
+.RE
+.PP
+\fBGroup\fR
+.RS 4
+The group which the Tinyproxy process should run as, after the initial port\-binding has been done as the
+root
+user\&. Either the group name or the GID may be specified\&.
+.RE
+.PP
+\fBPort\fR
+.RS 4
+The port which the Tinyproxy service will listen on\&. If the port is less than 1024, you will need to start the Tinyproxy process as the
+root
+user\&.
+.RE
+.PP
+\fBListen\fR
+.RS 4
+By default, Tinyproxy listens for connections on all available interfaces (i\&.e\&. it listens on the wildcard address
+0\&.0\&.0\&.0)\&. With this configuration parameter, Tinyproxy can be told to listen only on one specific address\&.
+.RE
+.PP
+\fBBind\fR
+.RS 4
+This allows you to specify which address Tinyproxy will bind to for outgoing connections to web servers or upstream proxies\&.
+.RE
+.PP
+\fBBindSame\fR
+.RS 4
+If this boolean parameter is set to
+yes, then Tinyproxy will bind the outgoing connection to the IP address of the incoming connection that triggered the outgoing request\&.
+.RE
+.PP
+\fBTimeout\fR
+.RS 4
+The maximum number of seconds of inactivity a connection is allowed to have before it is closed by Tinyproxy\&.
+.RE
+.PP
+\fBErrorFile\fR
+.RS 4
+This parameter controls which HTML file Tinyproxy returns when a given HTTP error occurs\&. It takes two arguments, the error number and the location of the HTML error file\&.
+.RE
+.PP
+\fBDefaultErrorFile\fR
+.RS 4
+This parameter controls the HTML template file returned when an error occurs for which no specific error file has been set\&.
+.RE
+.PP
+\fBStatHost\fR
+.RS 4
+This configures the host name or IP address that is treated as the
+stat host: Whenever a request for this host is received, Tinyproxy will return an internal statistics page instead of forwarding the request to that host\&. The template for this page can be configured with the
+StatFile
+configuration option\&. The default value of
+StatHost
+is
+tinyproxy\&.stats\&.
+.RE
+.PP
+\fBStatFile\fR
+.RS 4
+This configures the HTML file that Tinyproxy sends when a request for the stathost is received\&. If this parameter is not set, Tinyproxy returns a hard\-coded basic statistics page\&. See the STATHOST section in the
+tinyproxy(8)
+manual page for details\&.
+
+Note that the StatFile and the error files configured with ErrorFile and DefaultErrorFile are template files that can contain a few template variables that Tinyproxy expands prior to delivery\&. Examples are "{cause}" for an abbreviated error description and "{detail}" for a detailed error message\&. The
+tinyproxy(8)
+manual page contains a description of all template variables\&.
+.RE
+.PP
+\fBLogFile\fR
+.RS 4
+This controls the location of the file to which Tinyproxy writes its debug output\&. Alternatively, Tinyproxy can log to syslog \(em see the Syslog option\&.
+.RE
+.PP
+\fBSyslog\fR
+.RS 4
+When set to
+On, this option tells Tinyproxy to write its debug messages to syslog instead of to a log file configured with
+LogFile\&. These two options are mutually exclusive\&.
+.RE
+.PP
+\fBLogLevel\fR
+.RS 4
+Sets the log level\&. Messages from the set level and above are logged\&. For example, if the LogLevel was set to Warning, then all log messages from Warning to Critical would be output, but Notice and below would be suppressed\&. Allowed values are:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Critical (least verbose)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Warning
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Notice
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Connect (log connections without Info\(cqs noise)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Info (most verbose)
+.RE
+.RE
+.PP
+\fBPidFile\fR
+.RS 4
+This option controls the location of the file where the main Tinyproxy process stores its process ID for signaling purposes\&.
+.RE
+.PP
+\fBXTinyproxy\fR
+.RS 4
+Setting this option to
+Yes
+tells Tinyproxy to add a header
+X\-Tinyproxy
+containing the client\(cqs IP address to the request\&.
+.RE
+.PP
+\fBUpstream\fR, \fBNo Upstream\fR
+.RS 4
+This option allows you to set up a set of rules for deciding whether an upstream proxy server is to be used, based on the host or domain of the site being accessed\&. The rules are stored in the order encountered in the configuration file and the LAST matching rule wins\&. There are three possible forms for specifying upstream rules:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\fIupstream host:port\fR
+turns proxy upstream support on generally\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\fIupstream host:port "site_spec"\fR
+turns on the upstream proxy for the sites matching
+site_spec\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\fIno upstream "site_spec"\fR
+turns off upstream support for sites matching
+site_spec\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+The site can be specified in various forms as a hostname, domain
+name or as an IP range:
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\fIname\fR
+matches host exactly
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\fI\&.name\fR
+matches any host in domain "name"
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\fI\&.\fR
+matches any host with no domain (in
+\fIempty\fR
+domain)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\fIIP/bits\fR
+matches network/mask
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\fIIP/mask\fR
+matches network/mask
+.RE
+.RE
+.PP
+\fBMaxClients\fR
+.RS 4
+Tinyproxy creates one child process for each connected client\&. This options specifies the absolute highest number processes that will be created\&. With other words, only MaxClients clients can be connected to Tinyproxy simultaneously\&.
+.RE
+.PP
+\fBMinSpareServers\fR, \fBMaxSpareServers\fR
+.RS 4
+Tinyproxy always keeps a certain number of idle child processes so that it can handle new incoming client requests quickly\&.
+MinSpareServer
+and
+MaxSpareServers
+control the lower and upper limits for the number of spare processes\&. I\&.e\&. when the number of spare servers drops below
+MinSpareServers
+then Tinyproxy will start forking new spare processes in the background and when the number of spare processes exceeds
+MaxSpareServers
+then Tinyproxy will kill off extra processes\&.
+.RE
+.PP
+\fBStartServers\fR
+.RS 4
+The number of servers to start initially\&. This should usually be set to a value between MinSpareServers and MaxSpareServers\&.
+.RE
+.PP
+\fBMaxRequestsPerChild\fR
+.RS 4
+This limits the number of connections that a child process will handle before it is killed\&. The default value is
+0
+which disables this feature\&. This option is meant as an emergency measure in the case of problems with memory leakage\&. In that case, setting
+MaxRequestsPerChild
+to a value of e\&.g\&. 1000, or 10000 can be useful\&.
+.RE
+.PP
+\fBAllow\fR, \fBDeny\fR
+.RS 4
+The
+Allow
+and
+Deny
+options provide a means to customize which clients are allowed to access Tinyproxy\&.
+Allow
+and
+Deny
+lines can be specified multiple times to build the access control list for Tinyproxy\&. The order in the config file is important\&. If there are no
+Allow
+or
+Deny
+lines, then all clients are allowed\&. Otherwise, the default action is to deny access\&. The argument to
+Allow
+or
+Deny
+can be a single IP address of a client host, like
+127\&.0\&.0\&.1, an IP address range, like
+192\&.168\&.0\&.1/24
+or a string that will be matched against the end of the client host name, i\&.e, this can be a full host name like
+host\&.example\&.com
+or a domain name like
+\&.example\&.com
+or even a top level domain name like
+\&.com\&.
+.RE
+.PP
+\fBAddHeader\fR
+.RS 4
+Configure one or more HTTP request headers to be added to outgoing HTTP requests that Tinyproxy makes\&. Note that this option will not work for HTTPS traffic, as Tinyproxy has no control over what headers are exchanged\&.
+.RE
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+AddHeader "X\-My\-Header" "Powered by Tinyproxy"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBViaProxyName\fR
+.RS 4
+RFC 2616 requires proxies to add a
+Via
+header to the HTTP requests, but using the real host name can be a security concern\&. If the
+ViaProxyname
+option is present, then its string value will be used as the host name in the Via header\&. Otherwise, the server\(cqs host name will be used\&.
+.RE
+.PP
+\fBDisableViaHeader\fR
+.RS 4
+When this is set to yes, Tinyproxy does NOT add the
+Via
+header to the requests\&. This virtually puts Tinyproxy into stealth mode\&. Note that RFC 2616 requires proxies to set the
+Via
+header, so by enabling this option, you break compliance\&. Don\(cqt disable the
+Via
+header unless you know what you are doing\&...
+.RE
+.PP
+\fBFilter\fR
+.RS 4
+Tinyproxy supports filtering of web sites based on URLs or domains\&. This option specifies the location of the file containing the filter rules, one rule per line\&.
+.RE
+.PP
+\fBFilterURLs\fR
+.RS 4
+If this boolean option is set to
+Yes
+or
+On, filtering is performed for URLs rather than for domains\&. The default is to filter based on domains\&.
+.RE
+.PP
+\fBFilterExtended\fR
+.RS 4
+If this boolean option is set to
+Yes, then extended POSIX regular expressions are used for matching the filter rules\&. The default is to use basic POSIX regular expressions\&.
+.RE
+.PP
+\fBFilterCaseSensitive\fR
+.RS 4
+If this boolean option is set to
+Yes, then the filter rules are matched in a case sensitive manner\&. The default is to match case\-insensitively\&.
+.RE
+.PP
+\fBFilterDefaultDeny\fR
+.RS 4
+The default filtering policy is to allow everything that is not matched by a filtering rule\&. Setting
+FilterDefaultDeny
+to
+Yes
+changes the policy do deny everything but the domains or URLs matched by the filtering rules\&.
+.RE
+.PP
+\fBAnonymous\fR
+.RS 4
+If an
+Anonymous
+keyword is present, then anonymous proxying is enabled\&. The headers listed with
+Anonymous
+are allowed through, while all others are denied\&. If no Anonymous keyword is present, then all headers are allowed through\&. You must include quotes around the headers\&.
+
+Most sites require cookies to be enabled for them to work correctly, so you will need to allow cookies through if you access those sites\&.
+
+Example:
+.RE
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+Anonymous "Host"
+Anonymous "Authorization"
+Anonymous "Cookie"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBConnectPort\fR
+.RS 4
+This option can be used to specify the ports allowed for the CONNECT method\&. If no
+ConnectPort
+line is found, then all ports are allowed\&. To disable CONNECT altogether, include a single ConnectPort line with a value of
+0\&.
+.RE
+.PP
+\fBReversePath\fR
+.RS 4
+Configure one or more ReversePath directives to enable reverse proxy support\&. With reverse proxying it\(cqs possible to make a number of sites appear as if they were part of a single site\&.
+
+If you uncomment the following two directives and run Tinyproxy on your own computer at port 8888, you can access example\&.com, using
+http://localhost:8888/example/\&.
+.RE
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ReversePath "/example/" "http://www\&.example\&.com/"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBReverseOnly\fR
+.RS 4
+When using Tinyproxy as a reverse proxy, it is STRONGLY recommended that the normal proxy is turned off by setting this boolean option to
+Yes\&.
+.RE
+.PP
+\fBReverseMagic\fR
+.RS 4
+Setting this option to
+Yes, makes Tinyproxy use a cookie to track reverse proxy mappings\&. If you need to reverse proxy sites which have absolute links you must use this option\&.
+.RE
+.PP
+\fBReverseBaseURL\fR
+.RS 4
+The URL that is used to access this reverse proxy\&. The URL is used to rewrite HTTP redirects so that they won\(cqt escape the proxy\&. If you have a chain of reverse proxies, you\(cqll need to put the outermost URL here (the address which the end user types into his/her browser)\&. If this option is not set then no rewriting of redirects occurs\&.
+.RE
+.SH "BUGS"
+.sp
+To report bugs in Tinyproxy, please visit <https://www\&.banu\&.com/tinyproxy/>\&.
+.SH "SEE ALSO"
+.sp
+tinyproxy(8)
+.SH "AUTHOR"
+.sp
+Written by the Tinyproxy project team\&.
+.SH "COPYRIGHT"
+.sp
+Copyright (c) 1998\-2000 Steven Young; Copyright (c) 2000\-2001 Robert James Kaes; Copyright (c) 2009\-2010 Mukund Sivaraman; Copyright (c) 2009\-2010 Michael Adam\&.
+.sp
+This program is distributed under the terms of the GNU General Public License version 2 or above\&. See the COPYING file for additional information\&.
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-09 04:36:33 +0000