Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| doc:howto:proxy.tinyproxy [2014/10/03 08:30] – fix minor error lynus | docs:guide-user:services:proxy:tinyproxy [2023/10/14 08:22] (current) – update vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Tinyproxy ====== | ====== Tinyproxy ====== | ||
| - | [[wp> | + | [[wp> |
| - | * https://banu.com/tinyproxy/ | + | * https:// |
| + | ==== Installing ==== | ||
| + | To install tinyproxy follow these steps: | ||
| - | ====Enable Transparent Proxy for Backfire 10.03==== | + | Install software packages: |
| - | If a full featured HTTP proxy is required, the tinyproxy package is an ideal solution for you as a larger proxy might be unavailable in this environment. | + | |
| - | - install software packages:< | + | < |
| opkg update | opkg update | ||
| opkg install tinyproxy luci-app-tinyproxy | opkg install tinyproxy luci-app-tinyproxy | ||
| </ | </ | ||
| - | - configure '' | + | |
| + | Configure Tinyproxy: | ||
| + | |||
| + | < | ||
| uci set tinyproxy.@tinyproxy[0].enabled=1 | uci set tinyproxy.@tinyproxy[0].enabled=1 | ||
| uci commit | uci commit | ||
| - | / | + | service |
| - | / | + | service |
| </ | </ | ||
| - | | + | |
| + | === Detailed configuration === | ||
| + | If you like to finetune the other options you can also use an editor like VI or nano to edit ''/ | ||
| + | |||
| + | <code bash> | ||
| + | config tinyproxy | ||
| + | option User ' | ||
| + | option Group ' | ||
| + | option Port ' | ||
| + | option Timeout ' | ||
| + | option DefaultErrorFile '/ | ||
| + | option StatFile '/ | ||
| + | option LogFile '/ | ||
| + | option LogLevel ' | ||
| + | option MaxClients ' | ||
| + | option MinSpareServers ' | ||
| + | option MaxSpareServers ' | ||
| + | option StartServers ' | ||
| + | option MaxRequestsPerChild ' | ||
| + | option ViaProxyName ' | ||
| + | list ConnectPort ' | ||
| + | list ConnectPort ' | ||
| + | option enabled ' | ||
| + | list Allow ' | ||
| + | list Allow ' | ||
| + | option Filter '/ | ||
| + | option FilterDefaultDeny ' | ||
| + | </ | ||
| + | |||
| + | The whitelist file ''/ | ||
| + | |||
| + | <code bash> | ||
| + | # filter exactly cnn.com | ||
| + | # ^cnn\.com$ | ||
| + | |||
| + | # filter all subdomains of cnn.com, but not cnn.com itself | ||
| + | # .*\.cnn.com$ | ||
| + | |||
| + | # filter any domain that has cnn.com in it, like xcnn.comfy.org | ||
| + | # cnn\.com | ||
| + | |||
| + | # filter any domain that ends in cnn.com | ||
| + | # cnn\.com$ | ||
| + | |||
| + | # filter any domain that starts with adserver | ||
| + | # ^adserver | ||
| + | |||
| + | ^openwrt\.org$ | ||
| + | .*\.openwrt\.org$ | ||
| + | |||
| + | ^127\.0\.0\.1$ | ||
| + | ^localhost$ | ||
| + | </ | ||
| + | |||
| + | Please note that only the FQDN / hostname can be filtered for HTTPS and HTTP. | ||
| + | URL filtering with tinyproxy only works for unencrypted HTTP traffic because HTTPS-traffic is opaque to the proxy. | ||
| + | It controls if the '' | ||
| + | The content of the transmission between client and server remains opaque and encrypted. | ||
| + | |||
| + | === Configure firewall === | ||
| + | Configure the firewall to filter/ | ||
| + | Clients must still be able to reach the proxy from the LAN side, but not the WAN. | ||
| + | If this step is omitted clients can reconfigure their proxy settings to not use a proxy and bypass the proxy without any effort. | ||
| + | |||
| + | === Configure the clients === | ||
| + | Configure the clients to use the proxy. | ||
| + | Browsers like Firefox / Chromium / Brave need the IP or hostname of the device where '' | ||
| + | The proxy is the same for HTTP and HTTPS traffic. | ||
| + | Many commands line clients like '' | ||
| + | |||
| + | === Transparent HTTP proxy === | ||
| + | This steps is optional and nowadays, that most websites use encryption, it is not as useful as it was anymore. | ||
| + | Prefer configuring the proxy at the client side, most browsers allow configuring the proxy manually for HTTP and HTTPS. | ||
| + | For unencrypted HTTP connections the firewall can redirect traffic to the proxy. | ||
| + | Client devices do not need to be configured to make use of the proxy server, but it only works for HTTP traffic. | ||
| + | Encrypted HTTPS traffic cannot be handled this way. | ||
| + | |||
| + | Configure | ||
| + | |||
| + | < | ||
| uci add firewall redirect | uci add firewall redirect | ||
| uci set firewall.@redirect[0].name=' | uci set firewall.@redirect[0].name=' | ||
| Line 27: | Line 110: | ||
| uci set firewall.@redirect[0].dest_ip=192.168.1.1 | uci set firewall.@redirect[0].dest_ip=192.168.1.1 | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| - | :!: Note that the **'' | + | :!: Note that the **'' |
| Note also that by default tinyproxy does not allow connections from other hosts so you will need to enable this. One way is to comment out the " | Note also that by default tinyproxy does not allow connections from other hosts so you will need to enable this. One way is to comment out the " | ||
| - | ====Notes on Attitude Adjustment 12.09 and maybe IPv6==== | + | ==== Notes on Attitude Adjustment 12.09 and maybe IPv6 ==== |
| If you're using Attitude Adjustment 12.09 and maybe setup IPv6 on your OpenWrt box then this may be helpful. These notes only have a few hours of testing; second opinions, better advice welcomed: | If you're using Attitude Adjustment 12.09 and maybe setup IPv6 on your OpenWrt box then this may be helpful. These notes only have a few hours of testing; second opinions, better advice welcomed: | ||
| - | * The " | + | * The " |
| * The **'' | * The **'' | ||
| - | * Add " | + | * Add " |
| Some help with tinyproxy logging and log analysis here: http:// | Some help with tinyproxy logging and log analysis here: http:// | ||
| - | |||
| - | |||