Commit Graph

32 Commits

Author SHA1 Message Date
rofl0r
235b1c10a7 implement filtertype keyword and fnmatch-based filtering
as suggested in #212, it seems the majority of people don't understand
that input was expected to be in regex format and people were using
filter lists containing plain hostnames, e.g. `www.google.com`.

apart from that, using fnmatch() for matching is actually a lot less
computationally expensive and allows to use big blacklists without
incurring a huge performance hit.

the config file now understands a new option `FilterType` which can
be one of `bre`, `ere` and `fnmatch`.
The `FilterExtended` option was deprecated in favor of it.
It still works, but will be removed in the release after the next.
2022-05-02 13:13:40 +00:00
Malte S. Stretz
1576ee279f Return 5xx when upstream is unreachable
Currently a 404 is returned for a misconfigured or unavailable upstream
server.  Since that's a server error it should be a 5xx instead; a 404
is confusing when used as a forward proxy and might even be harmful when
used as a reverse proxy.

It is debatable if another 5xx code might be better; the misconfigured
situation might better be a 500 whereas the connection issue could be
a 503 instead (as used eg. in haproxy).
2022-02-13 21:46:03 +00:00
rofl0r
b935dc85c3 simplify codebase by using one thread/conn, instead of preforked procs
the existing codebase used an elaborate and complex approach for
its parallelism:

5 different config file options, namely

- MaxClients
- MinSpareServers
- MaxSpareServers
- StartServers
- MaxRequestsPerChild

were used to steer how (and how many) parallel processes tinyproxy
would spin up at start, how many processes at each point needed to
be idle, etc.
it seems all preforked processes would listen on the server port
and compete with each other about who would get assigned the new
incoming connections.
since some data needs to be shared across those processes, a half-
baked "shared memory" implementation was provided for this purpose.
that implementation used to use files in the filesystem, and since
it had a big FIXME comment, the author was well aware of how hackish
that approach was.

this entire complexity is now removed. the main thread enters
a loop which polls on the listening fds, then spins up a new
thread per connection, until the maximum number of connections
(MaxClients) is hit. this is the only of the 5 config options
left after this cleanup. since threads share the same address space,
the code necessary for shared memory access has been removed.
this means that the other 4 mentioned config option will now
produce a parse error, when encountered.

currently each thread uses a hardcoded default of 256KB per thread
for the thread stack size, which is quite lavish and should be
sufficient for even the worst C libraries, but people may want
to tweak this value to the bare minimum, thus we may provide a new
config option for this purpose in the future.
i suspect that on heavily optimized C libraries such a musl, a
stack size of 8-16 KB per thread could be sufficient.

since the existing list implementation in vector.c did not provide
a way to remove a single item from an existing list, i added my
own list implementation from my libulz library which offers this
functionality, rather than trying to add an ad-hoc, and perhaps
buggy implementation to the vector_t list code. the sblist
code is contained in an 80 line C file and as simple as it can get,
while offering good performance and is proven bugfree due to years
of use in other projects.
2019-12-21 00:43:45 +00:00
Andre Mas
c2d3470a35 Fixes #256 Provides ::1 as allowed 2019-08-20 21:52:02 +01:00
rofl0r
057cf06805 config: unify upstream syntax for http,socks4,socks5 and none
closes #50
2018-02-25 23:52:23 +00:00
rofl0r
bf76aeeba1 implement HTTP basic auth for upstream proxies
loosely based on @valenbg1's code from PR #38

closes #38
closes #96
2018-02-25 15:13:45 +00:00
rofl0r
8db511b9bf add support for basic HTTP authentication
using the "BasicAuth" keyword in tinyproxy.conf.

base64 code was written by myself and taken from my own library "libulz".
for this purpose it is relicensed under the usual terms of the tinyproxy
license.
2018-02-06 16:57:02 +00:00
rofl0r
1ebfd2a2d1 tinyproxy.conf.in: add example for SOCKS upstream 2018-02-06 16:11:39 +00:00
Brian Cain
08a9fbb041 Add example value for Log Level setting 2017-11-27 18:49:53 +01:00
rofl0r
ccbbb81aa9 log to stdout if no logfile specified
some users want to run tinyproxy on an as-needed basis in a terminal,
without setting it up permanently to run as a daemon/service.
in such use case, it is very annoying that tinyproxy didn't have
an option to log to stdout, so the user has to keep a second terminal
open to `tail -f` the log.

additionally, this precluded usage with runit service supervisor,
which runs all services in foreground and creates logfiles from the
service's stdout/stderr.

since logging to stdout doesn't make sense when daemonized, now if
no logfile is specified and daemon mode activated, a warning is
printed to stderr once, and nothing is logged.
the original idea was to fail with an error message, though some users
might actually want to run tinyproxy as daemon and no logging at all.
2017-11-16 19:26:14 +01:00
rofl0r
64b29c5f4e do not create a pidfile, if none is specified in config
some people want to run tinyproxy with minimal configuration from
the command line (and as non-root), but tinyproxy insists on writing
a pid file, which only makes sense for usage as a service, hereby
forcing the user to either run it as root so it can write to the
default location, or start editing the default config file to work
around it.
and if no pidfile is specified in the config, it frankly doesn't
make sense to force creation of one anyway.
2017-11-16 19:26:14 +01:00
rofl0r
5062b78740 tinyproxy.conf.in: default to allow CONNECT method more broadly
tinyproxy conservatively defaulted to allow CONNECT method only
on two ports used by SSL in the ancient past, but since HTTPS usage
got much more widespread (actually, it's now the default for the
majority of websites), it makes sense now to allow it without
restriction by default to accomodate for the new situation.
2017-11-16 01:08:08 +01:00
Mukund Sivaraman
32563a4ed6 Bug #103: Move files installed in /etc/ to /etc/tinyproxy/ 2011-08-23 14:46:04 +05:30
Michael Adam
243526d493 Comment out the LogFile and PidFile options in the example tinyproxy.conf.
These are compiled in defaults now.

Michael
2010-03-02 23:41:37 +01:00
Michael Adam
e87c856487 change the default pid file location to "@LOCALSTATEDIR@/run/tinyproxy/tinyproxy.pid"
I.e., add a tinyproxy subdirectory.
This is meant to ease running tinyproxy as non-root user.
The subdirectory can be used to give the tinyproxy user
write permission.

Michael
2010-03-02 23:39:30 +01:00
Michael Adam
cfa5792880 change the default log file location to "@LOCALSTATEDIR@/log/tinyproxy/tinyproxy.log"
i.e. add a tinyproxy subdirectory.
This is meant to ease running tinyproxy as non-root user
the subdirectory can be used to give the tinyproxy user
write permission.

Michael
2010-03-02 23:39:21 +01:00
Michael Adam
f923649a11 tinyproxy.conf: fix LogFile to proper CamelCase for consistency 2010-02-23 08:06:55 +01:00
Mukund Sivaraman
719b5f6049 Fix pkgdatadir path in tinyproxy.conf 2010-02-18 00:30:19 +05:30
Mukund Sivaraman
9c0c3d5ced [BB#17] Add custom HTTP request headers to outgoing HTTP requests 2010-01-08 22:05:17 +05:30
Mukund Sivaraman
e71b3e08a6 Mark all generated stuff with silent rules 2009-11-14 15:47:21 +05:30
Michael Adam
c3f29ce4ac gitignore etc/tinyproxy.conf - it is generated 2009-11-10 17:12:16 +01:00
Michael Adam
c0c6db0a5e Update etc/Makefile.am to substitute TINYPROXY_STATHOST
Maybe, it would be better to have a two stage process here:

1. Have AC_SUBST from configure substitute as many variables
   as possible in  a fist stage
   tinyproxy.conf.tmpl.in --> tinyproxy.conf.tmp

2. Have make substitute those remaining paths that can not be
   substituted reasonable by configure due to the internal
   workings of automake.

Michael
2009-11-10 13:58:08 +01:00
Michael Adam
6f56738ab0 tinyproxy.conf: add a comment documenting StatHost
Michael
2009-11-10 13:58:08 +01:00
Michael Adam
e793a729f6 Clean tinyproxy.conf in make clean. 2009-10-11 13:21:13 +02:00
Michael Adam
582a8dc624 Fix make distcheck with tinyproxy.conf.in
(Fixes make install and out of tree builds)

Thanks to muks for the top_srcdir bit!
2009-10-11 13:19:36 +02:00
Michael Adam
1c0bda0e7c Document DisableViaHeader in the tinyproxy.conf template. 2009-10-11 02:00:32 +02:00
Michael Adam
f46aeca9a5 Fix a typo in the tinyproxy.conf template. 2009-10-10 22:25:03 +02:00
Michael Adam
1fda61b5a0 generate etc/tinyproxy.conf from a tinyproxy.conf.in template
This is a first cut at providing a tinyproxy.conf file with
more useful default or example directories. It uses datadir,
sysconfdir and localstatedir.

Because automake is a little special here, this template can
not simply be processed by configure (AC_CONFIG_FILES(...)),
as these variables can only be used like this in makefiles.
Instead, we need a little sed-processor in the Makfile in etc/.

Michael
2009-10-10 00:58:55 +02:00
Michael Adam
577e95880e tinyproxy.conf: Update the description of XTinyproxy (it is a bool).
Michael
2009-09-27 12:35:16 +02:00
Michael Adam
2208bebeac tinyproxy.conf: add a comment referring to the tinyproxy.conf(5) manpage
Michael
2009-09-20 11:01:30 +02:00
Michael Adam
30cb3f89ab tinyproxy.conf: update description of User/Group
Michael
2009-09-20 10:58:18 +02:00
Mukund Sivaraman
c44264ddaa doc: Move doc/tinyproxy.conf to etc/ directory 2009-09-13 04:04:18 +05:30