Часть 2. Polipo.
Устанавливаем polipo.
Code:
ipkg install polipo
Создаем каталог /opt/etc/polipo и ложим туда следующие файлы:
config
Code:
# Sample configuration file for Polipo. -*-sh-*-
# You should not need to edit this configuration file; all configuration
# variables have reasonable defaults.
# This file only contains some of the configuration variables; see the
# list given by ``polipo -v'' and the manual for more.
### Basic configuration
### *******************
# Uncomment one of these if you want to allow remote clients to
# connect:
# proxyAddress = "::0" # both IPv4 and IPv6
# proxyAddress = "0.0.0.0" # IPv4 only
proxyAddress = 192.168.1.1
proxyPort = 8123
# If you are enabling 'proxyAddress' above, then you want to enable the
# 'allowedClients' variable to the address of your network, e.g.
allowedClients = 127.0.0.1, 192.168.1.0/24
#allowedClients = 127.0.0.1
# Uncomment this if you want your Polipo to identify itself by
# something else than the host name:
# proxyName = "polipo.example.org"
# Uncomment this if there's only one user using this instance of Polipo:
# cacheIsShared = false
# Uncomment this if you want to use a parent proxy:
# parentProxy = "squid.example.org:3128"
parentProxy = 127.0.0.1:8118
# Uncomment this if you want to use a parent SOCKS proxy:
# socksParentProxy = "localhost:9050"
# socksProxyType = socks5
### Memory
### ******
# Uncomment this if you want Polipo to use a ridiculously small amount
# of memory (a hundred C-64 worth or so):
chunkHighMark = 819200
objectHighMark = 128
# Uncomment this if you've got plenty of memory:
# chunkHighMark = 50331648
# objectHighMark = 16384
### On-disk data
### ************
# Uncomment this if you want to disable the on-disk cache:
# diskCacheRoot = ""
# Uncomment this if you want to put the on-disk cache in a
# non-standard location:
# diskCacheRoot = "~/.polipo-cache/"
diskCacheRoot = "/home/cache/"
# Uncomment this if you want to disable the local web server:
# localDocumentRoot = ""
# Uncomment this if you want to enable the pages under /polipo/index?
# and /polipo/servers?. This is a serious privacy leak if your proxy
# is shared.
# disableIndexing = false
# disableServersList = false
diskCacheTruncateTime = 30d
diskCacheUnlinkTime = 90d
diskCacheTruncateSize = 2048 MB
### Domain Name System
### ******************
# Uncomment this if you want to contact IPv4 hosts only (and make DNS
# queries somewhat faster):
dnsQueryIPv6 = no
# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for
# double-stack hosts:
# dnsQueryIPv6 = reluctantly
# Uncomment this to disable Polipo's DNS resolver and use the system's
# default resolver instead. If you do that, Polipo will freeze during
# every DNS query:
dnsUseGethostbyname = yes
### HTTP
### ****
# Uncomment this if you want to enable detection of proxy loops.
# This will cause your hostname (or whatever you put into proxyName
# above) to be included in every request:
# disableVia=false
# Uncomment this if you want to slightly reduce the amount of
# information that you leak about yourself:
# censoredHeaders = from, accept-language
# censorReferer = maybe
# Uncomment this if you're paranoid. This will break a lot of sites,
# though:
# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language
# censorReferer = true
# Uncomment this if you want to use Poor Man's Multiplexing; increase
# the sizes if you're on a fast line. They should each amount to a few
# seconds' worth of transfer; if pmmSize is small, you'll want
# pmmFirstSize to be larger.
# Note that PMM is somewhat unreliable.
# pmmFirstSize = 16384
# pmmSize = 8192
# Uncomment this if your user-agent does something reasonable with
# Warning headers (most don't):
# relaxTransparency = maybe
# Uncomment this if you never want to revalidate instances for which
# data is available (this is not a good idea):
# relaxTransparency = yes
# Uncomment this if you have no network:
# proxyOffline = yes
# Uncomment this if you want to avoid revalidating instances with a
# Vary header (this is not a good idea):
# mindlesslyCacheVary = true
maxDiskEntries = 4096
disableIndexing = false
maxConnectionRequests = 512
maxDiskCacheEntrySize = -1
forbidden
Code:
# Sample forbidden URLs file for polipo. -*-sh-*-
# Put this in /etc/polipo/forbidden or in ~/.polipo-forbidden.
# Forbid all hosts belonging to a given domain name:
#counter.com
#hitbox.com
#doubleclick.net
#www.cashcount.com
# Forbid all hosts contaning a string matching a given regex. Note
# that you need to quote dots, so that a regex is not misinterpreted
# as a domain name.
#^http://[^/]*counter\.com
#/ads/
#/phpAdsNew
#counting\.php
options
Code:
# See the /usr/share/doc/polipo/README.Debian file for details on this file
method any
#method static
#method manual
#method dhcp
#method bootp
#method ppp
#method wvdial
Зачем нужен options - неподозреваю, но когда я ставил polipo в ubuntu он создался и я его чесно перенес в роутер. :-(
Скрипт запуска /opt/etc/init.d/S70polipo
Code:
#!/bin/sh
NAME="Polipo"
PIDFILE=/opt/var/run/polipo.pid
POLIPO=/opt/bin/polipo
CONFIG_FILE=/opt/etc/polipo/config
FORBIDDEN_FILE=/opt/etc/polipo/forbidden
LOGFILE=/opt/var/log/polipo.log
USER=proxy
GROUP=proxy
#DAEMON_OPTS=" -c $CONFIG_FILE pidFile=$PIDFILE daemonise=true logFile=$LOGFILE"
start() {
echo "Starting $NAME... "
/opt/bin/polipo -c $CONFIG_FILE pidFile=$PIDFILE daemonise=true logFile=$LOGFILE
}
stop() {
echo "Shutting down $NAME... "
[ -f ${PIDFILE} ] && kill `cat ${PIDFILE}`
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 1
start
;;
*)
echo "Usage: $0 (start|stop|restart)"
exit 1
;;
esac
exit 0
Вообще, запускать polipo, тоже лучше под пользователем proxy, но как это сделать я не знаю.
Если кто-то сможет это сделать и опишет, как он это реализовал, то общественность будет очень благодарна.
На этом вроде все.
(11.02.2010) Ура! Вдохновленный скриптом запуска для privoxy под ограниченным пользователем от vildi переписал скрипт запуска для polipo.
Взять скрипт и почитать инструкцию по настройке можно тут: Стартовый скрипт для запуска polipo под ограниченным пользователем