Linux工具-Tinyproxy服务器

https://github.com/tinyproxy/tinyproxy
Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Designed from the ground up to be fast and yet small, it is an ideal solution for use cases such as embedded deployments where a full featured HTTP proxy is required, but the system resources for a larger proxy are unavailable.
Tinyproxy是为POSIX操作系统的设计的一个轻量级HTTP/HTTPS署理服务器（守卫进程）。它的设计初衷是快速而小巧，它为必要功能齐全的HTTP署理但不能提供较大署理资源的嵌入式系统提供了一个好的办理方案。
一、安装

Huawei Cloud Ubuntu 20.04：

1. sudo apt install tinyproxy

复制代码

二、配置更新

tinyproxy安装完成了，可以在系统中找到三个文件：

• /lib/systemd/system/tinyproxy.service
  
• /etc/default/tinyproxy
  
• /etc/tinyproxy/tinyproxy.conf
  根据测试验证，这些配置文件必要根据实际运行环境做必要调解。
  

/lib/systemd/system/tinyproxy.service

1. [Unit]
2. Description=Tinyproxy lightweight HTTP Proxy
3. After=network.target
4. Documentation=man:tinyproxy(8) man:tinyproxy.conf(5)
6. [Service]
7. PassEnvironment=-/etc/default/tinyproxy
8. Type=forking
9. ExecStart=/usr/bin/tinyproxy $FLAGS
10. PIDFile=/run/tinyproxy/tinyproxy.pid
11. PrivateDevices=yes
12. User=root
14. [Install]
15. WantedBy=multi-user.target

复制代码

/etc/default/tinyproxy

1. ### tinyproxy defaults
3. # Edit to configure alternate config file...
4. #
5. # If running under systemd, please make sure to uncomment
6. # both variables below!
8. CONFIG="/etc/tinyproxy/tinyproxy.conf"
9. FLAGS="-c $CONFIG"
11. # Add more command line options, as desired...
13. #FLAGS="$FLAGS ..."

复制代码

** /etc/tinyproxy/tinyproxy.conf**

1. ##
2. ## tinyproxy.conf -- tinyproxy daemon configuration file
3. ##
4. ## This example tinyproxy.conf file contains example settings
5. ## with explanations in comments. For decriptions of all
6. ## parameters, see the tinproxy.conf(5) manual page.
7. ##
9. #
10. # User/Group: This allows you to set the user and group that will be
11. # used for tinyproxy after the initial binding to the port has been done
12. # as the root user. Either the user or group name or the UID or GID
13. # number may be used.
14. #
15. User root
16. Group root
18. #
19. # Port: Specify the port which tinyproxy will listen on.  Please note
20. # that should you choose to run on a port lower than 1024 you will need
21. # to start tinyproxy using root.
22. #
23. Port 8888
25. #
26. # Listen: If you have multiple interfaces this allows you to bind to
27. # only one. If this is commented out, tinyproxy will bind to all
28. # interfaces present.
29. #
30. #Listen 192.168.0.1
32. #
33. # Bind: This allows you to specify which interface will be used for
34. # outgoing connections.  This is useful for multi-home'd machines where
35. # you want all traffic to appear outgoing from one particular interface.
36. #
37. #Bind 192.168.0.1
39. #
40. # BindSame: If enabled, tinyproxy will bind the outgoing connection to the
41. # ip address of the incoming connection.
42. #
43. #BindSame yes
45. #
46. # Timeout: The maximum number of seconds of inactivity a connection is
47. # allowed to have before it is closed by tinyproxy.
48. #
49. Timeout 600
51. #
52. # ErrorFile: Defines the HTML file to send when a given HTTP error
53. # occurs.  You will probably need to customize the location to your
54. # particular install.  The usual locations to check are:
55. #   /usr/local/share/tinyproxy
56. #   /usr/share/tinyproxy
57. #   /etc/tinyproxy
58. #
59. #ErrorFile 404 "/usr/share/tinyproxy/404.html"
60. #ErrorFile 400 "/usr/share/tinyproxy/400.html"
61. #ErrorFile 503 "/usr/share/tinyproxy/503.html"
62. #ErrorFile 403 "/usr/share/tinyproxy/403.html"
63. #ErrorFile 408 "/usr/share/tinyproxy/408.html"
65. #
66. # DefaultErrorFile: The HTML file that gets sent if there is no
67. # HTML file defined with an ErrorFile keyword for the HTTP error
68. # that has occured.
69. #
70. DefaultErrorFile "/usr/share/tinyproxy/default.html"
72. #
73. # StatHost: This configures the host name or IP address that is treated
74. # as the stat host: Whenever a request for this host is received,
75. # Tinyproxy will return an internal statistics page instead of
76. # forwarding the request to that host.  The default value of StatHost is
77. # tinyproxy.stats.
78. #
79. #StatHost "tinyproxy.stats"
80. #
82. #
83. # StatFile: The HTML file that gets sent when a request is made
84. # for the stathost.  If this file doesn't exist a basic page is
85. # hardcoded in tinyproxy.
86. #
87. StatFile "/usr/share/tinyproxy/stats.html"
89. #
90. # LogFile: Allows you to specify the location where information should
91. # be logged to.  If you would prefer to log to syslog, then disable this
92. # and enable the Syslog directive.  These directives are mutually
93. # exclusive. If neither Syslog nor LogFile are specified, output goes
94. # to stdout.
95. #
96. LogFile "/var/log/tinyproxy/tinyproxy.log"
98. #
99. # Syslog: Tell tinyproxy to use syslog instead of a logfile.  This
100. # option must not be enabled if the Logfile directive is being used.
101. # These two directives are mutually exclusive.
102. #
103. #Syslog On
105. #
106. # LogLevel: Warning
107. #
108. # Set the logging level. Allowed settings are:
109. #       Critical        (least verbose)
110. #       Error
111. #       Warning
112. #       Notice
113. #       Connect         (to log connections without Info's noise)
114. #       Info            (most verbose)
115. #
116. # The LogLevel logs from the set level and above. For example, if the
117. # LogLevel was set to Warning, then all log messages from Warning to
118. # Critical would be output, but Notice and below would be suppressed.
119. #
120. LogLevel Info
122. #
123. # PidFile: Write the PID of the main tinyproxy thread to this file so it
124. # can be used for signalling purposes.
125. # If not specified, no pidfile will be written.
126. #
127. PidFile "/run/tinyproxy/tinyproxy.pid"
129. #
130. # XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
131. # contains the client's IP address.
132. #
133. #XTinyproxy Yes
135. #
136. # Upstream:
137. #
138. # Turns on upstream proxy support.
139. #
140. # The upstream rules allow you to selectively route upstream connections
141. # based on the host/domain of the site being accessed.
142. #
143. # Syntax: upstream type (user:pass@)ip:port ("domain")
144. # Or:     upstream none "domain"
145. # The parts in parens are optional.
146. # Possible types are http, socks4, socks5, none
147. #
148. # For example:
149. #  # connection to test domain goes through testproxy
150. #  upstream http testproxy:8008 ".test.domain.invalid"
151. #  upstream http testproxy:8008 ".our_testbed.example.com"
152. #  upstream http testproxy:8008 "192.168.128.0/255.255.254.0"
153. #
154. #  # upstream proxy using basic authentication
155. #  upstream http user:pass@testproxy:8008 ".test.domain.invalid"
156. #
157. #  # no upstream proxy for internal websites and unqualified hosts
158. #  upstream none ".internal.example.com"
159. #  upstream none "www.example.com"
160. #  upstream none "10.0.0.0/8"
161. #  upstream none "192.168.0.0/255.255.254.0"
162. #  upstream none "."
163. #
164. #  # connection to these boxes go through their DMZ firewalls
165. #  upstream http cust1_firewall:8008 "testbed_for_cust1"
166. #  upstream http cust2_firewall:8008 "testbed_for_cust2"
167. #
168. #  # default upstream is internet firewall
169. #  upstream http firewall.internal.example.com:80
170. #
171. # You may also use SOCKS4/SOCKS5 upstream proxies:
172. #  upstream socks4 127.0.0.1:9050
173. #  upstream socks5 socksproxy:1080
174. #
175. # The LAST matching rule wins the route decision.  As you can see, you
176. # can use a host, or a domain:
177. #  name     matches host exactly
178. #  .name    matches any host in domain "name"
179. #  .        matches any host with no domain (in 'empty' domain)
180. #  IP/bits  matches network/mask
181. #  IP/mask  matches network/mask
182. #
183. #Upstream http some.remote.proxy:port
185. #
186. # MaxClients: This is the absolute highest number of threads which will
187. # be created. In other words, only MaxClients number of clients can be
188. # connected at the same time.
189. #
190. MaxClients 100
192. #
193. # MinSpareServers/MaxSpareServers: These settings set the upper and
194. # lower limit for the number of spare servers which should be available.
195. #
196. # If the number of spare servers falls below MinSpareServers then new
197. # server processes will be spawned.  If the number of servers exceeds
198. # MaxSpareServers then the extras will be killed off.
199. #
200. MinSpareServers 5
201. MaxSpareServers 20
203. #
204. # StartServers: The number of servers to start initially.
205. #
206. StartServers 10
208. #
209. # MaxRequestsPerChild: The number of connections a thread will handle
210. # before it is killed. In practise this should be set to 0, which
211. # disables thread reaping. If you do notice problems with memory
212. # leakage, then set this to something like 10000.
213. #
214. MaxRequestsPerChild 0
216. #
217. # Allow: Customization of authorization controls. If there are any
218. # access control keywords then the default action is to DENY. Otherwise,
219. # the default action is ALLOW.
220. #
221. # The order of the controls are important. All incoming connections are
222. # tested against the controls based on order.
223. #
224. #Allow 127.0.0.1
225. #Allow 192.168.0.0/16
226. #Allow 172.16.0.0/12
227. #Allow 10.0.0.0/8
229. # BasicAuth: HTTP "Basic Authentication" for accessing the proxy.
230. # If there are any entries specified, access is only granted for authenticated
231. # users.
232. #BasicAuth user password
234. #
235. # AddHeader: Adds the specified headers to outgoing HTTP requests that
236. # Tinyproxy makes. Note that this option will not work for HTTPS
237. # traffic, as Tinyproxy has no control over what headers are exchanged.
238. #
239. #AddHeader "X-My-Header" "Powered by Tinyproxy"
241. #
242. # ViaProxyName: The "Via" header is required by the HTTP RFC, but using
243. # the real host name is a security concern.  If the following directive
244. # is enabled, the string supplied will be used as the host name in the
245. # Via header; otherwise, the server's host name will be used.
246. #
247. ViaProxyName "tinyproxy"
249. #
250. # DisableViaHeader: When this is set to yes, Tinyproxy does NOT add
251. # the Via header to the requests. This virtually puts Tinyproxy into
252. # stealth mode. Note that RFC 2616 requires proxies to set the Via
253. # header, so by enabling this option, you break compliance.
254. # Don't disable the Via header unless you know what you are doing...
255. #
256. #DisableViaHeader Yes
258. #
259. # Filter: This allows you to specify the location of the filter file.
260. #
261. #Filter "/etc/tinyproxy/filter"
263. #
264. # FilterURLs: Filter based on URLs rather than domains.
265. #
266. #FilterURLs On
268. #
269. # FilterExtended: Use POSIX Extended regular expressions rather than
270. # basic.
271. #
272. #FilterExtended On
274. #
275. # FilterCaseSensitive: Use case sensitive regular expressions.
276. #
277. #FilterCaseSensitive On
279. #
280. # FilterDefaultDeny: Change the default policy of the filtering system.
281. # If this directive is commented out, or is set to "No" then the default
282. # policy is to allow everything which is not specifically denied by the
283. # filter file.
284. #
285. # However, by setting this directive to "Yes" the default policy becomes
286. # to deny everything which is _not_ specifically allowed by the filter
287. # file.
288. #
289. #FilterDefaultDeny Yes
291. #
292. # Anonymous: If an Anonymous keyword is present, then anonymous proxying
293. # is enabled.  The headers listed are allowed through, while all others
294. # are denied. If no Anonymous keyword is present, then all headers are
295. # allowed through.  You must include quotes around the headers.
296. #
297. # Most sites require cookies to be enabled for them to work correctly, so
298. # you will need to allow Cookies through if you access those sites.
299. #
300. #Anonymous "Host"
301. #Anonymous "Authorization"
302. #Anonymous "Cookie"
304. #
305. # ConnectPort: This is a list of ports allowed by tinyproxy when the
306. # CONNECT method is used.  To disable the CONNECT method altogether, set
307. # the value to 0.  If no ConnectPort line is found, all ports are
308. # allowed.
309. #
310. # The following two ports are used by SSL.
311. #
312. ConnectPort 443
313. ConnectPort 563
315. #
316. # Configure one or more ReversePath directives to enable reverse proxy
317. # support. With reverse proxying it's possible to make a number of
318. # sites appear as if they were part of a single site.
319. #
320. # If you uncomment the following two directives and run tinyproxy
321. # on your own computer at port 8888, you can access Google using
322. # http://localhost:8888/google/ and Wired News using
323. # http://localhost:8888/wired/news/. Neither will actually work
324. # until you uncomment ReverseMagic as they use absolute linking.
325. #
326. # ReversePath "/google/"        "http://www.google.com/"
327. # ReversePath "/wired/"                "http://www.wired.com/"
329. #
330. # When using tinyproxy as a reverse proxy, it is STRONGLY recommended
331. # that the normal proxy is turned off by uncommenting the next directive.
332. #
333. #ReverseOnly Yes
335. #
336. # Use a cookie to track reverse proxy mappings. If you need to reverse
337. # proxy sites which have absolute links you must uncomment this.
338. #
339. #ReverseMagic Yes
341. #
342. # The URL that's used to access this reverse proxy. The URL is used to
343. # rewrite HTTP redirects so that they won't escape the proxy. If you
344. # have a chain of reverse proxies, you'll need to put the outermost
345. # URL here (the address which the end user types into his/her browser).
346. #
347. # If not set then no rewriting occurs.
348. #
349. #ReverseBaseURL "http://localhost:8888/"

复制代码

注：tinyproxy的具体配置介绍可参考：https://tinyproxy.github.io/
三、服务管理

ubuntu环境下，tinyproxy默认利用systemd进行管理。

1. # 启动进程
2. sudo systemctl start tinyproxy
3. # 停止进程
4. sudo systemctl stop tinyproxy
5. # 重启进程
6. sudo systemctl restart tinyproxy
8. # 查看状态
9. sudo systemctl status tinyproxy
10. # 查看systemd日志
11. sudo journalctl -u tinyproxy.service -f

复制代码

注：查看tinyproxy实时日记输出：tail -f /var/log/tinyproxy/tinyproxy.log

四、测试验证

tinyproxy日记实时监控：

1. tail -f /var/log/tinyproxy/tinyproxy.log

复制代码

1、command line

1、设置环境变量

1. export http_proxy="http://xxx.xxx.xxx.xxx:8888/"
2. export https_proxy="http://xxx.xxx.xxx.xxx:8888/"

复制代码

2、wget访问网络·

1. wget baidu.com

复制代码

3、观测日记输出

2、firefox browser

1、设置署理服务器
打开浏览器，依次点击“Settings” -》 “General” -》 “Network Settings” -》 “Settings”，选择“Manual proxy configuration”并设置正确的署理服务器ip和端口。

2、访问百度首页（www.baidu.con）
3、观测日记输出

五、应用场景

• …
  

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。