zoukankan      html  css  js  c++  java
  • *tinyproxy使用总结

    使用tinyproxy的问题背景:

    其实以前代理一直用的是apache,后来,那次有个任务要给ios的推送设置代理,任务很紧急,可是apache报错.

    原因如下:APNS发送通知的端口2195,但是Apache的ssl默认端口是443,因为端口不同,无法发送。

    一时没找到如何修改apache的ssl默认端口,而任务紧急,所以使用了tinyproxy做代理

    安装如下:这里只介绍了联网安装,参考网址CentOS如何部署TinyProxy

    yum update
    yum install tinyproxy

    配置如下

    vi /etc/tinyproxy/tinyproxy.conf

    ##
    ## tinyproxy.conf -- tinyproxy daemon configuration file
    ##
    
    #
    # Name of the user the tinyproxy daemon should switch to after the port
    # has been bound.
    #
    User nobody
    Group nobody
    
    #
    # Port to listen on.
    #
    Port 8888
    
    #
    # If you have multiple interfaces this allows you to bind to only one. If
    # this is commented out, tinyproxy will bind to all interfaces present.
    #
    #Listen 192.168.0.1
    
    #
    # The Bind directive allows you to bind the outgoing connections to a
    # particular IP address.
    #
    #Bind 192.168.0.1
    
    #
    # Timeout: The number of seconds of inactivity a connection is allowed to
    # have before it closed by tinyproxy.
    #
    Timeout 600
    
    #
    # ErrorFile: Defines the HTML file to send when a given HTTP error
    # occurs.  You will probably need to customize the location to your
    # particular install.  The usual locations to check are:
    #   /usr/local/share/tinyproxy
    #   /usr/share/tinyproxy
    #   /etc/tinyproxy
    #
    # ErrorFile 404 "/usr/share/tinyproxy/404.html"
    # ErrorFile 400 "/usr/share/tinyproxy/400.html"
    # ErrorFile 503 "/usr/share/tinyproxy/503.html"
    # ErrorFile 403 "/usr/share/tinyproxy/403.html"
    # ErrorFile 408 "/usr/share/tinyproxy/408.html"
    
    # 
    # DefaultErrorFile: The HTML file that gets sent if there is no
    # HTML file defined with an ErrorFile keyword for the HTTP error
    # that has occured.
    #
    DefaultErrorFile "/usr/share/tinyproxy/default.html"
    
    #
    # StatFile: The HTML file that gets sent when a request is made
    # for the stathost.  If this file doesn't exist a basic page is
    # hardcoded in tinyproxy.
    #
    StatFile "/usr/share/tinyproxy/stats.html"
    
    #
    # Where to log the information. Either LogFile or Syslog should be set,
    # but not both.
    #
    Logfile "/var/log/tinyproxy.log"
    # Syslog On
    
    #
    # Set the logging level. Allowed settings are:
    #    Critical    (least verbose)
    #    Error
    #    Warning
    #    Notice
    #    Connect        (to log connections without Info's noise)
    #    Info        (most verbose)
    # The LogLevel logs from the set level and above. For example, if the LogLevel
    # was set to Warning, than all log messages from Warning to Critical would be
    # output, but Notice and below would be suppressed.
    #
    LogLevel Info
    
    #
    # PidFile: Write the PID of the main tinyproxy thread to this file so it
    # can be used for signalling purposes.
    #
    PidFile "/var/run/tinyproxy.pid"
    
    #
    # Include the X-Tinyproxy header, which has the client's IP address when
    # connecting to the sites listed.
    #
    #XTinyproxy mydomain.com
    
    #
    # Turns on upstream proxy support.
    #
    # The upstream rules allow you to selectively route upstream connections
    # based on the host/domain of the site being accessed.
    #
    # For example:
    #  # connection to test domain goes through testproxy
    #  upstream testproxy:8008 ".test.domain.invalid"
    #  upstream testproxy:8008 ".our_testbed.example.com"
    #  upstream testproxy:8008 "192.168.128.0/255.255.254.0"
    #
    #  # no upstream proxy for internal websites and unqualified hosts
    #  no upstream ".internal.example.com"
    #  no upstream "www.example.com"
    #  no upstream "10.0.0.0/8"
    #  no upstream "192.168.0.0/255.255.254.0"
    #  no upstream "."
    #
    #  # connection to these boxes go through their DMZ firewalls
    #  upstream cust1_firewall:8008 "testbed_for_cust1"
    #  upstream cust2_firewall:8008 "testbed_for_cust2"
    #
    #  # default upstream is internet firewall
    #  upstream firewall.internal.example.com:80
    #
    # The LAST matching rule wins the route decision.  As you can see, you
    # can use a host, or a domain:
    #  name     matches host exactly
    #  .name    matches any host in domain "name"
    #  .        matches any host with no domain (in 'empty' domain)
    #  IP/bits  matches network/mask
    #  IP/mask  matches network/mask
    #
    #Upstream some.remote.proxy:port
    
    #
    # This is the absolute highest number of threads which will be created. In
    # other words, only MaxClients number of clients can be connected at the
    # same time.
    #
    MaxClients 100
    
    #
    # These settings set the upper and lower limit for the number of
    # spare servers which should be available. If the number of spare servers
    # falls below MinSpareServers then new ones will be created. If the number
    # of servers exceeds MaxSpareServers then the extras will be killed off.
    #
    MinSpareServers 5
    MaxSpareServers 20
    
    #
    # Number of servers to start initially.
    #
    StartServers 10
    
    #
    # MaxRequestsPerChild is the number of connections a thread will handle
    # before it is killed. In practise this should be set to 0, which disables
    # thread reaping. If you do notice problems with memory leakage, then set
    # this to something like 10000
    #
    MaxRequestsPerChild 0
    
    #
    # The following is the authorization controls. If there are any access
    # control keywords then the default action is to DENY. Otherwise, the
    # default action is ALLOW.
    #
    # Also the order of the controls are important. The incoming connections
    # are tested against the controls based on order.
    #
    #Allow 127.0.0.1
    # Allow 192.168.1.0/25
    
    #
    # The "Via" header is required by the HTTP RFC, but using the real host name
    # is a security concern.  If the following directive is enabled, the string
    # supplied will be used as the host name in the Via header; otherwise, the
    # server's host name will be used.
    #
    ViaProxyName "tinyproxy"
    
    #
    # The location of the filter file.
    #
    #Filter "/etc/tinyproxy/filter"
    
    #
    # Filter based on URLs rather than domains.
    #
    #FilterURLs On
    
    #
    # Use POSIX Extended regular expressions rather than basic.
    #
    #FilterExtended On
    
    #
    # Use case sensitive regular expressions.
    #                                                                         
    #FilterCaseSensitive On     
    
    #
    # Change the default policy of the filtering system.  If this directive is
    # commented out, or is set to "No" then the default policy is to allow
    # everything which is not specifically denied by the filter file.
    #
    # However, by setting this directive to "Yes" the default policy becomes to
    # deny everything which is _not_ specifically allowed by the filter file.
    #
    #FilterDefaultDeny Yes
    
    #
    # If an Anonymous keyword is present, then anonymous proxying is enabled.
    # The headers listed are allowed through, while all others are denied. If
    # no Anonymous keyword is present, then all header are allowed through.
    # You must include quotes around the headers.
    #
    #Anonymous "Host"
    #Anonymous "Authorization"
    
    #
    # This is a list of ports allowed by tinyproxy when the CONNECT method
    # is used.  To disable the CONNECT method altogether, set the value to 0.
    # If no ConnectPort line is found, all ports are allowed (which is not
    # very secure.)
    #
    # The following two ports are used by SSL.
    #
    ConnectPort 443
    #ConnectPort 563
    ConnectPort 2195

    log日志(比如都有那些访问)

    /var/log/tinyproxy.log

    启动

    service tinyproxy start
    
    /etc/init.d/tinyproxy {start|stop|status|restart|condrestart|try-restart|reload|force-reload}
  • 相关阅读:
    yaml文件执行后常见错误解决
    动态存储管理实战:GlusterFS
    Kubernetes角色访问控制RBAC和权限规则(Role+ClusterRole)
    Kubernetes 存储系统 Storage 介绍:PV,PVC,SC
    在容器中管理数据的两种方式
    k8s 如何关联pvc到特定的pv
    Mysqldump 的 的 6 大使用场景的导出命令
    Docker 容器日志管理
    k8s中节点级别的日志
    k8s中pod的容器日志查看命令
  • 原文地址:https://www.cnblogs.com/lakeslove/p/6394962.html
Copyright © 2011-2022 走看看