'\" t
.\"     Title: tinyproxy.conf
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: 09/01/2018
.\"    Manual: Tinyproxy manual
.\"    Source: Version 1.10.0
.\"  Language: English
.\"
.TH "TINYPROXY\&.CONF" "5" "09/01/2018" "Version 1\&.10\&.0" "Tinyproxy manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
tinyproxy.conf \- Tinyproxy HTTP proxy daemon configuration file
.SH "SYNOPSIS"
.sp
\fBtinyproxy\&.conf\fR
.SH "DESCRIPTION"
.sp
tinyproxy(8) reads its configuration file, typically stored in /etc/tinyproxy/tinyproxy\&.conf (or passed to Tinyproxy with \-c on the command line)\&. This manpage describes the syntax and contents of the configuration file\&.
.sp
The Tinyproxy configuration file contains key\-value pairs, one per line\&. Lines starting with # and empty lines are comments and are ignored\&. Keywords are case\-insensitive, whereas values are case\-sensitive\&. Values may be enclosed in double\-quotes (") if they contain spaces\&.
.sp
The possible keywords and their descriptions are as follows:
.PP
\fBUser\fR
.RS 4
The user which the Tinyproxy process should run as, after the initial port\-binding has been done as the
root
user\&. Either the user name or the UID may be specified\&.
.RE
.PP
\fBGroup\fR
.RS 4
The group which the Tinyproxy process should run as, after the initial port\-binding has been done as the
root
user\&. Either the group name or the GID may be specified\&.
.RE
.PP
\fBPort\fR
.RS 4
The port which the Tinyproxy service will listen on\&. If the port is less than 1024, you will need to start the Tinyproxy process as the
root
user\&.
.RE
.PP
\fBListen\fR
.RS 4
By default, Tinyproxy listens for connections on all available interfaces (i\&.e\&. it listens on the wildcard address
0\&.0\&.0\&.0)\&. With this configuration parameter, Tinyproxy can be told to listen only on one specific address\&.
.RE
.PP
\fBBind\fR
.RS 4
This allows you to specify which address Tinyproxy will bind to for outgoing connections to web servers or upstream proxies\&.
.RE
.PP
\fBBindSame\fR
.RS 4
If this boolean parameter is set to
yes, then Tinyproxy will bind the outgoing connection to the IP address of the incoming connection that triggered the outgoing request\&.
.RE
.PP
\fBTimeout\fR
.RS 4
The maximum number of seconds of inactivity a connection is allowed to have before it is closed by Tinyproxy\&.
.RE
.PP
\fBErrorFile\fR
.RS 4
This parameter controls which HTML file Tinyproxy returns when a given HTTP error occurs\&. It takes two arguments, the error number and the location of the HTML error file\&.
.RE
.PP
\fBDefaultErrorFile\fR
.RS 4
This parameter controls the HTML template file returned when an error occurs for which no specific error file has been set\&.
.RE
.PP
\fBStatHost\fR
.RS 4
This configures the host name or IP address that is treated as the
stat host: Whenever a request for this host is received, Tinyproxy will return an internal statistics page instead of forwarding the request to that host\&. The template for this page can be configured with the
StatFile
configuration option\&. The default value of
StatHost
is
tinyproxy\&.stats\&.
.RE
.PP
\fBStatFile\fR
.RS 4
This configures the HTML file that Tinyproxy sends when a request for the stathost is received\&. If this parameter is not set, Tinyproxy returns a hard\-coded basic statistics page\&. See the STATHOST section in the
tinyproxy(8)
manual page for details\&.

Note that the StatFile and the error files configured with ErrorFile and DefaultErrorFile are template files that can contain a few template variables that Tinyproxy expands prior to delivery\&. Examples are "{cause}" for an abbreviated error description and "{detail}" for a detailed error message\&. The
tinyproxy(8)
manual page contains a description of all template variables\&.
.RE
.PP
\fBLogFile\fR
.RS 4
This controls the location of the file to which Tinyproxy writes its debug output\&. Alternatively, Tinyproxy can log to syslog \(em see the Syslog option\&.
.RE
.PP
\fBSyslog\fR
.RS 4
When set to
On, this option tells Tinyproxy to write its debug messages to syslog instead of to a log file configured with
LogFile\&. These two options are mutually exclusive\&.
.RE
.PP
\fBLogLevel\fR
.RS 4
Sets the log level\&. Messages from the set level and above are logged\&. For example, if the LogLevel was set to Warning, then all log messages from Warning to Critical would be output, but Notice and below would be suppressed\&. Allowed values are:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Critical (least verbose)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Error
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Warning
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Notice
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Connect (log connections without Info\(cqs noise)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Info (most verbose)
.RE
.RE
.PP
\fBPidFile\fR
.RS 4
This option controls the location of the file where the main Tinyproxy process stores its process ID for signaling purposes\&.
.RE
.PP
\fBXTinyproxy\fR
.RS 4
Setting this option to
Yes
tells Tinyproxy to add a header
X\-Tinyproxy
containing the client\(cqs IP address to the request\&.
.RE
.PP
\fBUpstream\fR
.RS 4
This option allows you to set up a set of rules for deciding whether an upstream proxy server is to be used, based on the host or domain of the site being accessed\&. The rules are stored in the order encountered in the configuration file and the LAST matching rule wins\&. The following forms for specifying upstream rules exist:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIupstream type host:port\fR
turns proxy upstream support on generally\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIupstream type user:pass@host:port\fR
does the same, but uses the supplied credentials for authentication\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIupstream type host:port "site_spec"\fR
turns on the upstream proxy for the sites matching
site_spec\&.
.sp
.if n \{\
.RS 4
.\}
.nf
`type` can be one of `http`, `socks4`, `socks5`, `none`\&.
.fi
.if n \{\
.RE
.\}
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIupstream none "site_spec"\fR
turns off upstream support for sites matching
site_spec\&.
.sp
.if n \{\
.RS 4
.\}
.nf
The site can be specified in various forms as a hostname, domain
name or as an IP range:
.fi
.if n \{\
.RE
.\}
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIname\fR
matches host exactly
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fI\&.name\fR
matches any host in domain "name"
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fI\&.\fR
matches any host with no domain (in
\fIempty\fR
domain)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIIP/bits\fR
matches network/mask
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIIP/mask\fR
matches network/mask
.RE
.RE
.PP
\fBMaxClients\fR
.RS 4
Tinyproxy creates one child process for each connected client\&. This options specifies the absolute highest number processes that will be created\&. With other words, only MaxClients clients can be connected to Tinyproxy simultaneously\&.
.RE
.PP
\fBMinSpareServers\fR, \fBMaxSpareServers\fR
.RS 4
Tinyproxy always keeps a certain number of idle child processes so that it can handle new incoming client requests quickly\&.
MinSpareServer
and
MaxSpareServers
control the lower and upper limits for the number of spare processes\&. I\&.e\&. when the number of spare servers drops below
MinSpareServers
then Tinyproxy will start forking new spare processes in the background and when the number of spare processes exceeds
MaxSpareServers
then Tinyproxy will kill off extra processes\&.
.RE
.PP
\fBStartServers\fR
.RS 4
The number of servers to start initially\&. This should usually be set to a value between MinSpareServers and MaxSpareServers\&.
.RE
.PP
\fBMaxRequestsPerChild\fR
.RS 4
This limits the number of connections that a child process will handle before it is killed\&. The default value is
0
which disables this feature\&. This option is meant as an emergency measure in the case of problems with memory leakage\&. In that case, setting
MaxRequestsPerChild
to a value of e\&.g\&. 1000, or 10000 can be useful\&.
.RE
.PP
\fBAllow\fR, \fBDeny\fR
.RS 4
The
Allow
and
Deny
options provide a means to customize which clients are allowed to access Tinyproxy\&.
Allow
and
Deny
lines can be specified multiple times to build the access control list for Tinyproxy\&. The order in the config file is important\&. If there are no
Allow
or
Deny
lines, then all clients are allowed\&. Otherwise, the default action is to deny access\&. The argument to
Allow
or
Deny
can be a single IP address of a client host, like
127\&.0\&.0\&.1, an IP address range, like
192\&.168\&.0\&.1/24
or a string that will be matched against the end of the client host name, i\&.e, this can be a full host name like
host\&.example\&.com
or a domain name like
\&.example\&.com
or even a top level domain name like
\&.com\&.
.RE
.PP
\fBAddHeader\fR
.RS 4
Configure one or more HTTP request headers to be added to outgoing HTTP requests that Tinyproxy makes\&. Note that this option will not work for HTTPS traffic, as Tinyproxy has no control over what headers are exchanged\&.
.RE
.sp
.if n \{\
.RS 4
.\}
.nf
AddHeader "X\-My\-Header" "Powered by Tinyproxy"
.fi
.if n \{\
.RE
.\}
.PP
\fBViaProxyName\fR
.RS 4
RFC 2616 requires proxies to add a
Via
header to the HTTP requests, but using the real host name can be a security concern\&. If the
ViaProxyname
option is present, then its string value will be used as the host name in the Via header\&. Otherwise, the server\(cqs host name will be used\&.
.RE
.PP
\fBDisableViaHeader\fR
.RS 4
When this is set to yes, Tinyproxy does NOT add the
Via
header to the requests\&. This virtually puts Tinyproxy into stealth mode\&. Note that RFC 2616 requires proxies to set the
Via
header, so by enabling this option, you break compliance\&. Don\(cqt disable the
Via
header unless you know what you are doing\&...
.RE
.PP
\fBFilter\fR
.RS 4
Tinyproxy supports filtering of web sites based on URLs or domains\&. This option specifies the location of the file containing the filter rules, one rule per line\&.
.RE
.PP
\fBFilterURLs\fR
.RS 4
If this boolean option is set to
Yes
or
On, filtering is performed for URLs rather than for domains\&. The default is to filter based on domains\&.
.RE
.PP
\fBFilterExtended\fR
.RS 4
If this boolean option is set to
Yes, then extended POSIX regular expressions are used for matching the filter rules\&. The default is to use basic POSIX regular expressions\&.
.RE
.PP
\fBFilterCaseSensitive\fR
.RS 4
If this boolean option is set to
Yes, then the filter rules are matched in a case sensitive manner\&. The default is to match case\-insensitively\&.
.RE
.PP
\fBFilterDefaultDeny\fR
.RS 4
The default filtering policy is to allow everything that is not matched by a filtering rule\&. Setting
FilterDefaultDeny
to
Yes
changes the policy do deny everything but the domains or URLs matched by the filtering rules\&.
.RE
.PP
\fBAnonymous\fR
.RS 4
If an
Anonymous
keyword is present, then anonymous proxying is enabled\&. The headers listed with
Anonymous
are allowed through, while all others are denied\&. If no Anonymous keyword is present, then all headers are allowed through\&. You must include quotes around the headers\&.

Most sites require cookies to be enabled for them to work correctly, so you will need to allow cookies through if you access those sites\&.

Example:
.RE
.sp
.if n \{\
.RS 4
.\}
.nf
Anonymous "Host"
Anonymous "Authorization"
Anonymous "Cookie"
.fi
.if n \{\
.RE
.\}
.PP
\fBConnectPort\fR
.RS 4
This option can be used to specify the ports allowed for the CONNECT method\&. If no
ConnectPort
line is found, then all ports are allowed\&. To disable CONNECT altogether, include a single ConnectPort line with a value of
0\&.
.RE
.PP
\fBReversePath\fR
.RS 4
Configure one or more ReversePath directives to enable reverse proxy support\&. With reverse proxying it\(cqs possible to make a number of sites appear as if they were part of a single site\&.

If you uncomment the following two directives and run Tinyproxy on your own computer at port 8888, you can access example\&.com, using
http://localhost:8888/example/\&.
.RE
.sp
.if n \{\
.RS 4
.\}
.nf
ReversePath "/example/" "http://www\&.example\&.com/"
.fi
.if n \{\
.RE
.\}
.PP
\fBReverseOnly\fR
.RS 4
When using Tinyproxy as a reverse proxy, it is STRONGLY recommended that the normal proxy is turned off by setting this boolean option to
Yes\&.
.RE
.PP
\fBReverseMagic\fR
.RS 4
Setting this option to
Yes, makes Tinyproxy use a cookie to track reverse proxy mappings\&. If you need to reverse proxy sites which have absolute links you must use this option\&.
.RE
.PP
\fBReverseBaseURL\fR
.RS 4
The URL that is used to access this reverse proxy\&. The URL is used to rewrite HTTP redirects so that they won\(cqt escape the proxy\&. If you have a chain of reverse proxies, you\(cqll need to put the outermost URL here (the address which the end user types into his/her browser)\&. If this option is not set then no rewriting of redirects occurs\&.
.RE
.SH "BUGS"
.sp
To report bugs in Tinyproxy, please visit <https://tinyproxy\&.github\&.io/>\&.
.SH "SEE ALSO"
.sp
tinyproxy(8)
.SH "AUTHOR"
.sp
This manpage was written by the Tinyproxy project team\&.
.SH "COPYRIGHT"
.sp
Copyright (c) 1998\-2018 the Tinyproxy authors\&.
.sp
This program is distributed under the terms of the GNU General Public License version 2 or above\&. See the COPYING file for additional information\&.