diff options
author | intrigeri <intrigeri@boum.org> | 2012-06-08 17:37:05 +0200 |
---|---|---|
committer | intrigeri <intrigeri@boum.org> | 2012-06-08 17:37:05 +0200 |
commit | 85471074070083d089365d10bc3978eabc606c28 (patch) | |
tree | 125be940dd60b77deccf9481bed155188eb28ce6 /files/polipo | |
parent | c59fe7465bedc1157ee9e314938fdc10c4158cf5 (diff) | |
download | puppet-tor-85471074070083d089365d10bc3978eabc606c28.tar.gz puppet-tor-85471074070083d089365d10bc3978eabc606c28.tar.bz2 |
Move Polipo configuration files to a dedicated directory.
Diffstat (limited to 'files/polipo')
-rw-r--r-- | files/polipo/polipo.conf | 164 | ||||
-rwxr-xr-x | files/polipo/polipo.cron | 22 |
2 files changed, 186 insertions, 0 deletions
diff --git a/files/polipo/polipo.conf b/files/polipo/polipo.conf new file mode 100644 index 0000000..12b10c4 --- /dev/null +++ b/files/polipo/polipo.conf @@ -0,0 +1,164 @@ +# Polipo Configuration from https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf +# Managed by puppet. + +### Basic configuration +### ******************* + +# Uncomment one of these if you want to allow remote clients to +# connect: + +# proxyAddress = "::0" # both IPv4 and IPv6 +# proxyAddress = "0.0.0.0" # IPv4 only + +proxyAddress = "127.0.0.1" +proxyPort = 8118 + +# If you do that, you'll want to restrict the set of hosts allowed to +# connect: + +# allowedClients = "127.0.0.1, 134.157.168.57" +# allowedClients = "127.0.0.1, 134.157.168.0/24" + +allowedClients = 127.0.0.1 +allowedPorts = 1-65535 + +# Uncomment this if you want your Polipo to identify itself by +# something else than the host name: + +proxyName = "localhost" + +# Uncomment this if there's only one user using this instance of Polipo: + +cacheIsShared = false + +# Uncomment this if you want to use a parent proxy: + +# parentProxy = "squid.example.org:3128" + +# Uncomment this if you want to use a parent SOCKS proxy: + +socksParentProxy = "localhost:9050" +socksProxyType = socks5 + + +### Memory +### ****** + +# Uncomment this if you want Polipo to use a ridiculously small amount +# of memory (a hundred C-64 worth or so): + +# chunkHighMark = 819200 +# objectHighMark = 128 + +# Uncomment this if you've got plenty of memory: + +# chunkHighMark = 50331648 +# objectHighMark = 16384 + +chunkHighMark = 67108864 + +### On-disk data +### ************ + +# Uncomment this if you want to disable the on-disk cache: + +diskCacheRoot = "" + +# Uncomment this if you want to put the on-disk cache in a +# non-standard location: + +# diskCacheRoot = "~/.polipo-cache/" + +# Uncomment this if you want to disable the local web server: + +localDocumentRoot = "" + +# Uncomment this if you want to enable the pages under /polipo/index? +# and /polipo/servers?. This is a serious privacy leak if your proxy +# is shared. + +# disableIndexing = false +# disableServersList = false + +disableLocalInterface = true +disableConfiguration = true + +### Domain Name System +### ****************** + +# Uncomment this if you want to contact IPv4 hosts only (and make DNS +# queries somewhat faster): +# +# dnsQueryIPv6 = no + +# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for +# double-stack hosts: +# +# dnsQueryIPv6 = reluctantly + +# Uncomment this to disable Polipo's DNS resolver and use the system's +# default resolver instead. If you do that, Polipo will freeze during +# every DNS query: + +dnsUseGethostbyname = yes + + +### HTTP +### **** + +# Uncomment this if you want to enable detection of proxy loops. +# This will cause your hostname (or whatever you put into proxyName +# above) to be included in every request: + +disableVia = true + +# Uncomment this if you want to slightly reduce the amount of +# information that you leak about yourself: + +# censoredHeaders = from, accept-language +# censorReferer = maybe + +censoredHeaders = from,accept-language,x-pad,link +censorReferer = maybe + +# Uncomment this if you're paranoid. This will break a lot of sites, +# though: + +# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language +# censorReferer = true + +# Uncomment this if you want to use Poor Man's Multiplexing; increase +# the sizes if you're on a fast line. They should each amount to a few +# seconds' worth of transfer; if pmmSize is small, you'll want +# pmmFirstSize to be larger. + +# Note that PMM is somewhat unreliable. + +# pmmFirstSize = 16384 +# pmmSize = 8192 + +# Uncomment this if your user-agent does something reasonable with +# Warning headers (most don't): + +# relaxTransparency = maybe + +# Uncomment this if you never want to revalidate instances for which +# data is available (this is not a good idea): + +# relaxTransparency = yes + +# Uncomment this if you have no network: + +# proxyOffline = yes + +# Uncomment this if you want to avoid revalidating instances with a +# Vary header (this is not a good idea): + +# mindlesslyCacheVary = true + +# Suggestions from Incognito configuration +maxConnectionAge = 5m +maxConnectionRequests = 120 +serverMaxSlots = 8 +serverSlots = 2 +tunnelAllowedPorts = 1-65535 diff --git a/files/polipo/polipo.cron b/files/polipo/polipo.cron new file mode 100755 index 0000000..aba88bc --- /dev/null +++ b/files/polipo/polipo.cron @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +FORBIDDEN_FILE=/etc/polipo/forbidden +CONFIG_FILE=/etc/polipo/config + +if [ ! -x /usr/bin/polipo ]; then + exit 0 +fi + +if [ ! -f $FORBIDDEN_FILE ]; then + FORBIDDEN_FILE=/dev/null +fi + +PIDFILE=/var/run/polipo/polipo.pid +[ -f "$PIDFILE" ] && kill -USR1 $(cat "$PIDFILE") +# TODO: remove redirect stderr to /dev/null after the following bug is solved: +# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580434 +su -c \ + "nice polipo -x -c $CONFIG_FILE forbiddenFile=$FORBIDDEN_FILE > /dev/null" \ + proxy &> /dev/null +[ -f "$PIDFILE" ] && kill -USR2 $(cat "$PIDFILE") |