Difference between revisions of "Polipo"

From ArchWiki
Jump to: navigation, search
m (Tor: socks5)
(package is now in [community] and has all of these scripts)
Line 11: Line 11:
 
==Installation==
 
==Installation==
  
Install [http://aur.archlinux.org/packages.php?ID=14579 polipo] from the [[AUR]].
+
Install {{Package Official|polipo}} using [[pacman]]:
 +
# pacman -S polipo
  
Alternatively, install the newer development branch [http://aur.archlinux.org/packages.php?ID=32630 polipo-git] instead.
+
Alternatively, install the newer development branch [http://aur.archlinux.org/packages.php?ID=32630 polipo-git] from the [[AUR]] instead.
  
 
==Improving Polipo==
 
==Improving Polipo==
{{note|the git version already has these improvements, except for the designated Polipo user modification.}}
 
The current Polipo package is missing a set of features users might find desirable, namely: proper [[daemon]] behavior, including placing files in {{filename|/var/run}} and a call to cleanse Polipo's cache; a cronjob that routinely performs the latter; and finally, a restricted "polipo" user to address security and maintainability concerns.
 
 
To partially fix these issues, replace the daemon script with the following:
 
{{file|name=/etc/rc.d/polipo|content=
 
<nowiki>
 
#!/bin/bash
 
. /etc/rc.conf
 
. /etc/rc.d/functions
 
 
DAEMON=polipo
 
ARGS="daemonise=true pidFile=/var/run/$DAEMON/$DAEMON.pid"
 
PID=`pidof -o %PPID /usr/bin/$DAEMON`
 
 
case $1 in
 
    start)
 
        stat_busy "Starting $DAEMON"
 
        rm /var/run/$DAEMON/$DAEMON.pid
 
        install -d /var/run/$DAEMON
 
        /usr/bin/$DAEMON $ARGS >/dev/null 2>&1
 
        if [[ $? != 0 ]]; then
 
            stat_fail
 
        else
 
            add_daemon $DAEMON
 
            stat_done
 
        fi
 
    ;;
 
    stop)
 
        stat_busy "Stopping $DAEMON"
 
        kill $PID >/dev/null 2>&1
 
        if [[ $? != 0 ]]; then
 
            stat_fail
 
        else
 
            rm_daemon $DAEMON
 
            stat_done
 
        fi
 
    ;;
 
    purge)
 
        stat_busy "Purging polipo"
 
        [[ ! -d /var/run/polipo ]] && mkdir /var/run/polipo
 
        if ! ck_daemon polipo; then
 
            kill -USR1 $DAEMON >/dev/null 2>&1 || stat_die $?
 
            sleep 1
 
            /usr/bin/$DAEMON -x $ARGS >/dev/null 2>&1 || stat_die $?
 
            kill -USR2 $PID >/dev/null 2>&1 || stat_die $?
 
            stat_done
 
        else
 
            /usr/bin/$DAEMON -x $ARGS >/dev/null 2>&1 || stat_die $?
 
            stat_done
 
        fi
 
 
    ;;
 
    restart)
 
        $0 stop
 
        sleep 1
 
        $0 start
 
    ;;
 
    *)
 
        echo "usage: $0 {start|stop|restart|purge}"
 
    ;;
 
esac
 
</nowiki>
 
}}
 
 
And save the cron file in {{filename|/etc/cron.weekly/polipo}}:
 
#!/bin/sh
 
/etc/rc.d/polipo purge >/dev/null 2>&1
 
 
Make it executable:
 
# chmod +x /etc/cron.weekly/polipo
 
  
 
===Run Polipo as designated user===
 
===Run Polipo as designated user===

Revision as of 21:24, 7 February 2011

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: please use the first argument of the template to provide a brief explanation. (Discuss in Talk:Polipo#)

From Polipo's site:

"Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group."

Unlike Squid, Polipo is very light on resources and simple to configure. This makes it ideal for single user systems and other uncomplicated setups. Do keep in mind; however, that this versatility comes at a cost; Polipo will increase its space usage without restriction as it is not aware of how big its disk cache grows. This perceived fault is by design, since omitting these sanity checks drastically reduces Polipo's memory usage and overall toll on the system. A practical way of restricting disk usage is by making Polipo run as its own user and employing disk quota.

The following covers installing and setting up Polipo.

Installation

Install Template:Package Official using pacman:

# pacman -S polipo

Alternatively, install the newer development branch polipo-git from the AUR instead.

Improving Polipo

Run Polipo as designated user

Polipo should run as an unpriviledged user. Such a user can either be created or reused. A good choice for reuse is "nobody", which is the default choice of tinyproxy.

While tinyproxy starts as root and drops priviledges as soon as possible, polipo runs as the user that invoked it. If polipo is invoked from Template:Filename, it can run as nobody by changing the invokation line from

/usr/bin/$DAEMON $ARGS >/dev/null 2>&1

to

sudo -u nobody /usr/bin/$DAEMON $ARGS >/dev/null 2>&1

It is then also necessary to change ownership of several files and directories written by polipo:

Starting the daemon

To start the Polipo daemon:

# /etc/rc.d/polipo start

Add it to Template:Filename to start it automatically at boot:

DAEMONS=(syslog-ng network netfs polipo crond)

Multiple instances

Polipo can also run without super user privileges. To do so, first copy Template:Filename to a suitable directory:

$ cp /etc/polipo/config.sample ~/.poliporc

Edit it so that it points at a writable location, instead of Template:Filename:

# Uncomment this if you want to put the on-disk cache in a
# non-standard location:
diskCacheRoot = "~/.polipo-cache/"

Create the cache directory:

$ mkdir ~/.polipo-cache

Finally, launch Polipo with the new configuration:

$ polipo -c ~/.poliporc

Configuration

Management is mostly performed in Template:Filename. Most users can opt for using the sample configuration file, which is sufficient for most situations and well documented.

# cd /etc/polipo; cp config.sample config

Unlike other proxies, Polipo needs to be restarted after alterations.

Browser

Set the browser so that it uses Template:Codeline for proxying. Be sure to disable the browser's disk cache to avoid redundant IO operations and bad performance.

Tunneling

Note: this requires to run Polipo as its own user.

Instead of manually configuring each browser or other utilities that might benefit from Polipo's caching, one can also use iptables to route traffic through polipo.

After installing iptables, add the appropiate rules to Template:Filename:

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A OUTPUT -p tcp --dport 80 -m owner --uid-owner polipo -j ACCEPT
-A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8123
COMMIT

This routes HTTP traffic through Polipo. Remove all proxy settings from browsers, if any, and restart iptables.

Privoxy

Privoxy is a proxy useful for intercepting advertisement and other undesirables.

According to Polipo's developer, in order to get the privacy enhancements of Privoxy and much (but not all) of the performance of Polipo, one should place Polipo upstream of Privoxy.

In other words:

Tor

Tor is an anonymizing proxy network.

To use Polipo with Tor, uncomment or include the following in Template:Codeline:

socksParentProxy = localhost:9050
socksProxyType = socks5

DansGuardian

DansGuardian is a web content filter. The only difference to using DansGuardian with Polipo (rather than squid or tinyproxy) is that in Template:Filename the proxyport needs to be set to polipo's 8123:

# the port DansGuardian connects to proxy on
proxyport = 8123

More resources