Difference between revisions of "Polipo"

From ArchWiki
Jump to: navigation, search
(Run Polipo as designated user)
m (Run polipo as different user (not nobody))
(47 intermediate revisions by 22 users not shown)
Line 1: Line 1:
[[Category:Networking (English)]]
+
[[Category:Proxy servers]]
[[Category:Daemons and system services (English)]]
+
[[zh-CN:Polipo]]
{{expansion}}
+
{{Article summary start}}
 +
{{Article summary text|Polipo is a light weight http proxy server for your small network. Polipo caches web data.}}
 +
{{Article summary heading|Related}}
 +
{{Article summary wiki|Squid}}
 +
{{Article summary end}}
 +
 
 
From [http://www.pps.jussieu.fr/~jch/software/polipo/ Polipo's site]:
 
From [http://www.pps.jussieu.fr/~jch/software/polipo/ Polipo's site]:
 +
 
:"''Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group.''"
 
:"''Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group.''"
  
Line 9: Line 15:
 
The following covers installing and setting up Polipo.
 
The following covers installing and setting up Polipo.
  
==Installation==
+
== Installation ==
Polipo is currently available in the [[AUR]]. Using an [[AUR helper]] like [[yaourt]], install by entering:
+
$ yaourt -S polipo
+
or install the newer development version instead:
+
$ yaourt -S polipo-git
+
  
==Improving Polipo==
+
Install {{Pkg|polipo}}, available in the [[Official Repositories]].
{{note|the git version already has these improvements, except for the designated Polipo user modification.}}
+
The current Polipo package is missing a set of features users might find desirable, namely: proper [[daemon]] behavior, including placing files in {{filename|/var/run}} and a call to cleanse Polipo's cache; a cronjob that routinely performs the latter; and finally, a restricted "polipo" user to address security and maintainability concerns.
+
  
To partially fix these issues, replace the daemon script with the following:
+
Alternatively, install the newer development branch {{aur|polipo-git}} from the [[AUR]] instead.
{{file|name=/etc/rc.d/polipo|content=
+
<nowiki>
+
#!/bin/bash
+
. /etc/rc.conf
+
. /etc/rc.d/functions
+
  
DAEMON=polipo
+
=== Run polipo as different user (not nobody) ===
ARGS="daemonise=true pidFile=/var/run/$DAEMON/$DAEMON.pid"
+
PID=`pidof -o %PPID /usr/bin/$DAEMON`
+
  
case $1 in
+
Polipo should run as an unprivileged user. Such a user can either be created or reused. Lets create the polipo cache folder first
    start)
+
        stat_busy "Starting $DAEMON"
+
        rm /var/run/$DAEMON/$DAEMON.pid
+
        install -d /var/run/$DAEMON
+
        /usr/bin/$DAEMON $ARGS >/dev/null 2>&1
+
        if [[ $? != 0 ]]; then
+
            stat_fail
+
        else
+
            add_daemon $DAEMON
+
            stat_done
+
        fi
+
    ;;
+
    stop)
+
        stat_busy "Stopping $DAEMON"
+
        kill $PID >/dev/null 2>&1
+
        if [[ $? != 0 ]]; then
+
            stat_fail
+
        else
+
            rm_daemon $DAEMON
+
            stat_done
+
        fi
+
    ;;
+
    purge)
+
        stat_busy "Purging polipo"
+
        [[ ! -d /var/run/polipo ]] && mkdir /var/run/polipo
+
        if ! ck_daemon polipo; then
+
            kill -USR1 $DAEMON >/dev/null 2>&1 || stat_die $?
+
            sleep 1
+
            /usr/bin/$DAEMON -x $ARGS >/dev/null 2>&1 || stat_die $?
+
            kill -USR2 $PID >/dev/null 2>&1 || stat_die $?
+
            stat_done
+
        else
+
            /usr/bin/$DAEMON -x $ARGS >/dev/null 2>&1 || stat_die $?
+
            stat_done
+
        fi
+
  
    ;;
+
# mkdir /var/cache/polipo
    restart)
+
        $0 stop
+
        sleep 1
+
        $0 start
+
    ;;
+
    *)
+
        echo "usage: $0 {start|stop|restart|purge}"
+
    ;;
+
esac
+
</nowiki>
+
}}
+
  
And save the cron file in {{filename|/etc/cron.weekly/polipo}}:
+
Now we add the new polipo group
#!/bin/sh
+
/etc/rc.d/polipo purge >/dev/null 2>&1
+
  
Make it executable:
+
  # groupadd -r polipo
  # chmod +x /etc/cron.weekly/polipo
+
  
===Run Polipo as designated user===
+
and  we add the new polipo user afterwards to this group
Polipo should run as an unpriviledged user. Such a user can either be created or reused. A good choice for reuse is "nobody", which is the default choice of tinyproxy.
+
  
While tinyproxy starts as root and drops priviledges as soon as possible, polipo runs as the user that invoked it. If polipo is invoked from {{filename|/etc/rc.d/polipo}}, it can run as nobody by changing the invokation line from
+
# useradd -d /var/cache/polipo -g polipo -r -s /bin/false polipo
+
/usr/bin/$DAEMON $ARGS >/dev/null 2>&1
+
  
to
+
then we need a new polipo logfile which is assigned to the upper user and group
  
  sudo -u nobody /usr/bin/$DAEMON $ARGS >/dev/null 2>&1
+
  # touch /var/log/polipo.log
 +
# chown -R polipo:polipo /var/log/polipo.log /var/cache/polipo
  
It is then also necessary to change ownership of several files and directories written by polipo:
+
To change user running polipo daemon, we have to create another {{ic|polipo.service}} file
  
* the log file {{filename|/var/log/polipo}}. Although a better choice is to create a directory {{filename|/var/log/polipo}} owned by the designated user and set polipo's log file to {{filename|/var/log/polipo/polipo.log}} via the logFile variable in the config file.
+
# touch /etc/systemd/system/polipo.service
* the pid file at {{filename|/var/run/polipo/polipo.pid}}
+
* the cache under {{filename|/var/cache/polipo}}
+
  
==Starting the daemon==
+
Copy the following code section to the new {{ic|/etc/systemd/system/polipo.service}} file
To start the Polipo daemon:
+
# /etc/rc.d/polipo start
+
  
Add it to {{filename|/etc/rc.conf}} to start it automatically at boot:
+
.include /usr/lib/systemd/system/polipo.service
  DAEMONS=(syslog-ng network netfs '''polipo''' crond)
+
[Service]
 +
User=polipo
 +
 
 +
To make sure all files and folders are created before you start Polipo as a designated user. Restart Polipo and check its logfile.
 +
 
 +
# systemctl restart polipo
 +
# tail /var/log/polipo.log
 +
 
 +
If everything went well you should read something like this
 +
 
 +
  Established listening socket on port 8123.
 +
 
 +
Also check, if polipo is running as polipo user:
 +
 
 +
# ps aux | grep polipo
 +
 
 +
Stop the polipo daemon
 +
 
 +
# systemctl stop polipo
 +
 
 +
== Starting the daemon ==
 +
 
 +
To start the polipo daemon:
 +
 
 +
# systemctl start polipo
 +
 
 +
To start it automatically at boot:
 +
 
 +
  # systemctl enable polipo
 +
 
 +
=== Multiple instances ===
 +
 
 +
Polipo can also run without super user privileges. To do so, first copy {{ic|/etc/polipo/config.sample}} to a suitable directory:
  
===Multiple instances===
 
Polipo can also run without super user priveleges. To do so, first copy {{filename|/etc/polipo/config.sample}} to a suitable directory:
 
 
  $ cp /etc/polipo/config.sample ~/.poliporc
 
  $ cp /etc/polipo/config.sample ~/.poliporc
  
Edit it so that it points at a writable location, instead of {{filename|/var/cache/polipo}}:
+
Edit it so that it points at a writable location, instead of {{ic|/var/cache/polipo}}:
 +
 
 
  # Uncomment this if you want to put the on-disk cache in a
 
  # Uncomment this if you want to put the on-disk cache in a
 
  # non-standard location:
 
  # non-standard location:
Line 121: Line 90:
  
 
Create the cache directory:
 
Create the cache directory:
 +
 
  $ mkdir ~/.polipo-cache
 
  $ mkdir ~/.polipo-cache
  
 
Finally, launch Polipo with the new configuration:
 
Finally, launch Polipo with the new configuration:
 +
 
  $ polipo -c ~/.poliporc
 
  $ polipo -c ~/.poliporc
  
==Configuration==
+
== Configuration ==
Management is mostly performed in {{filename|/etc/polipo/config}}. Most users can opt for using the sample configuration file, which is sufficient for most situations and well documented.
+
 
 +
Management is mostly performed in {{ic|/etc/polipo/config}}. Most users can opt for using the sample configuration file, which is sufficient for most situations and well documented.
 +
 
 
  # cd /etc/polipo; cp config.sample config
 
  # cd /etc/polipo; cp config.sample config
 +
 +
One element of configuration that warrants mentioning is polipo's default behavior of blocking outbound connections by port. There are two variables in polipo's config file that control allowed outbound ports. {{Ic|allowedPorts}} specifies ports for outbound HTTP connections. It defaults to 80-100 and 1024-65535. {{Ic|tunnelAllowedPorts}} specifies ports polipo will allow tunnel traffic to as well as HTTPS traffic. By default it is much more restricted: "''It defaults to allowing ssh, HTTP, https, rsync, IMAP, imaps, POP, pops, Jabber, CVS and Git traffic.''"
 +
 +
If you see a "403 Forbidden Port" error message from polipo when attempting to browse to a host:port, you need to configure polipo to accept traffic to more ports for either HTTP or HTTPS. To set them wide open, add the following to {{ic|/etc/polipo/config}}:
 +
 +
allowedPorts = 1-65535
 +
tunnelAllowedPorts = 1-65535
  
 
Unlike other proxies, Polipo needs to be restarted after alterations.
 
Unlike other proxies, Polipo needs to be restarted after alterations.
  
===Browser===
+
=== Browser ===
Set the browser so that it uses {{codeline|localhost:8123}} for proxying. Be sure to disable the browser's disk cache to avoid redundant IO operations and bad performance.
+
 
 +
Set the browser so that it uses {{Ic|localhost:8123}} for proxying. Be sure to disable the browser's disk cache to avoid redundant IO operations and bad performance.
 +
 
 +
=== Tunneling ===
 +
 
 +
{{note|According to the [http://www.pps.jussieu.fr/~jch/software/polipo/faq.html Polipo FAQ] on "intercepting proxy" this is not possible/supported!}}
  
===Tunneling===
 
 
{{note|this requires to run Polipo as its own user.}}
 
{{note|this requires to run Polipo as its own user.}}
 +
 
Instead of manually configuring each browser or other utilities that might benefit from Polipo's caching, one can also use [[iptables]] to route traffic through polipo.
 
Instead of manually configuring each browser or other utilities that might benefit from Polipo's caching, one can also use [[iptables]] to route traffic through polipo.
  
After installing iptables, add the appropiate rules to {{filename|/etc/iptables/iptables.rules}}:
+
After installing iptables, add the appropiate rules to {{ic|/etc/iptables/iptables.rules}}:
 +
 
 
  *nat
 
  *nat
 
  :PREROUTING ACCEPT [0:0]
 
  :PREROUTING ACCEPT [0:0]
 
  :POSTROUTING ACCEPT [0:0]
 
  :POSTROUTING ACCEPT [0:0]
 
  :OUTPUT ACCEPT [0:0]
 
  :OUTPUT ACCEPT [0:0]
  ''-A OUTPUT -p tcp --dport 80 -m owner --uid-owner polipo -j ACCEPT''
+
  ''-A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner polipo -j ACCEPT''
 
  ''-A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8123''
 
  ''-A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8123''
 
  COMMIT
 
  COMMIT
 +
 
This routes HTTP traffic through Polipo. Remove all proxy settings from browsers, if any, and restart iptables.
 
This routes HTTP traffic through Polipo. Remove all proxy settings from browsers, if any, and restart iptables.
  
===Privoxy===
+
=== Privoxy ===
 +
 
 
[[Privoxy]] is a proxy useful for intercepting advertisement and other undesirables.
 
[[Privoxy]] is a proxy useful for intercepting advertisement and other undesirables.
  
Line 155: Line 143:
  
 
In other words:
 
In other words:
*point the browser at Privoxy: {{codeline|localhost:8118}}
 
*and direct Privoxy traffic to Polipo: {{codeline|forward / localhost:8123}} in the Privoxy configuration file.
 
  
===Tor===
+
* point the browser at Privoxy: {{Ic|localhost:8118}}
 +
 
 +
* and direct Privoxy traffic to Polipo: {{Ic|forward / localhost:8123}} in the Privoxy configuration file.
 +
 
 +
=== Tor ===
 +
 
 
[[Tor]] is an anonymizing proxy network.
 
[[Tor]] is an anonymizing proxy network.
  
To use Polipo with Tor, uncomment or include the following in {{codeline|/etc/polipo/config}}:
+
To use Polipo with Tor, uncomment or include the following in {{Ic|/etc/polipo/config}}:
 +
 
 
  socksParentProxy = localhost:9050
 
  socksParentProxy = localhost:9050
 +
socksProxyType = socks5
 +
 +
=== DansGuardian ===
 +
 +
[[DansGuardian]] is a web content filter. The only difference to using [[DansGuardian]] with Polipo (rather than squid or tinyproxy) is that in {{ic|dansguardian.conf}} the proxyport needs to be set to polipo's 8123:
 +
 +
# the port DansGuardian connects to proxy on
 +
proxyport = 8123
 +
 +
== Troubleshooting ==
 +
 +
=== DNS Error ===
 +
 +
If the network is started in background there could be a error like this (in the polipo log file):
 +
 +
Couldn't send DNS query: Connection refused
 +
Falling back on gethostbyname.
 +
Getaddrinfo failed: Temporary name server failure
 +
Host ***.com lookup failed: Getaddrinfo failed: Temporary name server failure (131072).
 +
 +
This error occurs because in background mode the network hasn't initialised before Polipo wants to connect to the DNS server (especially using DHCP). Solving this error is possible on three ways:
 +
 +
* Do not start the net-profiles in background mode (probably not wanted).
 +
* Set {{ic|dnsNameServer}} manually on the wanted DNS server.
 +
* Or add {{ic|sleep 10}} (or more, it depends) near the beginning of the Polipo daemon script {{ic|/etc/rc.d/polipo}} in the start section. This will Polipo start after the network has initialised.
 +
 +
See [https://bbs.archlinux.org/viewtopic.php?id=86452 this thread] for more information on this topic.
 +
 +
== See also ==
  
==More resources==
 
 
*[http://www.pps.jussieu.fr/~jch/software/polipo/faq.html Polipo FAQ]
 
*[http://www.pps.jussieu.fr/~jch/software/polipo/faq.html Polipo FAQ]
 
*[http://www.pps.jussieu.fr/~jch/software/polipo/manual/index.html The Polipo Manual]
 
*[http://www.pps.jussieu.fr/~jch/software/polipo/manual/index.html The Polipo Manual]
 +
 +
 +
== Deprecated (rc.d) ==
 +
 +
=== Run polipo as different user (not nobody) ===
 +
 +
Polipo should run as an unpriviledged user. Such a user can either be created or reused:
 +
 +
# mkdir /var/cache/polipo
 +
# groupadd -r polipo
 +
# useradd -d /var/cache/polipo -g polipo -r -s /bin/false polipo
 +
 +
To make sure all files and folders are created before you start polipo as an a designated user. Start and stop the Polipo.
 +
 +
# rc.d start polipo
 +
# rc.d stop polipo
 +
 +
While other daemons start as root and drop privileges as soon as possible, polipo runs as the user that invoked it. If polipo is invoked from {{ic|/etc/rc.d/polipo}}, change the invokation line from
 +
 +
<nowiki>[[</nowiki> ! -d /var/run/$DAEMON <nowiki>]]</nowiki> && install -d $DAEMON /var/run/$DAEMON /usr/bin/$DAEMON $ARGS >/dev/null 2>&1
 +
 +
to
 +
 +
<nowiki>[[</nowiki> ! -d /var/run/$DAEMON <nowiki>]]</nowiki> && install -d $DAEMON --group=polipo --owner=polipo /var/run/$DAEMON
 +
su -c "/usr/bin/$DAEMON $ARGS" -s /bin/sh polipo >/dev/null 2>&1
 +
 +
It is then also necessary to change ownership and/or permissions of several files and directories written by polipo:
 +
 +
# chown -R polipo:polipo /var/run/polipo /var/cache/polipo /var/log/polipo
 +
 +
Although a better choice for the log file is to create a directory {{ic|/var/log/polipo}} owned by the designated user and set polipo's log file to {{ic|/var/log/polipo/polipo.log}} via the logFile variable in the config file.
 +
 +
=== Starting the daemon ===
 +
 +
To start the Polipo daemon:
 +
 +
# rc.d start polipo
 +
 +
Add it to {{ic|/etc/rc.conf}} to start it automatically at boot:
 +
 +
DAEMONS=(syslog-ng network netfs '''polipo''' crond)

Revision as of 00:05, 9 January 2013

Summary help replacing me
Polipo is a light weight http proxy server for your small network. Polipo caches web data.
Related
Squid

From Polipo's site:

"Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group."

Unlike Squid, Polipo is very light on resources and simple to configure. This makes it ideal for single user systems and other uncomplicated setups. Do keep in mind; however, that this versatility comes at a cost; Polipo will increase its space usage without restriction as it is not aware of how big its disk cache grows. This perceived fault is by design, since omitting these sanity checks drastically reduces Polipo's memory usage and overall toll on the system. A practical way of restricting disk usage is by making Polipo run as its own user and employing disk quota.

The following covers installing and setting up Polipo.

Installation

Install polipo, available in the Official Repositories.

Alternatively, install the newer development branch polipo-gitAUR from the AUR instead.

Run polipo as different user (not nobody)

Polipo should run as an unprivileged user. Such a user can either be created or reused. Lets create the polipo cache folder first

# mkdir /var/cache/polipo

Now we add the new polipo group

# groupadd -r polipo

and we add the new polipo user afterwards to this group

# useradd -d /var/cache/polipo -g polipo -r -s /bin/false polipo

then we need a new polipo logfile which is assigned to the upper user and group

# touch /var/log/polipo.log
# chown -R polipo:polipo /var/log/polipo.log /var/cache/polipo

To change user running polipo daemon, we have to create another polipo.service file

# touch /etc/systemd/system/polipo.service

Copy the following code section to the new /etc/systemd/system/polipo.service file

.include /usr/lib/systemd/system/polipo.service
[Service]
User=polipo

To make sure all files and folders are created before you start Polipo as a designated user. Restart Polipo and check its logfile.

# systemctl restart polipo
# tail /var/log/polipo.log

If everything went well you should read something like this

 Established listening socket on port 8123.

Also check, if polipo is running as polipo user:

# ps aux | grep polipo

Stop the polipo daemon

# systemctl stop polipo

Starting the daemon

To start the polipo daemon:

# systemctl start polipo

To start it automatically at boot:

# systemctl enable polipo

Multiple instances

Polipo can also run without super user privileges. To do so, first copy /etc/polipo/config.sample to a suitable directory:

$ cp /etc/polipo/config.sample ~/.poliporc

Edit it so that it points at a writable location, instead of /var/cache/polipo:

# Uncomment this if you want to put the on-disk cache in a
# non-standard location:
diskCacheRoot = "~/.polipo-cache/"

Create the cache directory:

$ mkdir ~/.polipo-cache

Finally, launch Polipo with the new configuration:

$ polipo -c ~/.poliporc

Configuration

Management is mostly performed in /etc/polipo/config. Most users can opt for using the sample configuration file, which is sufficient for most situations and well documented.

# cd /etc/polipo; cp config.sample config

One element of configuration that warrants mentioning is polipo's default behavior of blocking outbound connections by port. There are two variables in polipo's config file that control allowed outbound ports. allowedPorts specifies ports for outbound HTTP connections. It defaults to 80-100 and 1024-65535. tunnelAllowedPorts specifies ports polipo will allow tunnel traffic to as well as HTTPS traffic. By default it is much more restricted: "It defaults to allowing ssh, HTTP, https, rsync, IMAP, imaps, POP, pops, Jabber, CVS and Git traffic."

If you see a "403 Forbidden Port" error message from polipo when attempting to browse to a host:port, you need to configure polipo to accept traffic to more ports for either HTTP or HTTPS. To set them wide open, add the following to /etc/polipo/config:

allowedPorts = 1-65535
tunnelAllowedPorts = 1-65535

Unlike other proxies, Polipo needs to be restarted after alterations.

Browser

Set the browser so that it uses localhost:8123 for proxying. Be sure to disable the browser's disk cache to avoid redundant IO operations and bad performance.

Tunneling

Note: According to the Polipo FAQ on "intercepting proxy" this is not possible/supported!
Note: this requires to run Polipo as its own user.

Instead of manually configuring each browser or other utilities that might benefit from Polipo's caching, one can also use iptables to route traffic through polipo.

After installing iptables, add the appropiate rules to /etc/iptables/iptables.rules:

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner polipo -j ACCEPT
-A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8123
COMMIT

This routes HTTP traffic through Polipo. Remove all proxy settings from browsers, if any, and restart iptables.

Privoxy

Privoxy is a proxy useful for intercepting advertisement and other undesirables.

According to Polipo's developer, in order to get the privacy enhancements of Privoxy and much (but not all) of the performance of Polipo, one should place Polipo upstream of Privoxy.

In other words:

  • point the browser at Privoxy: localhost:8118
  • and direct Privoxy traffic to Polipo: forward / localhost:8123 in the Privoxy configuration file.

Tor

Tor is an anonymizing proxy network.

To use Polipo with Tor, uncomment or include the following in /etc/polipo/config:

socksParentProxy = localhost:9050
socksProxyType = socks5

DansGuardian

DansGuardian is a web content filter. The only difference to using DansGuardian with Polipo (rather than squid or tinyproxy) is that in dansguardian.conf the proxyport needs to be set to polipo's 8123:

# the port DansGuardian connects to proxy on
proxyport = 8123

Troubleshooting

DNS Error

If the network is started in background there could be a error like this (in the polipo log file):

Couldn't send DNS query: Connection refused
Falling back on gethostbyname.
Getaddrinfo failed: Temporary name server failure
Host ***.com lookup failed: Getaddrinfo failed: Temporary name server failure (131072).

This error occurs because in background mode the network hasn't initialised before Polipo wants to connect to the DNS server (especially using DHCP). Solving this error is possible on three ways:

  • Do not start the net-profiles in background mode (probably not wanted).
  • Set dnsNameServer manually on the wanted DNS server.
  • Or add sleep 10 (or more, it depends) near the beginning of the Polipo daemon script /etc/rc.d/polipo in the start section. This will Polipo start after the network has initialised.

See this thread for more information on this topic.

See also


Deprecated (rc.d)

Run polipo as different user (not nobody)

Polipo should run as an unpriviledged user. Such a user can either be created or reused:

# mkdir /var/cache/polipo
# groupadd -r polipo
# useradd -d /var/cache/polipo -g polipo -r -s /bin/false polipo

To make sure all files and folders are created before you start polipo as an a designated user. Start and stop the Polipo.

# rc.d start polipo
# rc.d stop polipo

While other daemons start as root and drop privileges as soon as possible, polipo runs as the user that invoked it. If polipo is invoked from /etc/rc.d/polipo, change the invokation line from

[[ ! -d /var/run/$DAEMON ]] && install -d $DAEMON /var/run/$DAEMON /usr/bin/$DAEMON $ARGS >/dev/null 2>&1

to

[[ ! -d /var/run/$DAEMON ]] && install -d $DAEMON --group=polipo --owner=polipo /var/run/$DAEMON
su -c "/usr/bin/$DAEMON $ARGS" -s /bin/sh polipo >/dev/null 2>&1

It is then also necessary to change ownership and/or permissions of several files and directories written by polipo:

# chown -R polipo:polipo /var/run/polipo /var/cache/polipo /var/log/polipo

Although a better choice for the log file is to create a directory /var/log/polipo owned by the designated user and set polipo's log file to /var/log/polipo/polipo.log via the logFile variable in the config file.

Starting the daemon

To start the Polipo daemon:

# rc.d start polipo

Add it to /etc/rc.conf to start it automatically at boot:

DAEMONS=(syslog-ng network netfs polipo crond)