Polipo

From ArchWiki
Revision as of 03:13, 9 December 2009 by Time (Talk | contribs) (Polipo is a simple caching proxy)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: please use the first argument of the template to provide a brief explanation. (Discuss in Talk:Polipo#)

From Polipo's site:

"Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group."

Unlike Squid, Polipo is very light on resources and simple to configure. This makes it ideal for single user systems and other uncomplicated setups. Do keep in mind, however, that Polipo's versatility comes at a cost; Polipo is not aware of how big its disk cache grows. This is by design, as it drastically reduces Polipo's memory usage and overall toll on the system. A practical way of restricting its disk usage is by making Polipo run as its own user and employing disk quota.

The following covers installing and setting up Polipo.

Installation

Polipo is currently available in the AUR. Using yaourt, install by entering:

$ yaourt -S polipo

Other AUR Helpers besides yaourt might be prefered.

Improving Polipo

The current Polipo package is missing a set of features users might find desireable, namely: proper daemon behaviour, including placing files in Template:Filename and a call to cleanse Polipo's cache; a cronjob that routinely performs the latter; and finally, a restricted "polipo" user to address security and mantainability concerns.

To partially fix these issues, first patch Template:Filename:

--- polipo.orig/polipo	2008-01-08 14:16:06.000000000 -0430
+++ polipo/polipo	2009-12-08 22:03:11.081727858 -0430
@@ -3,19 +3,35 @@
 . /etc/rc.conf
 . /etc/rc.d/functions
 
+PID=$(pidof -o %PPID /usr/bin/polipo)
+POLIPO_ARGS="daemonise=true pidFile=/var/run/polipo.pid"
+
 case "$1" in
   start)
     stat_busy "Starting polipo"
-    polipo daemonise=true
+    /usr/bin/polipo $POLIPO_ARGS
     if [ $? -gt 0 ]; then
       stat_fail
     else
+      add_daemon polipo
       stat_done
     fi
     ;;
   stop)
     stat_busy "Stopping polipo"
-    kill `pidof /usr/bin/polipo`
+    kill $PID
+    if [ $? -gt 0 ]; then
+      stat_fail
+    else
+      rm_daemon polipo
+      stat_done
+    fi
+    ;;
+  purge)
+    stat_busy "Purging polipo"
+    kill -USR1 $PID
+    sleep 1
+    /usr/bin/polipo -x $POLIPO_ARGS
+    kill -USR2 $PID
     if [ $? -gt 0 ]; then
       stat_fail
     else
@@ -28,6 +44,7 @@
     $0 start
     ;;
   *)
-    echo "usage: $0 {start|stop|restart}"
+    echo "usage: $0 {start|stop|restart|purge}"
     ;;
 esac
+exit 0

And create Template:Filename with the following:

#!/bin/sh        
set -e
/etc/rc.d/polipo purge

Make it executable:

# chmod +x /etc/cron.weekly/polipo

Run Polipo as designated user

Note: to-do.

Starting the daemon

To start the Polipo daemon:

# /etc/rc.d/polipo start

Add it to Template:Filename to start it automatically at boot:

DAEMONS=(syslog-ng network netfs polipo crond)

Configuration

Configuration is mostly performed in Template:Filename. Copy the sample configuration file over:

# cd /etc/polipo; cp config.sample config

The configuration file is well documented and the defaults are sufficient for most situations.

Browser

Set the browser so that it uses Template:Codeline for proxying. Be sure to disable the browser's disk cache to avoid redundant IO operations and bad performance.

Tunneling

Note: this requires to Polipo as its own user.

Instead of manually configuring each browser or other utilities that might benefit from Polipo's caching, one can also use iptables to route traffic through polipo.

After installing iptables, add the appropiate rules to Template:Filename:

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
''-A OUTPUT -p tcp --dport 80 -m owner --uid-owner polipo -j ACCEPT''
''-A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8123''
COMMIT

Privoxy

Privoxy is a proxy useful for intercepting ads and other undesirables.

According to the Polipo developers, in order to get the privacy enhancements of Privoxy and much (but not all) of the performance of Polipo, one should place Polipo upstream of Privoxy.

In other words:

  • point the browser at Privoxy (localhost:8118);
  • point Privoxy at Polipo: Template:Codeline in the Privoxy configuration file.

Tor

Tor is an anonymizing proxy network.

To use Polipo with Tor, uncomment or include the following in Template:Codeline:

socksParentProxy = localhost:9050

More resources