TinyProxy Server 安裝設定

  • 安裝環境 : Alpine 3 + Docker compose

使用 docker compose 方式

  1. 建立 Tinyproxy 設定檔 tinyproxy.conf

    vi tinyproxy.conf 

    User nobody
    Group nogroup
    Port 3128
    Listen 0.0.0.0
    Timeout 600
    LogFile "/var/log/tinyproxy/tinyproxy.log"
    LogLevel Info
    PidFile "/var/run/tinyproxy.pid"
    MaxClients 100
    Allow 127.0.0.1
    Allow 192.168.0.0/16
    Allow 10.0.0.0/8
    ViaProxyName "tinyproxy"
    ConnectPort 443
    ConnectPort 563
    1. 針對實際 Client 的 IP 範圍加入 Allow 項目 Exp.

      Allow 172.16.0.0/16

    2. 針對實際 需要 Fordward Proxy SSL Port 加入 ConnectPort 項目 Exp.

      ConnectPort 8006

  2. 建立 Docker Compose 配置檔 docker-compose.yml 與第一次啟動

    vi docker-compose.yml

    services:
      tinyproxy:
        image: vimagick/tinyproxy
        hostname: tinyproxy
        container_name: tinyproxy
        environment:
          - TZ=Asia/Taipei
        ports:
          - "3128:3128"
        volumes:
          - ./tinyproxy.conf:/etc/tinyproxy/tinyproxy.conf:ro
          - ./logs:/var/log
        restart: always
        command: sh -c "mkdir -p /var/log/tinyproxy && chown -R nobody:nogroup /var/log/tinyproxy && tinyproxy -d"
    
      watchtower:
        container_name: watchtower
        image: containrrr/watchtower
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock
        environment:
          - TZ=Asia/Taipei
          - WATCHTOWER_SCHEDULE=0 45 23 * * *
          - WATCHTOWER_CLEANUP=true
        labels:
          - "com.centurylinklabs.watchtower.enable=true"
        restart: unless-stopped
    docker compose up -d
  3. 查看 docker compose 紀錄

    docker compose logs -f

  4. 查看 tinyproxy 紀錄

    # tail -f ~/logs/tinyproxy/tinyproxy.log
    INFO      Sep 26 05:48:45.689 [1]: opensock: getaddrinfo returned for 192.168.11.1:80
    CONNECT   Sep 26 05:48:45.690 [1]: Established connection to host "192.168.11.1" using file descriptor 6.
    INFO      Sep 26 05:48:45.692 [1]: Closed connection between local client (fd:5) and remote client (fd:6)
    CONNECT   Sep 26 05:48:48.630 [1]: Connect (file descriptor 5): 192.168.11.8
    CONNECT   Sep 26 05:48:48.634 [1]: Request (file descriptor 5): GET http://192.168.11.1/system_status_data.asp HTTP/1.1
    INFO      Sep 26 05:48:48.635 [1]: No upstream proxy for 192.168.11.1
    INFO      Sep 26 05:48:48.635 [1]: opensock: opening connection to 192.168.11.1:80
    INFO      Sep 26 05:48:48.636 [1]: opensock: getaddrinfo returned for 192.168.11.1:80
    CONNECT   Sep 26 05:48:48.637 [1]: Established connection to host "192.168.11.1" using file descriptor 6.
    INFO      Sep 26 05:48:48.639 [1]: Closed connection between local client (fd:5) and remote client (fd:6)
    :

  • Q:如何讓 log 檔只保留一段時間就好 Exp. 一年
    • A: 在 host 安裝 logrotate 來進行處理
      1. 安裝 logrotate

        apk add logrotate

      2. 編輯 /etc/logrotate.d/tinyproxy 設定保留一年

        vi /etc/logrotate.d/tinyproxy

        /root/logs/tinyproxy/tinyproxy.log {
            daily
            rotate 365
            compress
            delaycompress
            missingok
            notifempty
            create 644 root root
            postrotate
                docker exec tinyproxy kill -HUP $(docker exec tinyproxy cat /var/run/tinyproxy.pid 2>/dev/null) 2>/dev/null || true
            endscript
        }
      3. 驗證執行

        logrotate -d /etc/logrotate.d/tinyproxy

        • 看結果
  • tech/tinyproxy.txt
  • 上一次變更: 2024/09/26 17:53
  • jonathan