Compare commits
5 Commits
07a2e7392d
...
6967444fb9
Author | SHA1 | Date |
---|---|---|
Michele Guerini Rocco | 6967444fb9 | |
Michele Guerini Rocco | 1ade7ffacf | |
Michele Guerini Rocco | a0923ae9dd | |
Michele Guerini Rocco | a0155c5949 | |
Michele Guerini Rocco | cb1b19a896 |
53
README.md
53
README.md
|
@ -41,10 +41,10 @@ certtool --generate-self-signed --load-privkey ca.key --outfile ca.crt
|
|||
```
|
||||
or use the tool ./cert.py provided
|
||||
```
|
||||
python cert.py -f output
|
||||
python src/cert.py -f output
|
||||
```
|
||||
In latter the "output" file will contain both private key and certificate;
|
||||
split the file and store the separately.
|
||||
In the latter the "output" file will contain both private key and certificate;
|
||||
split the file and store them separately.
|
||||
|
||||
3. Configure the proxy with the option set `services.privoxy.tls-wrapper`, for example
|
||||
```nix
|
||||
|
@ -65,6 +65,53 @@ python cert.py -f output
|
|||
applications may use their own store and won't trust it.
|
||||
You will need to add the CA manually in that case.
|
||||
|
||||
## Configuration settings
|
||||
|
||||
Below is an example configuration file that shows all settings:
|
||||
|
||||
```ini
|
||||
[GENERAL]
|
||||
; The URL of privoxy
|
||||
proxAddr = http://localhost:8080
|
||||
|
||||
; The port the front proxy will bind to
|
||||
frontPort = 8079
|
||||
|
||||
; The port the rear proxy will bind to
|
||||
rearPort = 8081
|
||||
|
||||
; An upstream HTTP proxy if required by the network
|
||||
DefaultProxy = http://127.0.0.1:8118
|
||||
|
||||
; The Logging level: either ERROR, WARNING, INFO or DEBUG
|
||||
LogLevel = INFO
|
||||
|
||||
; Proxy the following URLs to this HTTP or SOCKS proxy.
|
||||
; This option can be repeated.
|
||||
; Python regular expression are also allowed.
|
||||
[proxy http://192.168.178.1:8123]
|
||||
https?://*.test.com
|
||||
|
||||
; Skip TLS certificate verification for these URLS.
|
||||
; This is dangerous, use with care.
|
||||
[noVerify]
|
||||
self-signed.example.com
|
||||
|
||||
; Block requests to the following URLs
|
||||
[blacklist]
|
||||
*.ads.example.net
|
||||
|
||||
; Passthrough the MitM proxying and Privoxy,
|
||||
; but still use the default proxy for these URLs.
|
||||
[passthru]
|
||||
broken.example.com
|
||||
|
||||
; Bypass all proxying for these URLs
|
||||
[bypassURL]
|
||||
http://www.example.com/*
|
||||
*.zip
|
||||
*.pdf
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ let
|
|||
cfgPrivoxy = config.services.privoxy;
|
||||
cfg = cfgPrivoxy.tls-wrapper;
|
||||
|
||||
src = ./.;
|
||||
package = ./.;
|
||||
|
||||
action = pkgs.writeText "privoxy-tls.action" ''
|
||||
{ +client-header-tagger{privoxy-tls-tagger} }
|
||||
|
@ -190,7 +190,7 @@ in
|
|||
User = "privoxy-tls";
|
||||
PrivateTmp = true;
|
||||
PermissionsStartOnly = true;
|
||||
ExecStart = "${python}/bin/python ${src}/main.py -c ${configFile}";
|
||||
ExecStart = "${python}/bin/python ${package}/src/main.py -c ${configFile}";
|
||||
};
|
||||
preStart = ''
|
||||
if ! test -f ${dataDir}/ca.crt; then
|
||||
|
|
|
@ -22,8 +22,8 @@ from cert import get_cert
|
|||
_name = 'proxy'
|
||||
logger = logging.getLogger('__main__')
|
||||
|
||||
data = pathlib.Path(__file__).parent / 'data'
|
||||
error_template = string.Template(open(data / 'error.html').read())
|
||||
static = pathlib.Path(__file__).parents[1] / 'static'
|
||||
error_template = string.Template(open(static / 'error.html').read())
|
||||
|
||||
|
||||
def walk_traceback(e, n=0):
|
Loading…
Reference in New Issue