Polipo
From ArchWiki
From Polipo's site:
- "Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group."
Unlike Squid, Polipo is very light on resources and simple to configure. This makes it ideal for single user systems and other uncomplicated setups. Do keep in mind; however, that this versatility comes at a cost; Polipo will increase its space usage without restriction as it is not aware of how big its disk cache grows. This perceived fault is by design, since omitting these sanity checks drastically reduces Polipo's memory usage and overall toll on the system. A practical way of restricting disk usage is by making Polipo run as its own user and employing disk quota.
The following covers installing and setting up Polipo.
Contents |
Installation
Polipo is currently available in the AUR. Using an AUR helper like yaourt, install by entering:
$ yaourt -S polipo
or install the newer development version instead:
$ yaourt -S polipo-git
Improving Polipo
The current Polipo package is missing a set of features users might find desirable, namely: proper daemon behavior, including placing files in /var/run and a call to cleanse Polipo's cache; a cronjob that routinely performs the latter; and finally, a restricted "polipo" user to address security and maintainability concerns.
To partially fix these issues, replace the daemon script with the following:
#!/bin/bash . /etc/rc.conf . /etc/rc.d/functions DAEMON=polipo ARGS="daemonise=true pidFile=/var/run/$DAEMON/$DAEMON.pid" PID=`pidof -o %PPID /usr/bin/$DAEMON` case $1 in start) stat_busy "Starting $DAEMON" if ck_daemon $DAEMON; then [[ ! -d /var/run/$DAEMON ]] && install -d /var/run/$DAEMON /usr/bin/polipo $ARGS >/dev/null 2>&1 if [[ $? != 0 ]]; then stat_fail else add_daemon $DAEMON stat_done fi else echo "$DAEMON is already running" stat_fail fi ;; stop) stat_busy "Stopping $DAEMON" if ! ck_daemon $DAEMON; then kill $PID >/dev/null 2>&1 if [[ $? != 0 ]]; then stat_fail else rm_daemon $DAEMON stat_done fi else echo "$DAEMON is not running" stat_fail fi ;; purge) stat_busy "Purging $DAEMON" if ! ck_daemon $DAEMON; then prestart=1 kill -USR1 $PID >/dev/null 2>&1 || stat_fail rm_daemon $DAEMON sleep 1 elif ck_daemon $DAEMON; then [[ ! -d /var/run/$DAEMON ]] && install -d /var/run/$DAEMON /usr/bin/$DAEMON -x $ARGS >/dev/null 2>&1 || stat_fail if [[ $prestart = 1 ]]; then kill -USR2 $PID >/dev/null 2>&1 add_daemon $DAEMON unset prestart fi stat_done fi ;; restart) $0 stop sleep 1 $0 start ;; *) echo "usage: $0 {start|stop|restart|purge}" ;; esac
And save the cron file in /etc/cron.weekly/polipo:
#!/bin/sh /etc/rc.d/polipo purge >/dev/null 2>&1
Make it executable:
# chmod +x /etc/cron.weekly/polipo
Run Polipo as designated user
Starting the daemon
To start the Polipo daemon:
# /etc/rc.d/polipo start
Add it to /etc/rc.conf to start it automatically at boot:
DAEMONS=(syslog-ng network netfs polipo crond)
Multiple instances
Polipo can also run without super user priveleges. To do so, first copy /etc/polipo/config.sample to a suitable directory:
$ cp /etc/polipo/config.sample ~/.poliporc
Edit it so that it points at a writable location, instead of /var/cache/polipo:
# Uncomment this if you want to put the on-disk cache in a # non-standard location: diskCacheRoot = "~/.polipo-cache/"
Create the cache directory:
$ mkdir ~/.polipo-cache
Finally, launch Polipo with the new configuration:
$ polipo -c ~/.poliporc
Configuration
Management is mostly performed in /etc/polipo/config. Most users can opt for using the sample configuration file, which is sufficient for most situations and well documented.
# cd /etc/polipo; cp config.sample config
Unlike other proxies, Polipo needs to be restarted after alterations.
Browser
Set the browser so that it uses localhost:8123 for proxying. Be sure to disable the browser's disk cache to avoid redundant IO operations and bad performance.
Tunneling
Instead of manually configuring each browser or other utilities that might benefit from Polipo's caching, one can also use iptables to route traffic through polipo.
After installing iptables, add the appropiate rules to /etc/iptables/iptables.rules:
*nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A OUTPUT -p tcp --dport 80 -m owner --uid-owner polipo -j ACCEPT -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8123 COMMIT
This routes HTTP traffic through Polipo. Remove all proxy settings from browsers, if any, and restart iptables.
Privoxy
Privoxy is a proxy useful for intercepting advertisement and other undesirables.
According to Polipo's developer, in order to get the privacy enhancements of Privoxy and much (but not all) of the performance of Polipo, one should place Polipo upstream of Privoxy.
In other words:
- point the browser at Privoxy: localhost:8118
- and direct Privoxy traffic to Polipo: forward / localhost:8123 in the Privoxy configuration file.
Tor
Tor is an anonymizing proxy network.
To use Polipo with Tor, uncomment or include the following in /etc/polipo/config:
socksParentProxy = localhost:9050