差異處

這裏顯示兩個版本的差異處。

連向這個比對檢視

下次修改		 前次修改
tech:tinyproxy [2024/09/26 12:55] – 建立 jonathantech:tinyproxy [2024/09/26 17:53] (目前版本) – 加上常見問題 jonathan
行 11: 行 11:
 Listen 0.0.0.0 Listen 0.0.0.0
 Timeout 600 Timeout 600
-DefaultErrorFile "/usr/share/tinyproxy/default.html" 
-StatFile "/usr/share/tinyproxy/stats.html" 
 LogFile "/var/log/tinyproxy/tinyproxy.log" LogFile "/var/log/tinyproxy/tinyproxy.log"
 LogLevel Info LogLevel Info
-PidFile "/var/run/tinyproxy/tinyproxy.pid"+PidFile "/var/run/tinyproxy.pid"
 MaxClients 100 MaxClients 100
-MinSpareServers 5 
-MaxSpareServers 20 
-StartServers 10 
-MaxRequestsPerChild 0 
 Allow 127.0.0.1 Allow 127.0.0.1
 Allow 192.168.0.0/16 Allow 192.168.0.0/16
行 27: 行 21:
 ConnectPort 443 ConnectPort 443
 ConnectPort 563 ConnectPort 563
-</file>**可以針對實際 Client 的 IP 範圍加入 Allow 項目**+</file> 
 +    - 針對實際 **Client 的 IP 範圍加入 Allow 項目** Exp. <cli>Allow 172.16.0.0/16</cli> 
 +    - 針對實際 **需要 Fordward Proxy SSL Port 加入 ConnectPort 項目** Exp. <cli>ConnectPort 8006</cli>
   - 建立 Docker Compose 配置檔 docker-compose.yml 與第一次啟動<cli>   - 建立 Docker Compose 配置檔 docker-compose.yml 與第一次啟動<cli>
 vi docker-compose.yml</cli><file> vi docker-compose.yml</cli><file>
行 36: 行 32:
     container_name: tinyproxy     container_name: tinyproxy
     environment:     environment:
-      - TZ=Asia/Taipei    +      - TZ=Asia/Taipei
     ports:     ports:
       - "3128:3128"       - "3128:3128"
     volumes:     volumes:
-      - ./tinyproxy.conf:/etc/tinyproxy/tinyproxy.conf+      - ./tinyproxy.conf:/etc/tinyproxy/tinyproxy.conf:ro 
 +      - ./logs:/var/log
     restart: always     restart: always
 +    command: sh -c "mkdir -p /var/log/tinyproxy && chown -R nobody:nogroup /var/log/tinyproxy && tinyproxy -d"
 +
 +  watchtower:
 +    container_name: watchtower
 +    image: containrrr/watchtower
 +    volumes:
 +      - /var/run/docker.sock:/var/run/docker.sock
 +    environment:
 +      - TZ=Asia/Taipei
 +      - WATCHTOWER_SCHEDULE=0 45 23 * * *
 +      - WATCHTOWER_CLEANUP=true
 +    labels:
 +      - "com.centurylinklabs.watchtower.enable=true"
 +    restart: unless-stopped
 </file><cli> </file><cli>
 docker compose up -d docker compose up -d
 </cli> </cli>
 +  - 查看 docker compose 紀錄<cli>
 +docker compose logs -f
 +</cli>
 +  - 查看 tinyproxy 紀錄<cli>
 +# tail -f ~/logs/tinyproxy/tinyproxy.log
 +INFO      Sep 26 05:48:45.689 [1]: opensock: getaddrinfo returned for 192.168.11.1:80
 +CONNECT   Sep 26 05:48:45.690 [1]: Established connection to host "192.168.11.1" using file descriptor 6.
 +INFO      Sep 26 05:48:45.692 [1]: Closed connection between local client (fd:5) and remote client (fd:6)
 +CONNECT   Sep 26 05:48:48.630 [1]: Connect (file descriptor 5): 192.168.11.8
 +CONNECT   Sep 26 05:48:48.634 [1]: Request (file descriptor 5): GET http://192.168.11.1/system_status_data.asp HTTP/1.1
 +INFO      Sep 26 05:48:48.635 [1]: No upstream proxy for 192.168.11.1
 +INFO      Sep 26 05:48:48.635 [1]: opensock: opening connection to 192.168.11.1:80
 +INFO      Sep 26 05:48:48.636 [1]: opensock: getaddrinfo returned for 192.168.11.1:80
 +CONNECT   Sep 26 05:48:48.637 [1]: Established connection to host "192.168.11.1" using file descriptor 6.
 +INFO      Sep 26 05:48:48.639 [1]: Closed connection between local client (fd:5) and remote client (fd:6)
 +:
 +</cli>
 +
 +===== 常見問題 =====
 +  * Q:如何讓 log 檔只保留一段時間就好 Exp. 一年
 +    * A: 在 host 安裝 logrotate 來進行處理
 +      - 安裝 logrotate <cli>apk add logrotate</cli> 
 +      - 編輯 /etc/logrotate.d/tinyproxy 設定保留一年<cli>vi /etc/logrotate.d/tinyproxy</cli><file>
 +/root/logs/tinyproxy/tinyproxy.log {
 +    daily
 +    rotate 365
 +    compress
 +    delaycompress
 +    missingok
 +    notifempty
 +    create 644 root root
 +    postrotate
 +        docker exec tinyproxy kill -HUP $(docker exec tinyproxy cat /var/run/tinyproxy.pid 2>/dev/null) 2>/dev/null || true
 +    endscript
 +}
 +</file>
 +      - 驗證執行 <cli>logrotate -d /etc/logrotate.d/tinyproxy</cli>
 +        * ++看結果|<cli>
 +tinyproxy-235:~# logrotate -d /etc/logrotate.d/tinyproxy
 +warning: logrotate in debug mode does nothing except printing debug messages!  Consider using verbose mode (-v) instead if this is not what you want.
 +
 +reading config file /etc/logrotate.d/tinyproxy
 +Reading state from file: /var/lib/logrotate.status
 +state file /var/lib/logrotate.status does not exist
 +Allocating hash table for state file, size 64 entries
 +
 +Handling 1 logs
 +
 +rotating pattern: /root/logs/tinyproxy/tinyproxy.log  after 1 days (365 rotations)
 +empty log files are not rotated, old logs are removed
 +considering log /root/logs/tinyproxy/tinyproxy.log
 +Creating new state
 +  Now: 2024-09-26 17:52
 +  Last rotated at 2024-09-26 17:00
 +  log does not need rotating (log has already been rotated)
 +</cli>++
 +
  
 ===== 相關參考資料 ===== ===== 相關參考資料 =====
  • tech/tinyproxy.1727326557.txt.gz
  • 上一次變更: 2024/09/26 12:55
  • jonathan