proxy.conf reference documentation
[global]
Indicates that we are defining global configuration, rather than rewrites.
| Directive | Data type | Expected input | Description |
|---|---|---|---|
| hostname | string | domain | The DNS-address your proxy resides on. This is used to correctly rewrite URLs. This can be an A/AAAA or CNAME record. It is recommended that you also generate a lower level wildcard record. For example, if your proxy lives at proxy.example.org, that you also have a *.proxy.example.org record to handle old-style rewrites in the form of www.google.com.proxy.example.org. While this style is deprecated because of x.509 certificate issues, it is still supported by the proxy and will rewrite to use the proper domain. |
| http_listen_port | integer | 0-65535 | The port to listen on for HTTP connections. This is the port your users will connect to, e.g., if your proxy binds to 8080, your users will connect to proxy.example.org:8080. If you are using a webserver and are using a reverse proxy, the HTTPD should reverse proxy to this port. Keep in mind that CAP_NET_BIND_SERVICE is required to bind to privileged ports (< 1024). |
| https_listen_port | integer | 0-65535 | The port to listen on for HTTPS connections. This is the port your users will connect to, e.g., if your proxy binds to 40443, your users will connect to proxy.example.org:40443. If you are using a webserver and are using a reverse proxy, the HTTPD should reverse proxy to this port. Keep in mind that CAP_NET_BIND_SERVICE is required to bind to privileged ports (< 1024). |
| http_port | integer | 0-65535 | The port to proxy towards to for HTTP connections. This is the port SwiperProxy will connect to; usually, you'll want to leave this as port 80. |
| https_port | integer | 0-65535 | The port to proxy towards to for HTTPS connections. This is the port SwiperProxy will connect to; usually, you'll want to leave this as port 443. |
| http_endpoint | string | /(...) | The path the proxy should redirect to for HTTP connections; to be used in conjuction with a reverse proxy when the proxy does not run at the web root. |
| https_endpoint | string | /(...) | The path the proxy should redirect to for HTTPS connections; to be used in conjuction with a reverse proxy when the proxy does not run at the web root. |
| reverseproxy_scheme | string | 'http' or 'https' | Whether to use HTTP or HTTPS by default when the remote host has both available. |
| https_certificate | string | /path/to/file.pem | The certificate that is used for HTTPS connections, both between the client and the proxy, and the proxy and destination server. This file should be base64 DER-encoded, and contain both the private key and certificate, optionally followed by any intermediate signing certificates. This file should be readable by the user with which you run SwiperProxy. |
| Directive | Data type | Expected input | Description |
|---|---|---|---|
| threadpool_size | integer | amount | The number of request handler threads. |
| max_post_size | integer | in bytes | The maximum post size in bytes. Post sizes exceeding this value will be dropped. |
| max_page_size | integer | in bytes | The maximum page size in bytes. Page sizes exceeding this value will be dropped. |
| gzip_level | integer | 0-9 | GZIP compression level the proxy will use. While this is very useful, considering the potential traffic passing through a proxy, it is also a security risk when using HTTPS. For more information, see CRIME and BREACH. 0 disables GZIP compression entirely. |
| gzip_client_response | boolean | yes/no | Whether to compress responses to clients, if using GZIP compression levels of 1 or higher. Disabling will only use GZIP compression if applicable for the connection between proxy and destination server. |
| upstream_timeout | integer | in seconds | The read/write timeout in seconds of servers your users try to connect to through your proxy. |
| upstream_connect_timeout | integer | in seconds | The connect timeout in seconds of servers your users try to connect to through your proxy. |
| client_timeout | integer | in seconds | The read/write timeout in seconds of your clients. |
| client_resolve | boolean | yes/no | Attempt to resolve the reverse DNS (PTR-record) of your client IP addresses before writing to log? This incurs a performance loss depending on your resolver. |
| Directive | Data type | Expected input | Description |
|---|---|---|---|
| files_location | string | /path/to/htdocs | The full path of the static HTML files served when users visit your proxy directly. This directory and its files should be readable by the SwiperProxy user. |
| filter_headers | string | comma,separated,headers | A comma-separated list of client headers the proxy should filter. |
| block_robots | boolean | yes/no | Whether to inject a faked robots.txt to discourage crawlers to index your proxy. This will override the robots.txt file of destination servers. |
| use_forwarded_for | boolean | yes/no | Add an X-Forwarded-For header containing the client's IP address? |
| block_list | string | /path/to/file.txt | The location of a plain text blocklist. Users cannot browse to destinations with an entry in this file. |
| block_target | string | http://example.tld/blocked.html | When users browse to a domain with a blocklist entry, users will be rewritten to this page instead |
| access_log | string | /path/to/file.log | The location of the access log. This file should be writable by the SwiperProxy user. |
| error.log | string | /path/to/file.log | The location of the error log. This file should be writable by the SwiperProxy user. |
[rewrites]
Indicates that all following entries are rewrites. Useful for rewriting users to a specific destination, or loadbalancing between proxies.