Tinyproxy - 轻量级HTTP代理服务器完全指南 🌐
Tinyproxy是一个小型、高效、安全的HTTP代理守护程序,适用于需要完整HTTP代理功能但系统资源有限的场景。
📊 目录
🚀 安装与配置
Ubuntu/Debian安装
# 更新包列表
sudo apt update
# 安装tinyproxy
sudo apt install tinyproxy
# 启动服务
sudo systemctl start tinyproxy
sudo systemctl enable tinyproxy
# 查看服务状态
sudo systemctl status tinyproxy
CentOS/RHEL安装
# 安装EPEL仓库
sudo yum install epel-release
# 安装tinyproxy
sudo yum install tinyproxy
# 启动服务
sudo systemctl start tinyproxy
sudo systemctl enable tinyproxy
从源码编译
# 安装依赖
sudo apt install build-essential autoconf automake libtool
# 下载源码
wget https://github.com/tinyproxy/tinyproxy/releases/download/1.11.1/tinyproxy-1.11.1.tar.gz
tar -xzf tinyproxy-1.11.1.tar.gz
cd tinyproxy-1.11.1
# 编译安装
./configure --prefix=/usr/local/tinyproxy \
--enable-reverse \
--enable-transparent \
--enable-filter
make
sudo make install
⚙️ 基本配置
主配置文件
# 编辑主配置文件
sudo vim /etc/tinyproxy/tinyproxy.conf
基础配置示例
# /etc/tinyproxy/tinyproxy.conf
# 用户和组
User tinyproxy
Group tinyproxy
# 监听端口
Port 8888
# 绑定地址(0.0.0.0表示所有接口)
Listen 0.0.0.0
# 进程ID文件
PidFile /var/run/tinyproxy/tinyproxy.pid
# 日志文件
LogFile /var/log/tinyproxy/tinyproxy.log
LogLevel Info
# 最大客户端连接数
MaxClients 100
# 超时设置(秒)
Timeout 600
# 允许访问的客户端
Allow 127.0.0.1
Allow 192.168.0.0/16
Allow 10.0.0.0/8
Allow 172.16.0.0/12
# 禁止访问的域名
FilterURLs On
Filter /etc/tinyproxy/filter
# 匿名代理(隐藏客户端信息)
Anonymous "Host"
Anonymous "Authorization"
Anonymous "Cookie"
启用基本认证
# 添加认证配置
BasicAuth user password
# 或使用认证文件
# AuthFile /etc/tinyproxy/auth.txt
认证文件格式
# /etc/tinyproxy/auth.txt
username1:password1
username2:password2
admin:$ecur3P@ssw0rd
🛠️ 开发环境配置
Ruby Gem配置
# 创建或编辑gem配置文件
vim ~/.gemrc
# 添加代理配置
---
:benchmark: false
:bulk_threshold: 1000
:backtrace: false
:update_sources: true
:verbose: true
http_proxy: http://tinyproxy_server:8888
https_proxy: http://tinyproxy_server:8888
Python Pip配置
# 创建pip配置目录
mkdir -p ~/.pip
# 编辑pip配置文件
vim ~/.pip/pip.conf
# 添加代理配置
[global]
proxy = http://tinyproxy_server:8888
trusted-host = pypi.org
pypi.python.org
files.pythonhosted.org
# 或者使用环境变量
export http_proxy=http://tinyproxy_server:8888
export https_proxy=http://tinyproxy_server:8888
pip install package_name
Go语言配置
# 编辑bashrc或profile
vim ~/.bashrc
# 添加Go代理配置
export GOPROXY="https://proxy.golang.org,direct"
export GOSUMDB="sum.golang.org"
export GOPRIVATE="gitlab.company.com"
# HTTP代理配置
export http_proxy=http://tinyproxy_server:8888
export https_proxy=http://tinyproxy_server:8888
export no_proxy="localhost,127.0.0.1,*.local"
# 应用配置
source ~/.bashrc
# 测试Go代理
go env GOPROXY
go mod download
Node.js NPM配置
# 配置npm代理
npm config set proxy http://tinyproxy_server:8888
npm config set https-proxy http://tinyproxy_server:8888
# 查看配置
npm config list
# 取消代理设置
npm config delete proxy
npm config delete https-proxy
# 使用Yarn
yarn config set proxy http://tinyproxy_server:8888
yarn config set https-proxy http://tinyproxy_server:8888
Docker配置
# Docker守护进程代理配置
sudo mkdir -p /etc/systemd/system/docker.service.d
# 创建代理配置文件
sudo vim /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://tinyproxy_server:8888"
Environment="HTTPS_PROXY=http://tinyproxy_server:8888"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.local"
# 重启Docker
sudo systemctl daemon-reload
sudo systemctl restart docker
# 验证配置
docker info | grep -i proxy
Git配置
# 配置Git代理
git config --global http.proxy http://tinyproxy_server:8888
git config --global https.proxy http://tinyproxy_server:8888
# 为特定域名配置代理
git config --global http.https://github.com.proxy http://tinyproxy_server:8888
# 查看配置
git config --global --list | grep proxy
# 取消代理配置
git config --global --unset http.proxy
git config --global --unset https.proxy
🔒 安全配置
访问控制列表
# 精确的IP访问控制
Allow 192.168.1.100
Allow 10.0.1.0/24
# 拒绝特定IP
Deny 192.168.1.50
Deny 10.0.2.0/24
# 默认拒绝所有(最后规则)
# Deny all
URL过滤
# 启用URL过滤
FilterURLs On
Filter /etc/tinyproxy/filter
FilterExtended On
# 过滤文件示例
# /etc/tinyproxy/filter
facebook.com
twitter.com
.*\.gambling\..*
.*adult.*
^.*\.exe$
SSL/TLS配置
# 禁用不安全的SSL版本
SSLVerify On
# 设置SSL证书路径(如果需要)
# SSLCertPath /etc/ssl/certs/
# SSLCertFile /etc/ssl/certs/tinyproxy.crt
# SSLKeyFile /etc/ssl/private/tinyproxy.key
反向代理配置
# 反向代理配置
ReversePath "/api/" "http://backend-server:3000/"
ReversePath "/static/" "http://static-server:8080/"
# 支持WebSocket
ReverseOnly On
ReverseMagic On
📈 性能优化
连接池配置
# 最大客户端连接数
MaxClients 200
# 每个客户端的最大请求数
MaxRequestsPerChild 1000
# 最小和最大空闲服务器数
MinSpareServers 5
MaxSpareServers 20
StartServers 10
缓存配置
# 启用HTTP缓存
Cache On
CacheSize 100MB
CacheDir /var/cache/tinyproxy
# 缓存策略
CacheDefaultExpire 3600
CacheMaxExpire 86400
系统优化
# 修改系统限制
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
# 内核参数调优
echo "net.core.somaxconn = 1024" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 1024" >> /etc/sysctl.conf
sysctl -p
📊 监控与日志
日志配置
# 详细日志配置
LogFile /var/log/tinyproxy/tinyproxy.log
LogLevel Info
Syslog On
# 日志轮转配置
# /etc/logrotate.d/tinyproxy
/var/log/tinyproxy/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 0644 tinyproxy tinyproxy
postrotate
/bin/kill -USR1 `cat /var/run/tinyproxy/tinyproxy.pid 2> /dev/null` 2> /dev/null || true
endscript
}
统计信息页面
# 启用统计页面
StatHost "proxy.stats"
StatFile "/usr/share/tinyproxy/stats.html"
# 访问统计页面
# curl -H "Host: proxy.stats" http://tinyproxy_server:8888/
监控脚本
#!/bin/bash
# monitor_tinyproxy.sh
PROXY_HOST="localhost"
PROXY_PORT="8888"
LOG_FILE="/var/log/tinyproxy/monitor.log"
# 检查代理是否响应
check_proxy() {
local response=$(curl -s -o /dev/null -w "%{http_code}" \
--proxy http://$PROXY_HOST:$PROXY_PORT \
--max-time 10 \
http://httpbin.org/ip 2>/dev/null)
if [ "$response" = "200" ]; then
echo "$(date): Proxy is healthy" >> $LOG_FILE
return 0
else
echo "$(date): Proxy check failed (HTTP: $response)" >> $LOG_FILE
return 1
fi
}
# 检查进程状态
check_process() {
if pgrep tinyproxy > /dev/null; then
echo "$(date): Tinyproxy process is running" >> $LOG_FILE
return 0
else
echo "$(date): Tinyproxy process not found" >> $LOG_FILE
return 1
fi
}
# 主监控逻辑
main() {
if ! check_process; then
echo "$(date): Attempting to restart tinyproxy" >> $LOG_FILE
systemctl restart tinyproxy
sleep 5
fi
if ! check_proxy; then
echo "$(date): Proxy health check failed" >> $LOG_FILE
# 发送告警
# send_alert "Tinyproxy health check failed"
fi
}
main
🔧 故障排除
常见问题诊断
# 检查服务状态
sudo systemctl status tinyproxy
# 查看实时日志
sudo tail -f /var/log/tinyproxy/tinyproxy.log
# 检查端口占用
sudo netstat -tlnp | grep :8888
sudo ss -tlnp | grep :8888
# 检查防火墙
sudo ufw status
sudo iptables -L | grep 8888
# 测试代理连接
curl -v --proxy http://proxy_server:8888 http://httpbin.org/ip
配置验证
# 验证配置文件语法
sudo tinyproxy -c /etc/tinyproxy/tinyproxy.conf -d
# 检查权限
ls -la /etc/tinyproxy/
ls -la /var/log/tinyproxy/
ls -la /var/run/tinyproxy/
性能测试
#!/bin/bash
# proxy_benchmark.sh
PROXY="http://proxy_server:8888"
TEST_URL="http://httpbin.org/get"
CONCURRENT_USERS=10
REQUESTS_PER_USER=100
# 使用Apache Bench测试
ab -n $((CONCURRENT_USERS * REQUESTS_PER_USER)) \
-c $CONCURRENT_USERS \
-X ${PROXY#http://} \
$TEST_URL
# 使用wrk测试
wrk -t$CONCURRENT_USERS \
-c$CONCURRENT_USERS \
-d30s \
--script proxy.lua \
$TEST_URL
🐳 Docker化部署
Dockerfile
FROM alpine:latest
RUN apk add --no-cache tinyproxy
# 创建配置目录
RUN mkdir -p /etc/tinyproxy /var/log/tinyproxy
# 复制配置文件
COPY tinyproxy.conf /etc/tinyproxy/
# 创建用户
RUN adduser -D -s /bin/sh tinyproxy
# 修改权限
RUN chown -R tinyproxy:tinyproxy /var/log/tinyproxy
EXPOSE 8888
USER tinyproxy
CMD ["tinyproxy", "-d", "-c", "/etc/tinyproxy/tinyproxy.conf"]
Docker Compose
version: '3.8'
services:
tinyproxy:
build: .
ports:
- "8888:8888"
volumes:
- ./config/tinyproxy.conf:/etc/tinyproxy/tinyproxy.conf:ro
- ./logs:/var/log/tinyproxy
environment:
- PROXY_PORT=8888
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "--proxy", "http://localhost:8888", "http://httpbin.org/ip"]
interval: 30s
timeout: 10s
retries: 3
📚 有用命令总结
服务管理
# 启动/停止/重启服务
sudo systemctl start tinyproxy
sudo systemctl stop tinyproxy
sudo systemctl restart tinyproxy
sudo systemctl reload tinyproxy
# 查看配置
tinyproxy -h
cat /etc/tinyproxy/tinyproxy.conf
# 实时监控连接
watch -n 1 'netstat -an | grep :8888'
客户端测试
# 基本代理测试
curl --proxy http://proxy:8888 http://httpbin.org/ip
# 带认证的代理测试
curl --proxy-user username:password --proxy http://proxy:8888 http://httpbin.org/ip
# 测试HTTPS
curl --proxy http://proxy:8888 https://httpbin.org/ip
# 批量测试
for i in {1..10}; do
curl -s --proxy http://proxy:8888 http://httpbin.org/ip
done
🎯 最佳实践
- 安全配置:始终使用最小权限原则配置访问控制
- 日志管理:定期轮转日志文件,避免磁盘空间不足
- 性能监控:定期监控连接数和响应时间
- 备份配置:定期备份配置文件和过滤规则
- 更新维护:保持软件版本更新,关注安全补丁
💡 小贴士: Tinyproxy适合轻量级场景,对于高并发场景建议考虑Squid或Nginx等更强大的代理服务器。