##-----------------------------------------------------------------------------
## fli4l 3.10.5 - configuration for package "proxy"
##
##  P L E A S E  R E A D  T H E  D O C U M E N T A T I O N !
##
##  B I T T E  U N B E D I N G T  D I E  D O K U M E N T A T I O N  L E S E N !
##
##-----------------------------------------------------------------------------
## Creation:     26.06.2001  fm
## Last Update:  $Id: proxy.txt 44165 2016-01-23 08:03:30Z kristov $
##
## Copyright (c) 2001-2016 - Frank Meyer, fli4l-Team <team@fli4l.de>
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##-----------------------------------------------------------------------------

#------------------------------------------------------------------------------
# Optional package: PRIVOXY (Privacy Enhancing Proxy)
#------------------------------------------------------------------------------
#OPT_PRIVOXY='no'               # privoxy: yes or no

PRIVOXY_MENU='yes'              # show Privoxy in httpd menu?
PRIVOXY_N='1'                   # number of instances
PRIVOXY_1_LISTEN='IP_NET_1_IPADDR:8118'
                                # ip and port to listen on

PRIVOXY_1_ALLOW_N='1'           # open firewall for hosts and networks
PRIVOXY_1_ALLOW_1='IP_NET_1'

PRIVOXY_1_HTTP_PROXY=''         # optional http forward (host:port)
PRIVOXY_1_SOCKS_PROXY=''        # optional socks4a forward (host:port)
                                # e.g. 127.0.0.1:9050 to use TOR
                                # remember making TOR listen this port
PRIVOXY_1_TOGGLE='yes'          # may users switch privoxy on/off?
PRIVOXY_1_CONFIG='yes'          # may users edit the config online?
PRIVOXY_1_LOGDIR='/var/log/privoxy'
                                # folder for log files
PRIVOXY_1_LOGLEVEL='1 4096 8192'
                                # what to log? (see manual)

# the following is a sample for a privoxy sending its traffic to tor
PRIVOXY_2_LISTEN='IP_NET_1_IPADDR:8090'

PRIVOXY_2_ALLOW_N='1'
PRIVOXY_2_ALLOW_1='IP_NET_1'

PRIVOXY_2_HTTP_PROXY=''
PRIVOXY_2_SOCKS_PROXY='127.0.0.1:9050'
PRIVOXY_2_TOGGLE='yes'
PRIVOXY_2_CONFIG='yes'

PRIVOXY_2_LOGDIR='/var/log/privoxy-tor'
PRIVOXY_2_LOGLEVEL='1 4096 8192'

#------------------------------------------------------------------------------
# Optional package: TOR (The Onion Router)
#------------------------------------------------------------------------------
#OPT_TOR='no'                   # install tor sock4a anon proxy

TOR_LISTEN_N='1'                # number of interfaces to listen on
TOR_LISTEN_1='IP_NET_1_IPADDR:9050'
TOR_LISTEN_2='127.0.0.1:9050'   # activate this to listen for local privoxy

TOR_ALLOW_N='1'                 # open firewall for hosts and networks
TOR_ALLOW_1='IP_NET_1'

TOR_CONTROL_PORT=''             # control using Tor Control Protocol
                                # leave empty to disable control
TOR_CONTROL_PASSWORD=''         # password to gain control over TOR
TOR_DATA_DIR=''                 # data folder (/etc/tor, if left empty)
TOR_HTTP_PROXY=''               # forward directory request to proxy
TOR_HTTP_PROXY_AUTH=''          # username:password for http proxy
TOR_HTTPS_PROXY=''              # forward SSL traffic to proxy
TOR_HTTPS_PROXY_AUTH=''         # username:password for http proxy
TOR_LOGLEVEL='notice'           # debug, info, notice, warn or err
                                # logging is disabled if left empty.
                                # WARNING: do NOT use levels below
                                # 'notice' for security reasons!
TOR_LOGFILE=''                  # log to file instead of syslog

#------------------------------------------------------------------------------
# Optional package: SS5 (Generic Socks proxy)
#------------------------------------------------------------------------------
#OPT_SS5='no'                   # install ss5 socks4/5 proxy

SS5_LISTEN_N='1'                # number of interfaces to listen on
SS5_LISTEN_1='IP_NET_1_IPADDR:8050'

SS5_ALLOW_N='1'                 # open firewall for hosts and networks
SS5_ALLOW_1='IP_NET_1'

#------------------------------------------------------------------------------
# Optional package: Transproxy (transparently forward HTTP requests)
#------------------------------------------------------------------------------
#OPT_TRANSPROXY='no'

TRANSPROXY_LISTEN_N='1'         # number of interfaces to listen on
TRANSPROXY_LISTEN_1='any:8081'
TRANSPROXY_TARGET_IP='127.0.0.1'
                                # where to redirect requests
TRANSPROXY_TARGET_PORT='8118'
TRANSPROXY_ALLOW_N='1'
TRANSPROXY_ALLOW_1='IP_NET_1'

#------------------------------------------------------------------------------
# Optional package: Siproxd - a masquerading SIP Proxy Server
#------------------------------------------------------------------------------
#OPT_SIPROXD='no'

#------------------------------------------------------------------------------
# Optional package: kamailio- another routing/masquerading SIP Proxy Server
#------------------------------------------------------------------------------
#OPT_KAMAILIO='no'

#------------------------------------------------------------------------------
# Optional package: rtpproxy- RTP proxy
#------------------------------------------------------------------------------
#OPT_RTPPROXY='no'

#------------------------------------------------------------------------------
# Optional package: igmpproxy - IGMP proxy
#------------------------------------------------------------------------------
#OPT_IGMPPROXY='no'

IGMPPROXY_DEBUG='no'            # default: no; change to yes for verbose information
IGMPPROXY_DEBUG2='no'           # default: no; change to yes for debug information
IGMPPROXY_QUICKLEAVE_ON='yes'   # Enable Quickleave mode; sends Leave instantly; default: yes
IGMPPROXY_UPLOAD_DEV='eth1.8'   # upstream interface; default: ppp0; VLAN8 Interface for Entertain IPTV
IGMPPROXY_DOWNLOAD_DEV='eth2'   # interface to IPTV box

IGMPPROXY_ALT_N='3'             # number of IP addresses for multicast sources
IGMPPROXY_ALT_NET_1='239.35.0.0/16'
                                # IPTV streams
IGMPPROXY_ALT_NET_2='217.0.119.0/24'
                                # Required for T-Home
IGMPPROXY_ALT_NET_3='193.158.34.0/23'
                                # Required for T-Home

IGMPPROXY_WLIST_N='1'           # number of IP addresses for multicast sources
IGMPPROXY_WLIST_NET_1='239.35.0.0/16'
                                # IPTV streams

#------------------------------------------------------------------------------
# Optional package: stunnel - SSL/TLS tunnel
#------------------------------------------------------------------------------
#OPT_STUNNEL='no'               # enable SSL/TLS tunnelling: yes or no
STUNNEL_DEBUG='no'              # enable debug messages: yes or no or log level
                                # between 0 and 7
STUNNEL_N='0'                   # number of tunnels
# ------------------------------ first tunnel ---------------------------------
STUNNEL_1_NAME='https'          # name of first tunnel
STUNNEL_1_CLIENT='no'           # SSL/TLS server
STUNNEL_1_ACCEPT='any:443'      # address and port to listen to
STUNNEL_1_ACCEPT_IPV6='no'      # only listen to IPv4 connection requests (this
                                # obviously makes sense only for OPT_IPV6='yes'
                                # configurations)
STUNNEL_1_CONNECT='127.0.0.1:80'
                                # where to delegate incoming connections to?
STUNNEL_1_CERT_FILE='server.pem'
                                # our (server) certificate, always required for
                                # CLIENT='no'
STUNNEL_1_CERT_CA_FILE='stunnel-ca.pem'
                                # certificate(s) to validate peer certificates
                                # against, see below
STUNNEL_1_CERT_VERIFY='optional'
                                # How to validate peer certificate? Possible
                                # values are:
                                #  none      - no validation
                                #  optional  - validate against CA certificate
                                #              if peer provides one
                                #  onlyca    - require peer certificate and
                                #              validate it against CA cert.
                                #  onlycert  - require peer certificate and
                                #              compare it to certificate in
                                #              STUNNEL_x_CERT_CA_FILE
                                #  both      - require peer certificate;
                                #              validate it against CA cert. and
                                #              compare it to certificate in
                                #              STUNNEL_x_CERT_CA_FILE (_both_
                                #              certificates, peer + CA, need
                                #              to exist in that file!)
# ------------------------------ second tunnel --------------------------------
STUNNEL_2_NAME='remote-imond'   # name of second tunnel
STUNNEL_2_CLIENT='yes'          # SSL/TLS client
STUNNEL_2_ACCEPT='any:50000'    # address and port to listen to
STUNNEL_2_ACCEPT_IPV4='no'      # only listen to IPv6 connection requests (this
                                # obviously requires OPT_IPV6='yes')
STUNNEL_2_CONNECT='@ibox:5000'
                                # where to delegate incoming connections to?
                                # (using '@ibox' needs the dns_dhcp package
                                # with OPT_HOSTS='yes' and HOST_x_NAME='ibox')
STUNNEL_2_CERT_CA_FILE='ca+server.pem'
                                # contains CA certificate and desired server
                                # certificate, the latter needed for 'both'
                                # verify mode
STUNNEL_2_CERT_FILE='client.pem'
                                # our (client) certificate and key, typically
                                # not necessary when using CLIENT='yes'
STUNNEL_2_CERT_VERIFY='both'    # see above
