pyproxytools
diff --git a/‎README.md‎
Lines changed: 69 additions & 2 deletions b/‎README.md‎
Lines changed: 69 additions & 2 deletions
diff --git a/‎docs/assets/pyproxy.png‎
1.59 KB b/‎docs/assets/pyproxy.png‎
1.59 KB
diff --git a/‎docs/configuration/ca_certificates.md‎
Lines changed: 10 additions & 0 deletions b/‎docs/configuration/ca_certificates.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎docs/configuration/command_argument.md‎
Lines changed: 54 additions & 0 deletions b/‎docs/configuration/command_argument.md‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎docs/configuration/env_var.md‎
Lines changed: 46 additions & 0 deletions b/‎docs/configuration/env_var.md‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎docs/configuration/from_ini_file.md‎
Lines changed: 58 additions & 0 deletions b/‎docs/configuration/from_ini_file.md‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎docs/features/api.md‎
Lines changed: 123 additions & 0 deletions b/‎docs/features/api.md‎
Lines changed: 123 additions & 0 deletions
diff --git a/‎docs/features/authorized_ips.md‎
Lines changed: 23 additions & 0 deletions b/‎docs/features/authorized_ips.md‎
Lines changed: 23 additions & 0 deletions
@@ -1,2 +1,69 @@
-# pyproxy-docs
-Pyproxy documentations
+<div align="center">
+  <h1>pyproxy-docs</h1>
+</div>
+
+This repository hosts the official documentation for **PyProxyTools**, a lightweight, fast, and customizable Python-based web proxy server. The documentation is built with MkDocs and published via GitHub Pages.
+
+## 🚀 **Live Documentation**
+
+The documentation is available here:
+
+```
+https://pyproxytools.github.io/pyproxy-docs/
+```
+
+## 📚 **About This Repository**
+
+This repo contains:
+
+* All Markdown source files for the documentation
+* The `mkdocs.yml` configuration file
+* A GitHub Actions workflow for automatic deployment
+
+If you want to contribute or improve the docs for **PyProxyTools**, this is the place.
+
+## 🛠️ **Local Setup**
+
+### 1. Install dependencies
+
+```bash
+pip install -r requirements.txt
+```
+
+### 2. Run the documentation locally
+
+```bash
+mkdocs serve
+```
+
+The site will be available at:
+
+```
+http://127.0.0.1:8000
+```
+
+### 3. Build the static site
+
+```bash
+mkdocs build
+```
+
+This generates the final static HTML inside the `site/` directory.
+
+## 🔄 **Deployment**
+
+Deployment to GitHub Pages is automated using a GitHub Actions workflow.
+Every push to the branch "main" triggers a build and publishes updates to the live site.
+
+No manual steps required once the workflow is set up.
+
+## 🤝 **Contributing**
+
+Contributions to improve or expand the documentation are welcome.
+Feel free to submit pull requests with corrections, new sections, or examples.
+
+## 📄 **License**
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+---
@@ -0,0 +1,10 @@
+This configuration is required to use SSL inspection. The proxy generates SSL certificates for intercepted HTTPS requests. These certificates will be presented to clients. The proxy will sign these certificates with a certificate authority. Therefore, it needs a CA (the key and the certificate).
+
+The CA key and certificate should be placed in `./certs/ca/key.pem` and in `./certs/ca/cert.pem`.
+
+## Generate a self-signed CA
+You can generate a self-signed CA with OpenSSL.
+```bash 
+mkdir -p certs/ca/
+openssl req -x509 -newkey rsa:4096 -keyout certs/ca/key.pem -out certs/ca/cert.pem -days 365 -nodes
+```
@@ -0,0 +1,54 @@
+You can launch the proxy directly and configure it with the following arguments:
+
+| Argument | Short | Description | Default Value | Slim version |
+|----------|-------|-------------|---------------|---------------|
+| `--version` | `-v` | Show version information | N/A | |
+| `--debug` | | Enable debug logging | `False` | |
+| `--host` | `-H` | IP address to listen on | `0.0.0.0` | |
+| `--port` | `-P` | Port to listen on | `8080` | |
+| `--config-file` | `-f` | Path to `config.ini` file | `./config.ini` | |
+| `--access-log` | | Path to the access log file | `logs/access.log` | |
+| `--block-log` | | Path to the block log file | `logs/block.log` | |
+| `--html-403` | | Path to the custom 403 Forbidden HTML page | `assets/403.html` | |
+| `--filter-mode` | | Disable URL and domain filtering | `False` | |
+| `--no-filter` | | Filter list mode (local or http) | `local` | |
+| `--blocked-sites` | | Path to the text file containing the list of sites to block | `config/blocked_sites.txt` | |
+| `--blocked-url` | | Path to the text file containing the list of URLs to block | `config/blocked_url.txt` | |
+| `--shortcuts` | | Path to the text file containing the list of shortcuts | `config/shortcuts.txt` | **not included** |
+| `--custom-header` | | Path to the json file containing the list of custom headers | `config/custom_header.json` | **not included** |
+| `--authorized-ips` | | Path to the txt file containing the list of authorized ips | `config/authorized_ips.txt` | |
+| `--no-logging-access` | | Disable access logging | `False` | |
+| `--no-logging-block` | | Disable block logging | `False` | |
+| `--ssl-inspect` | | Enable SSL inspection | `False` | |
+| `--inspect-ca-cert` | | Path to the CA certificate | `certs/ca/cert.pem` | |
+| `--inspect-ca-key` | | Path to the CA key | `certs/ca/key.pem` | |
+| `--inspect-certs-folder` | | Path to the generated certificates folder | `certs/` | |
+| `--cancel-inspect` | | Path to the text file containing the list of URLs without ssl inspection | `config/cancel_inspect.txt` | |
+| `--flask-port` | | Port to listen on for monitoring interface | `5000` | **not included** |
+| `--flask-pass` | | Default password to Flask interface | `password` | **not included** |
+| `--proxy-enable` | | Enable proxy after PyProxy | `False` | |
+| `--proxy-host` | | Proxy IP to use after PyProxy | `127.0.0.1` | |
+| `--proxy-port` | | Proxy Port to use after PyProxy | `8081` | |
+
+## Example
+### With source
+Example of a launch with SSL inspection for HTTPS requests
+```bash
+python3 pyproxy.py --ssl-inspect
+```
+
+!!! warning
+    Please note: for SSL inspection, you must configure a certificate authority to generate SSL certificates.
+    Here is the documentation on [SSL Inspection](../features/ssl_inspection.md)
+
+### With Docker image
+Example of a launch with SSL inspection for HTTPS requests
+```bash
+docker run -d ghcr.io/6c656c65/pyproxy:latest --ssl-inspect
+```
+!!! warning
+    Please note: for SSL inspection, you must configure a certificate authority to generate SSL certificates.
+    Here is the documentation on [SSL Inspection](../features/ssl_inspection.md)
+
+## With configuration file
+You can configure the proxy using a [From an .ini file](../configuration/from_ini_file.md) instead of arguments.
@@ -0,0 +1,46 @@
+You can configure the proxy using environment variables instead of command-line arguments. The environment variable names follow the pattern `PYPROXY_<CLI_ARGUMENT>`, where the argument is in uppercase and hyphens (`-`) are replaced by underscores (`_`).
+
+Environment Variable | Description | Default Value | Slim version
+-- | -- | -- | --
+`PYPROXY_VERSION` | Show version information | `N/A` |  
+`PYPROXY_DEBUG` | Enable debug logging | `False` |  
+`PYPROXY_HOST` | IP address to listen on | `0.0.0.0` |  
+`PYPROXY_PORT` | Port to listen on | `8080` |  
+`PYPROXY_CONFIG_FILE` | Path to config.ini file | `./config.ini` |  
+`PYPROXY_ACCESS_LOG` | Path to the access log file | `logs/access.log` |  
+`PYPROXY_BLOCK_LOG` | Path to the block log file | `logs/block.log` |  
+`PYPROXY_HTML_403` | Path to the custom 403 Forbidden HTML page | `assets/403.html` |  
+`PYPROXY_FILTER_MODE` | Disable URL and domain filtering | `False` |  
+`PYPROXY_NO_FILTER` | Filter list mode (local or http) | `local` |  
+`PYPROXY_BLOCKED_SITES` | Path to the text file containing the list of sites to block | `config/blocked_sites.txt` |  
+`PYPROXY_BLOCKED_URL` | Path to the text file containing the list of URLs to block | `config/blocked_url.txt` |  
+`PYPROXY_SHORTCUTS` | Path to the text file containing the list of shortcuts | `config/shortcuts.txt` | **not included**
+`PYPROXY_CUSTOM_HEADER` | Path to the json file containing the list of custom headers | `config/custom_header.json` | **not included**
+`PYPROXY_AUTHORIZED_IPS` | Path to the txt file containing the list of authorized ips | `config/authorized_ips.txt` |
+`PYPROXY_NO_LOGGING_ACCESS` | Disable access logging | `False` |  
+`PYPROXY_NO_LOGGING_BLOCK` | Disable block logging | `False` |  
+`PYPROXY_SSL_INSPECT` | Enable SSL inspection | `False` |  
+`PYPROXY_INSPECT_CA_CERT` | Path to the CA certificate | `certs/ca/cert.pem` |  
+`PYPROXY_INSPECT_CA_KEY` | Path to the CA key | `certs/ca/key.pem` |  
+`PYPROXY_INSPECT_CERTS_FOLDER` | Path to the generated certificates folder | `certs/` |  
+`PYPROXY_CANCEL_INSPECT` | Path to the text file containing the list of URLs without SSL inspection | `config/cancel_inspect.txt` |  
+`PYPROXY_FLASK_PORT` | Port to listen on for the monitoring interface | `5000` | **not included**
+`PYPROXY_FLASK_PASS` | Default password to Flask interface | `password` | **not included**
+`PYPROXY_PROXY_ENABLE` | Enable proxy after PyProxy | `False` |
+`PYPROXY_PROXY_HOST` | Proxy IP to use after PyProxy | `127.0.0.1` |
+`PYPROXY_PROXY_PORT` | Proxy Port to use after PyProxy | `8081` |
+
+## Example Usage with Docker Compose
+To configure `pyproxy` with Docker Compose and set environment variables, you can add the following to your `docker-compose.yml` file:
+
+```yaml
+services:
+  pyproxy:
+    image: ghcr.io/6c656c65/pyproxy:latest
+    environment:
+      PYPROXY_HOST: 0.0.0.0
+      PYPROXY_PORT: 8080
+      PYPROXY_SSL_INSPECT: "True"
+      PYPROXY_FLASK_PORT: 5000
+      PYPROXY_DEBUG: "True"
+```
@@ -0,0 +1,58 @@
+An example configuration file is provided `./config.ini.example`. 
+You can copy it and call it `config.ini`. By default, the program will read the `config.ini` file located at the root of the project. The path can be changed with the `-f` argument.
+
+!!! warning
+    Please note: Command line configurations take precedence over the configuration 
+
+## Example of a configuration file
+
+```ini
+[Server]
+host = 0.0.0.0
+port = 8080
+
+[Logging]
+debug = false
+access_log = ./logs/access.log
+block_log = ./logs/block.log
+no_logging_access = false
+no_logging_block = false
+console_format = %(asctime)s - %(levelname)s - %(message)s
+datefmt = %d/%m/%Y %H:%M:%S
+
+[Files]
+html_403 = assets/403.html
+
+[Filtering]
+no_filter = false
+filter_mode = local
+blocked_sites = config/blocked_sites.txt
+blocked_url = config/blocked_url.txt
+
+[Options]
+shortcuts = config/shortcuts.txt
+custom_header = config/custom_header.json
+authorized_ips = config/authorized_ips.txt
+
+[Security]
+ssl_inspect = false
+inspect_ca_cert = certs/ca/cert.pem
+inspect_ca_key = certs/ca/key.pem
+inspect_certs_folder = certs/
+cancel_inspect = config/cancel_inspect.txt
+
+[Monitoring]
+flask_port = 5000
+flask_pass = password
+
+[Proxy]
+proxy_enable = false
+proxy_host = 127.0.0.1
+proxy_port = 8081
+```
+
+!!! warning
+    In the `slim` version, the `Monitoring`, `Custom header` and `Shortcuts` parts are not included
+
+## With Docker image
+If you want to use the configuration file with the Docker image. You must put it in the container at the following path: `/app/config.ini` by default
@@ -0,0 +1,123 @@
+# API
+
+The Monitoring API allows you to retrieve proxy server status, configuration, and manage filtering rules (blocked sites and URLs).
+
+All routes are secured using HTTP Basic Authentication.
+
+!!! note
+    Here is a [python SDK](https://github.com/pyproxytools/pyproxy-sdk-py) to interact with the API.
+
+---
+
+## Endpoints
+
+### `GET /`
+
+Returns the main monitoring HTML dashboard.
+
+---
+
+### `GET /api/status`
+
+Returns real-time monitoring information about the running proxy server.
+
+**Response example:**
+```json
+{
+  "pid": 12345,
+  "threads": 10,
+  "connections": 5,
+  ...
+}
+```
+
+---
+
+### `GET /api/settings`
+
+Returns the current proxy server configuration.
+
+**Response example:**
+
+```json
+{
+  "host": "127.0.0.1",
+  "port": 8080,
+  "debug": false,
+  "html_403": true,
+  "logger_config": { ... },
+  "filter_config": { ... },
+  "ssl_config": { ... },
+  "flask_port": 5000
+}
+```
+
+---
+
+### `GET /api/filtering`
+
+Returns current blocked domains and URLs.
+
+**Response example:**
+
+```json
+{
+  "blocked_sites": ["example.com", "malware.com"],
+  "blocked_url": ["http://badurl.com/path"]
+}
+```
+
+---
+
+### `POST /api/filtering`
+
+Add a domain or URL to the block list.
+
+**Request body:**
+
+```json
+{
+  "type": "domain" | "url",
+  "value": "value_to_block"
+}
+```
+
+**Responses:**
+
+* `201`: Successfully added.
+* `400`: Invalid input.
+* `409`: Already blocked.
+
+---
+
+### `DELETE /api/filtering`
+
+Remove a domain or URL from the block list.
+
+**Request body:**
+
+```json
+{
+  "type": "domain" | "url",
+  "value": "value_to_unblock"
+}
+```
+
+**Responses:**
+
+* `200`: Successfully removed.
+* `400`: Invalid input.
+* `404`: Value not found.
+* `500`: Server error.
+
+---
+
+## Authentication
+
+All endpoints require HTTP Basic Authentication.
+
+Provide your credentials in the `Authorization` header:
+
+```http
+Authorization: Basic <base64(username:password)>
+```
@@ -0,0 +1,23 @@
+You can define a list of subnets that are allowed to use the proxy
+
+!!! warning
+    Please note: To reload the list of allowed IP addresses, you must restart the proxy
+
+By default, the list of authorized subnets is defined in the file `config/authorized_ips.txt`.
+
+Here is an example of a `txt` file :
+```
+0.0.0.0/0
+127.0.0.1/8
+10.0.0.1/32
+```
+
+## Change the file path
+You can change the path to the files containing authorized IP addresses. Here is the associated documentation, depending on your configuration.
+
+* [From an .ini file](../configuration/from_ini_file.md)
+* [With command argument](../configuration/command_argument.md)
+* [Environment variables](../configuration/env_var.md)
+
+## Disable IP address filtering
+The IP address filtering system is activated as soon as the file is present. Simply do not create the authorized IP file.