Deploying Privoxy

Introduction

Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data, managing cookies, controlling access, and removing ads and other obnoxious internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes.

Originally based on Internet Junkbuster, Privoxy has evolved into a powerful privacy tool that works on virtually all web browsers and operating systems. It can be used standalone or in conjunction with other tools like Tor for enhanced anonymity.

Key highlights of Privoxy:

• Ad Blocking: Remove advertisements and banners from web pages
• Privacy Protection: Strip tracking scripts and cookies
• Content Filtering: Modify web page content on the fly
• Cookie Management: Control which cookies are accepted and sent
• Header Manipulation: Modify HTTP headers to enhance privacy
• HTTPS Inspection: Optional man-in-the-middle for HTTPS filtering
• Tor Integration: Works seamlessly with the Tor network
• Flexible Configuration: Highly customizable through action files
• Open Source: Licensed under GPL

This guide walks through deploying Privoxy on Klutch.sh using Docker.

Why Deploy Privoxy on Klutch.sh

Deploying Privoxy on Klutch.sh provides several advantages:

Simplified Deployment: Klutch.sh automatically detects your Dockerfile and builds Privoxy without complex configuration.

Persistent Storage: Attach persistent volumes for configuration and log files.

Centralized Proxy: Use a single Privoxy instance for multiple devices and users.

Environment Variable Management: Securely store configuration options through Klutch.sh’s environment variable system.

Always-On Availability: Your proxy remains operational 24/7 for consistent privacy protection.

Prerequisites

Before deploying Privoxy on Klutch.sh, ensure you have:

• A Klutch.sh account
• A GitHub account with a repository for your Privoxy configuration
• Basic understanding of web proxies and HTTP
• (Optional) Custom filter rules for your specific needs

Understanding Privoxy Architecture

Privoxy operates as an HTTP proxy between your browser and the internet:

HTTP Proxy: Receives requests from clients and forwards them to destination servers.

Filtering Engine: Applies rules to modify requests and responses.

Action Files: Define what actions to take for specific URLs or patterns.

Filter Files: Contain regex patterns for content modification.

Trust Files: Control which sites are trusted for forwarding.

Preparing Your Repository

Create a GitHub repository containing your Dockerfile and Privoxy configuration.

Repository Structure

privoxy-deploy/
├── Dockerfile
├── config
├── user.action
├── user.filter
└── .dockerignore

Creating the Dockerfile

Create a Dockerfile in the root of your repository:

FROM alpine:3.19

# Install Privoxy
RUN apk add --no-cache privoxy

# Create directories
RUN mkdir -p /etc/privoxy /var/log/privoxy

# Copy configuration files
COPY config /etc/privoxy/config
COPY user.action /etc/privoxy/user.action
COPY user.filter /etc/privoxy/user.filter

# Set permissions
RUN chown -R privoxy:privoxy /etc/privoxy /var/log/privoxy

# Expose proxy port
EXPOSE 8118

# Run Privoxy
USER privoxy
CMD ["privoxy", "--no-daemon", "/etc/privoxy/config"]

Creating the config File

Create a config file with your Privoxy configuration:

# Privoxy Configuration

# Listen address and port
listen-address 0.0.0.0:8118

# Enable remote access toggle
enable-remote-toggle 1

# Enable remote editing of actions
enable-remote-http-toggle 1

# Enable editing of actions files
enable-edit-actions 1

# User manual location
user-manual /usr/share/doc/privoxy/user-manual

# Config directory
confdir /etc/privoxy

# Log directory
logdir /var/log/privoxy

# Action files
actionsfile match-all.action
actionsfile default.action
actionsfile user.action

# Filter files
filterfile default.filter
filterfile user.filter

# Trust file
# trustfile trust

# Log file
logfile privoxy.log

# Debug levels (1=connections, 1024=actions, 4096=content filtering)
debug 1
debug 1024

# Hostname for error pages
hostname privoxy.local

# Buffer limit
buffer-limit 4096

# Enable compression
compression-level 1

# Forward to Tor (optional, uncomment to enable)
# forward-socks5t / 127.0.0.1:9050 .

Creating user.action File

Create a user.action file for custom actions:

# User-defined action rules

# Block specific trackers
{+block{Known tracker}}
.google-analytics.com
.doubleclick.net
.facebook.com/tr
.twitter.com/i/jot

# Block social media widgets
{+block{Social media widget}}
.facebook.com/plugins
.twitter.com/widgets
.linkedin.com/widgets

# Allow specific sites
{-block}
.example.com

# Disable filtering for banking sites
{-filter}
.bank.com
.paypal.com

Creating user.filter File

Create a user.filter file for content filtering:

# User-defined filters

# Remove tracking parameters from URLs
FILTER: remove-tracking-params Remove tracking query parameters
s@\?utm_[^&]*@@g
s@&utm_[^&]*@@g

# Remove social sharing buttons
FILTER: remove-social Remove social sharing buttons
s@<div[^>]*class="[^"]*share[^"]*"[^>]*>.*?</div>@@gsi

# Clean up cookie notices
FILTER: remove-cookie-notices Remove cookie consent banners
s@<div[^>]*class="[^"]*cookie[^"]*"[^>]*>.*?</div>@@gsi

Creating the .dockerignore File

Create a .dockerignore file:

.git
.github
*.md
LICENSE
.gitignore
*.log
.DS_Store

Deploying Privoxy on Klutch.sh

Push Your Repository to GitHub

Initialize your repository and push to GitHub:

git init
git add Dockerfile config user.action user.filter .dockerignore
git commit -m "Initial Privoxy deployment configuration"
git remote add origin https://github.com/yourusername/privoxy-deploy.git
git push -u origin main

Create a New Project on Klutch.sh

Navigate to the Klutch.sh dashboard and create a new project. Give it a descriptive name like “privoxy” or “web-proxy”.

Create a New App

Within your project, create a new app. Connect your GitHub account if you haven’t already, then select the repository containing your Privoxy Dockerfile.

Configure Traffic Settings

Privoxy uses a TCP port. In the deployment settings:

• Configure port 8118 for HTTP proxy traffic

Attach Persistent Volumes

Add the following volumes:

Mount Path	Recommended Size	Purpose
/etc/privoxy	100 MB	Configuration files
/var/log/privoxy	1 GB	Log files

Deploy Your Application

Click Deploy to start the build process. Klutch.sh will:

• Detect your Dockerfile automatically
• Build the container image
• Attach the persistent volumes
• Start the Privoxy container

Configure Your Browser

Set your browser’s HTTP proxy to your Privoxy instance:

• Host: your-app-name.klutch.sh
• Port: 8118

Configuring Clients

Browser Configuration

Firefox:

1. Go to Settings > Network Settings
2. Select “Manual proxy configuration”
3. Enter your Privoxy host and port
4. Check “Use this proxy server for all protocols”

Chrome:

1. Go to Settings > System > Open proxy settings
2. Configure HTTP proxy in system settings
3. Enter your Privoxy host and port

System-Wide Proxy

Linux:

export http_proxy=http://privoxy-host:8118
export https_proxy=http://privoxy-host:8118

macOS: Set proxy in System Preferences > Network > Advanced > Proxies

Windows: Set proxy in Settings > Network & Internet > Proxy

Creating Custom Rules

Blocking Patterns

Add to user.action:

# Block by domain
{+block{Blocked site}}
.badsite.com

# Block by URL pattern
{+block{Blocked path}}
*/ads/*
*/tracking/*

URL Rewriting

Redirect traffic to different URLs:

{+redirect{s@http://old.example.com@https://new.example.com@}}
old.example.com

Content Modification

Add filters in user.filter:

FILTER: custom-mod Custom content modification
s@Original Text@Replacement Text@g

Tor Integration

To route traffic through Tor, add to your config:

# Forward all traffic through Tor
forward-socks5t / 127.0.0.1:9050 .

# Exceptions (direct connection)
forward .local .
forward 192.168.*.* .
forward 10.*.*.* .

Monitoring and Logging

Accessing Logs

View Privoxy activity logs at /var/log/privoxy/privoxy.log:

2024-01-15 10:30:15.123 Request: example.com/page
2024-01-15 10:30:15.456 Crunch: Blocked: google-analytics.com

Debug Levels

Configure debug output in config:

debug 1      # Log connections
debug 1024   # Log actions applied
debug 4096   # Log content filtering

Troubleshooting Common Issues

Connection Refused

Solutions:

• Verify Privoxy is running
• Check listen address includes 0.0.0.0
• Ensure port 8118 is accessible

Pages Not Loading

Solutions:

• Check for overly aggressive blocking rules
• Verify the site isn’t being blocked incorrectly
• Review logs for error messages

HTTPS Issues

Solutions:

• Privoxy doesn’t inspect HTTPS by default
• For HTTPS filtering, configure SSL inspection
• Check certificate configurations

Additional Resources

• Privoxy Official Website
• Privoxy User Manual
• Privoxy FAQ
• Klutch.sh Deployments

Conclusion

Deploying Privoxy on Klutch.sh gives you a powerful, centralized web proxy for enhancing privacy across all your devices. With flexible filtering rules and extensive customization options, Privoxy helps you take control of your web browsing experience by blocking ads, removing trackers, and modifying content as you see fit.

Whether used standalone or integrated with Tor, Privoxy provides an essential layer of privacy protection for security-conscious users.