Maintainers	essandess
Categories	net security
Homepage	https://github.com/essandess/macOS-Fortress
Platforms	{darwin any}
Variants	https_inspection (Use Privoxy HTTPS inspection.) initialize_always (Always initialize all configuration files. Intended for development and troubleshooting only. Working deployments must disable this variant to prevent configuration files being overwritten at the next upgrade. Existing configuration files are not overwritten by default.)

Subport(s) (8)

"macos-fortress-proxy" depends on

lib (4)

build (1)

Ports that depend on "macos-fortress-proxy"

lib (1)

Port notes

The proxy uses a privoxy (port 8118) along with CSS blocking using an nginx webserver (port 8119). Clients may be configured to use this proxy by either host:port or the PAC file:

localhost:8118
http://localhost/proxy.pac Domain names and a blacklist file are blocked, excluding whitelisted domain names. These are provised in the files:

${prefix}/etc/macos-fortress/blacklist.txt
${prefix}/etc/macos-fortress/whitelist.txt

The proxy also provides a proxy autoconfiguration (PAC) file with blocking rules generated from easylist ad and tracker blocks. The proxy uses these environment variables (with default values):

${PROXY_HOSTNAME:-localhost}
${PROXY_PAC_SERVER:-127.0.0.1}
${PROXY_PAC_DIRECTORY:-/Library/WebServer/Documents}

To change site-specific launchd environment variables, use the launchd plist:

${prefix}/share/macos-fortress/private.myserver.launchctl-setenv.plist

The native macOS web server is used by default to host the PAC file. This web server must be launched independently with the command

sudo apachectl start A startup item has been generated that will aid in starting macos-fortress-proxy with launchd. It is disabled by default. Execute the following command to start it, and to cause it to launch at startup:

sudo port load macos-fortress-proxy