2. Installation

Privoxy is available both in convenient pre-compiled packages for a wide range of operating systems, and as raw source code. For most users, we recommend using the packages, which can be downloaded from our Privoxy Project Page.

Note: On some platforms, the installer may remove previously installed versions, if found. (See below for your platform). In any case be sure to backup your old configuration if it is valuable to you. See the note to upgraders section below.

2.1. Binary Packages

How to install the binary packages depends on your operating system:

2.1.1. Debian and Ubuntu

DEBs can be installed with apt-get install privoxy, and will use /etc/privoxy for the location of configuration files.

2.1.2. Windows

Just double-click the installer, which will guide you through the installation process. You will find the configuration files in the same directory as you installed Privoxy in.

Version 3.0.5 beta introduced full Windows service functionality. On Windows only, the Privoxy program has two new command line arguments to install and uninstall Privoxy as a service.

Arguments:

--install[:service_name]

--uninstall[:service_name]

After invoking Privoxy with --install, you will need to bring up the Windows service console to assign the user you want Privoxy to run under, and whether or not you want it to run whenever the system starts. You can start the Windows services console with the following command: services.msc. If you do not take the manual step of modifying Privoxy's service settings, it will not start. Note too that you will need to give Privoxy a user account that actually exists, or it will not be permitted to write to its log and configuration files.

2.1.3. Mac OS X

Installation instructions for the OS X platform depend upon whether you downloaded a ready-built installation package (.pkg or .mpkg) or have downloaded the source code.

2.1.4. Installation from ready-built package

The downloaded file will either be a .pkg (for OS X 10.5 upwards) or a bzipped .mpkg file (for OS X 10.4). The former can be double-clicked as is and the installation will start; double-clicking the latter will unzip the .mpkg file which can then be double-clicked to commence the installation.

The privoxy service will automatically start after a successful installation (and thereafter every time your computer starts up) however you will need to configure your web browser(s) to use it. To do so, configure them to use a proxy for HTTP and HTTPS at the address 127.0.0.1:8118.

To prevent the privoxy service from automatically starting when your computer starts up, remove or rename the file /Library/LaunchDaemons/org.ijbswa.privoxy.plist (on OS X 10.5 and higher) or the folder named /Library/StartupItems/Privoxy (on OS X 10.4 'Tiger').

To manually start or stop the privoxy service, use the scripts startPrivoxy.sh and stopPrivoxy.sh supplied in /Applications/Privoxy. They must be run from an administrator account, using sudo.

To uninstall, run /Applications/Privoxy/uninstall.command as sudo from an administrator account.

2.1.5. Installation from source

To build and install the Privoxy source code on OS X you will need to obtain the macsetup module from the Privoxy Sourceforge CVS repository (refer to Sourceforge help for details of how to set up a CVS client to have read-only access to the repository). This module contains scripts that leverage the usual open-source tools (available as part of Apple's free of charge Xcode distribution or via the usual open-source software package managers for OS X (MacPorts, Homebrew, Fink etc.) to build and then install the privoxy binary and associated files. The macsetup module's README file contains complete instructions for its use.

The privoxy service will automatically start after a successful installation (and thereafter every time your computer starts up) however you will need to configure your web browser(s) to use it. To do so, configure them to use a proxy for HTTP and HTTPS at the address 127.0.0.1:8118.

To prevent the privoxy service from automatically starting when your computer starts up, remove or rename the file /Library/LaunchDaemons/org.ijbswa.privoxy.plist (on OS X 10.5 and higher) or the folder named /Library/StartupItems/Privoxy (on OS X 10.4 'Tiger').

To manually start or stop the privoxy service, use the Privoxy Utility for Mac OS X (also part of the macsetup module). This application can start and stop the privoxy service and display its log and configuration files.

To uninstall, run the macsetup module's uninstall.sh as sudo from an administrator account.

2.1.6. FreeBSD and ElectroBSD

Privoxy is part of FreeBSD's Ports Collection, you can build and install it with cd /usr/ports/www/privoxy; make install clean.

If your system is configured to install binary packages you can try to install Privoxy with pkg install privoxy.

2.2. Building from Source

The most convenient way to obtain the Privoxy source code is to download the source tarball from our project download page, or you can get the up-to-the-minute, possibly unstable, development version from https://www.privoxy.org/.

To build Privoxy from source, autoconf, GNU make (gmake), and, of course, a C compiler like gcc are required.

When building from a source tarball, first unpack the source:

  tar xzvf privoxy-3.0.34-stable-src.tar.gz
  cd privoxy-3.0.34-stable

To build the development version, you can get the source code by doing:

  cd <root-dir>
  git clone https://www.privoxy.org/git/privoxy.git

This will create a directory named <root-dir>/privoxy/, which will contain the source tree.

Note that source code in Git is development quality, and may not be stable or well tested.

It is strongly recommended to not run Privoxy as root. You should configure/install/run Privoxy as an unprivileged user, preferably by creating a "privoxy" user and group just for this purpose. See your local documentation for the correct command line to do add new users and groups (something like adduser, but the command syntax may vary from platform to platform).

/etc/passwd might then look like:

  privoxy:*:7777:7777:privoxy proxy:/no/home:/no/shell

And then /etc/group, like:

  privoxy:*:7777:

Some binary packages may do this for you.

Then, to build from either unpacked tarball or Git checkout:

  autoheader
  autoconf
  ./configure      # (--help to see options)
  make             # (the make from GNU, sometimes called gmake)
  su               # Possibly required
  make -n install  # (to see where all the files will go)
  make -s install  # (to really install, -s to silence output)

Using GNU make, you can have the first four steps automatically done for you by just typing:

  make

in the freshly downloaded or unpacked source directory.

To build an executable with security enhanced features so that users cannot easily bypass the proxy (e.g. "Go There Anyway"), or alter their own configurations, configure like this:

  ./configure  --disable-toggle  --disable-editor  --disable-force

Note that all of these options can also be disabled through the configuration file.

WARNING: If installing as root, the install will fail unless a non-root user or group is specified, or a privoxy user and group already exist on the system. If a non-root user is specified, and no group, then the installation will try to also use a group of the same name as "user". If a group is specified (and no user), then the support files will be installed as writable by that group, and owned by the user running the installation.

configure accepts --with-user and --with-group options for setting user and group ownership of the configuration files (which need to be writable by the daemon). The specified user must already exist. When starting Privoxy, it must be run as this same user to insure write access to configuration and log files!

Alternately, you can specify user and group on the make command line, but be sure both already exist:

  make -s install  USER=privoxy GROUP=privoxy

The default installation path for make install is /usr/local. This may of course be customized with the various ./configure path options. If you are doing an install to anywhere besides /usr/local, be sure to set the appropriate paths with the correct configure options (./configure --help). Non-privileged users must of course have write access permissions to wherever the target installation is going.

If you do install to /usr/local, the install will use sysconfdir=$prefix/etc/privoxy by default. All other destinations, and the direct usage of --sysconfdir flag behave like normal, i.e. will not add the extra privoxy directory. This is for a safer install, as there may already exist another program that uses a file with the "config" name, and thus makes /usr/local/etc cleaner.

If installing to /usr/local, the documentation will go by default to $prefix/share/doc. But if this directory doesn't exist, it will then try $prefix/doc and install there before creating a new $prefix/share/doc just for Privoxy.

Again, if the installs goes to /usr/local, the localstatedir (ie: var/) will default to /var instead of $prefix/var so the logs will go to /var/log/privoxy/, and the pid file will be created in /var/run/privoxy.pid.

make install will attempt to set the correct values in config (main configuration file). You should check this to make sure all values are correct. If appropriate, an init script will be installed, but it is up to the user to determine how and where to start Privoxy. The init script should be checked for correct paths and values, if anything other than a default install is done.

If install finds previous versions of local configuration files, most of these will not be overwritten, and the new ones will be installed with a "new" extension. default.action and default.filter will be overwritten. You will then need to manually update the other installed configuration files as needed. The default template files will be overwritten. If you have customized, local templates, these should be stored safely in a separate directory and defined in config by the "templdir" directive. It is of course wise to always back-up any important configuration files "just in case". If a previous version of Privoxy is already running, you will have to restart it manually.

For more detailed instructions on how to build Redhat RPMs, Windows self-extracting installers, building on platforms with special requirements etc, please consult the developer manual.

2.2.1. Windows

2.2.1.1. Setup

Install the Cygwin utilities needed to build Privoxy. If you have a 64 bit CPU (which most people do by now), get the Cygwin setup-x86_64.exe program here (the .sig file is here).

Run the setup program and from View / Category select:

  Devel
    autoconf 2.5
    automake 1.15
    binutils
    cmake
    gcc-core
    gcc-g++
    git
    make
    mingw64-i686-gcc-core
    mingw64-i686-zlib
  Editors
    vim
  Libs
    libxslt: GNOME XSLT library (runtime)
  Net
    curl
    openssh
  Text
    docbook-dssl
    docbook-sgml31
    docbook-utils
    openjade
  Utils
    gnupg
  Web
    w3m

If you haven't already downloaded the Privoxy source code, get it now:

  mkdir <root-dir>
  cd <root-dir>
  git clone https://www.privoxy.org/git/privoxy.git

Get the source code (.zip or .tar.gz) for tidy from https://github.com/htacg/tidy-html5/releases, unzip into <root-dir> and build the software:

  cd <root-dir>
  cd tidy-html5-x.y.z/build/cmake
  cmake ../.. -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIB:BOOL=OFF -DCMAKE_INSTALL_PREFIX=/usr/local
  make && make install

If you want to be able to make a Windows release package, get the NSIS .zip file from https://sourceforge.net/projects/nsis/files/NSIS%203/ and extract the NSIS directory to /<root-dir>/nsis/. Then edit the windows/GNUmakefile to set the location of the NSIS executable - eg:

  # Path to NSIS
  MAKENSIS = /<root-dir>/nsis/makensis.exe

Get the latest 8.x PCRE code from PCRE https://sourceforge.net/projects/pcre/files/pcre/ and build the static PCRE libraries with

  export CFLAGS="-O2 -fstack-protector-strong -D_FORTIFY_SOURCE=2"
  export LDFLAGS="-fstack-protector-strong"
  export CPPFLAGS="-DPCRE_STATIC"

  ./configure  --host=i686-w64-mingw32 \
               --prefix=/usr/local/i686-w64-mingw32 \
               --enable-utf  --enable-unicode-properties \
               --enable-jit \
               --enable-newline-is-anycrlf \
               --enable-pcre16 \
               --enable-pcre32 \
               --disable-pcregrep-libbz2 \
               --disable-pcregrep-libz \
               --disable-pcretest-libreadline \
               --disable-stack-for-recursion  \
               --enable-static --disable-shared \
    &&  make

If you want to be able to have Privoxy do TLS Inspection, get the latest 2.28.x MBED-TLS library source code from https://github.com/Mbed-TLS/mbedtls/tags, extract the tar file into <root-dir> and build the static libraries with

  export WINDOWS_BUILD=1
  #  build for a Windows platform

  unset DEBUG

  export CC=i686-w64-mingw32-gcc
  export LD=i686-w64-mingw32-gcc
  export CFLAGS="-O2 -fstack-protector-strong -D_FORTIFY_SOURCE=2"
  export LDFLAGS="${LDFLAGS} -fstack-protector-strong"

  make lib
  #  build the libraries

Get the brotli library from https://github.com/google/brotli/releases and build the static libraries with

  ./bootstrap
  #  to create the GNU autotools files

  autoconf

  export CFLAGS="-O2 -fstack-protector-strong -D_FORTIFY_SOURCE=2"
  export LDFLAGS="${LDFLAGS} -fstack-protector-strong"

  ./configure  --host=i686-w64-mingw32 \
               --prefix=/usr/local/i686-w64-mingw32 \
               --enable-static   \
               --disable-shared  \
               --with-gnu-ld     \
               --disable-silent-rules \
    && make

2.2.1.2. Build

To build just the Privoxy executable and not the whole installation package, do:

  cd <root-dir>/privoxy
  ./windows/MYconfigure && make

Privoxy uses the GNU Autotools for building software, so the process is:

  autoheader              # creates config.h.in
  autoconf                # uses config.h.in to create the configure shell script
  ./configure [options]   # creates GNUmakefile
  make        [options]   # builds the program

The usual configure options for building a native Windows application under cygwin are

  --host=i686-w64-mingw32
  --enable-mingw32
  --enable-zlib
  --enable-static-linking
  --disable-pthread
  --with-brotli
  --with-mbedtls

You can set the CFLAGS and LDFLAGS envars before running configure to set compiler and linker flags. For example:

  $ export CFLAGS="-O2"              # set gcc optimization level
  $ export LDFLAGS="-Wl,--nxcompat"  # Enable DEP
  $ ./configure --host=i686-w64-mingw32 --enable-mingw32  --enable-zlib \
  >             --enable-static-linking --disable-pthread
  $ make                             # build Privoxy

See the Developer's Manual for building a Windows release package.

2.3. Keeping your Installation Up-to-Date

If you wish to receive an email notification whenever we release updates of Privoxy or the actions file, subscribe to our announce mailing list, [email protected].

In order not to lose your personal changes and adjustments when updating to the latest default.action file we strongly recommend that you use user.action and user.filter for your local customizations of Privoxy. See the Chapter on actions files for details.