diff --git a/docs/proxy/docker-compose-proxy-test.yml b/docs/proxy/docker-compose-proxy-test.yml new file mode 100644 index 0000000..a3e09af --- /dev/null +++ b/docs/proxy/docker-compose-proxy-test.yml @@ -0,0 +1,26 @@ +version: "3" + +services: + app: + build: + context: ../.. + dockerfile: Dockerfile + target: base + container_name: go-watch + environment: + - HTTP_PROXY=http://squid_proxy:3128 + - HTTPS_PROXY=http://squid_proxy:3128 + ports: + - "8080:8080" + squid_proxy: + image: sameersbn/squid:latest + volumes: + - ./squid-1.conf:/etc/squid/squid.conf + squid_proxy1: + image: sameersbn/squid:latest + volumes: + - ./squid-2.conf:/etc/squid/squid.conf + squid_proxy2: + image: sameersbn/squid:latest + volumes: + - ./squid-2.conf:/etc/squid/squid.conf \ No newline at end of file diff --git a/docs/proxy/squid-1.conf b/docs/proxy/squid-1.conf new file mode 100644 index 0000000..83e2470 --- /dev/null +++ b/docs/proxy/squid-1.conf @@ -0,0 +1,70 @@ +# +# Recommended minimum configuration: +# + +# Example rule allowing access from your local networks. +# Adapt to list your (internal) IP networks from where browsing +# should be allowed + +# Auth +#auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd +#acl ncsa_users proxy_auth REQUIRED +#http_access allow ncsa_users + + +acl all src all +acl manager proto cache_object +acl localhost src 127.0.0.1/32 +acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 + +acl localnet src 10.0.0.0/8 # RFC1918 possible internal network +acl localnet src 172.16.0.0/12 # RFC1918 possible internal network +acl localnet src 192.168.0.0/16 # RFC1918 possible internal network +acl localnet src fc00::/7 # RFC 4193 local private network range +acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines + +acl SSL_ports port 443 +acl Safe_ports port 80 # http +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 443 # https +acl CONNECT method CONNECT + +# +# Recommended minimum Access Permission configuration: +# +# Deny requests to certain unsafe ports +http_access deny !Safe_ports + +# Deny CONNECT to other than secure SSL ports +http_access deny CONNECT !SSL_ports + +http_access allow localhost manager + + +# We strongly recommend the following be uncommented to protect innocent +# web applications running on the proxy server who think the only +# one who can access services on "localhost" is a local user +#http_access deny to_localhost + +# +# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS +# + +# Example rule allowing access from your local networks. +# Adapt localnet in the ACL section to list your (internal) IP networks +# from where browsing should be allowed +http_access allow localnet +http_access allow localhost + +# And finally deny all other access to this proxy +http_access deny all + +# Squid normally listens to port 3128 +http_port 3128 + +# Leave coredumps in the first cache dir +coredump_dir /var/spool/squid + +cache_peer squid_proxy1 parent 3128 0 round-robin no-query never_direct +cache_peer squid_proxy2 parent 3128 0 round-robin no-query never_direct +never_direct allow all diff --git a/docs/proxy/squid-2.conf b/docs/proxy/squid-2.conf new file mode 100644 index 0000000..c8ce55b --- /dev/null +++ b/docs/proxy/squid-2.conf @@ -0,0 +1,81 @@ +# +# Recommended minimum configuration: +# + +# Example rule allowing access from your local networks. +# Adapt to list your (internal) IP networks from where browsing +# should be allowed + +# Auth +#auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd +#acl ncsa_users proxy_auth REQUIRED +#http_access allow ncsa_users + + +acl all src all +acl manager proto cache_object +acl localhost src 127.0.0.1/32 +acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 + +acl localnet src 10.0.0.0/8 # RFC1918 possible internal network +acl localnet src 172.16.0.0/12 # RFC1918 possible internal network +acl localnet src 192.168.0.0/16 # RFC1918 possible internal network +acl localnet src fc00::/7 # RFC 4193 local private network range +acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines + +acl SSL_ports port 443 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 # https +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT + +# +# Recommended minimum Access Permission configuration: +# +# Deny requests to certain unsafe ports +http_access deny !Safe_ports + +# Deny CONNECT to other than secure SSL ports +http_access deny CONNECT !SSL_ports + +# Only allow cachemgr access from localhost +http_access allow localhost manager +http_access deny manager + +# We strongly recommend the following be uncommented to protect innocent +# web applications running on the proxy server who think the only +# one who can access services on "localhost" is a local user +#http_access deny to_localhost + +# +# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS +# + +# Example rule allowing access from your local networks. +# Adapt localnet in the ACL section to list your (internal) IP networks +# from where browsing should be allowed +http_access allow localnet +http_access allow localhost + +# And finally deny all other access to this proxy +http_access deny all + +# Squid normally listens to port 3128 +http_port 3128 + +# Uncomment and adjust the following to add a disk cache directory. +#cache_dir ufs /var/spool/squid 100 16 256 + +# Leave coredumps in the first cache dir +coredump_dir /var/spool/squid + +# +# Add any of your own refresh_pattern entries above these. +#