Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/o-x-l/squid-openssl-docker

Dockerfile for Squid-OpenSSL
https://github.com/o-x-l/squid-openssl-docker

docker dockerfile dockerfiles http-proxy https-proxy squid squid-proxy ssl-proxy

Last synced: 2 days ago
JSON representation

Dockerfile for Squid-OpenSSL

Host: GitHub
URL: https://github.com/o-x-l/squid-openssl-docker
Owner: O-X-L
Created: 2023-08-27T08:16:20.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-06-01T09:58:00.000Z (7 months ago)
Last Synced: 2025-01-04T10:09:41.282Z (2 days ago)
Topics: docker, dockerfile, dockerfiles, http-proxy, https-proxy, squid, squid-proxy, ssl-proxy
Language: Shell
Homepage: https://docs.o-x-l.com/proxy/forward_squid.html
Size: 104 KB
Stars: 3
Watchers: 1
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Squid OpenSSL - Docker

Build image
```bash
bash scripts/build.sh
```

Run container
```bash
# interactively
docker run -p 3128:3128 --name squid local/squid
# daemon
docker run -d -p 3128:3128 --restart unless-stopped --name squid local/squid
```

You can map your custom config: `-v /path/to/main/config:/etc/squid/squid.conf`

You can also map cache data: ` -v /path/to/data:/var/spool/squid`

## Default config

* SSL-Bump peaking (*no interception - just read target hostnames for filtering*)
* Allow connections only from private IPv4 ranges and localhost
* Allow connections to 80/443
* Deny weak inbound and outbound ciphers
* Deny connections to servers with bad certificates
* Deny HTTP-Connect tunnels through proxy

## Testing

```bash
http_proxy=http://127.0.0.1:3128 curl -v http://superstes.eu
> TCP_MISS/301 478 GET http://superstes.eu/ - HIER_DIRECT/superstes.eu text/html

https_proxy=http://127.0.0.1:3128 curl -v https://superstes.eu
> NONE_NONE/200 0 CONNECT superstes.eu:443 - HIER_NONE/- -
> TCP_TUNNEL/200 6178 CONNECT superstes.eu:443 - HIER_DIRECT/superstes.eu -
```

## Custom paths

If you change paths at build-time you will at least also need to change them in the squid.conf file.

## Logs
The log-files are redirected to `docker logs` as done in the [ubuntu/squid](https://hub.docker.com/r/ubuntu/squid) image.

So configure these log-file locations:

```
SQUID_DIR_LOG=/var/log/squid # can be configured at build-time
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
```