├── .gitignore ├── Dockerfile ├── README.md ├── auth.conf ├── configmap.sh ├── deployment.yml ├── docker-compose.yml ├── squid.conf └── start.sh /.gitignore: -------------------------------------------------------------------------------- 1 | peers.conf 2 | /.idea -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | RUN apt update\ 3 | && apt -y install squid\ 4 | && apt -y install apache2-utils\ 5 | && rm -rf /var/lib/apt/lists/* 6 | COPY squid.conf /etc/squid/squid.conf 7 | COPY auth.conf /etc/squid/auth.conf 8 | WORKDIR /app 9 | COPY start.sh . 10 | RUN chmod +x start.sh 11 | 12 | EXPOSE 3128/tcp 13 | CMD ["./start.sh"] -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ProxyTunnel 2 | Proxy Tunnel using Squid LoadBalancer 3 | -------------------------------------------------------------------------------- /auth.conf: -------------------------------------------------------------------------------- 1 | acl SSL_ports port 443 2 | acl Safe_ports port 80 # http 3 | acl Safe_ports port 21 # ftp 4 | acl Safe_ports port 443 # https 5 | acl Safe_ports port 70 # gopher 6 | acl Safe_ports port 210 # wais 7 | acl Safe_ports port 1025-65535 # unregistered ports 8 | acl Safe_ports port 280 # http-mgmt 9 | acl Safe_ports port 488 # gss-http 10 | acl Safe_ports port 591 # filemaker 11 | acl Safe_ports port 777 # multiling http 12 | acl CONNECT method CONNECT 13 | http_access deny !Safe_ports 14 | http_access deny CONNECT !SSL_ports 15 | http_access deny manager 16 | 17 | auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd 18 | auth_param basic children 5 19 | auth_param basic realm proxy 20 | auth_param basic credentialsttl 2 hours 21 | auth_param basic casesensitive on 22 | acl auth proxy_auth REQUIRED 23 | http_access allow auth 24 | 25 | http_port 3128 26 | 27 | coredump_dir /var/spool/squid 28 | refresh_pattern ^ftp: 1440 20% 10080 29 | refresh_pattern ^gopher: 1440 0% 1440 30 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 31 | refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 32 | refresh_pattern . 0 20% 4320 33 | 34 | forwarded_for off 35 | request_header_access Allow allow all 36 | request_header_access Authorization allow all 37 | request_header_access WWW-Authenticate allow all 38 | request_header_access Proxy-Authorization allow all 39 | request_header_access Proxy-Authenticate allow all 40 | request_header_access Cache-Control allow all 41 | request_header_access Content-Encoding allow all 42 | request_header_access Content-Length allow all 43 | request_header_access Content-Type allow all 44 | request_header_access Date allow all 45 | request_header_access Expires allow all 46 | request_header_access Host allow all 47 | request_header_access If-Modified-Since allow all 48 | request_header_access Last-Modified allow all 49 | request_header_access Location allow all 50 | request_header_access Pragma allow all 51 | request_header_access Accept allow all 52 | request_header_access Accept-Charset allow all 53 | request_header_access Accept-Encoding allow all 54 | request_header_access Accept-Language allow all 55 | request_header_access Content-Language allow all 56 | request_header_access Mime-Version allow all 57 | request_header_access Retry-After allow all 58 | request_header_access Title allow all 59 | request_header_access Connection allow all 60 | request_header_access Proxy-Connection allow all 61 | request_header_access User-Agent allow all 62 | request_header_access Cookie allow all 63 | request_header_access Via deny all 64 | request_header_access X-Forwarded-For deny all 65 | 66 | # To disable all logging 67 | access_log none 68 | cache_log /dev/null 69 | 70 | # To disable caching 71 | cache deny all 72 | cache_mem 8 MB 73 | cache_dir null /tmp 74 | 75 | # peers的配置 76 | include /etc/squid/peers.conf 77 | 78 | never_direct allow all 79 | -------------------------------------------------------------------------------- /configmap.sh: -------------------------------------------------------------------------------- 1 | kubectl create configmap squid --from-file=./peers.conf -n proxytunnel 2 | -------------------------------------------------------------------------------- /deployment.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: v1 4 | kind: Service 5 | metadata: 6 | annotations: 7 | kompose.cmd: kompose convert -f docker-compose.yml -o deployment.yml 8 | kompose.version: 1.20.0 () 9 | creationTimestamp: null 10 | labels: 11 | io.kompose.service: proxytunnel 12 | name: proxytunnel 13 | namespace: proxytunnel 14 | spec: 15 | ports: 16 | - name: "3128" 17 | port: 3128 18 | targetPort: 3128 19 | selector: 20 | io.kompose.service: proxytunnel 21 | type: LoadBalancer 22 | status: 23 | loadBalancer: {} 24 | - apiVersion: extensions/v1beta1 25 | kind: Deployment 26 | metadata: 27 | annotations: 28 | kompose.cmd: kompose convert -f docker-compose.yml -o deployment.yml 29 | kompose.version: 1.20.0 () 30 | creationTimestamp: null 31 | labels: 32 | io.kompose.service: proxytunnel 33 | name: proxytunnel 34 | namespace: proxytunnel 35 | spec: 36 | replicas: 1 37 | revisionHistoryLimit: 0 38 | strategy: {} 39 | template: 40 | metadata: 41 | annotations: 42 | kompose.cmd: kompose convert -f docker-compose.yml -o deployment.yml 43 | kompose.version: 1.20.0 () 44 | creationTimestamp: null 45 | labels: 46 | io.kompose.service: proxytunnel 47 | spec: 48 | containers: 49 | - image: germey/proxytunnel 50 | name: proxytunnel 51 | ports: 52 | - containerPort: 3128 53 | env: 54 | - name: PEERS_CONF 55 | valueFrom: 56 | configMapKeyRef: 57 | name: squid 58 | key: "peers.conf" 59 | - name: PROXY_AUTH 60 | valueFrom: 61 | secretKeyRef: 62 | name: auth 63 | key: "PROXY_AUTH" 64 | - name: PROXY_USERNAME 65 | valueFrom: 66 | secretKeyRef: 67 | name: auth 68 | key: "PROXY_USERNAME" 69 | - name: PROXY_PASSWORD 70 | valueFrom: 71 | secretKeyRef: 72 | name: auth 73 | key: "PROXY_PASSWORD" 74 | resources: {} 75 | status: {} 76 | kind: List 77 | metadata: {} 78 | 79 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.1' 2 | 3 | services: 4 | proxytunnel: 5 | image: germey/proxytunnel 6 | build: 7 | context: . 8 | dockerfile: Dockerfile 9 | restart: always 10 | ports: 11 | - '3128:3128' 12 | environment: 13 | PEERS_CONF: "# test" 14 | PROXY_AUTH: "false" 15 | PROXY_USERNAME: germey 16 | PROXY_PASSWORD: germey -------------------------------------------------------------------------------- /squid.conf: -------------------------------------------------------------------------------- 1 | acl SSL_ports port 443 2 | acl Safe_ports port 80 # http 3 | acl Safe_ports port 21 # ftp 4 | acl Safe_ports port 443 # https 5 | acl Safe_ports port 70 # gopher 6 | acl Safe_ports port 210 # wais 7 | acl Safe_ports port 1025-65535 # unregistered ports 8 | acl Safe_ports port 280 # http-mgmt 9 | acl Safe_ports port 488 # gss-http 10 | acl Safe_ports port 591 # filemaker 11 | acl Safe_ports port 777 # multiling http 12 | acl CONNECT method CONNECT 13 | http_access deny !Safe_ports 14 | http_access deny CONNECT !SSL_ports 15 | http_access deny manager 16 | http_access allow all 17 | http_access allow localhost 18 | 19 | http_port 3128 20 | 21 | coredump_dir /var/spool/squid 22 | refresh_pattern ^ftp: 1440 20% 10080 23 | refresh_pattern ^gopher: 1440 0% 1440 24 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 25 | refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 26 | refresh_pattern . 0 20% 4320 27 | 28 | forwarded_for off 29 | request_header_access Allow allow all 30 | request_header_access Authorization allow all 31 | request_header_access WWW-Authenticate allow all 32 | request_header_access Proxy-Authorization allow all 33 | request_header_access Proxy-Authenticate allow all 34 | request_header_access Cache-Control allow all 35 | request_header_access Content-Encoding allow all 36 | request_header_access Content-Length allow all 37 | request_header_access Content-Type allow all 38 | request_header_access Date allow all 39 | request_header_access Expires allow all 40 | request_header_access Host allow all 41 | request_header_access If-Modified-Since allow all 42 | request_header_access Last-Modified allow all 43 | request_header_access Location allow all 44 | request_header_access Pragma allow all 45 | request_header_access Accept allow all 46 | request_header_access Accept-Charset allow all 47 | request_header_access Accept-Encoding allow all 48 | request_header_access Accept-Language allow all 49 | request_header_access Content-Language allow all 50 | request_header_access Mime-Version allow all 51 | request_header_access Retry-After allow all 52 | request_header_access Title allow all 53 | request_header_access Connection allow all 54 | request_header_access Proxy-Connection allow all 55 | request_header_access User-Agent allow all 56 | request_header_access Cookie allow all 57 | request_header_access Via deny all 58 | request_header_access X-Forwarded-For deny all 59 | 60 | # To disable all logging 61 | access_log none 62 | cache_log /dev/null 63 | 64 | # To disable caching 65 | cache deny all 66 | cache_mem 8 MB 67 | cache_dir null /tmp 68 | 69 | # peers的配置 70 | include /etc/squid/peers.conf 71 | 72 | never_direct allow all 73 | -------------------------------------------------------------------------------- /start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | echo "$PEERS_CONF" >/etc/squid/peers.conf 3 | if [ "$PROXY_AUTH" = true ]; then 4 | htpasswd -cb /etc/squid/passwd "${PROXY_USERNAME}" "${PROXY_PASSWORD}" 5 | mv /etc/squid/auth.conf /etc/squid/squid.conf 6 | fi 7 | service squid start 8 | tail -f /dev/null 9 | --------------------------------------------------------------------------------