2023-07-04 16:41:17 +02:00
|
|
|
<p align="right">
|
|
|
|
<img src="http://forthebadge.com/images/badges/built-with-love.svg">
|
|
|
|
<img src="http://forthebadge.com/images/badges/for-you.svg">
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p align="center">
|
2023-07-06 09:29:32 +02:00
|
|
|
<a href="https://gitea.ocram85.com/OCram85/swarmproxy/">
|
2023-07-04 16:41:17 +02:00
|
|
|
<img
|
2023-07-06 09:29:32 +02:00
|
|
|
src="/OCram85/swarmproxy/raw/branch/main/assets/social-logo.png"
|
2023-07-12 17:25:31 +02:00
|
|
|
alt="Swarmproxy - Tame your traffic"
|
2023-07-04 16:41:17 +02:00
|
|
|
>
|
|
|
|
</a>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p align="center">
|
2023-07-12 17:25:31 +02:00
|
|
|
🦁 Swarmproxy is a simple http proxy to limit your outbound traffic.
|
2023-07-04 16:41:17 +02:00
|
|
|
</p>
|
|
|
|
|
2023-07-13 10:48:27 +02:00
|
|
|
## 📖 About
|
2023-07-12 17:25:31 +02:00
|
|
|
|
|
|
|
Swarmproxy is a simply way to integrate a http proxy in your Docker swarm cluster or any other container network.
|
2023-07-13 10:48:27 +02:00
|
|
|
It acts as an centralized proxy to limit your outbound / egress traffic. You can also add a whitelist filter to
|
2023-07-12 17:25:31 +02:00
|
|
|
limit the allowed domains. There is also an option to use a upstream proxy.
|
|
|
|
|
|
|
|
### What does Swarmproxy for you?
|
|
|
|
|
|
|
|
Enterprise and production environments often face more stringent security requirements.
|
|
|
|
Therefore, unfiltered Internet access may be prohibited.
|
|
|
|
|
|
|
|
So Swarmproxy could help you with these features:
|
2023-07-11 10:32:44 +02:00
|
|
|
|
2023-07-13 10:48:27 +02:00
|
|
|
- ✔️ Prevent direct web access from Container workload.
|
|
|
|
- ✔️ Upstream proxy with or without authentication
|
|
|
|
- ✔️ Optional domain based whitelist filter.
|
2023-07-12 17:25:31 +02:00
|
|
|
|
|
|
|
### What does Swarmproxy not?
|
|
|
|
|
|
|
|
Swarmproxy is just a supercharged Tinyproxy where you can point your container workload to.
|
|
|
|
|
2023-07-13 10:48:27 +02:00
|
|
|
- ☣️ Swarmproxy does not block the web access or other traffic if you workload doesn't use a proxy
|
|
|
|
- ☣️ It's not a firewall, thus it does not customize your iptables or any other firewall policies.
|
|
|
|
|
|
|
|
## 🚀 Quickstart
|
2023-07-11 10:32:44 +02:00
|
|
|
|
|
|
|
### 1. ⚡ Get the image 📦
|
|
|
|
|
2023-07-12 10:55:59 +02:00
|
|
|
You can download the image from the Gitea embedded container registry: `gitea.ocram85.com/ocram85/swarmproxy` with these tags:
|
2023-07-11 10:32:44 +02:00
|
|
|
|
2023-07-12 10:55:59 +02:00
|
|
|
- `latest`, `main` - Is based on the lasted master branch commit.
|
2023-07-11 10:32:44 +02:00
|
|
|
- `1`, `0.1`, `0.1.0` - tag based version.
|
|
|
|
|
2023-07-13 10:48:27 +02:00
|
|
|
> **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest)
|
|
|
|
> for latest version and all other available tags.**
|
2023-07-11 10:32:44 +02:00
|
|
|
|
2023-07-12 17:25:31 +02:00
|
|
|
### 2. 🛡️ Run as Docker Swarm Stack
|
2023-07-11 10:32:44 +02:00
|
|
|
|
2023-07-13 10:48:27 +02:00
|
|
|
This example shows all available configuration keys / environment variables for Swarmproxy.
|
|
|
|
|
2023-07-11 10:32:44 +02:00
|
|
|
```yaml
|
|
|
|
version: "3.8"
|
|
|
|
|
2023-07-12 10:55:59 +02:00
|
|
|
networks:
|
|
|
|
egress:
|
|
|
|
attachable: true
|
|
|
|
#external: true
|
|
|
|
|
|
|
|
#configs:
|
|
|
|
# filter_file:
|
|
|
|
# # config can be predefined / external or loaded from file
|
|
|
|
# #external: true
|
|
|
|
# file: ./filter.txt
|
|
|
|
|
|
|
|
#secrets:
|
|
|
|
# upstream-proxy:
|
|
|
|
# external: true
|
2023-07-11 10:32:44 +02:00
|
|
|
|
|
|
|
services:
|
|
|
|
swarmproxy:
|
2023-07-12 17:25:31 +02:00
|
|
|
# Do not use the `latest` tag in production!
|
2023-07-11 10:32:44 +02:00
|
|
|
image: gitea.ocram85.com/OCram85/swarmproxy:latest
|
2023-07-12 10:55:59 +02:00
|
|
|
deploy:
|
|
|
|
replicas: 1
|
|
|
|
#secrets:
|
|
|
|
# - upstream-proxy
|
2023-07-11 10:32:44 +02:00
|
|
|
environment:
|
2023-07-13 10:48:27 +02:00
|
|
|
- LOGLEVEL=Info
|
2023-07-12 10:55:59 +02:00
|
|
|
# Recommended settings
|
|
|
|
# Use an optional upstream proxy
|
|
|
|
#- UPSTREAM_PROXY=
|
2023-07-11 10:32:44 +02:00
|
|
|
# Set UPSTREAM_PROXY as docker secret if your upstream needs authentication
|
|
|
|
# Eg.: http://user:password@upstream.intra:3128
|
|
|
|
#- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY
|
2023-07-04 16:41:17 +02:00
|
|
|
|
2023-07-12 10:55:59 +02:00
|
|
|
# OPTIONAL config keys
|
2023-07-11 10:32:44 +02:00
|
|
|
#- TINYPROXY_UID=5123
|
|
|
|
#- TINYPROXY_GID=5123
|
|
|
|
#- PORT=8888
|
|
|
|
#- TIMEOUT=600
|
|
|
|
#- MAXCLIENTS=600
|
2023-07-12 10:55:59 +02:00
|
|
|
#- FILTER_FILE=/app/filter
|
2023-07-11 10:32:44 +02:00
|
|
|
volumes:
|
2023-07-12 10:55:59 +02:00
|
|
|
# You can mount a single filter file into the container.
|
|
|
|
# To reload the file use the docker kill -s USR1 <container_id| container_name> command.
|
2023-07-13 10:48:27 +02:00
|
|
|
# - ./filter.txt:/app/filter:ro
|
|
|
|
#configs:
|
|
|
|
# - source: filter_file
|
|
|
|
# target: /app/filter
|
2023-07-11 10:32:44 +02:00
|
|
|
networks:
|
2023-07-12 10:55:59 +02:00
|
|
|
egress:
|
|
|
|
aliases:
|
|
|
|
- swarmproxy
|
|
|
|
- proxy
|
2023-07-12 17:25:31 +02:00
|
|
|
```
|
2023-07-12 10:55:59 +02:00
|
|
|
|
2023-07-13 13:42:46 +02:00
|
|
|
## 🚀 Examples
|
2023-07-04 16:41:17 +02:00
|
|
|
|
2023-07-13 13:42:46 +02:00
|
|
|
See the [Readme](./examples/README.md) docs in the examples folder...
|
2023-07-12 17:25:31 +02:00
|
|
|
|
|
|
|
## 💣 Known Issues
|
2023-07-11 10:32:44 +02:00
|
|
|
|
|
|
|
## 😡 We're Using GitHub Under Protest
|
|
|
|
|
|
|
|
This project is currently **mirrored** to GitHub. This is not ideal; GitHub is a
|
|
|
|
proprietary, trade-secret system that is not Free and Open Source Software
|
|
|
|
(FOSS). We are deeply concerned about using a proprietary system like GitHub
|
|
|
|
to develop our FOSS project. We have an
|
|
|
|
[open Gitea repository ](https://gitea.ocram85.com/OCram85/swarmproxy/issues) where the
|
|
|
|
project contributors are actively discussing how we can move away from GitHub
|
|
|
|
in the long term. We urge you to read about the
|
|
|
|
[Give up GitHub](https://GiveUpGitHub.org) campaign from
|
|
|
|
[the Software Freedom Conservancy](https://sfconservancy.org) to understand
|
|
|
|
some of the reasons why GitHub is not a good place to host FOSS projects.
|
|
|
|
|
|
|
|
If you are a contributor who personally has already quit using GitHub, please
|
|
|
|
[check this resource](https://gitea.ocram85.com/OCram85/swarmproxy) for how to send us contributions without
|
|
|
|
using GitHub directly.
|
|
|
|
|
|
|
|
Any use of this project's code by GitHub Copilot, past or present, is done
|
|
|
|
without our permission. We do not consent to GitHub's use of this project's
|
|
|
|
code in Copilot.
|
|
|
|
|
|
|
|
![Logo of the GiveUpGitHub campaign](https://sfconservancy.org/img/GiveUpGitHub.png)
|
2023-07-06 09:29:32 +02:00
|
|
|
|
|
|
|
## 🙏 Credits
|
|
|
|
|
2023-07-13 10:48:27 +02:00
|
|
|
Swarmproxy is based on the following projects and wouldn't be possible without them:
|
2023-07-06 09:29:32 +02:00
|
|
|
|
2023-07-11 10:32:44 +02:00
|
|
|
- [Tinyproxy](https://github.com/tinyproxy/tinyproxy) - The Tinyproxy project itself
|
2023-07-13 10:48:27 +02:00
|
|
|
- [docker-tinyproxy](https://github.com/kalaksi/docker-tinyproxy) - A containerized Tinyproxy variant.
|
|
|
|
- [docker-tinyproxy](https://github.com/ajoergensen/docker-tinyproxy) - A containerized Tinyproxy variant.
|
2023-07-11 10:32:44 +02:00
|
|
|
|
|
|
|
## ⚖️ License (AGPLv3)
|
|
|
|
|
|
|
|
![AGPL](https://www.gnu.org/graphics/agplv3-155x51.png)
|
|
|
|
|
|
|
|
```
|
|
|
|
Swarmproxy - A simple http/https proxy for outbound traffic in a docker swarm cluster.
|
|
|
|
Copyright (C) 2023 "OCram85 <me@ocram85.com>"
|
|
|
|
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU Affero General Public License as published by
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU Affero General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Affero General Public License
|
|
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
```
|