2023-07-12 17:25:31 +02:00
|
|
|
version: "3.8"
|
|
|
|
|
2023-07-13 14:01:45 +02:00
|
|
|
# IMPORTANT: Run the following command to add the required filter config file:
|
|
|
|
# echo "google.com" | docker config create filter_file -
|
|
|
|
configs:
|
|
|
|
filter_file:
|
|
|
|
external: true
|
|
|
|
|
|
|
|
# IMPORTANT: Run the following command to add the required filter config file:
|
|
|
|
# echo "upstream:8888" | docker secret create upstream-proxy -
|
|
|
|
secrets:
|
|
|
|
upstream-proxy:
|
|
|
|
external: true
|
2023-07-13 10:52:17 +02:00
|
|
|
|
|
|
|
# Setting up 3 default networks to act as dummy:
|
|
|
|
# - backend : internal only network
|
|
|
|
# - dmz : dmz network with connections allowed from internal and external
|
|
|
|
# - egress : dummy egress zone with fake upstream proxy
|
2023-07-12 17:25:31 +02:00
|
|
|
networks:
|
|
|
|
egress:
|
|
|
|
attachable: true
|
2023-07-13 10:52:17 +02:00
|
|
|
dmz:
|
|
|
|
attachable: true
|
|
|
|
backend:
|
|
|
|
internal: true
|
2023-07-12 17:25:31 +02:00
|
|
|
|
|
|
|
services:
|
2023-07-13 10:52:17 +02:00
|
|
|
# Creating a fake upstream proxy
|
|
|
|
upstream:
|
2023-07-12 17:25:31 +02:00
|
|
|
image: gitea.ocram85.com/ocram85/swarmproxy:latest
|
|
|
|
deploy:
|
|
|
|
replicas: 1
|
|
|
|
environment:
|
2023-07-13 10:52:17 +02:00
|
|
|
- LOGLEVEL=Info
|
2023-07-12 17:25:31 +02:00
|
|
|
networks:
|
|
|
|
egress:
|
2023-07-13 10:52:17 +02:00
|
|
|
aliases:
|
|
|
|
- upstream
|
|
|
|
|
|
|
|
# Creating our swarmproxy instance to use the external upstream proxy
|
|
|
|
swarmproxy:
|
|
|
|
# Do not use the `latest` tag in production!
|
|
|
|
image: gitea.ocram85.com/ocram85/swarmproxy:latest
|
|
|
|
depends_on:
|
|
|
|
- upstream
|
|
|
|
deploy:
|
|
|
|
replicas: 1
|
|
|
|
environment:
|
|
|
|
- LOGLEVEL=Info
|
2023-07-13 14:01:45 +02:00
|
|
|
#- UPSTREAM_PROXY=upstream:8888
|
|
|
|
- UPSTREAM_PROXY_FILE=/run/secrets/upstream-proxy
|
|
|
|
- FILTER_FILE=/app/filter
|
|
|
|
configs:
|
|
|
|
- source: filter_file
|
|
|
|
target: /app/filter
|
|
|
|
secrets:
|
|
|
|
- upstream-proxy
|
2023-07-13 10:52:17 +02:00
|
|
|
networks:
|
|
|
|
dmz:
|
2023-07-12 17:25:31 +02:00
|
|
|
aliases:
|
|
|
|
- swarmproxy
|
|
|
|
- proxy
|
2023-07-13 10:52:17 +02:00
|
|
|
egress:
|
|
|
|
|
|
|
|
# container workload example whicht tries to communicate through our swarmproxy instance
|
|
|
|
# http request / response:
|
|
|
|
# [curl container] <---|req/res|---> [swarmproxy] <---|req/res|---> [upstream] <---|req/res|---> [target]
|
|
|
|
curl:
|
|
|
|
image: curlimages/curl:8.1.2
|
|
|
|
command: ["-I", "-x", "proxy:8888", "https://google.com"]
|
|
|
|
depends_on:
|
|
|
|
- upstream
|
|
|
|
- swarmproxy
|
|
|
|
deploy:
|
|
|
|
replicas: 1
|
|
|
|
restart_policy:
|
2023-07-13 14:01:45 +02:00
|
|
|
condition: on-failure
|
|
|
|
delay: 10s
|
|
|
|
max_attempts: 5
|
|
|
|
window: 120s
|
|
|
|
networks:
|
|
|
|
- backend
|
|
|
|
- dmz
|
|
|
|
|
|
|
|
# Example for blocked request if there is no matching domain in the filter file.
|
|
|
|
curl-blocked:
|
|
|
|
image: curlimages/curl:8.1.2
|
|
|
|
command: ["-I", "-x", "proxy:8888", "https://amazon.com"]
|
|
|
|
depends_on:
|
|
|
|
- upstream
|
|
|
|
- swarmproxy
|
|
|
|
deploy:
|
|
|
|
replicas: 1
|
|
|
|
restart_policy:
|
|
|
|
condition: on-failure
|
2023-07-13 10:52:17 +02:00
|
|
|
delay: 10s
|
|
|
|
max_attempts: 5
|
|
|
|
window: 120s
|
|
|
|
networks:
|
|
|
|
- backend
|
|
|
|
- dmz
|