From d0090a7e9a1249bdb770c8dab1180c49948a5603 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 17:25:31 +0200 Subject: [PATCH] Add Readme content (#11) #### :book: Summary - Add basic help about Swarmproxy - Update changelog - prepare next release #### :bookmark_tabs: Test Plan > :bulb: Select your test plan for the code changes. - [x] CI pipeline tests - [ ] Custom test - [ ] No test plan ##### Details / Justification #### :books: Additional Notes Co-authored-by: OCram85 Reviewed-on: https://gitea.ocram85.com/OCram85/swarmproxy/pulls/11 --- .vscode/dictionaries/project-words.txt | 10 +++++ .vscode/settings.json | 1 + CHANGELOG.md | 6 +++ README.md | 44 +++++++++++++++------ docker-compose.yml | 54 ++++++++++++++++++++++++++ entrypoint.sh | 2 +- 6 files changed, 105 insertions(+), 12 deletions(-) create mode 100644 docker-compose.yml diff --git a/.vscode/dictionaries/project-words.txt b/.vscode/dictionaries/project-words.txt index 0601a09..8397afe 100644 --- a/.vscode/dictionaries/project-words.txt +++ b/.vscode/dictionaries/project-words.txt @@ -1 +1,11 @@ +Gitea +LOGLEVEL +MAXCLIENTS +Quickstart +swarmproxy +Swarmproxy tbd +Tinyproxy +TINYPROXY +UID +USR diff --git a/.vscode/settings.json b/.vscode/settings.json index ed6e551..1f3e5bc 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -65,6 +65,7 @@ "path": "${workspaceRoot}/.vscode/dictionaries/project-words.txt", "description": "Words used in this project", "addWords": true + }, "custom": true } diff --git a/CHANGELOG.md b/CHANGELOG.md index ffa8cba..a70b14d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,3 +6,9 @@ * 📦 BUILD * Add gitea release action (#7) * Finalize ci (#5) + * Setup basic action based ci (#3) +* 🤖 DEPENDENCIES + * Use absolute urls for action calls (#10) + * Adds renovate support (#8) +* ⚙️ META + * Adds initial readme (#4) diff --git a/README.md b/README.md index 029bed5..483f703 100644 --- a/README.md +++ b/README.md @@ -7,22 +7,40 @@ swarmproxy

-

- Swarmproxy - Tame your traffic -

-

- Swarmproxy is a simple http/https proxy for outbound traffic in a docker swarm cluster. +🦁 Swarmproxy is a simple http proxy to limit your outbound traffic.

-## :book: About +## ❓ FAQ -## 🤖 Quickstart +### What ist Swarmproxy? + +Swarmproxy is a simply way to integrate a http proxy in your Docker swarm cluster or any other container network. +It acts as an centralized proxy to limit your outbound / egress traffic. You can also enable a whitelist filter to +limit the allowed domains. There is also an option to use a upstream proxy. + +### What does Swarmproxy for you? + +Enterprise and production environments often face more stringent security requirements. +Therefore, unfiltered Internet access may be prohibited. + +So Swarmproxy could help you with these features: + +- Prevent direct web access from Container workload. +- Upstream proxy with or without authentication +- Optional domain based whitelist filter. + +### What does Swarmproxy not? + +Swarmproxy is just a supercharged Tinyproxy where you can point your container workload to. + +> ☣️ Swarmproxy does not block the web access or other traffic if the proxy is not used. It's not a firewall, and it +> does not customize your iptables or so ### 1. ⚡ Get the image 📦 @@ -33,7 +51,7 @@ You can download the image from the Gitea embedded container registry: `gitea.oc > **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.** -### 2.a Run as Docker Swarm Stack +### 2. 🛡️ Run as Docker Swarm Stack ```yaml version: "3.8" @@ -55,6 +73,7 @@ networks: services: swarmproxy: + # Do not use the `latest` tag in production! image: gitea.ocram85.com/OCram85/swarmproxy:latest deploy: replicas: 1 @@ -88,10 +107,13 @@ services: aliases: - swarmproxy - proxy - - ``` +### 3. Use the proxy form other containers + + +## 💣 Known Issues + ## 😡 We're Using GitHub Under Protest This project is currently **mirrored** to GitHub. This is not ideal; GitHub is a diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..4634b12 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,54 @@ +version: "3.8" + +networks: + egress: + attachable: true + #external: true + +#configs: +# filter_file: +# # config can be predefined / external or loaded from file +# #external: true +# file: ./filter.txt + +#secrets: +# upstream-proxy: +# external: true + +services: + swarmproxy: + image: gitea.ocram85.com/ocram85/swarmproxy:latest + deploy: + replicas: 1 + #secrets: + # - upstream-proxy + environment: + # Recommended settings + - LOGLEVEL=Connect + + # Use an optional upstream proxy + #- UPSTREAM_PROXY= + # Set UPSTREAM_PROXY as docker secret if your upstream needs authentication + # Eg.: http://user:password@upstream.intra:3128 + #- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY + + # OPTIONAL config keys + #- TINYPROXY_UID=5123 + #- TINYPROXY_GID=5123 + #- PORT=8888 + #- TIMEOUT=600 + #- MAXCLIENTS=600 + #- FILTER_FILE=/app/filter + # You can mount a single filter file into the container. + # To reload the file use the docker kill -s USR1 command. + #volumes: + # - ./filter.txt:/app/filter:ro + # alenate filter file mount + #configs: + # - source: filter_file + # target: /app/filter + networks: + egress: + aliases: + - swarmproxy + - proxy diff --git a/entrypoint.sh b/entrypoint.sh index 41a2f88..ac22a90 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -27,7 +27,7 @@ EOF function addUpstreamConfig() { [ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE) - [ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG" + [ -z "$UPSTREAM_PROXY" ] || echo "Upstream http $UPSTREAM_PROXY " >> "$CONFIG" } function addFilterConfig() {