From 09b9bcb3ea57a93180ca4de50821fc834609f5cf Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 15:24:25 +0200 Subject: [PATCH 01/10] wip --- .vscode/dictionaries/project-words.txt | 7 +++++++ .vscode/settings.json | 1 + CHANGELOG.md | 6 ++++++ README.md | 6 ++++-- 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/.vscode/dictionaries/project-words.txt b/.vscode/dictionaries/project-words.txt index 0601a09..195900d 100644 --- a/.vscode/dictionaries/project-words.txt +++ b/.vscode/dictionaries/project-words.txt @@ -1 +1,8 @@ +LOGLEVEL +MAXCLIENTS +Quickstart +Swarmproxy tbd +TINYPROXY +UID +USR diff --git a/.vscode/settings.json b/.vscode/settings.json index ed6e551..1f3e5bc 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -65,6 +65,7 @@ "path": "${workspaceRoot}/.vscode/dictionaries/project-words.txt", "description": "Words used in this project", "addWords": true + }, "custom": true } diff --git a/CHANGELOG.md b/CHANGELOG.md index ffa8cba..a70b14d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,3 +6,9 @@ * 📦 BUILD * Add gitea release action (#7) * Finalize ci (#5) + * Setup basic action based ci (#3) +* 🤖 DEPENDENCIES + * Use absolute urls for action calls (#10) + * Adds renovate support (#8) +* ⚙️ META + * Adds initial readme (#4) diff --git a/README.md b/README.md index 029bed5..1b1517c 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ swarmproxy

@@ -17,11 +17,13 @@

- Swarmproxy is a simple http/https proxy for outbound traffic in a docker swarm cluster. + Swarmproxy is a simple http proxy to limit your outbound traffic.

## :book: About + + ## 🤖 Quickstart ### 1. ⚡ Get the image 📦 -- 2.45.2 From e6f31060c7a3738bb7cf6f994376ecdcd68361fa Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 16:14:56 +0200 Subject: [PATCH 02/10] prepare release --- .vscode/dictionaries/project-words.txt | 3 +++ README.md | 34 +++++++++++++++++++++----- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/.vscode/dictionaries/project-words.txt b/.vscode/dictionaries/project-words.txt index 195900d..8397afe 100644 --- a/.vscode/dictionaries/project-words.txt +++ b/.vscode/dictionaries/project-words.txt @@ -1,8 +1,11 @@ +Gitea LOGLEVEL MAXCLIENTS Quickstart +swarmproxy Swarmproxy tbd +Tinyproxy TINYPROXY UID USR diff --git a/README.md b/README.md index 1b1517c..b8cafaf 100644 --- a/README.md +++ b/README.md @@ -7,15 +7,11 @@ Swarmproxy

-

- Swarmproxy - Tame your traffic -

-

Swarmproxy is a simple http proxy to limit your outbound traffic.

@@ -24,7 +20,31 @@ -## 🤖 Quickstart +## 🦁 FAQ + +### What ist 🦁 Swarmproxy? + +Swarmproxy is a simply way to integrate a http proxy in your Docker swarm cluster or any other container network. +It acts as an centralized proxy to limit your outbound / egress traffic. You can also enable a whitelist filter to +limit the allowed domains. There is also an option to use a upstream proxy. + +### What does 🦁 Swarmproxy for you? + +Enterprise and production environments often face more stringent security requirements. +Therefore, unfiltered Internet access may be prohibited. + +So Swarmproxy could help you with these features: + +- Direct web access from Container workload prevented. +- Optional upstream proxy with or without authentication +- Optional domain based whitelist filter. + +### What does 🦁 Swarmproxy not? + +Swarmproxy is just a supercharged Tinyproxy where you can point your container workload to. + +> ☣️ Swarmproxy does not block the web access or other traffic if the proxy is not used. It's not a firewall, and it +> does not customize your iptables or so ### 1. ⚡ Get the image 📦 @@ -57,6 +77,7 @@ networks: services: swarmproxy: + # Do not use the `latest` tag in production! image: gitea.ocram85.com/OCram85/swarmproxy:latest deploy: replicas: 1 @@ -93,6 +114,7 @@ services: ``` +## 💣 Known Issues ## 😡 We're Using GitHub Under Protest -- 2.45.2 From ca3b0837678d46faae2e1b549ed7b844e27927d4 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 16:15:39 +0200 Subject: [PATCH 03/10] remove obsolete header --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index b8cafaf..a6d113b 100644 --- a/README.md +++ b/README.md @@ -16,10 +16,6 @@ Swarmproxy is a simple http proxy to limit your outbound traffic.

-## :book: About - - - ## 🦁 FAQ ### What ist 🦁 Swarmproxy? -- 2.45.2 From fac068fe7024a21c1065de630e2952800c72b0aa Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 16:18:09 +0200 Subject: [PATCH 04/10] remove emoji overflow --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index a6d113b..08df20e 100644 --- a/README.md +++ b/README.md @@ -13,18 +13,18 @@

- Swarmproxy is a simple http proxy to limit your outbound traffic. + 🦁 Swarmproxy is a simple http proxy to limit your outbound traffic.

-## 🦁 FAQ +## ❓ FAQ -### What ist 🦁 Swarmproxy? +### What ist Swarmproxy? Swarmproxy is a simply way to integrate a http proxy in your Docker swarm cluster or any other container network. It acts as an centralized proxy to limit your outbound / egress traffic. You can also enable a whitelist filter to limit the allowed domains. There is also an option to use a upstream proxy. -### What does 🦁 Swarmproxy for you? +### What does Swarmproxy for you? Enterprise and production environments often face more stringent security requirements. Therefore, unfiltered Internet access may be prohibited. @@ -35,7 +35,7 @@ So Swarmproxy could help you with these features: - Optional upstream proxy with or without authentication - Optional domain based whitelist filter. -### What does 🦁 Swarmproxy not? +### What does Swarmproxy not? Swarmproxy is just a supercharged Tinyproxy where you can point your container workload to. -- 2.45.2 From 7d03d4422cd31d28416fbef0c0ad01ba5d5696a5 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 16:19:23 +0200 Subject: [PATCH 05/10] fix typo --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 08df20e..4b8ea90 100644 --- a/README.md +++ b/README.md @@ -31,8 +31,8 @@ Therefore, unfiltered Internet access may be prohibited. So Swarmproxy could help you with these features: -- Direct web access from Container workload prevented. -- Optional upstream proxy with or without authentication +- Prevent direct web access from Container workload. +- Upstream proxy with or without authentication - Optional domain based whitelist filter. ### What does Swarmproxy not? -- 2.45.2 From c48d04903cf2030472696488af542b22e1b69a10 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 16:21:14 +0200 Subject: [PATCH 06/10] remove leading whitespace --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4b8ea90..bea1c57 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@

- 🦁 Swarmproxy is a simple http proxy to limit your outbound traffic. +🦁 Swarmproxy is a simple http proxy to limit your outbound traffic.

## ❓ FAQ -- 2.45.2 From d1e0d0860d785f293432bb933e027f5a8609d60b Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 16:22:35 +0200 Subject: [PATCH 07/10] add docker-compose example --- README.md | 2 -- docker-compose.yml | 52 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 docker-compose.yml diff --git a/README.md b/README.md index bea1c57..455d71e 100644 --- a/README.md +++ b/README.md @@ -107,8 +107,6 @@ services: aliases: - swarmproxy - proxy - - ``` ## 💣 Known Issues diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..51af815 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,52 @@ +version: "3.8" + +networks: + egress: + attachable: true + #external: true + +#configs: +# filter_file: +# # config can be predefined / external or loaded from file +# #external: true +# file: ./filter.txt + +#secrets: +# upstream-proxy: +# external: true + +services: + swarmproxy: + image: gitea.ocram85.com/OCram85/swarmproxy:latest + deploy: + replicas: 1 + #secrets: + # - upstream-proxy + environment: + # Recommended settings + # Use an optional upstream proxy + #- UPSTREAM_PROXY= + # Set UPSTREAM_PROXY as docker secret if your upstream needs authentication + # Eg.: http://user:password@upstream.intra:3128 + #- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY + + # OPTIONAL config keys + #- TINYPROXY_UID=5123 + #- TINYPROXY_GID=5123 + #- PORT=8888 + #- TIMEOUT=600 + #- LOGLEVEL=Info + #- MAXCLIENTS=600 + #- FILTER_FILE=/app/filter + volumes: + # You can mount a single filter file into the container. + # To reload the file use the docker kill -s USR1 command. + - ./filter.txt:/app/filter:ro + configs: + - source: filter_file + target: /app/filter + networks: + egress: + aliases: + - swarmproxy + - proxy -- 2.45.2 From e54b7444275880101b693e74002a39c035f4a579 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 17:20:26 +0200 Subject: [PATCH 08/10] fix upstream config --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 41a2f88..ac22a90 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -27,7 +27,7 @@ EOF function addUpstreamConfig() { [ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE) - [ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG" + [ -z "$UPSTREAM_PROXY" ] || echo "Upstream http $UPSTREAM_PROXY " >> "$CONFIG" } function addFilterConfig() { -- 2.45.2 From 2c4d8c12c88088c590df041d6f76573e7afddb32 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 17:20:42 +0200 Subject: [PATCH 09/10] fix example syntax --- docker-compose.yml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 51af815..4634b12 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,13 +17,15 @@ networks: services: swarmproxy: - image: gitea.ocram85.com/OCram85/swarmproxy:latest + image: gitea.ocram85.com/ocram85/swarmproxy:latest deploy: replicas: 1 #secrets: # - upstream-proxy environment: # Recommended settings + - LOGLEVEL=Connect + # Use an optional upstream proxy #- UPSTREAM_PROXY= # Set UPSTREAM_PROXY as docker secret if your upstream needs authentication @@ -35,16 +37,16 @@ services: #- TINYPROXY_GID=5123 #- PORT=8888 #- TIMEOUT=600 - #- LOGLEVEL=Info #- MAXCLIENTS=600 #- FILTER_FILE=/app/filter - volumes: - # You can mount a single filter file into the container. - # To reload the file use the docker kill -s USR1 command. - - ./filter.txt:/app/filter:ro - configs: - - source: filter_file - target: /app/filter + # You can mount a single filter file into the container. + # To reload the file use the docker kill -s USR1 command. + #volumes: + # - ./filter.txt:/app/filter:ro + # alenate filter file mount + #configs: + # - source: filter_file + # target: /app/filter networks: egress: aliases: -- 2.45.2 From 5b4ea8665fd9ee6f6991d77598ba4236fbf35c17 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 12 Jul 2023 17:20:51 +0200 Subject: [PATCH 10/10] fix typo --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 455d71e..483f703 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ You can download the image from the Gitea embedded container registry: `gitea.oc > **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.** -### 2.a Run as Docker Swarm Stack +### 2. 🛡️ Run as Docker Swarm Stack ```yaml version: "3.8" @@ -108,6 +108,10 @@ services: - swarmproxy - proxy ``` + +### 3. Use the proxy form other containers + + ## 💣 Known Issues ## 😡 We're Using GitHub Under Protest -- 2.45.2