generated from Templates/Baseline
Add Readme content #11
10
.vscode/dictionaries/project-words.txt
vendored
10
.vscode/dictionaries/project-words.txt
vendored
@ -1 +1,11 @@
|
||||
Gitea
|
||||
LOGLEVEL
|
||||
MAXCLIENTS
|
||||
Quickstart
|
||||
swarmproxy
|
||||
Swarmproxy
|
||||
tbd
|
||||
Tinyproxy
|
||||
TINYPROXY
|
||||
UID
|
||||
USR
|
||||
|
1
.vscode/settings.json
vendored
1
.vscode/settings.json
vendored
@ -65,6 +65,7 @@
|
||||
"path": "${workspaceRoot}/.vscode/dictionaries/project-words.txt",
|
||||
"description": "Words used in this project",
|
||||
"addWords": true
|
||||
|
||||
},
|
||||
"custom": true
|
||||
}
|
||||
|
@ -6,3 +6,9 @@
|
||||
* 📦 BUILD
|
||||
* Add gitea release action (#7)
|
||||
* Finalize ci (#5)
|
||||
* Setup basic action based ci (#3)
|
||||
* 🤖 DEPENDENCIES
|
||||
* Use absolute urls for action calls (#10)
|
||||
* Adds renovate support (#8)
|
||||
* ⚙️ META
|
||||
* Adds initial readme (#4)
|
||||
|
44
README.md
44
README.md
@ -7,22 +7,40 @@
|
||||
<a href="https://gitea.ocram85.com/OCram85/swarmproxy/">
|
||||
<img
|
||||
src="/OCram85/swarmproxy/raw/branch/main/assets/social-logo.png"
|
||||
alt="swarmproxy"
|
||||
alt="Swarmproxy - Tame your traffic"
|
||||
>
|
||||
</a>
|
||||
</p>
|
||||
|
||||
<h1 align="center">
|
||||
Swarmproxy - Tame your traffic
|
||||
</h1>
|
||||
|
||||
<p align="center">
|
||||
Swarmproxy is a simple http/https proxy for outbound traffic in a docker swarm cluster.
|
||||
🦁 Swarmproxy is a simple http proxy to limit your outbound traffic.
|
||||
</p>
|
||||
|
||||
## :book: About
|
||||
## ❓ FAQ
|
||||
|
||||
## 🤖 Quickstart
|
||||
### What ist Swarmproxy?
|
||||
|
||||
Swarmproxy is a simply way to integrate a http proxy in your Docker swarm cluster or any other container network.
|
||||
It acts as an centralized proxy to limit your outbound / egress traffic. You can also enable a whitelist filter to
|
||||
limit the allowed domains. There is also an option to use a upstream proxy.
|
||||
|
||||
### What does Swarmproxy for you?
|
||||
|
||||
Enterprise and production environments often face more stringent security requirements.
|
||||
Therefore, unfiltered Internet access may be prohibited.
|
||||
|
||||
So Swarmproxy could help you with these features:
|
||||
|
||||
- Prevent direct web access from Container workload.
|
||||
- Upstream proxy with or without authentication
|
||||
- Optional domain based whitelist filter.
|
||||
|
||||
### What does Swarmproxy not?
|
||||
|
||||
Swarmproxy is just a supercharged Tinyproxy where you can point your container workload to.
|
||||
|
||||
> ☣️ Swarmproxy does not block the web access or other traffic if the proxy is not used. It's not a firewall, and it
|
||||
> does not customize your iptables or so
|
||||
|
||||
### 1. ⚡ Get the image 📦
|
||||
|
||||
@ -33,7 +51,7 @@ You can download the image from the Gitea embedded container registry: `gitea.oc
|
||||
|
||||
> **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.**
|
||||
|
||||
### 2.a Run as Docker Swarm Stack
|
||||
### 2. 🛡️ Run as Docker Swarm Stack
|
||||
|
||||
```yaml
|
||||
version: "3.8"
|
||||
@ -55,6 +73,7 @@ networks:
|
||||
|
||||
services:
|
||||
swarmproxy:
|
||||
# Do not use the `latest` tag in production!
|
||||
image: gitea.ocram85.com/OCram85/swarmproxy:latest
|
||||
deploy:
|
||||
replicas: 1
|
||||
@ -88,10 +107,13 @@ services:
|
||||
aliases:
|
||||
- swarmproxy
|
||||
- proxy
|
||||
|
||||
|
||||
```
|
||||
|
||||
### 3. Use the proxy form other containers
|
||||
|
||||
|
||||
## 💣 Known Issues
|
||||
|
||||
## 😡 We're Using GitHub Under Protest
|
||||
|
||||
This project is currently **mirrored** to GitHub. This is not ideal; GitHub is a
|
||||
|
54
docker-compose.yml
Normal file
54
docker-compose.yml
Normal file
@ -0,0 +1,54 @@
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
egress:
|
||||
attachable: true
|
||||
#external: true
|
||||
|
||||
#configs:
|
||||
# filter_file:
|
||||
# # config can be predefined / external or loaded from file
|
||||
# #external: true
|
||||
# file: ./filter.txt
|
||||
|
||||
#secrets:
|
||||
# upstream-proxy:
|
||||
# external: true
|
||||
|
||||
services:
|
||||
swarmproxy:
|
||||
image: gitea.ocram85.com/ocram85/swarmproxy:latest
|
||||
deploy:
|
||||
replicas: 1
|
||||
#secrets:
|
||||
# - upstream-proxy
|
||||
environment:
|
||||
# Recommended settings
|
||||
- LOGLEVEL=Connect
|
||||
|
||||
# Use an optional upstream proxy
|
||||
#- UPSTREAM_PROXY=
|
||||
# Set UPSTREAM_PROXY as docker secret if your upstream needs authentication
|
||||
# Eg.: http://user:password@upstream.intra:3128
|
||||
#- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY
|
||||
|
||||
# OPTIONAL config keys
|
||||
#- TINYPROXY_UID=5123
|
||||
#- TINYPROXY_GID=5123
|
||||
#- PORT=8888
|
||||
#- TIMEOUT=600
|
||||
#- MAXCLIENTS=600
|
||||
#- FILTER_FILE=/app/filter
|
||||
# You can mount a single filter file into the container.
|
||||
# To reload the file use the docker kill -s USR1 <container_id| container_name> command.
|
||||
#volumes:
|
||||
# - ./filter.txt:/app/filter:ro
|
||||
# alenate filter file mount
|
||||
#configs:
|
||||
# - source: filter_file
|
||||
# target: /app/filter
|
||||
networks:
|
||||
egress:
|
||||
aliases:
|
||||
- swarmproxy
|
||||
- proxy
|
@ -27,7 +27,7 @@ EOF
|
||||
|
||||
function addUpstreamConfig() {
|
||||
[ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE)
|
||||
[ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG"
|
||||
[ -z "$UPSTREAM_PROXY" ] || echo "Upstream http $UPSTREAM_PROXY " >> "$CONFIG"
|
||||
}
|
||||
|
||||
function addFilterConfig() {
|
||||
|
Loading…
Reference in New Issue
Block a user