generated from Templates/Baseline
Add Readme content #11
10
.vscode/dictionaries/project-words.txt
vendored
10
.vscode/dictionaries/project-words.txt
vendored
@ -1 +1,11 @@
|
|||||||
|
Gitea
|
||||||
|
LOGLEVEL
|
||||||
|
MAXCLIENTS
|
||||||
|
Quickstart
|
||||||
|
swarmproxy
|
||||||
|
Swarmproxy
|
||||||
tbd
|
tbd
|
||||||
|
Tinyproxy
|
||||||
|
TINYPROXY
|
||||||
|
UID
|
||||||
|
USR
|
||||||
|
1
.vscode/settings.json
vendored
1
.vscode/settings.json
vendored
@ -65,6 +65,7 @@
|
|||||||
"path": "${workspaceRoot}/.vscode/dictionaries/project-words.txt",
|
"path": "${workspaceRoot}/.vscode/dictionaries/project-words.txt",
|
||||||
"description": "Words used in this project",
|
"description": "Words used in this project",
|
||||||
"addWords": true
|
"addWords": true
|
||||||
|
|
||||||
},
|
},
|
||||||
"custom": true
|
"custom": true
|
||||||
}
|
}
|
||||||
|
@ -6,3 +6,9 @@
|
|||||||
* 📦 BUILD
|
* 📦 BUILD
|
||||||
* Add gitea release action (#7)
|
* Add gitea release action (#7)
|
||||||
* Finalize ci (#5)
|
* Finalize ci (#5)
|
||||||
|
* Setup basic action based ci (#3)
|
||||||
|
* 🤖 DEPENDENCIES
|
||||||
|
* Use absolute urls for action calls (#10)
|
||||||
|
* Adds renovate support (#8)
|
||||||
|
* ⚙️ META
|
||||||
|
* Adds initial readme (#4)
|
||||||
|
44
README.md
44
README.md
@ -7,22 +7,40 @@
|
|||||||
<a href="https://gitea.ocram85.com/OCram85/swarmproxy/">
|
<a href="https://gitea.ocram85.com/OCram85/swarmproxy/">
|
||||||
<img
|
<img
|
||||||
src="/OCram85/swarmproxy/raw/branch/main/assets/social-logo.png"
|
src="/OCram85/swarmproxy/raw/branch/main/assets/social-logo.png"
|
||||||
alt="swarmproxy"
|
alt="Swarmproxy - Tame your traffic"
|
||||||
>
|
>
|
||||||
</a>
|
</a>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h1 align="center">
|
|
||||||
Swarmproxy - Tame your traffic
|
|
||||||
</h1>
|
|
||||||
|
|
||||||
<p align="center">
|
<p align="center">
|
||||||
Swarmproxy is a simple http/https proxy for outbound traffic in a docker swarm cluster.
|
🦁 Swarmproxy is a simple http proxy to limit your outbound traffic.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
## :book: About
|
## ❓ FAQ
|
||||||
|
|
||||||
## 🤖 Quickstart
|
### What ist Swarmproxy?
|
||||||
|
|
||||||
|
Swarmproxy is a simply way to integrate a http proxy in your Docker swarm cluster or any other container network.
|
||||||
|
It acts as an centralized proxy to limit your outbound / egress traffic. You can also enable a whitelist filter to
|
||||||
|
limit the allowed domains. There is also an option to use a upstream proxy.
|
||||||
|
|
||||||
|
### What does Swarmproxy for you?
|
||||||
|
|
||||||
|
Enterprise and production environments often face more stringent security requirements.
|
||||||
|
Therefore, unfiltered Internet access may be prohibited.
|
||||||
|
|
||||||
|
So Swarmproxy could help you with these features:
|
||||||
|
|
||||||
|
- Prevent direct web access from Container workload.
|
||||||
|
- Upstream proxy with or without authentication
|
||||||
|
- Optional domain based whitelist filter.
|
||||||
|
|
||||||
|
### What does Swarmproxy not?
|
||||||
|
|
||||||
|
Swarmproxy is just a supercharged Tinyproxy where you can point your container workload to.
|
||||||
|
|
||||||
|
> ☣️ Swarmproxy does not block the web access or other traffic if the proxy is not used. It's not a firewall, and it
|
||||||
|
> does not customize your iptables or so
|
||||||
|
|
||||||
### 1. ⚡ Get the image 📦
|
### 1. ⚡ Get the image 📦
|
||||||
|
|
||||||
@ -33,7 +51,7 @@ You can download the image from the Gitea embedded container registry: `gitea.oc
|
|||||||
|
|
||||||
> **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.**
|
> **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.**
|
||||||
|
|
||||||
### 2.a Run as Docker Swarm Stack
|
### 2. 🛡️ Run as Docker Swarm Stack
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
version: "3.8"
|
version: "3.8"
|
||||||
@ -55,6 +73,7 @@ networks:
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
swarmproxy:
|
swarmproxy:
|
||||||
|
# Do not use the `latest` tag in production!
|
||||||
image: gitea.ocram85.com/OCram85/swarmproxy:latest
|
image: gitea.ocram85.com/OCram85/swarmproxy:latest
|
||||||
deploy:
|
deploy:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
@ -88,10 +107,13 @@ services:
|
|||||||
aliases:
|
aliases:
|
||||||
- swarmproxy
|
- swarmproxy
|
||||||
- proxy
|
- proxy
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### 3. Use the proxy form other containers
|
||||||
|
|
||||||
|
|
||||||
|
## 💣 Known Issues
|
||||||
|
|
||||||
## 😡 We're Using GitHub Under Protest
|
## 😡 We're Using GitHub Under Protest
|
||||||
|
|
||||||
This project is currently **mirrored** to GitHub. This is not ideal; GitHub is a
|
This project is currently **mirrored** to GitHub. This is not ideal; GitHub is a
|
||||||
|
54
docker-compose.yml
Normal file
54
docker-compose.yml
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
egress:
|
||||||
|
attachable: true
|
||||||
|
#external: true
|
||||||
|
|
||||||
|
#configs:
|
||||||
|
# filter_file:
|
||||||
|
# # config can be predefined / external or loaded from file
|
||||||
|
# #external: true
|
||||||
|
# file: ./filter.txt
|
||||||
|
|
||||||
|
#secrets:
|
||||||
|
# upstream-proxy:
|
||||||
|
# external: true
|
||||||
|
|
||||||
|
services:
|
||||||
|
swarmproxy:
|
||||||
|
image: gitea.ocram85.com/ocram85/swarmproxy:latest
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
||||||
|
#secrets:
|
||||||
|
# - upstream-proxy
|
||||||
|
environment:
|
||||||
|
# Recommended settings
|
||||||
|
- LOGLEVEL=Connect
|
||||||
|
|
||||||
|
# Use an optional upstream proxy
|
||||||
|
#- UPSTREAM_PROXY=
|
||||||
|
# Set UPSTREAM_PROXY as docker secret if your upstream needs authentication
|
||||||
|
# Eg.: http://user:password@upstream.intra:3128
|
||||||
|
#- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY
|
||||||
|
|
||||||
|
# OPTIONAL config keys
|
||||||
|
#- TINYPROXY_UID=5123
|
||||||
|
#- TINYPROXY_GID=5123
|
||||||
|
#- PORT=8888
|
||||||
|
#- TIMEOUT=600
|
||||||
|
#- MAXCLIENTS=600
|
||||||
|
#- FILTER_FILE=/app/filter
|
||||||
|
# You can mount a single filter file into the container.
|
||||||
|
# To reload the file use the docker kill -s USR1 <container_id| container_name> command.
|
||||||
|
#volumes:
|
||||||
|
# - ./filter.txt:/app/filter:ro
|
||||||
|
# alenate filter file mount
|
||||||
|
#configs:
|
||||||
|
# - source: filter_file
|
||||||
|
# target: /app/filter
|
||||||
|
networks:
|
||||||
|
egress:
|
||||||
|
aliases:
|
||||||
|
- swarmproxy
|
||||||
|
- proxy
|
@ -27,7 +27,7 @@ EOF
|
|||||||
|
|
||||||
function addUpstreamConfig() {
|
function addUpstreamConfig() {
|
||||||
[ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE)
|
[ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE)
|
||||||
[ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG"
|
[ -z "$UPSTREAM_PROXY" ] || echo "Upstream http $UPSTREAM_PROXY " >> "$CONFIG"
|
||||||
}
|
}
|
||||||
|
|
||||||
function addFilterConfig() {
|
function addFilterConfig() {
|
||||||
|
Loading…
Reference in New Issue
Block a user