Add Readme content #11

Merged
OCram85 merged 10 commits from prep-v010 into main 2023-07-12 17:25:32 +02:00
6 changed files with 105 additions and 12 deletions

View File

@ -1 +1,11 @@
Gitea
LOGLEVEL
MAXCLIENTS
Quickstart
swarmproxy
Swarmproxy
tbd tbd
Tinyproxy
TINYPROXY
UID
USR

View File

@ -65,6 +65,7 @@
"path": "${workspaceRoot}/.vscode/dictionaries/project-words.txt", "path": "${workspaceRoot}/.vscode/dictionaries/project-words.txt",
"description": "Words used in this project", "description": "Words used in this project",
"addWords": true "addWords": true
}, },
"custom": true "custom": true
} }

View File

@ -6,3 +6,9 @@
* 📦 BUILD * 📦 BUILD
* Add gitea release action (#7) * Add gitea release action (#7)
* Finalize ci (#5) * Finalize ci (#5)
* Setup basic action based ci (#3)
* 🤖 DEPENDENCIES
* Use absolute urls for action calls (#10)
* Adds renovate support (#8)
* ⚙️ META
* Adds initial readme (#4)

View File

@ -7,22 +7,40 @@
<a href="https://gitea.ocram85.com/OCram85/swarmproxy/"> <a href="https://gitea.ocram85.com/OCram85/swarmproxy/">
<img <img
src="/OCram85/swarmproxy/raw/branch/main/assets/social-logo.png" src="/OCram85/swarmproxy/raw/branch/main/assets/social-logo.png"
alt="swarmproxy" alt="Swarmproxy - Tame your traffic"
> >
</a> </a>
</p> </p>
<h1 align="center">
Swarmproxy - Tame your traffic
</h1>
<p align="center"> <p align="center">
Swarmproxy is a simple http/https proxy for outbound traffic in a docker swarm cluster. 🦁 Swarmproxy is a simple http proxy to limit your outbound traffic.
</p> </p>
## :book: About ## ❓ FAQ
## 🤖 Quickstart ### What ist Swarmproxy?
Swarmproxy is a simply way to integrate a http proxy in your Docker swarm cluster or any other container network.
It acts as an centralized proxy to limit your outbound / egress traffic. You can also enable a whitelist filter to
limit the allowed domains. There is also an option to use a upstream proxy.
### What does Swarmproxy for you?
Enterprise and production environments often face more stringent security requirements.
Therefore, unfiltered Internet access may be prohibited.
So Swarmproxy could help you with these features:
- Prevent direct web access from Container workload.
- Upstream proxy with or without authentication
- Optional domain based whitelist filter.
### What does Swarmproxy not?
Swarmproxy is just a supercharged Tinyproxy where you can point your container workload to.
> ☣️ Swarmproxy does not block the web access or other traffic if the proxy is not used. It's not a firewall, and it
> does not customize your iptables or so
### 1. ⚡ Get the image 📦 ### 1. ⚡ Get the image 📦
@ -33,7 +51,7 @@ You can download the image from the Gitea embedded container registry: `gitea.oc
> **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.** > **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.**
### 2.a Run as Docker Swarm Stack ### 2. 🛡️ Run as Docker Swarm Stack
```yaml ```yaml
version: "3.8" version: "3.8"
@ -55,6 +73,7 @@ networks:
services: services:
swarmproxy: swarmproxy:
# Do not use the `latest` tag in production!
image: gitea.ocram85.com/OCram85/swarmproxy:latest image: gitea.ocram85.com/OCram85/swarmproxy:latest
deploy: deploy:
replicas: 1 replicas: 1
@ -88,10 +107,13 @@ services:
aliases: aliases:
- swarmproxy - swarmproxy
- proxy - proxy
``` ```
### 3. Use the proxy form other containers
## 💣 Known Issues
## 😡 We're Using GitHub Under Protest ## 😡 We're Using GitHub Under Protest
This project is currently **mirrored** to GitHub. This is not ideal; GitHub is a This project is currently **mirrored** to GitHub. This is not ideal; GitHub is a

54
docker-compose.yml Normal file
View File

@ -0,0 +1,54 @@
version: "3.8"
networks:
egress:
attachable: true
#external: true
#configs:
# filter_file:
# # config can be predefined / external or loaded from file
# #external: true
# file: ./filter.txt
#secrets:
# upstream-proxy:
# external: true
services:
swarmproxy:
image: gitea.ocram85.com/ocram85/swarmproxy:latest
deploy:
replicas: 1
#secrets:
# - upstream-proxy
environment:
# Recommended settings
- LOGLEVEL=Connect
# Use an optional upstream proxy
#- UPSTREAM_PROXY=
# Set UPSTREAM_PROXY as docker secret if your upstream needs authentication
# Eg.: http://user:password@upstream.intra:3128
#- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY
# OPTIONAL config keys
#- TINYPROXY_UID=5123
#- TINYPROXY_GID=5123
#- PORT=8888
#- TIMEOUT=600
#- MAXCLIENTS=600
#- FILTER_FILE=/app/filter
# You can mount a single filter file into the container.
# To reload the file use the docker kill -s USR1 <container_id| container_name> command.
#volumes:
# - ./filter.txt:/app/filter:ro
# alenate filter file mount
#configs:
# - source: filter_file
# target: /app/filter
networks:
egress:
aliases:
- swarmproxy
- proxy

View File

@ -27,7 +27,7 @@ EOF
function addUpstreamConfig() { function addUpstreamConfig() {
[ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE) [ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE)
[ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG" [ -z "$UPSTREAM_PROXY" ] || echo "Upstream http $UPSTREAM_PROXY " >> "$CONFIG"
} }
function addFilterConfig() { function addFilterConfig() {