swarmproxy/examples/Readme.md
OCram85 56a34e833e
All checks were successful
ci / docker (pull_request) Successful in 22s
upate example docs
2023-07-13 13:42:46 +02:00

16 KiB
Raw Blame History

📘 Examples

This folder contains some examples you can use to start building your Swarmproxy stack.

Basic example (1-minimal.yml)

Source

🗄️ File: 1-minimal.yml

Description

This is the mos basic example. It contains the Swarmproxy service and curl als helper. Just deploy the stack and inspect the logs form the containers.

Usage

docker stack deploy -c 1-minimal.yml swarmproxy-mini

Container Logs

  • Swarmproxy:
🦁 FILTER_FILE not found or set.
🦁 Final Swarmproxy config 🦁

3
Group 5123

8
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatHost "tinyproxy.stats"
StatFile "/usr/share/tinyproxy/stats.html"
LogLevel Info
MaxClients 600
ViaProxyName "Swarmproxy"
Allow 127.0.0.1/8
Allow 10.0.0.0/8
🦁 Starting Tinyproxy...
args count: 3
args value: -c /app/proxy.conf -d
NOTICE    Jul 13 11:10:23.360 [1]: Initializing tinyproxy ...
NOTICE    Jul 13 11:10:23.360 [1]: Reloading config file
INFO      Jul 13 11:10:23.360 [1]: Stathost set to "tinyproxy.stats"
INFO      Jul 13 11:10:23.360 [1]: Setting "Via" header to 'Swarmproxy'
NOTICE    Jul 13 11:10:23.360 [1]: Reloading config file finished
INFO      Jul 13 11:10:23.360 [1]: listen_sock called with addr = '(NULL)'
INFO      Jul 13 11:10:23.360 [1]: trying to listen on host[0.0.0.0], family[2], socktype[1], proto[6]
INFO      Jul 13 11:10:23.360 [1]: listening on fd [3]
INFO      Jul 13 11:10:23.360 [1]: trying to listen on host[::], family[10], socktype[1], proto[6]
INFO      Jul 13 11:10:23.360 [1]: listening on fd [4]
INFO      Jul 13 11:10:23.360 [1]: Not running as root, so not changing UID/GID.
INFO      Jul 13 11:10:23.360 [1]: Setting the various signals.
INFO      Jul 13 11:10:23.360 [1]: Starting main loop. Accepting connections.
CONNECT   Jul 13 11:10:29.845 [1]: Connect (file descriptor 5): 10.0.35.4
CONNECT   Jul 13 11:10:29.845 [1]: Request (file descriptor 5): CONNECT google.com:443 HTTP/1.1
INFO      Jul 13 11:10:29.845 [1]: No upstream proxy for google.com
INFO      Jul 13 11:10:29.845 [1]: opensock: opening connection to google.com:443
INFO      Jul 13 11:10:29.955 [1]: opensock: getaddrinfo returned for google.com:443
CONNECT   Jul 13 11:10:29.959 [1]: Established connection to host "google.com" using file descriptor 6.
INFO      Jul 13 11:10:29.959 [1]: Not sending client headers to remote machine
INFO      Jul 13 11:10:30.033 [1]: Closed connection between local client (fd:5) and remote client (fd:6)
  • Curl:
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
HTTP/1.0 200 Connection established

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0   220    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
Proxy-agent: tinyproxy/1.11.1

HTTP/2 301
location: https:xt/html; charset=UTF-8
content-security//www.google.com/
content-type: te-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-gEktpIC_xSqk9njjM0KANA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
date: Thu, 13 Jul 2023 11:10:29 GMT
expires: Thu, 13 Jul 2023 11:10:29 GMT
cache-control: private, max-age=2592000

server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+663; expires=Sat, 12-Jul-2025 11:10:29 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Upstream proxy example (2-upstream.yml)

Source

🗄️ File: 2-upstream.yml

Description

The upstream example contains another Swarmproxy instance as fake upstream proxy. The client connects to it's configured Swarmproxy instance which forwards the query to the upstream.

Usage

docker stack deploy -c 2-upstream.yml swarmproxy-upstream

Container Logs

  • Upstream
🦁 FILTER_FILE not found or set.
🦁 Final Swarmproxy config 🦁

3
Group 5123
8
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatHost "tinyproxy.stats"
StatFile "/usr/share/tinyproxy/stats.html"
LogLevel Info
MaxClients 600
ViaProxyName "Swarmproxy"
Allow 127.0.0.1/8
Allow 10.0.0.0/8
🦁 Starting Tinyproxy...
args count: 3
args value: -c /app/proxy.conf -d
NOTICE    Jul 13 11:18:50.279 [1]: Initializing tinyproxy ...
NOTICE    Jul 13 11:18:50.279 [1]: Reloading config file
INFO      Jul 13 11:18:50.279 [1]: Stathost set to "tinyproxy.stats"
INFO      Jul 13 11:18:50.279 [1]: Setting "Via" header to 'Swarmproxy'
NOTICE    Jul 13 11:18:50.279 [1]: Reloading config file finished
INFO      Jul 13 11:18:50.279 [1]: listen_sock called with addr = '(NULL)'
INFO      Jul 13 11:18:50.279 [1]: trying to listen on host[0.0.0.0], family[2], socktype[1], proto[6]
INFO      Jul 13 11:18:50.279 [1]: listening on fd [3]
INFO      Jul 13 11:18:50.279 [1]: trying to listen on host[::], family[10], socktype[1], proto[6]
INFO      Jul 13 11:18:50.279 [1]: listening on fd [4]
INFO      Jul 13 11:18:50.279 [1]: Not running as root, so not changing UID/GID.
INFO      Jul 13 11:18:50.279 [1]: Setting the various signals.
INFO      Jul 13 11:18:50.279 [1]: Starting main loop. Accepting connections.
  • Swarmproxy
🦁 FILTER_FILE not found or set.
🦁 Final Swarmproxy config 🦁
3
Group 5123
8
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatHost "tinyproxy.stats"
StatFile "/usr/share/tinyproxy/stats.html"
LogLevel Info
MaxClients 600
ViaProxyName "Swarmproxy"
Allow 127.0.0.1/8
Allow 10.0.0.0/8
Upstream http upstream:8888
🦁 Starting Tinyproxy...
args count: 3
args value: -c /app/proxy.conf -d
NOTICE    Jul 13 11:22:46.583 [1]: Initializing tinyproxy ...
NOTICE    Jul 13 11:22:46.583 [1]: Reloading config file
INFO      Jul 13 11:22:46.583 [1]: Stathost set to "tinyproxy.stats"
INFO      Jul 13 11:22:46.583 [1]: Setting "Via" header to 'Swarmproxy'
INFO      Jul 13 11:22:46.583 [1]: Added upstream http upstream:8888 for [default]
NOTICE    Jul 13 11:22:46.583 [1]: Reloading config file finished
INFO      Jul 13 11:22:46.583 [1]: listen_sock called with addr = '(NULL)'
INFO      Jul 13 11:22:46.583 [1]: trying to listen on host[0.0.0.0], family[2], socktype[1], proto[6]
INFO      Jul 13 11:22:46.583 [1]: listening on fd [3]
INFO      Jul 13 11:22:46.583 [1]: trying to listen on host[::], family[10], socktype[1], proto[6]
INFO      Jul 13 11:22:46.583 [1]: listening on fd [4]
INFO      Jul 13 11:22:46.583 [1]: Not running as root, so not changing UID/GID.
INFO      Jul 13 11:22:46.583 [1]: Setting the various signals.
INFO      Jul 13 11:22:46.583 [1]: Starting main loop. Accepting connections.
CONNECT   Jul 13 11:23:02.916 [1]: Connect (file descriptor 5): 10.0.38.4
CONNECT   Jul 13 11:23:02.916 [1]: Request (file descriptor 5): CONNECT google.com:443 HTTP/1.1
INFO      Jul 13 11:23:02.916 [1]: Found upstream proxy http upstream:8888 for google.com
INFO      Jul 13 11:23:02.916 [1]: opensock: opening connection to upstream:8888
INFO      Jul 13 11:23:02.916 [1]: opensock: getaddrinfo returned for upstream:8888
CONNECT   Jul 13 11:23:02.917 [1]: Established connection to upstream proxy "upstream" using file descriptor 6.
INFO      Jul 13 11:23:03.182 [1]: Closed connection between local client (fd:5) and remote client (fd:6)
  • Curl
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
HTTP/1.0 200 Connection established

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0   220    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
Via: 1.1 Swarmproxy (tinyproxy/1.11.1)
Proxy-agent: tinyproxy/1.11.1

HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-g1lolRpzk2b93t4bhY80uA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
date: Thu, 13 Jul 2023 11:23:03 GMT
expires: Thu, 13 Jul 2023 11:23:03 GMT
cache-control: private, max-age=2592000

server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+481; expires=Sat, 12-Jul-2025 11:23:03 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Fullstack example with external secrets and config (3-external.yml)

Source

🗄️ File: 3-upstream.yml

Description

This stack is based on the previous upstream example. It's modified to show these additional features:

  • Using external docker secret to set up an upstream proxy. Should be used when upstream needs authentication
  • Mounting a docker config as filter file
  • filtering queries by domains
  • added curl-blocked service to show output if target domain is not in whitelist

Usage

echo "google.com" | docker config create filter_file -
echo "upstream:8888" | docker secret create upstream-proxy -
docker stack deploy -c 1-minimal.yml swarmproxy-mini

Container Logs

  • Upstream
🦁 FILTER_FILE not found or set.
🦁 Final Swarmproxy config 🦁

3
Group 5123

8
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatHost "tinyproxy.stats"
StatFile "/usr/share/tinyproxy/stats.html"
LogLevel Info
MaxClients 600
ViaProxyName "Swarmproxy"
Allow 127.0.0.1/8
Allow 10.0.0.0/8
🦁 Starting Tinyproxy...
args count: 3
args value: -c /app/proxy.conf -d
NOTICE    Jul 13 11:37:47.554 [1]: Initializing tinyproxy ...
NOTICE    Jul 13 11:37:47.554 [1]: Reloading config file
INFO      Jul 13 11:37:47.554 [1]: Stathost set to "tinyproxy.stats"
INFO      Jul 13 11:37:47.554 [1]: Setting "Via" header to 'Swarmproxy'
NOTICE    Jul 13 11:37:47.554 [1]: Reloading config file finished
INFO      Jul 13 11:37:47.554 [1]: listen_sock called with addr = '(NULL)'
INFO      Jul 13 11:37:47.554 [1]: trying to listen on host[0.0.0.0], family[2], socktype[1], proto[6]
INFO      Jul 13 11:37:47.554 [1]: listening on fd [3]
INFO      Jul 13 11:37:47.554 [1]: trying to listen on host[::], family[10], socktype[1], proto[6]
INFO      Jul 13 11:37:47.554 [1]: listening on fd [4]
INFO      Jul 13 11:37:47.554 [1]: Not running as root, so not changing UID/GID.
INFO      Jul 13 11:37:47.554 [1]: Setting the various signals.
INFO      Jul 13 11:37:47.554 [1]: Starting main loop. Accepting connections.
CONNECT   Jul 13 11:38:22.698 [1]: Connect (file descriptor 5): 10.0.40.4
CONNECT   Jul 13 11:38:22.699 [1]: Request (file descriptor 5): CONNECT google.com:443 HTTP/1.1
INFO      Jul 13 11:38:22.699 [1]: No upstream proxy for google.com
INFO      Jul 13 11:38:22.699 [1]: opensock: opening connection to google.com:443
INFO      Jul 13 11:38:26.704 [1]: opensock: getaddrinfo returned for google.com:443
CONNECT   Jul 13 11:38:26.708 [1]: Established connection to host "google.com" using file descriptor 6.
INFO      Jul 13 11:38:26.708 [1]: Not sending client headers to remote machine
INFO      Jul 13 11:38:26.785 [1]: Closed connection between local client (fd:5) and remote client (fd:6)
  • Swarmproxy
🦁 Final Swarmproxy config 🦁

3
Group 5123

8
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatHost "tinyproxy.stats"
StatFile "/usr/share/tinyproxy/stats.html"
LogLevel Info
MaxClients 600
ViaProxyName "Swarmproxy"
Allow 127.0.0.1/8
Allow 10.0.0.0/8
Upstream http upstream:8888
Filter "/app/filter"
FilterURLs Off
FilterCaseSensitive Off
FilterDefaultDeny Yes
🦁 Starting Tinyproxy...
args count: 3
args value: -c /app/proxy.conf -d
NOTICE    Jul 13 11:37:57.704 [1]: Initializing tinyproxy ...
NOTICE    Jul 13 11:37:57.704 [1]: Reloading config file
INFO      Jul 13 11:37:57.704 [1]: Stathost set to "tinyproxy.stats"
INFO      Jul 13 11:37:57.704 [1]: Setting "Via" header to 'Swarmproxy'
INFO      Jul 13 11:37:57.704 [1]: Added upstream http upstream:8888 for [default]
NOTICE    Jul 13 11:37:57.704 [1]: Reloading config file finished
INFO      Jul 13 11:37:57.704 [1]: listen_sock called with addr = '(NULL)'
INFO      Jul 13 11:37:57.704 [1]: trying to listen on host[0.0.0.0], family[2], socktype[1], proto[6]
INFO      Jul 13 11:37:57.704 [1]: listening on fd [3]
INFO      Jul 13 11:37:57.704 [1]: trying to listen on host[::], family[10], socktype[1], proto[6]
INFO      Jul 13 11:37:57.704 [1]: listening on fd [4]
INFO      Jul 13 11:37:57.704 [1]: Not running as root, so not changing UID/GID.
INFO      Jul 13 11:37:57.704 [1]: Setting the various signals.
INFO      Jul 13 11:37:57.704 [1]: Starting main loop. Accepting connections.
CONNECT   Jul 13 11:38:00.361 [1]: Connect (file descriptor 5): 10.0.39.4
CONNECT   Jul 13 11:38:00.361 [1]: Request (file descriptor 5): CONNECT amazon.com:443 HTTP/1.1
NOTICE    Jul 13 11:38:00.361 [1]: Proxying refused on filtered domain "amazon.com"
CONNECT   Jul 13 11:38:14.022 [1]: Connect (file descriptor 5): 10.0.39.4
CONNECT   Jul 13 11:38:14.022 [1]: Request (file descriptor 5): CONNECT amazon.com:443 HTTP/1.1
NOTICE    Jul 13 11:38:14.022 [1]: Proxying refused on filtered domain "amazon.com"
CONNECT   Jul 13 11:38:22.698 [1]: Connect (file descriptor 5): 10.0.39.4
CONNECT   Jul 13 11:38:22.698 [1]: Request (file descriptor 5): CONNECT google.com:443 HTTP/1.1
INFO      Jul 13 11:38:22.698 [1]: Found upstream proxy http upstream:8888 for google.com
INFO      Jul 13 11:38:22.698 [1]: opensock: opening connection to upstream:8888
INFO      Jul 13 11:38:22.698 [1]: opensock: getaddrinfo returned for upstream:8888
CONNECT   Jul 13 11:38:22.698 [1]: Established connection to upstream proxy "upstream" using file descriptor 6.
CONNECT   Jul 13 11:38:25.064 [1]: Connect (file descriptor 7): 10.0.39.4
CONNECT   Jul 13 11:38:25.064 [1]: Request (file descriptor 7): CONNECT amazon.com:443 HTTP/1.1
NOTICE    Jul 13 11:38:25.064 [1]: Proxying refused on filtered domain "amazon.com"
INFO      Jul 13 11:38:26.785 [1]: Closed connection between local client (fd:5) and remote client (fd:6)
CONNECT   Jul 13 11:38:36.285 [1]: Connect (file descriptor 5): 10.0.39.4
CONNECT   Jul 13 11:38:36.285 [1]: Request (file descriptor 5): CONNECT amazon.com:443 HTTP/1.1
NOTICE    Jul 13 11:38:36.285 [1]: Proxying refused on filtered domain "amazon.com"
  • Curl
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
HTTP/1.0 200 Connection established

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:04 --:--:--     0
  0   220    0     0    0     0      0      0 --:--:--  0:00:04 --:--:--     0
Via: 1.1 Swarmproxy (tinyproxy/1.11.1)
Proxy-agent: tinyproxy/1.11.1

HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-UGtC_QXXA9WxUVfYPZJkJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
date: Thu, 13 Jul 2023 11:38:26 GMT
expires: Thu, 13 Jul 2023 11:38:26 GMT
cache-control: private, max-age=2592000

server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+670; expires=Sat, 12-Jul-2025 11:38:26 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • Curl-blocked
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
HTTP/1.1 403 Filtered
curl: (56) CONNECT tunnel failed, response 403
Server: tinyproxy/1.11.1
Content-Type: text/html
Connection: close