|
||
---|---|---|
.gitea | ||
.vscode | ||
.woodpecker | ||
assets | ||
.changelog.yml | ||
.editorconfig | ||
.gitattributes | ||
.gitignore | ||
.gitlocal | ||
CHANGELOG.md | ||
docker-compose.yml | ||
Dockerfile | ||
entrypoint.sh | ||
LICENSE | ||
README.md | ||
renovate.json |
🦁 Swarmproxy is a simple http proxy to limit your outbound traffic.
📖 About
Swarmproxy is a simply way to integrate a http proxy in your Docker swarm cluster or any other container network. It acts as an centralized proxy to limit your outbound / egress traffic. You can also add a whitelist filter to limit the allowed domains. There is also an option to use a upstream proxy.
What does Swarmproxy for you?
Enterprise and production environments often face more stringent security requirements. Therefore, unfiltered Internet access may be prohibited.
So Swarmproxy could help you with these features:
- ✔️ Prevent direct web access from Container workload.
- ✔️ Upstream proxy with or without authentication
- ✔️ Optional domain based whitelist filter.
What does Swarmproxy not?
Swarmproxy is just a supercharged Tinyproxy where you can point your container workload to.
- ☣️ Swarmproxy does not block the web access or other traffic if you workload doesn't use a proxy
- ☣️ It's not a firewall, thus it does not customize your iptables or any other firewall policies.
🚀 Quickstart
1. ⚡ Get the image 📦
You can download the image from the Gitea embedded container registry: gitea.ocram85.com/ocram85/swarmproxy
with these tags:
latest
,main
- Is based on the lasted master branch commit.1
,0.1
,0.1.0
- tag based version.
💡 NOTE: See the packages page for latest version and all other available tags.
2. 🛡️ Run as Docker Swarm Stack
This example shows all available configuration keys / environment variables for Swarmproxy.
version: "3.8"
networks:
egress:
attachable: true
#external: true
#configs:
# filter_file:
# # config can be predefined / external or loaded from file
# #external: true
# file: ./filter.txt
#secrets:
# upstream-proxy:
# external: true
services:
swarmproxy:
# Do not use the `latest` tag in production!
image: gitea.ocram85.com/OCram85/swarmproxy:latest
deploy:
replicas: 1
#secrets:
# - upstream-proxy
environment:
- LOGLEVEL=Info
# Recommended settings
# Use an optional upstream proxy
#- UPSTREAM_PROXY=
# Set UPSTREAM_PROXY as docker secret if your upstream needs authentication
# Eg.: http://user:password@upstream.intra:3128
#- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY
# OPTIONAL config keys
#- TINYPROXY_UID=5123
#- TINYPROXY_GID=5123
#- PORT=8888
#- TIMEOUT=600
#- MAXCLIENTS=600
#- FILTER_FILE=/app/filter
volumes:
# You can mount a single filter file into the container.
# To reload the file use the docker kill -s USR1 <container_id| container_name> command.
# - ./filter.txt:/app/filter:ro
#configs:
# - source: filter_file
# target: /app/filter
networks:
egress:
aliases:
- swarmproxy
- proxy
3. 🚀 Full example
You can find a full example containing a fake upstream, swarmproxy and workload container in the docker-compose.yml file.
💣 Known Issues
😡 We're Using GitHub Under Protest
This project is currently mirrored to GitHub. This is not ideal; GitHub is a proprietary, trade-secret system that is not Free and Open Source Software (FOSS). We are deeply concerned about using a proprietary system like GitHub to develop our FOSS project. We have an open Gitea repository where the project contributors are actively discussing how we can move away from GitHub in the long term. We urge you to read about the Give up GitHub campaign from the Software Freedom Conservancy to understand some of the reasons why GitHub is not a good place to host FOSS projects.
If you are a contributor who personally has already quit using GitHub, please check this resource for how to send us contributions without using GitHub directly.
Any use of this project's code by GitHub Copilot, past or present, is done without our permission. We do not consent to GitHub's use of this project's code in Copilot.
🙏 Credits
Swarmproxy is based on the following projects and wouldn't be possible without them:
- Tinyproxy - The Tinyproxy project itself
- docker-tinyproxy - A containerized Tinyproxy variant.
- docker-tinyproxy - A containerized Tinyproxy variant.
⚖️ License (AGPLv3)
Swarmproxy - A simple http/https proxy for outbound traffic in a docker swarm cluster.
Copyright (C) 2023 "OCram85 <me@ocram85.com>"
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.