From d409f6318fb58f133455c297f2d8ad6ef8e8a5de Mon Sep 17 00:00:00 2001 From: Evgenii Zhuravlev <> Date: Mon, 1 Nov 2021 20:51:40 +0300 Subject: [PATCH 1/3] actual Dockerfile and config in README --- README.md | 45 ++++++++++++++++++++++------------------- docker-build/Dockerfile | 26 +++++++++--------------- 2 files changed, 34 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index 7081026..a42be59 100644 --- a/README.md +++ b/README.md @@ -19,26 +19,29 @@ The simplest way to enable the forward proxy without authentication just include Open a block for more control; here's an example of all properties in use (note that the syntax is subject to change): ``` -forwardproxy { - basicauth user1 password1 - basicauth user2 password2 - ports 80 443 - hide_ip - hide_via - probe_resistance secret-link-kWWL9Q.com # alternatively you can use a real domain, such as caddyserver.com - serve_pac /secret-proxy.pac - response_timeout 30 - dial_timeout 30 - upstream https://user:password@extra-upstream-hop.com - acl { - allow *.caddyserver.com - deny 192.168.1.1/32 192.168.0.0/16 *.prohibitedsite.com *.localhost - allow ::1/128 8.8.8.8 github.com *.github.io - allowfile /path/to/whitelist.txt - denyfile /path/to/blacklist.txt - allow all - deny all # unreachable rule, remaining requests are matched by `allow all` above - } +:80, :443 { + log / stdout "{remote} - {user} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {hostonly} {request_id} {latency_ms}" + forwardproxy { + basicauth user1 password1 + basicauth user2 password2 + ports 80 443 + hide_ip + hide_via + probe_resistance secret-link-kWWL9Q.com # alternatively you can use a real domain, such as caddyserver.com + serve_pac /secret-proxy.pac + response_timeout 30 + dial_timeout 30 + upstream https://user:password@extra-upstream-hop.com + acl { + allow *.caddyserver.com + deny 192.168.1.1/32 192.168.0.0/16 *.prohibitedsite.com *.localhost + allow ::1/128 8.8.8.8 github.com *.github.io + allowfile /path/to/whitelist.txt + denyfile /path/to/blacklist.txt + allow all + deny all # unreachable rule, remaining requests are matched by `allow all` above + } + } } ``` @@ -168,4 +171,4 @@ Licensed under the [Apache License](LICENSE) USE AT YOUR OWN RISK. THIS IS DELIVERED AS-IS. By using this software, you agree and assert that authors, maintainers, and contributors of this software are not responsible or liable for any risks, costs, or problems you may encounter. Consider your threat model and be smart. If you find a flaw or bug, please submit a patch and help make things better! -Initial version of this plugin was developed by Google. This is not an official Google product. +Initial version of this plugin was developed by Google. This is not an official Google product. \ No newline at end of file diff --git a/docker-build/Dockerfile b/docker-build/Dockerfile index 5637e07..b01aa69 100644 --- a/docker-build/Dockerfile +++ b/docker-build/Dockerfile @@ -1,16 +1,10 @@ -FROM alpine:3.6 - -LABEL description="Docker image for caddy+forwardproxy plugin." -LABEL maintainer="SergeyFrolov@colorado.edu" - -RUN apk add --no-cache ca-certificates bash curl - -RUN curl --fail https://getcaddy.com | bash -s http.forwardproxy - -COPY gen_caddyfile_and_start.sh /bin/ - -VOLUME /root/.caddy - -EXPOSE 80 443 2015 - -ENTRYPOINT /bin/gen_caddyfile_and_start.sh +FROM golang:1.14.15 AS builder +RUN git clone https://github.com/caddyserver/forwardproxy.git +WORKDIR /go/forwardproxy/cmd/caddy +RUN go build caddy.go + +FROM ubuntu:20.04 +COPY --from=builder /go/forwardproxy/cmd/caddy/caddy /usr/bin/caddy +EXPOSE 80 443 +ENTRYPOINT ["/usr/bin/caddy"] +CMD ["-conf", "/etc/caddy/Caddyfile", "--log", "/dev/stdout", "--agree=true"] \ No newline at end of file From 78bd7d824ea46c66515ffa6a5e4491fed59551ca Mon Sep 17 00:00:00 2001 From: foxmeyson <36617784+foxmeyson@users.noreply.github.com> Date: Tue, 2 Nov 2021 19:17:24 +0300 Subject: [PATCH 2/3] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a42be59..bfdde1e 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ The simplest way to enable the forward proxy without authentication just include Open a block for more control; here's an example of all properties in use (note that the syntax is subject to change): ``` -:80, :443 { +:2015 { log / stdout "{remote} - {user} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {hostonly} {request_id} {latency_ms}" forwardproxy { basicauth user1 password1 @@ -171,4 +171,4 @@ Licensed under the [Apache License](LICENSE) USE AT YOUR OWN RISK. THIS IS DELIVERED AS-IS. By using this software, you agree and assert that authors, maintainers, and contributors of this software are not responsible or liable for any risks, costs, or problems you may encounter. Consider your threat model and be smart. If you find a flaw or bug, please submit a patch and help make things better! -Initial version of this plugin was developed by Google. This is not an official Google product. \ No newline at end of file +Initial version of this plugin was developed by Google. This is not an official Google product. From 93393892aaab79c0e38ca0ee33d47680312a2ed4 Mon Sep 17 00:00:00 2001 From: foxmeyson <36617784+foxmeyson@users.noreply.github.com> Date: Tue, 2 Nov 2021 19:21:11 +0300 Subject: [PATCH 3/3] Update Dockerfile --- docker-build/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-build/Dockerfile b/docker-build/Dockerfile index b01aa69..40451c5 100644 --- a/docker-build/Dockerfile +++ b/docker-build/Dockerfile @@ -5,6 +5,6 @@ RUN go build caddy.go FROM ubuntu:20.04 COPY --from=builder /go/forwardproxy/cmd/caddy/caddy /usr/bin/caddy -EXPOSE 80 443 +EXPOSE 2015 ENTRYPOINT ["/usr/bin/caddy"] -CMD ["-conf", "/etc/caddy/Caddyfile", "--log", "/dev/stdout", "--agree=true"] \ No newline at end of file +CMD ["-conf", "/etc/caddy/Caddyfile", "--log", "/dev/stdout", "--agree=true"]