diff --git a/Dockerfile b/Dockerfile index 1b6a562..21041bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,13 +4,20 @@ LABEL maintainer="sameer@damagehead.com" ENV SQUID_VERSION=3.5.27 \ SQUID_CACHE_DIR=/var/spool/squid \ SQUID_LOG_DIR=/var/log/squid \ - SQUID_USER=proxy + SQUID_USER=proxy\ + AUTH_USER=proxy \ + AUTH_PASSWORD=proxy RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y squid=${SQUID_VERSION}* \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y squid=${SQUID_VERSION}* apache2-utils \ + && apt-get clean \ && rm -rf /var/lib/apt/lists/* +# Create authentication directory +RUN mkdir -p /etc/squid/auth + COPY entrypoint.sh /sbin/entrypoint.sh +RUN sed -i 's/\r$//' /sbin/entrypoint.sh RUN chmod 755 /sbin/entrypoint.sh EXPOSE 3128/tcp diff --git a/auth-sample/docker-compose.yml b/auth-sample/docker-compose.yml new file mode 100644 index 0000000..d5dc875 --- /dev/null +++ b/auth-sample/docker-compose.yml @@ -0,0 +1,16 @@ +services: + squid: + build: + context: ../ + dockerfile: Dockerfile + container_name: squid + hostname: squid + ports: + - "3128:3128" + volumes: + - ./data/cache:/var/spool/squid + - ./squid.conf:/etc/squid/squid.conf + environment: + AUTH_USER: "proxy" + AUTH_PASSWORD: "proxy" + restart: always diff --git a/auth-sample/squid.conf b/auth-sample/squid.conf new file mode 100644 index 0000000..5d4a8f1 --- /dev/null +++ b/auth-sample/squid.conf @@ -0,0 +1,19 @@ +# Enable basic authentication using NCSA password file +auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/auth/users +auth_param basic realm Squid Proxy Authentication + +# Define ACL for authenticated users +acl authenticated proxy_auth REQUIRED +# Critical & FATAl Errors +debug_options ALL,0 +# Warning +# debug_options ALL,1 + +# Allow only authenticated users +http_access allow authenticated + +# Deny everyone else +http_access deny all + +# Listen on default Squid port +http_port 3128 diff --git a/docker-compose.yml b/docker-compose.yml index fabba23..ca640ab 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,8 @@ -Squid: - image: sameersbn/squid:3.5.27-2 - ports: - - "3128:3128" - volumes: - - /srv/docker/squid/cache:/var/spool/squid - restart: always +services: + squid: + image: sameersbn/squid:3.5.27-2 + ports: + - "3128:3128" + volumes: + - /srv/docker/squid/cache:/var/spool/squid + restart: always diff --git a/entrypoint.sh b/entrypoint.sh index 7991227..dabfb4f 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -30,6 +30,8 @@ if [[ -z ${1} ]]; then echo "Initializing cache..." $(which squid) -N -f /etc/squid/squid.conf -z fi + echo "Creating squid auth credential..." + htpasswd -b -c /etc/squid/auth/users ${AUTH_USER} ${AUTH_PASSWORD} echo "Starting squid..." exec $(which squid) -f /etc/squid/squid.conf -NYCd 1 ${EXTRA_ARGS} else diff --git a/kubernetes/configmap.yml b/kubernetes/configmap.yml new file mode 100644 index 0000000..48c6c1f --- /dev/null +++ b/kubernetes/configmap.yml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: squid-conf +data: + squid.conf: | + # Enable basic authentication using NCSA password file + auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/auth/users + auth_param basic realm Squid Proxy Authentication + + # Define ACL for authenticated users + acl authenticated proxy_auth REQUIRED + # Critical & FATAl Errors + debug_options ALL,0 + # Warning + # debug_options ALL,1 + + # Allow only authenticated users + http_access allow authenticated + + # Deny everyone else + http_access deny all + + # Listen on default Squid port + http_port 3128 diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml new file mode 100644 index 0000000..0d4455a --- /dev/null +++ b/kubernetes/deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: squid +spec: + selector: + matchLabels: + name: squid + template: + metadata: + labels: + name: squid + spec: + # if you have a private image registry, uncomment the following lines and add your credentials + # imagePullSecrets: + # - name: regcred + containers: + - name: squid + image: kasra.r1.kubit.dev/today-general/squid-http-proxy:3.5.27 + resources: + limits: + cpu: 30m + memory: 300Mi + requests: + cpu: 10m + memory: 150Mi + envFrom: + - secretRef: + name: squid + ports: + - containerPort: 3128 + protocol: TCP + volumeMounts: + - mountPath: /var/spool/squid + name: data + - mountPath: /etc/squid/squid.conf + name: squid-conf + subPath: squid.conf + volumes: + - name: data + emptyDir: {} + - name: squid-conf + configMap: + name: squid-conf + items: + - key: squid.conf + path: squid.conf diff --git a/kubernetes/pod.yml b/kubernetes/pod.yml deleted file mode 100644 index 58a7e0c..0000000 --- a/kubernetes/pod.yml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: squid - labels: - name: squid -spec: - containers: - - name: squid - image: sameersbn/squid:3.5.27-2 - ports: - - containerPort: 3128 - protocol: TCP - volumeMounts: - - mountPath: /var/spool/squid - name: data - volumes: - - name: data - emptyDir: {} diff --git a/kubernetes/secret.yml b/kubernetes/secret.yml new file mode 100644 index 0000000..44e48eb --- /dev/null +++ b/kubernetes/secret.yml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: squid +type: Opaque +stringData: + AUTH_USER: proxy + AUTH_PASSWORD: proxy diff --git a/kubernetes/service.yml b/kubernetes/service.yml index 01ccf5d..cec8bdd 100644 --- a/kubernetes/service.yml +++ b/kubernetes/service.yml @@ -7,7 +7,7 @@ metadata: spec: type: LoadBalancer ports: - - port: 3128 + - port: 80 targetPort: 3128 protocol: TCP selector: