squid/docker-compose.yml

version: "3.7"
services:
  squid-4:
    deploy:
      placement:
        constraints: [node.labels.com.sigyl.git-stack == yes]
      replicas: 1
      restart_policy:
        condition: any
    image: sigyl/squid-4:1.1.0
    environment:
      - MITM_PROXY=yes
      - HTTP_PORT=3128
      - MITM_CERT=/run/secrets/ca.crt
      - MITM_KEY=/run/secrets/ca.key
      - VISIBLE_HOSTNAME=git.local-domain
      - >
        EXTRA_CONFIG1=tls_outgoing_options
        capath=/etc/ssl/certs
        options=NO_SSLv3,NO_TLSv1 min-version=1.2
      # - EXTRA_CONFIG2=sslproxy_cipher ECDHE+ECDSA+AESGCM:ECDHE+RSA+AESGCM:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM #:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
      # these are basically to make everything canched
      - 'EXTRA_CONFIG2=refresh_pattern ^http:  999999999     1000000000%    999999999 override-expire'
      - 'EXTRA_CONFIG3=refresh_pattern ^https:  999999999     1000000000%    999999999 override-expire'
      - EXTRA_CONFIG4= acl no_cache_domains dstdomain auth.docker.io
      - EXTRA_CONFIG5=cache deny no_cache_domains
    volumes:
      - squid-4-cache:/var/cache/squid4
    ports:
      - 3128:3128
    networks:
      - appnet
      - externalnet
    secrets:
      - ca.crt
      - ca.key
  squid-deb:
    deploy:
      placement:
        constraints: [node.labels.com.sigyl.git-stack == yes]
      replicas: 1
      restart_policy:
        condition: any
    image: sigyl/squid-deb-proxy:1.0.0
    volumes:
      - squid-deb-cache:/cachedir
    ports:
      - 8000:8000
    networks:
      - appnet
      - externalnet
volumes:
  squid-4-cache:
  squid-deb-cache:

networks:
  appnet:
    driver: overlay
  externalnet:
    driver: overlay
    external: true

secrets:
  'ca.crt':
    file: .secrets/ca.crt
  'ca.key':
    file: .secrets/ca.key
first build 2020-07-30 14:32:27 +00:00			`version: "3.7"`
			`services:`
. 2020-08-07 12:52:04 +00:00			`squid-4:`
first build 2020-07-30 14:32:27 +00:00			`deploy:`
			`placement:`
			`constraints: [node.labels.com.sigyl.git-stack == yes]`
			`replicas: 1`
			`restart_policy:`
			`condition: any`
fix: sigyl/squid-4 v 1.1.0 2020-08-12 10:53:17 +00:00			`image: sigyl/squid-4:1.1.0`
. 2020-08-06 10:34:15 +00:00			`environment:`
test: squid:4 2020-08-06 10:50:03 +00:00			`- MITM_PROXY=yes`
			`- HTTP_PORT=3128`
. 2020-08-06 14:41:10 +00:00			`- MITM_CERT=/run/secrets/ca.crt`
			`- MITM_KEY=/run/secrets/ca.key`
test: squid:4 2020-08-06 10:50:03 +00:00			`- VISIBLE_HOSTNAME=git.local-domain`
. 2020-08-06 21:16:29 +00:00			`- >`
			`EXTRA_CONFIG1=tls_outgoing_options`
			`capath=/etc/ssl/certs`
			`options=NO_SSLv3,NO_TLSv1 min-version=1.2`
. 2020-08-07 12:52:04 +00:00			`# - EXTRA_CONFIG2=sslproxy_cipher ECDHE+ECDSA+AESGCM:ECDHE+RSA+AESGCM:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM #:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS`
. 2020-08-06 21:16:29 +00:00			`# these are basically to make everything canched`
. 2020-08-07 13:20:13 +00:00			`- 'EXTRA_CONFIG2=refresh_pattern ^http: 999999999 1000000000% 999999999 override-expire'`
			`- 'EXTRA_CONFIG3=refresh_pattern ^https: 999999999 1000000000% 999999999 override-expire'`
. 2020-08-07 13:35:53 +00:00			`- EXTRA_CONFIG4= acl no_cache_domains dstdomain auth.docker.io`
. 2020-08-07 13:33:28 +00:00			`- EXTRA_CONFIG5=cache deny no_cache_domains`
. 2020-08-07 12:52:04 +00:00			`volumes:`
			`- squid-4-cache:/var/cache/squid4`
first build 2020-07-30 14:32:27 +00:00			`ports:`
ci: change to squid image 2020-08-03 11:28:17 +00:00			`- 3128:3128`
first build 2020-07-30 14:32:27 +00:00			`networks:`
			`- appnet`
			`- externalnet`
. 2020-08-06 14:41:10 +00:00			`secrets:`
			`- ca.crt`
			`- ca.key`
ci: added squid-deb and squid 2020-08-03 12:49:03 +00:00			`squid-deb:`
			`deploy:`
			`placement:`
			`constraints: [node.labels.com.sigyl.git-stack == yes]`
			`replicas: 1`
			`restart_policy:`
			`condition: any`
ci: use sigyl docker images 2020-08-12 10:11:53 +00:00			`image: sigyl/squid-deb-proxy:1.0.0`
ci: added squid-deb and squid 2020-08-03 12:49:03 +00:00			`volumes:`
			`- squid-deb-cache:/cachedir`
			`ports:`
			`- 8000:8000`
			`networks:`
			`- appnet`
			`- externalnet`
first build 2020-07-30 14:32:27 +00:00			`volumes:`
. 2020-08-07 12:52:04 +00:00			`squid-4-cache:`
ci: added squid-deb and squid 2020-08-03 12:49:03 +00:00			`squid-deb-cache:`
first build 2020-07-30 14:32:27 +00:00
			`networks:`
			`appnet:`
			`driver: overlay`
			`externalnet:`
			`driver: overlay`
ci: added squid-deb and squid 2020-08-03 12:49:03 +00:00			`external: true`
. 2020-08-06 14:34:23 +00:00
			`secrets:`
. 2020-08-06 14:41:10 +00:00			`'ca.crt':`
. 2020-08-06 14:36:35 +00:00			`file: .secrets/ca.crt`
. 2020-08-06 14:41:10 +00:00			`'ca.key':`
. 2020-08-06 14:34:23 +00:00			`file: .secrets/ca.key`