version: "3.7" services: squid: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: wrouesnel/docker-squid4 environment: - MITM_PROXY=yes - HTTP_PORT=3128 - MITM_CERT=/run/secrets/ca.crt - MITM_KEY=/run/secrets/ca.key - VISIBLE_HOSTNAME=git.local-domain - EXTRA_CONFIG1=tls_outgoing_options capath=/etc/ssl/certs \ options=NO_SSLv3,NO_TLSv1 \ min-version=1.2 #cipher=ECDHE+ECDSA \ #ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS \ - EXTRA_CONFIG2=sslproxy_cipher ECDHE+ECDSA+AESGCM:ECDHE+RSA+AESGCM:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM #:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS # - CONFIG_DISABLE=yes #volumes: #- ./squid-4/squid.intercept.conf:/etc/squid4/squid.conf # - squid-cache:/apps/squid/var/cache/squid #- ./squid.intercept.conf:/etc/squid/squid.conf #- ./myCA/CA_crt.pem:/local-mitm.crt:ro #- ./myCA/CA_key.pem:/local-mitm.pem:ro ports: - 3128:3128 networks: - appnet - externalnet secrets: - ca.crt - ca.key squid-deb: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: mikepurvis/squid-deb-proxy:latest volumes: - squid-deb-cache:/cachedir ports: - 8000:8000 networks: - appnet - externalnet volumes: squid-cache: squid-deb-cache: networks: appnet: driver: overlay externalnet: driver: overlay external: true secrets: 'ca.crt': file: .secrets/ca.crt 'ca.key': file: .secrets/ca.key