stack
/
squid
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity
squid/docker-compose.yml

68 lines
1.9 KiB
YAML
Raw Permalink Blame History

version: "3.7"
services:
squid-4:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: sigyl/squid-4:1.1.0
environment:
- MITM_PROXY=yes
- HTTP_PORT=3128
- MITM_CERT=/run/secrets/ca.crt
- MITM_KEY=/run/secrets/ca.key
- VISIBLE_HOSTNAME=$LOCAL_DOMAIN
- >
EXTRA_CONFIG1=tls_outgoing_options
capath=/etc/ssl/certs
options=NO_SSLv3,NO_TLSv1 min-version=1.2
# - EXTRA_CONFIG2=sslproxy_cipher ECDHE+ECDSA+AESGCM:ECDHE+RSA+AESGCM:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM #:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
# these are basically to make everything canched
- 'EXTRA_CONFIG2=refresh_pattern ^http: 999999999 1000000000% 999999999 override-expire'
- 'EXTRA_CONFIG3=refresh_pattern ^https: 999999999 1000000000% 999999999 override-expire'
- EXTRA_CONFIG4= acl no_cache_domains dstdomain auth.docker.io
- EXTRA_CONFIG5=cache deny no_cache_domains
volumes:
- squid-4-cache:/var/cache/squid4
ports:
- 3128:3128
networks:
- appnet
- externalnet
secrets:
- ca.crt
- ca.key
squid-deb:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: sigyl/squid-deb-proxy:1.0.0
volumes:
- squid-deb-cache:/cachedir
ports:
- 8000:8000
networks:
- appnet
- externalnet
volumes:
squid-4-cache:
squid-deb-cache:
networks:
appnet:
driver: overlay
externalnet:
driver: overlay
external: true
secrets:
'ca.crt':
file: .secrets/ca.crt
'ca.key':
file: .secrets/ca.key
Reference in New Issue View Git Blame Copy Permalink