You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
- version: "3.7"
- services:
- squid-4:
- deploy:
- placement:
- constraints: [node.labels.com.sigyl.git-stack == yes]
- replicas: 1
- restart_policy:
- condition: any
- image: sigyl/squid-4:1.1.0
- environment:
- - MITM_PROXY=yes
- - HTTP_PORT=3128
- - MITM_CERT=/run/secrets/ca.crt
- - MITM_KEY=/run/secrets/ca.key
- - VISIBLE_HOSTNAME=$LOCAL_DOMAIN
- - >
- EXTRA_CONFIG1=tls_outgoing_options
- capath=/etc/ssl/certs
- options=NO_SSLv3,NO_TLSv1 min-version=1.2
- # - EXTRA_CONFIG2=sslproxy_cipher ECDHE+ECDSA+AESGCM:ECDHE+RSA+AESGCM:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM #:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
- # these are basically to make everything canched
- - 'EXTRA_CONFIG2=refresh_pattern ^http: 999999999 1000000000% 999999999 override-expire'
- - 'EXTRA_CONFIG3=refresh_pattern ^https: 999999999 1000000000% 999999999 override-expire'
- - EXTRA_CONFIG4= acl no_cache_domains dstdomain auth.docker.io
- - EXTRA_CONFIG5=cache deny no_cache_domains
- volumes:
- - squid-4-cache:/var/cache/squid4
- ports:
- - 3128:3128
- networks:
- - appnet
- - externalnet
- secrets:
- - ca.crt
- - ca.key
- squid-deb:
- deploy:
- placement:
- constraints: [node.labels.com.sigyl.git-stack == yes]
- replicas: 1
- restart_policy:
- condition: any
- image: sigyl/squid-deb-proxy:1.0.0
- volumes:
- - squid-deb-cache:/cachedir
- ports:
- - 8000:8000
- networks:
- - appnet
- - externalnet
- volumes:
- squid-4-cache:
- squid-deb-cache:
-
- networks:
- appnet:
- driver: overlay
- externalnet:
- driver: overlay
- external: true
-
- secrets:
- 'ca.crt':
- file: .secrets/ca.crt
- 'ca.key':
- file: .secrets/ca.key
|