squid/docker-compose.yml

70 lines
1.8 KiB
YAML

version: "3.7"
services:
squid:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: wrouesnel/docker-squid4
environment:
- MITM_PROXY=yes
- HTTP_PORT=3128
- MITM_CERT=/run/secrets/ca.crt
- MITM_KEY=/run/secrets/ca.key
- VISIBLE_HOSTNAME=git.local-domain
- EXTRA_CONFIG1=tls_outgoing_options capath=/etc/ssl/certs \
options=NO_SSLv3,NO_TLSv1 \
min-version=1.2
#cipher=ECDHE+ECDSA \
#ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS \
- EXTRA_CONFIG2=sslproxy_cipher ECDHE+ECDSA+AESGCM:ECDHE+RSA+AESGCM:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM #:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
# - CONFIG_DISABLE=yes
#volumes:
#- ./squid-4/squid.intercept.conf:/etc/squid4/squid.conf
# - squid-cache:/apps/squid/var/cache/squid
#- ./squid.intercept.conf:/etc/squid/squid.conf
#- ./myCA/CA_crt.pem:/local-mitm.crt:ro
#- ./myCA/CA_key.pem:/local-mitm.pem:ro
ports:
- 3128:3128
networks:
- appnet
- externalnet
secrets:
- ca.crt
- ca.key
squid-deb:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: mikepurvis/squid-deb-proxy:latest
volumes:
- squid-deb-cache:/cachedir
ports:
- 8000:8000
networks:
- appnet
- externalnet
volumes:
squid-cache:
squid-deb-cache:
networks:
appnet:
driver: overlay
externalnet:
driver: overlay
external: true
secrets:
'ca.crt':
file: .secrets/ca.crt
'ca.key':
file: .secrets/ca.key