70 lines
1.8 KiB
YAML
70 lines
1.8 KiB
YAML
version: "3.7"
|
|
services:
|
|
squid:
|
|
deploy:
|
|
placement:
|
|
constraints: [node.labels.com.sigyl.git-stack == yes]
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: any
|
|
image: wrouesnel/docker-squid4
|
|
environment:
|
|
- MITM_PROXY=yes
|
|
- HTTP_PORT=3128
|
|
- MITM_CERT=/run/secrets/ca.crt
|
|
- MITM_KEY=/run/secrets/ca.key
|
|
- VISIBLE_HOSTNAME=git.local-domain
|
|
- EXTRA_CONFIG1=tls_outgoing_options capath=/etc/ssl/certs \
|
|
options=NO_SSLv3,NO_TLSv1 \
|
|
min-version=1.2
|
|
#cipher=ECDHE+ECDSA \
|
|
|
|
#ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS \
|
|
- EXTRA_CONFIG2=sslproxy_cipher ECDHE+ECDSA+AESGCM:ECDHE+RSA+AESGCM:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM #:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
|
|
# - CONFIG_DISABLE=yes
|
|
#volumes:
|
|
#- ./squid-4/squid.intercept.conf:/etc/squid4/squid.conf
|
|
# - squid-cache:/apps/squid/var/cache/squid
|
|
#- ./squid.intercept.conf:/etc/squid/squid.conf
|
|
#- ./myCA/CA_crt.pem:/local-mitm.crt:ro
|
|
#- ./myCA/CA_key.pem:/local-mitm.pem:ro
|
|
ports:
|
|
- 3128:3128
|
|
networks:
|
|
- appnet
|
|
- externalnet
|
|
secrets:
|
|
- ca.crt
|
|
- ca.key
|
|
squid-deb:
|
|
deploy:
|
|
placement:
|
|
constraints: [node.labels.com.sigyl.git-stack == yes]
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: any
|
|
image: mikepurvis/squid-deb-proxy:latest
|
|
volumes:
|
|
- squid-deb-cache:/cachedir
|
|
ports:
|
|
- 8000:8000
|
|
networks:
|
|
- appnet
|
|
- externalnet
|
|
volumes:
|
|
squid-cache:
|
|
squid-deb-cache:
|
|
|
|
networks:
|
|
appnet:
|
|
driver: overlay
|
|
externalnet:
|
|
driver: overlay
|
|
external: true
|
|
|
|
secrets:
|
|
'ca.crt':
|
|
file: .secrets/ca.crt
|
|
'ca.key':
|
|
file: .secrets/ca.key
|