feat: add squid proxy dockerfile and config

UnlockedLabs · Jan 14, 2025 · 9898b42 · 9898b42
1 parent e7ab19b
commit 9898b42
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 2 deletions.
diff --git a/config/entrypoint.sh b/config/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/ash
+/usr/lib/squid/security_file_certgen -c -s /var/cache/squid/ssl_db -M 4MB
+chown -R squid:squid /var/cache/squid/ssl_db /var/log/squid
+squid -NYCd 1 -f /etc/squid/squid.conf
diff --git a/config/proxy.Dockerfile b/config/proxy.Dockerfile
@@ -0,0 +1,15 @@
+FROM alpine:latest
+
+RUN apk add --no-cache \
+	squid \
+	gettext \
+	libressl \
+	ca-certificates && \
+	update-ca-certificates
+
+RUN mkdir -p /etc/squid/ssl_cert /var/cache/squid/ /var/spool/squid /var/log/squid/ && \
+	chown -R squid:squid /etc/squid/ssl_cert /var/cache/squid/ /var/log/squid/ /var/spool/squid
+
+EXPOSE 3128
+ENTRYPOINT ["entrypoint/entrypoint.sh"]
+CMD ["squid", "-NYCd", "1"]
diff --git a/config/squid.conf b/config/squid.conf
@@ -0,0 +1,65 @@
+acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
+acl localnet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
+acl localnet src fc00::/7       	# RFC 4193 local private network range
+acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
+
+acl Safe_ports port 80		# http
+acl Safe_ports port 21		# ftp
+acl Safe_ports port 443		# https
+acl Safe_ports port 70		# gopher
+acl Safe_ports port 210		# wais
+acl Safe_ports port 1025-65535	# unregistered ports
+acl Safe_ports port 280		# http-mgmt
+acl Safe_ports port 488		# gss-http
+acl Safe_ports port 591		# filemaker
+acl Safe_ports port 777		# multiling http
+
+cache_mem 64 MB
+maximum_object_size_in_memory 512 KB
+
+http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/squid.pem key=/etc/squid/ssl_cert/squid.key
+
+http_access deny !Safe_ports
+
+acl step1 at_step SslBump1
+
+acl ip_sni ssl::server_name_regex -i ^\d+\.\d+\.\d+\.\d+$
+
+acl no_sni ssl::server_name none
+
+acl https_ip_url url_regex -i ^https?://([0-9]{1,3}\.){3}[0-9]{1,3}
+acl ip_url url_regex -i ^([0-9]{1,3}\.){3}[0-9]{1,3}
+
+ssl_bump peek step1
+ssl_bump terminate ip_sni
+ssl_bump terminate no_sni
+ssl_bump splice all
+
+logfile_rotate 0
+
+http_access deny https_ip_url
+http_access deny ip_url
+http_access deny ip_sni
+http_access deny no_sni
+
+http_access allow localnet
+http_access allow localhost
+
+http_access deny all
+
+# Uncomment and adjust the following to add a disk cache directory.
+#cache_dir ufs /var/cache/squid 100 16 256
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/cache/squid
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern ^ftp:		1440	20%	10080
+refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
+refresh_pattern .		0	20%	4320
diff --git a/provider-middleware/Dockerfile b/provider-middleware/Dockerfile
@@ -1,12 +1,11 @@
 ARG FFMPEG_VERSION=7.1
 ARG GOLANG_VERSION=1.23.2
 # TODO The following variable needs to be reworked as it does not work within a shell curl command maybe
-ARG YTDLP_VERSION=2024.12.23
 
 FROM mwader/static-ffmpeg:$FFMPEG_VERSION AS ffmpeg
 
 FROM golang:$GOLANG_VERSION AS yt-dlp
-RUN curl -L https://github.com/yt-dlp/yt-dlp/releases/download/2024.12.23/yt-dlp -o /yt-dlp && chmod a+x /yt-dlp
+RUN curl -L https://github.com/yt-dlp/yt-dlp/releases/download/2024.01.12/yt-dlp -o /yt-dlp && chmod a+x /yt-dlp
 
 FROM golang:$GOLANG_VERSION-alpine as builder
 WORKDIR /app