i Setting Up Web Proxy Using Squid and Docker-Compose – All things in moderation

Setting Up Web Proxy Using Squid and Docker-Compose

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.

In this tutorial, I will show you how to start running squid proxy with docker-compose on ubuntu server.

Install docker-ce, docker-compose:

wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_18.06.1~ce~3-0~ubuntu_amd64.deb
chmod 755 docker-ce_18.06.1~ce~3-0~ubuntu_amd64.deb
sudo dpkg -i docker-ce_18.06.1~ce~3-0~ubuntu_amd64.deb
sudo curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod 755  /usr/local/bin/docker-compose

Config and start Squid with SSLBump

**Download default config: **

git clone https://github.com/alatas/squid-alpine-ssl

Config the docker-compose.yml config file: Use docker image alatas/squid-alpine-ssl

Config the docker-compose.yml config file:

version: "3"
services:
  squid-alpine-ssl:
    image: alatas/squid-alpine-ssl:latest
    environment:
      - CN=squid.local
      - O=squid
      - OU=squid
      - C=US
    ports:
      - "3128:3128"
      - "4128:4128"
    volumes:
      - ./log:/var/log/
      - ./conf/squid.conf:/etc/squid/squid.conf
      - ./cache:/var/cache
      - ./cert:/etc/squid-cert
    restart: always
  • environment:
    CN: Common name of the certificate
    O : Organization of the certificate owner
    OU: Organization unit of the certificate owner
    C : Two letter code of the country

  • ports: ** There are two TCP endpoint configurations. **3128 is the regular proxy port of squid and it is not sslbump feature enabled. 4128 is the sslbump enabled port. If you want to change local ports to connect, change the first part of the settings. (ex. “8080:3128”)

  • With SSL Bump feature, squid decrypt HTTPs traffic then encrypt it using sslbump certificate before sending to the client.

**Run squid on docker-compse: ** In directory contain docker-compose.yml file, run following command to start squild proxy

sudo docker-compose up -d

**Check squid running: **
In directory contain docker-compose.yml file, run following command to lists containers

sudo docker-compose ps

This will running containers:

  • Run netstat command to check port 3128, 4128 are opening:
sudo netstat -nltp | grep squid

Download certificate: After running container, it will generate the certificate in folder cert,

Download CA.der file the install to your browser to use squid proxy port 4128.

Leave a Reply