Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
In this tutorial, I will show you how to start running squid proxy with docker-compose on ubuntu server.
Install docker-ce, docker-compose:
wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_18.06.1~ce~3-0~ubuntu_amd64.deb chmod 755 docker-ce_18.06.1~ce~3-0~ubuntu_amd64.deb sudo dpkg -i docker-ce_18.06.1~ce~3-0~ubuntu_amd64.deb sudo curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod 755 /usr/local/bin/docker-compose
Config and start Squid with SSLBump
**Download default config: **
git clone https://github.com/alatas/squid-alpine-ssl
Config the docker-compose.yml config file: Use docker image alatas/squid-alpine-ssl
Config the docker-compose.yml config file:
version: "3" services: squid-alpine-ssl: image: alatas/squid-alpine-ssl:latest environment: - CN=squid.local - O=squid - OU=squid - C=US ports: - "3128:3128" - "4128:4128" volumes: - ./log:/var/log/ - ./conf/squid.conf:/etc/squid/squid.conf - ./cache:/var/cache - ./cert:/etc/squid-cert restart: always
- environment:
CN: Common name of the certificate
O : Organization of the certificate owner
OU: Organization unit of the certificate owner
C : Two letter code of the country -
ports: ** There are two TCP endpoint configurations. **3128 is the regular proxy port of squid and it is not sslbump feature enabled. 4128 is the sslbump enabled port. If you want to change local ports to connect, change the first part of the settings. (ex. “8080:3128”)
-
With SSL Bump feature, squid decrypt HTTPs traffic then encrypt it using sslbump certificate before sending to the client.
**Run squid on docker-compse: ** In directory contain docker-compose.yml file, run following command to start squild proxy
sudo docker-compose up -d
**Check squid running: **
In directory contain docker-compose.yml file, run following command to lists containers
sudo docker-compose ps
This will running containers:
- Run netstat command to check port 3128, 4128 are opening:
sudo netstat -nltp | grep squid
Download certificate: After running container, it will generate the certificate in folder cert,
Download CA.der file the install to your browser to use squid proxy port 4128.