Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

actual Dockerfile and config in README #90

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

actual Dockerfile and config in README #90

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d409f63
actual Dockerfile and config in README
Nov 1, 2021
78bd7d8
Update README.md
foxmeyson Nov 2, 2021
9339389
Update Dockerfile
foxmeyson Nov 2, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 23 additions & 20 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,26 +19,29 @@ The simplest way to enable the forward proxy without authentication just include
Open a block for more control; here's an example of all properties in use (note that the syntax is subject to change):

```
forwardproxy {
basicauth user1 password1
basicauth user2 password2
ports 80 443
hide_ip
hide_via
probe_resistance secret-link-kWWL9Q.com # alternatively you can use a real domain, such as caddyserver.com
serve_pac /secret-proxy.pac
response_timeout 30
dial_timeout 30
upstream https://user:[email protected]
acl {
allow *.caddyserver.com
deny 192.168.1.1/32 192.168.0.0/16 *.prohibitedsite.com *.localhost
allow ::1/128 8.8.8.8 github.com *.github.io
allowfile /path/to/whitelist.txt
denyfile /path/to/blacklist.txt
allow all
deny all # unreachable rule, remaining requests are matched by `allow all` above
}
:2015 {
log / stdout "{remote} - {user} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {hostonly} {request_id} {latency_ms}"
foxmeyson marked this conversation as resolved.
Show resolved Hide resolved
forwardproxy {
basicauth user1 password1
basicauth user2 password2
ports 80 443
hide_ip
hide_via
probe_resistance secret-link-kWWL9Q.com # alternatively you can use a real domain, such as caddyserver.com
serve_pac /secret-proxy.pac
response_timeout 30
dial_timeout 30
upstream https://user:[email protected]
acl {
allow *.caddyserver.com
deny 192.168.1.1/32 192.168.0.0/16 *.prohibitedsite.com *.localhost
allow ::1/128 8.8.8.8 github.com *.github.io
allowfile /path/to/whitelist.txt
denyfile /path/to/blacklist.txt
allow all
deny all # unreachable rule, remaining requests are matched by `allow all` above
}
}
}
```

Expand Down
26 changes: 10 additions & 16 deletions docker-build/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,10 @@
FROM alpine:3.6

LABEL description="Docker image for caddy+forwardproxy plugin."
LABEL maintainer="[email protected]"

RUN apk add --no-cache ca-certificates bash curl

RUN curl --fail https://getcaddy.com | bash -s http.forwardproxy

COPY gen_caddyfile_and_start.sh /bin/

VOLUME /root/.caddy

EXPOSE 80 443 2015

ENTRYPOINT /bin/gen_caddyfile_and_start.sh
FROM golang:1.14.15 AS builder
RUN git clone https://github.com/caddyserver/forwardproxy.git
WORKDIR /go/forwardproxy/cmd/caddy
RUN go build caddy.go

FROM ubuntu:20.04
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, however, "Scratch" image gives you an empty file system, That is all it does. scratch on it's own does absolutely nothing, and has nothing in it.

COPY --from=builder /go/forwardproxy/cmd/caddy/caddy /usr/bin/caddy
EXPOSE 2015
ENTRYPOINT ["/usr/bin/caddy"]
CMD ["-conf", "/etc/caddy/Caddyfile", "--log", "/dev/stdout", "--agree=true"]