catatnight/secureproxy

By catatnight

Updated about 9 years ago

Secure Proxy (frontend:nghttpx; backend:squid3)

Image
3

242

Requirement

  • Docker 1.0
  • A domain and an SSL certificate signed by a trusted CA, (e.g. StartSSL.com)
  • Google Chrome

Installation

  1. Build image (as root)

    $ docker pull catatnight/secureproxy
    $ wget https://raw.githubusercontent.com/catatnight/docker-secureproxy/master/manage.py
    $ chmod +x manage.py
    
  2. Save SSL certs (same directory as where manage.py is)

    $ mkdir -p certs
    $ cp {file.key,file.crt} certs/
    

Usage

  1. Create container and manage it (as root)
    • Uses a RADIUS server for login validation

      $ ./manage.py create -p 1234 --radius_server 6.7.8.9 --radius_secret radpass
      
    • Uses an NCSA-style username and password file

      $ ./manage.py create -p 1234 --ncsa_users user1:pwd1[,user2:pwd2,...]
      
    • General usage

      $ ./manage.py -h
      usage: manage.py [-h] [-p PROXY_PORT] [--radius_server RADIUS_SERVER]
      		 [--radius_secret RADIUS_SECRET] [--ncsa_users NCSA_USERS]
      		 {create,start,stop,restart,delete}
      
  2. Using a Secure Web Proxy with Chrome by three optional ways
    1. add command-line argument --proxy-server=https://<your.proxy.domain>:<proxy_port>

    2. proxy auto-config (PAC) file

      function FindProxyForURL(url, host) {
      	return "HTTPS <your.proxy.domain>:<proxy_port>";
      }
      
    3. chrome extension SwitchyOmega|falcon proxy

Note

  • squid3 needs to use port 3128
  • accounting information (data transfer) will be sent to a RADIUS server everyday by squid2radius
  • swap needed on host machine since docker 0.10 (especially to DigitalOcean user)

Reference

Docker Pull Command

docker pull catatnight/secureproxy