Previously we configure a squid high anonymous proxy server, allowing all traffic, create a basic authentication to using our proxy server, set the configuration squid.conf file.
But this time we want to use Docker technology to build and deploy our anonymous proxy server in the 3 simple steps starting with installing docker, creating our docker image file, and deploying it.
Installing Docker On our Ubuntu Linux Server.
Update and Upgrade Ubuntu Linux
# apt update # apt upgrade
Installing Docker Repository and GPG
# apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Install Docker Engine
# apt-get update # apt-get install docker-ce docker-ce-cli containerd.io
You can install Docker for Windows by following the guide The Best Way to Install Docker Desktop On Windows As A Professional
Create Our Squid Docker Image File.
In our working directory, we will create 2 files, the first one is our docker image file named “Dockerfile” with the instructions below, but do not forget to set your proxy_username, and proxy_password.
Our docker base image will be the latest Ubuntu/Squid verified.
#GET the base default Squid image from docker hub FROM ubuntu/squid:latest #Delete the Existing Squid default configuration file RUN rm /etc/squid/squid.conf ARG DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install -yq apt-utils && apt-get install -y apache2-utils #Create Proxy Basic Authentication file Dont forget to set username and password.. RUN htpasswd -b -c /etc/squid/squid_passwd proxy_username proxy_password #Copy our custom squid.conf file to the Squid server configuration file path. COPY ./squid.conf /etc/squid/ #Exposed Port EXPOSE 8080
The second one is “squid.conf” file which contains our previous configuration to apply the High Anonymous Proxy Server.
# Define allowable Networks or IPs. acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 # Define Your Secure VPN acl vpn src 192.1.1.0/24 # Do not show client IP address forwarded_for off via off # Prefer IPv4 dns_v4_first on dns_nameservers 8.8.8.8 1.1.1.1 # Bypass all validation errors, and do not verify sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER # Apply authentcation auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/squid_passwd auth_param basic realm proxy acl authenticated proxy_auth REQUIRED http_access allow authenticated http_access allow manager localhost http_access allow vpn http_access deny manager http_access deny all cache deny all # Set port number to listen to http_port 8080 coredump_dir /var/spool/squid # Request Headers ## Deny follwoing requests for anonymous config request_header_access Via deny all request_header_access Forwarded-For deny all request_header_access X-Forwarded-For deny all request_header_access Referer deny all request_header_access From deny all request_header_access Cookie deny all ## Allow all Others request_header_access All allow all # Replace User-agent string request_header_replace User-Agent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36' # Reply Headers ## Deny follwoing replies for anonymous config reply_header_access Via deny all reply_header_access Server deny all reply_header_access WWW-Authenticate deny all reply_header_access Link deny all reply_header_access Cookie deny all ## Allow all others reply_header_access All allow all # Logs are managed by logrotate logfile_rotate 0
Build And Run Our Squid Proxy Docker Container.
Building our Squid Docker Image from our Dockerfile by running with the name “squid-image”
# docker build -t squid-image.
PS: Do not forget the dot “.” at the end of the above docker build command.
The output summary will be similar to that
root@localhost:~/squid# docker build -t squid-image . Sending build context to Docker daemon 5.12kB Step 1/7 : FROM ubuntu/squid:latest ---> 999a52c2ae38 Step 2/7 : RUN rm /etc/squid/squid.conf ---> Using cache ---> 4b17a1fadba3 Step 3/7 : ARG DEBIAN_FRONTEND=noninteractive ---> Using cache ---> e943eacf49f9 Step 4/7 : RUN apt-get update && apt-get install -yq apt-utils && apt-get install -y apache2-utils ---> Using cache ---> cf9067edd7ec Step 5/7 : RUN htpasswd -b -c /etc/squid/squid_passwd proxy_username proxy_password ---> Using cache ---> 2c258b3d6f0f Step 6/7 : COPY ./squid.conf /etc/squid/ ---> Using cache ---> aef763bf78d8 Step 7/7 : EXPOSE 8080 ---> Using cache ---> 9874f9a89579 Successfully built 9874f9a89579 Successfully tagged squid-image:latest
Run our Squid Docker container in the background with exposed port 8080 as the following
# docker run -d --name squid-container -e TZ=UTC -p 8080:8080 squid-image
The output will be similar to
# docker run -d --name squid-container -e TZ=UTC -p 8080:8080 squid-image 6661f0eed31586cd45a4731e7bab30396826d62a9533154f394d7c2142d04071
To check the listen to ports, running
# lsof -i :8080
Also, you can install net-tools package to use netstat command as the following
root@localhost:~/squid# netstat -puntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 24347/docker-proxy
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 464/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 687/sshd: /usr/sbin
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 759/sshd: root@pts/
tcp6 0 0 :::8080 :::* LISTEN 24352/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 687/sshd: /usr/sbin
tcp6 0 0 ::1:6010 :::* LISTEN 759/sshd: root@pts/
udp 0 0 127.0.0.53:53 0.0.0.0:* 464/systemd-resolve
And to check the docker running containers
root@localhost:~/squid# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6661f0eed315 squid-image "entrypoint.sh -f /e…" 5 minutes ago Up 5 minutes 3128/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp squid-container
You can access your proxy server with your public IP-Address and Port 8080.