diff --git a/Squid/README.md b/Squid/README.md new file mode 100644 index 00000000..1b6ae78b --- /dev/null +++ b/Squid/README.md @@ -0,0 +1,30 @@ +![Squid](./img/logo-Squid.png) + +# Squid + +# Installation + +Pour utiliser Squid tout seul +```bash +docker compose up -d +``` + +Pour utiliser Squid avec Traefik +```bash +docker compose -f docker-compose-traefik.yml up -d +``` + +Pour utiliser Squid avec Nginx +```bash +docker compose -f docker-compose-nginx.yml up -d +``` +# Utilisation + +## Accueil + + +# More info +- more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/) + +# Buy me a coffe +Buy Me a Coffee at ko-fi.com \ No newline at end of file diff --git a/Squid/conf.d/linux.conf b/Squid/conf.d/linux.conf new file mode 100644 index 00000000..38ae9d7b --- /dev/null +++ b/Squid/conf.d/linux.conf @@ -0,0 +1,68 @@ + +Logo +Tickets +Demandes d'ajout +Jalons +Explorateur +[Hubert Cornet] +Tips-Of-Mine +/ +Applications +généré depuis Tips-Of-Mine/Template-Docker +Code +Demandes d'ajout +Wiki +Activité +Paramètres +Applications +/squid/conf.d/linux.conf +38 lignes +1.2 KiB +Plaintext +# +# Squid configuration settings for all linux +# + +# Logs are managed by logrotate on Debian +logfile_rotate 0 + +# For extra security Debian packages only allow +# localhost to use the proxy on new installs +# +#http_access allow localnet +acl gitlab dstdomain gitlab.com +acl github dstdomain github.com +acl api_github dstdomain api.github.com +acl security_debian dstdomain security.debian.org +acl deb_debian dstdomain deb.debian.org +acl ftp_debian dstdomain ftp.debian.org +acl packages_sury dstdomain packages.sury.org +acl pear_php dstdomain pear.php.net +acl packages_adoptium dstdomain packages.adoptium.net +acl raw_githubusercontent dstdomain raw.githubusercontent.com +acl odeload_github dstdomain codeload.github.com +acl packagist dstdomain packagist.org +acl repo_packagist dstdomain repo.packagist.org + +http_access allow gitlab +http_access allow github +http_access allow api_github +http_access allow security_debian +http_access allow deb_debian +http_access allow ftp_debian +http_access allow packages_sury +http_access allow pear_php +http_access allow packages_adoptium +http_access allow raw_githubusercontent https_port +http_access allow odeload_github https_port +http_access allow packagist https_port +http_access allow repo_packagist +Propulsé par Gitea +Version: +1.21.5 +Page: +168ms +Modèle: +17ms +Licences +API diff --git a/Squid/conf.d/windows.conf b/Squid/conf.d/windows.conf new file mode 100644 index 00000000..7ce919eb --- /dev/null +++ b/Squid/conf.d/windows.conf @@ -0,0 +1,38 @@ +# +# Squid configuration settings for all windows +# + +# Logs are managed by logrotate on Debian +logfile_rotate 0 + +# For extra security Debian packages only allow +# localhost to use the proxy on new installs +# +#http_access allow localnet +acl gitlab dstdomain gitlab.com +acl github dstdomain github.com +acl api_github dstdomain api.github.com +acl security_debian dstdomain security.debian.org +acl deb_debian dstdomain deb.debian.org +acl ftp_debian dstdomain ftp.debian.org +acl packages_sury dstdomain packages.sury.org +acl pear_php dstdomain pear.php.net +acl packages_adoptium dstdomain packages.adoptium.net +acl raw_githubusercontent dstdomain raw.githubusercontent.com +acl odeload_github dstdomain codeload.github.com +acl packagist dstdomain packagist.org +acl repo_packagist dstdomain repo.packagist.org + +http_access allow gitlab +http_access allow github +http_access allow api_github +http_access allow security_debian +http_access allow deb_debian +http_access allow ftp_debian +http_access allow packages_sury +http_access allow pear_php +http_access allow packages_adoptium +http_access allow raw_githubusercontent https_port +http_access allow odeload_github https_port +http_access allow packagist https_port +http_access allow repo_packagist \ No newline at end of file diff --git a/Squid/docker-compose.yaml b/Squid/docker-compose.yaml new file mode 100644 index 00000000..20dac953 --- /dev/null +++ b/Squid/docker-compose.yaml @@ -0,0 +1,18 @@ +version: "3" +services: + proxy: + image: ubuntu/squid + ports: + - "3128:3128" + environment: + - TZ=UTC + volumes: + - ./squid.conf:/etc/squid/squid.conf + - ./conf.d:/etc/squid/conf.d + configs: + - source: squid + target: /etc/squid/squid.conf + + configs: + squid: + file: ./squid.conf \ No newline at end of file diff --git a/Squid/squid.conf b/Squid/squid.conf new file mode 100644 index 00000000..7bf0f784 --- /dev/null +++ b/Squid/squid.conf @@ -0,0 +1,70 @@ +# Listening + +http_port 3128 +https_port 3129 tls-cert=/etc/squid/ssl/SLPXYP01.tips-of-mine.crt tls-key=/etc/squid/ssl/SLPXYP01.tips-of-mine.key + +# Logging + +access_log daemon:/var/log/squid/access.log common +access_log syslog:local7.info common # Log to syslog sent to QRadar for Login Sécurité + +# Local networks +acl localnet dst 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) +acl localnet dst 10.0.0.0/23 # RFC 1918 local private network (LAN) +acl localnet dst 100.64.0.0/10 # RFC 6598 shared address space (CGN) +acl localnet dst 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines +acl localnet dst 172.16.0.0/12 # RFC 1918 local private network (LAN) +acl localnet dst 192.168.0.0/16 # RFC 1918 local private network (LAN) +acl localnet dst fc00::/7 # RFC 4193 local private network range +acl localnet dst fe80::/10 # RFC 4291 link-local (directly plugged) machines + +acl SSL_ports port 443 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 # https +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT + +acl https_port port 443 +acl http_port port 80 +acl ftp_port port 21 +acl sftp_port port 22 +acl ftp_port port 990 +acl 993_port port 993 +acl 8080_port port 8080 + +acl ftp proto FTP +always_direct allow FTP + +# Deny requests to certain unsafe ports +#http_access deny !Safe_ports + +# Deny CONNECT to other than secure SSL ports +#http_access deny CONNECT !SSL_ports + +# Only allow cachemgr access from localhost +http_access allow localhost manager +http_access deny manager + +# Deny localhost +http_access allow localhost + +# No using proxy to access local network +http_access deny localnet + +cache deny all + +include /etc/squid/conf.d/* +include /etc/squid/conf.d/01-dev/* +include /etc/squid/conf.d/02-rec/* +include /etc/squid/conf.d/03-preprod/* +include /etc/squid/conf.d/04-prod/* + +# And finally deny all other access to this proxy +http_access deny all