Ajour Squid

Squid/README.md

@@ -0,0 +1,30 @@
+![Squid](./img/logo-Squid.png)
+
+# Squid
+
+# Installation
+
+Pour utiliser Squid tout seul
+```bash
+docker compose up -d
+```
+
+Pour utiliser Squid avec Traefik
+```bash
+docker compose -f docker-compose-traefik.yml up -d
+```
+
+Pour utiliser Squid avec Nginx
+```bash
+docker compose -f docker-compose-nginx.yml up -d
+```
+# Utilisation
+
+## Accueil
+
+
+# More info
+- more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/)
+
+# Buy me a coffe
+<a href='https://ko-fi.com/R5R2KNI3N' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://storage.ko-fi.com/cdn/kofi4.png?v=3' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>

Squid/conf.d/linux.conf

@@ -0,0 +1,68 @@
+
+Logo
+Tickets
+Demandes d'ajout
+Jalons
+Explorateur
+[Hubert Cornet]
+Tips-Of-Mine
+/
+Applications
+généré depuis Tips-Of-Mine/Template-Docker
+Code
+Demandes d'ajout
+Wiki
+Activité
+Paramètres
+Applications
+/squid/conf.d/linux.conf
+38 lignes
+1.2 KiB
+Plaintext
+#
+# Squid configuration settings for all linux
+#
+
+# Logs are managed by logrotate on Debian
+logfile_rotate 0
+
+# For extra security Debian packages only allow
+# localhost to use the proxy on new installs
+#
+#http_access allow localnet
+acl gitlab dstdomain gitlab.com
+acl github dstdomain github.com
+acl api_github dstdomain api.github.com
+acl security_debian dstdomain security.debian.org
+acl deb_debian dstdomain deb.debian.org
+acl ftp_debian dstdomain ftp.debian.org
+acl packages_sury dstdomain packages.sury.org
+acl pear_php dstdomain pear.php.net
+acl packages_adoptium dstdomain packages.adoptium.net
+acl raw_githubusercontent dstdomain raw.githubusercontent.com
+acl odeload_github dstdomain codeload.github.com
+acl packagist dstdomain packagist.org
+acl repo_packagist dstdomain repo.packagist.org
+
+http_access allow gitlab
+http_access allow github 
+http_access allow api_github
+http_access allow security_debian
+http_access allow deb_debian
+http_access allow ftp_debian
+http_access allow packages_sury
+http_access allow pear_php
+http_access allow packages_adoptium
+http_access allow raw_githubusercontent  https_port
+http_access allow odeload_github https_port
+http_access allow packagist https_port
+http_access allow repo_packagist
+Propulsé par Gitea
+Version:
+1.21.5
+Page:
+168ms
+Modèle:
+17ms
+Licences
+API

Squid/conf.d/windows.conf

@@ -0,0 +1,38 @@
+#
+# Squid configuration settings for all windows
+#
+
+# Logs are managed by logrotate on Debian
+logfile_rotate 0
+
+# For extra security Debian packages only allow
+# localhost to use the proxy on new installs
+#
+#http_access allow localnet
+acl gitlab dstdomain gitlab.com
+acl github dstdomain github.com
+acl api_github dstdomain api.github.com
+acl security_debian dstdomain security.debian.org
+acl deb_debian dstdomain deb.debian.org
+acl ftp_debian dstdomain ftp.debian.org
+acl packages_sury dstdomain packages.sury.org
+acl pear_php dstdomain pear.php.net
+acl packages_adoptium dstdomain packages.adoptium.net
+acl raw_githubusercontent dstdomain raw.githubusercontent.com
+acl odeload_github dstdomain codeload.github.com
+acl packagist dstdomain packagist.org
+acl repo_packagist dstdomain repo.packagist.org
+
+http_access allow gitlab
+http_access allow github 
+http_access allow api_github
+http_access allow security_debian
+http_access allow deb_debian
+http_access allow ftp_debian
+http_access allow packages_sury
+http_access allow pear_php
+http_access allow packages_adoptium
+http_access allow raw_githubusercontent  https_port
+http_access allow odeload_github https_port
+http_access allow packagist https_port
+http_access allow repo_packagist

Squid/docker-compose.yaml

@@ -0,0 +1,18 @@
+version: "3"
+services:
+  proxy:
+    image: ubuntu/squid
+    ports:
+      - "3128:3128"
+    environment:
+      - TZ=UTC
+    volumes:
+      - ./squid.conf:/etc/squid/squid.conf
+      - ./conf.d:/etc/squid/conf.d
+    configs:
+      - source: squid
+        target: /etc/squid/squid.conf
+
+  configs:
+    squid:
+      file: ./squid.conf

Squid/squid.conf

@@ -0,0 +1,70 @@
+# Listening
+
+http_port 3128
+https_port 3129 tls-cert=/etc/squid/ssl/SLPXYP01.tips-of-mine.crt tls-key=/etc/squid/ssl/SLPXYP01.tips-of-mine.key
+
+# Logging
+
+access_log daemon:/var/log/squid/access.log common
+access_log syslog:local7.info common # Log to syslog sent to QRadar for Login Sécurité
+
+# Local networks
+acl localnet dst 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
+acl localnet dst 10.0.0.0/23	        # RFC 1918 local private network (LAN)
+acl localnet dst 100.64.0.0/10		    # RFC 6598 shared address space (CGN)
+acl localnet dst 169.254.0.0/16 	    # RFC 3927 link-local (directly plugged) machines
+acl localnet dst 172.16.0.0/12		    # RFC 1918 local private network (LAN)
+acl localnet dst 192.168.0.0/16		    # RFC 1918 local private network (LAN)
+acl localnet dst fc00::/7       	    # RFC 4193 local private network range
+acl localnet dst fe80::/10      	    # RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl Safe_ports port 80		# http
+acl Safe_ports port 21		# ftp
+acl Safe_ports port 443		# https
+acl Safe_ports port 70		# gopher
+acl Safe_ports port 210		# wais
+acl Safe_ports port 1025-65535	# unregistered ports
+acl Safe_ports port 280		# http-mgmt
+acl Safe_ports port 488		# gss-http
+acl Safe_ports port 591		# filemaker
+acl Safe_ports port 777		# multiling http
+acl CONNECT method CONNECT
+
+acl https_port port 443
+acl http_port port 80
+acl ftp_port port 21
+acl sftp_port port 22
+acl ftp_port port 990
+acl 993_port port 993
+acl 8080_port port 8080
+
+acl ftp proto FTP
+always_direct allow FTP
+
+# Deny requests to certain unsafe ports
+#http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+#http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access deny manager
+
+# Deny localhost
+http_access allow localhost
+
+# No using proxy to access local network
+http_access deny localnet
+
+cache deny all
+
+include /etc/squid/conf.d/*
+include /etc/squid/conf.d/01-dev/*
+include /etc/squid/conf.d/02-rec/*
+include /etc/squid/conf.d/03-preprod/*
+include /etc/squid/conf.d/04-prod/*
+
+# And finally deny all other access to this proxy
+http_access deny all