Squid 透明代理与 Docker

Squid 透明代理与 Docker

我正在运行Ubuntu 16.04.2 LTS并且Docker 17.05.0-ce使用具有凭证的公司代理。

我的目标是在 docker 容器中创建一个透明代理,这样我就不再需要在环境变量、配置文件中配置代理……并且每个月更改密码,而不会忘记所有这些配置中的一个。

第一步:我用它创建一个图像Dockerfile

FROM ubuntu:16.04
COPY apt.conf /etc/apt/
RUN apt-get update && \
    apt-get upgrade -y && \
    apt-get install squid -y
RUN rm -f /etc/apt/apt.conf
COPY squid.conf /etc/squid3/squid.conf
COPY entrypoint.sh /sbin/entrypoint.sh
RUN chmod 755 /sbin/entrypoint.sh
EXPOSE 3128/tcp
ENTRYPOINT ["/sbin/entrypoint.sh"]

还有那个 squid.conf

http_access allow all
http_port 3128 intercept
cache_peer x.x.x.x parent 8080 0 default no-query login=yyy:zzz
never_direct allow all

然后

docker build -t squid .
docker run --rm -d -p 3128:3128 --name squid squid

现在如果我这样做

export http_proxy=localhost:3128
curl www.google.be

它运行良好。

因此下一步就是使其透明化。

我尝试过(灵感来自https://www.stux6.net/unix/linux/proxy-transparent-linux-squid

unset http_proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
curl www.google.be

但它不再起作用了。我该怎么办?

在我的机器上

br-4986226181db Link encap:Ethernet  HWaddr ...
      inet addr:...  Bcast:0.0.0.0  Mask:255.255.0.0
      UP BROADCAST MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

br-5699616a00fb Link encap:Ethernet  HWaddr ...
      inet addr:...  Bcast:0.0.0.0  Mask:255.255.0.0
      UP BROADCAST MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

docker0   Link encap:Ethernet  HWaddr ...
      inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
      inet6 addr: ... Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:16908 errors:0 dropped:0 overruns:0 frame:0
      TX packets:33405 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:934408 (934.4 KB)  TX bytes:47533855 (47.5 MB)

eth0      Link encap:Ethernet  HWaddr ...
      inet addr:...  Bcast:...  Mask:255.255.255.0
      inet6 addr: ... Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:1827743 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1131003 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:209300815 (209.3 MB)  TX bytes:91477854 (91.4 MB)
      Interrupt:16

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:4141231 errors:0 dropped:0 overruns:0 frame:0
      TX packets:4141231 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1
      RX bytes:311258498 (311.2 MB)  TX bytes:311258498 (311.2 MB)

veth8b546f1 Link encap:Ethernet  HWaddr ...
      inet6 addr: ... Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:36 errors:0 dropped:0 overruns:0 frame:0
      TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:16414 (16.4 KB)  TX bytes:20798 (20.7 KB)

启动容器后出现veth8b546f1。

并且(在添加规则之前)

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.17.0.0/16        anywhere
MASQUERADE  all  --  172.18.0.0/16        anywhere
MASQUERADE  all  --  172.19.0.0/16        anywhere
MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:3128

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
DNAT       tcp  --  anywhere             anywhere             tcp dpt:3128 to:172.17.0.2:3128

相关内容