我正在运行Ubuntu 16.04.2 LTS并且Docker 17.05.0-ce使用具有凭证的公司代理。
我的目标是在 docker 容器中创建一个透明代理,这样我就不再需要在环境变量、配置文件中配置代理……并且每个月更改密码,而不会忘记所有这些配置中的一个。
第一步:我用它创建一个图像Dockerfile
FROM ubuntu:16.04
COPY apt.conf /etc/apt/
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install squid -y
RUN rm -f /etc/apt/apt.conf
COPY squid.conf /etc/squid3/squid.conf
COPY entrypoint.sh /sbin/entrypoint.sh
RUN chmod 755 /sbin/entrypoint.sh
EXPOSE 3128/tcp
ENTRYPOINT ["/sbin/entrypoint.sh"]
还有那个 squid.conf
http_access allow all
http_port 3128 intercept
cache_peer x.x.x.x parent 8080 0 default no-query login=yyy:zzz
never_direct allow all
然后
docker build -t squid .
docker run --rm -d -p 3128:3128 --name squid squid
现在如果我这样做
export http_proxy=localhost:3128
curl www.google.be
它运行良好。
因此下一步就是使其透明化。
我尝试过(灵感来自https://www.stux6.net/unix/linux/proxy-transparent-linux-squid)
unset http_proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
curl www.google.be
但它不再起作用了。我该怎么办?
在我的机器上
br-4986226181db Link encap:Ethernet HWaddr ...
inet addr:... Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
br-5699616a00fb Link encap:Ethernet HWaddr ...
inet addr:... Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
docker0 Link encap:Ethernet HWaddr ...
inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: ... Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16908 errors:0 dropped:0 overruns:0 frame:0
TX packets:33405 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:934408 (934.4 KB) TX bytes:47533855 (47.5 MB)
eth0 Link encap:Ethernet HWaddr ...
inet addr:... Bcast:... Mask:255.255.255.0
inet6 addr: ... Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1827743 errors:0 dropped:0 overruns:0 frame:0
TX packets:1131003 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:209300815 (209.3 MB) TX bytes:91477854 (91.4 MB)
Interrupt:16
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4141231 errors:0 dropped:0 overruns:0 frame:0
TX packets:4141231 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:311258498 (311.2 MB) TX bytes:311258498 (311.2 MB)
veth8b546f1 Link encap:Ethernet HWaddr ...
inet6 addr: ... Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36 errors:0 dropped:0 overruns:0 frame:0
TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16414 (16.4 KB) TX bytes:20798 (20.7 KB)
启动容器后出现veth8b546f1。
并且(在添加规则之前)
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
MASQUERADE all -- 172.18.0.0/16 anywhere
MASQUERADE all -- 172.19.0.0/16 anywhere
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:3128
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
DNAT tcp -- anywhere anywhere tcp dpt:3128 to:172.17.0.2:3128