Help setting up production ready g3proxy #287
Description
I haven’t been able to get a forward proxy working yet. I’m trying to proxy to a http proxy (not squid, it’s a custom app coded in Go).
This is my manifest (adopted from squid example):
---
runtime:
thread_number: 2
controller:
local:
recv_timeout: 30
send_timeout: 1
server:
- name: socks
escaper: squid
type: socks_proxy
listen:
address: "[::]:11080"
- name: http
escaper: squid
type: http_proxy
listen:
address: "[::]:13128"
resolver:
- name: default
type: c-ares
server: 127.0.0.1
escaper:
- name: squid
type: proxy_http
proxy_addr: host.docker.internal:10000
no_ipv6: true
resolver: default
resolve_strategy: IPv4OnlyI built a docker image and I run it like this (my cwd is the manifest file dir):
docker run -p 13128:13128 -v ./:/etc/g3proxy/config/ g3proxy -v -c /etc/g3proxy/config/g3proxy.yaml
# Aug 18 01:17:41.565 INFO started SocksProxy SRT[socks_v1#0] <g3_daemon::listen::tcp(tcp.rs:71)>
# Aug 18 01:17:41.565 INFO started HttpProxy SRT[http_v1#0] <g3_daemon::listen::tcp(tcp.rs:71)>When i try to proxy (from the host, outside the container):
curl -v -x localhost:13128 ipinfo.ioI get
* Host localhost:13128 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
* Trying [::1]:13128...
* Connected to localhost (::1) port 13128
> GET http://ipinfo.io/ HTTP/1.1
> Host: ipinfo.io
> User-Agent: curl/8.7.1
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* Request completely sent off
< HTTP/1.1 530 Origin DNS Error
< Content-Type: text/html
< Content-Length: 148
< Connection: Close
<
<html>
<head><title>530 Origin DNS Error</title></head>
<body>
<div style="text-align: center;"><h1>530 Origin DNS Error</h1></div>
</body>
</html>
* Closing connection
As you can see, I'm trying to forward proxy from g3proxy (port 13128) to the backend http proxy (port 10000).
I can exec into the g3proxy container and curl -x host.docker.internal:10000 ipinfo.io successfully.
I think the technical side of the docs are great but they do lack some prose. Squid's wikis are a great example.
Here's what I need for a production setup:
- Logging: assuming user:pass@host access, I must log
user, bytes sent, bytes received - Auth: I love squid's approach
Notes:
- no caching
- acl? do i need to worry about that? it's going to be hosted in k8s and exposed both externally as a NodePort service (to the internet) and internally as a ClusterIP.
Could you please help me out with a proper manifest file?
- Http proxy from 13128 to 10000 (this will eventually be in the same pod with the app container; right now testing on docker locally)
- Logging with the format described
- Sensible easy auth
This would greatly expedite my journey.
As always,
Kind regards and have a great day, dear team behind this incredible piece of software.
Oh, and btw, memory consumption on this thing in Docker? Right now it's 9MB! That's more than 15x less than the good old Squid. If you guys can get the docs in a human-readable state so people can get things done quickly this is gonna take over.
Amazing work.
Nino