Add basic authentication to Squid proxy and update configuration files

Dockerfile

@@ -4,13 +4,20 @@ LABEL maintainer="[email protected]"
 ENV SQUID_VERSION=3.5.27 \
     SQUID_CACHE_DIR=/var/spool/squid \
     SQUID_LOG_DIR=/var/log/squid \
-    SQUID_USER=proxy
+    SQUID_USER=proxy\
+    AUTH_USER=proxy \
+    AUTH_PASSWORD=proxy
 
 RUN apt-get update \
- && DEBIAN_FRONTEND=noninteractive apt-get install -y squid=${SQUID_VERSION}* \
+ && DEBIAN_FRONTEND=noninteractive apt-get install -y squid=${SQUID_VERSION}* apache2-utils \
+ && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
+# Create authentication directory
+RUN mkdir -p /etc/squid/auth
+
 COPY entrypoint.sh /sbin/entrypoint.sh
+RUN sed -i 's/\r$//' /sbin/entrypoint.sh
 RUN chmod 755 /sbin/entrypoint.sh
 
 EXPOSE 3128/tcp

auth-sample/docker-compose.yml

@@ -0,0 +1,16 @@
+services:
+  squid:
+    build:
+      context: ../
+      dockerfile: Dockerfile
+    container_name: squid
+    hostname: squid
+    ports:
+      - "3128:3128"
+    volumes:
+      - ./data/cache:/var/spool/squid
+      - ./squid.conf:/etc/squid/squid.conf
+    environment:
+      AUTH_USER: "proxy"
+      AUTH_PASSWORD: "proxy"
+    restart: always

auth-sample/squid.conf

@@ -0,0 +1,19 @@
+# Enable basic authentication using NCSA password file
+auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/auth/users
+auth_param basic realm Squid Proxy Authentication
+
+# Define ACL for authenticated users
+acl authenticated proxy_auth REQUIRED
+# Critical & FATAl Errors
+debug_options ALL,0
+# Warning 
+# debug_options ALL,1
+
+# Allow only authenticated users
+http_access allow authenticated
+
+# Deny everyone else
+http_access deny all
+
+# Listen on default Squid port
+http_port 3128

docker-compose.yml

@@ -1,7 +1,8 @@
-Squid:
-  image: sameersbn/squid:3.5.27-2
-  ports:
-    - "3128:3128"
-  volumes:
-    - /srv/docker/squid/cache:/var/spool/squid
-  restart: always
+services:
+  squid:
+    image: sameersbn/squid:3.5.27-2
+    ports:
+      - "3128:3128"
+    volumes:
+      - /srv/docker/squid/cache:/var/spool/squid
+    restart: always

entrypoint.sh

@@ -30,6 +30,8 @@ if [[ -z ${1} ]]; then
     echo "Initializing cache..."
     $(which squid) -N -f /etc/squid/squid.conf -z
   fi
+  echo "Creating squid auth credential..."
+  htpasswd -b -c /etc/squid/auth/users ${AUTH_USER} ${AUTH_PASSWORD}
   echo "Starting squid..."
   exec $(which squid) -f /etc/squid/squid.conf -NYCd 1 ${EXTRA_ARGS}
 else

kubernetes/configmap.yml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: squid-conf
+data:
+  squid.conf: |
+    # Enable basic authentication using NCSA password file
+    auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/auth/users
+    auth_param basic realm Squid Proxy Authentication
+
+    # Define ACL for authenticated users
+    acl authenticated proxy_auth REQUIRED
+    # Critical & FATAl Errors
+    debug_options ALL,0
+    # Warning 
+    # debug_options ALL,1
+
+    # Allow only authenticated users
+    http_access allow authenticated
+
+    # Deny everyone else
+    http_access deny all
+
+    # Listen on default Squid port
+    http_port 3128

kubernetes/deployment.yaml

@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: squid
+spec:
+  selector:
+    matchLabels:
+      name: squid
+  template:
+    metadata:
+      labels:
+        name: squid
+    spec:
+      # if you have a private image registry, uncomment the following lines and add your credentials
+      # imagePullSecrets:
+      #   - name: regcred
+      containers:
+      - name: squid
+        image: kasra.r1.kubit.dev/today-general/squid-http-proxy:3.5.27
+        resources:
+          limits:
+            cpu: 30m
+            memory: 300Mi
+          requests:
+            cpu: 10m
+            memory: 150Mi
+        envFrom:
+        - secretRef:
+            name: squid    
+        ports:
+          - containerPort: 3128
+            protocol: TCP
+        volumeMounts:
+          - mountPath: /var/spool/squid
+            name: data
+          - mountPath: /etc/squid/squid.conf
+            name: squid-conf            
+            subPath: squid.conf
+      volumes:
+      - name: data
+        emptyDir: {}
+      - name: squid-conf
+        configMap:
+          name: squid-conf
+          items:
+            - key: squid.conf
+              path: squid.conf

kubernetes/secret.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: squid
+type: Opaque
+stringData:
+  AUTH_USER: proxy
+  AUTH_PASSWORD: proxy

kubernetes/service.yml

@@ -7,7 +7,7 @@ metadata:
 spec:
   type: LoadBalancer
   ports:
-    - port: 3128
+    - port: 80
       targetPort: 3128
       protocol: TCP
   selector: