■ In my case, HTTPS is required for Squid proxy, so I'm using GKE Ingress on Google Cloud for making HTTPS connection.
My bult Docker image can work as a proxy function on a VM(Compute Engine) or Service of TCP Load Balancer without any problems, but it does not function on GKE Ingress.
▼ I'm using sources as below (I don't know why, but I must use 4. and 5. to pass healthy checking on GKE Ingress)
- Dockerfile
FROM ubuntu/squid
RUN apt update -y && \
apt install -y nginx supervisor curl
RUN mkdir -p /var/log/supervisor
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY squid/squid.conf /etc/squid/squid.conf
COPY index.html /var/www/html
COPY health.html /var/www/html
COPY nginx.conf /etc/nginx/conf.d/default.conf
EXPOSE 8080 80
ENTRYPOINT [ "/usr/bin/supervisord" ]
CMD [ "-c", "/etc/supervisor/conf.d/supervisord.conf"]
- GKE Ingress(squid6-deployment.yaml)
apiVersion: v1
kind: Namespace
metadata:
name: squid6
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: squid6-v01
namespace: squid6
labels:
app: squid6
env: v01
spec:
replicas: 1
selector:
matchLabels:
app: squid6
env: v01
template:
metadata:
labels:
app: squid6
env: v01
spec:
containers:
- image: asia-northeast1-docker.pkg.dev/dev-project-01/dev-img-squid6/squid6:{{SHORT_SHA}}
name: squid6
ports:
- containerPort: 8080
resources:
limits:
cpu: 1000m
memory: 1024Mi
requests:
cpu: 1000m
memory: 512Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: squid6
name: squid6
annotations:
ingress.gcp.kubernetes.io/pre-shared-cert: "dev-ca-proxy-example-com"
kubernetes.io/ingress.global-static-ip-name: "dev-ip-squid6-01"
kubernetes.io/ingress.allow-http: "false"
spec:
rules:
- host: proxy.example.com
http:
paths:
- pathType: ImplementationSpecific
backend:
service:
name: squid6
port:
number: 80
---
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
namespace: squid6
name: dev-backend-k8s
spec:
healthCheck:
checkIntervalSec: 30
timeoutSec: 5
healthyThreshold: 1
unhealthyThreshold: 2
type: HTTP
requestPath: /health.html
port: 80
---
kind: Service
apiVersion: v1
metadata:
namespace: squid6
name: squid6
annotations:
cloud.google.com/backend-config: '{"default": "dev-backend-k8s"}'
spec:
type: NodePort
ports:
- name: "http"
protocol: TCP
port: 80
targetPort: 8080
nodePort: 30081
selector:
app: squid6
env: v01
- squid.conf
http_port 8080
# local src
acl localnet src 192.168.0.1-192.168.255.255
acl localnet src 10.0.0.0/24 # Public subnet CIDR
acl localnet src 10.144.128.0/17 # Pod IPv4 address range
acl localnet src 34.119.224.0/20 # IPv4 service range
acl localnet src 130.211.0.0/22 # Google Healthy Checking
acl localnet src 35.191.0.0/16 # Google Healthy Checking
http_access allow localhost
http_access allow localnet
acl loadBalanerlIP src 34.110.152.xxx # HTTPS Load Balancer IP
http_access allow loadBalanerlIP
- nginx.conf
server {
listen 80;
location / {
root /var/www/html;
index index.html index.htm;
try_files $uri $uri/ /index.html =404;
}
include /etc/nginx/extra-conf.d/*.conf;
}
- supervisord.conf
[supervisord]
user=root
logfile=/tmp/supervisord.log
logfile_maxbytes=50MB
logfile_backups=10
loglevel=info
nodaemon=true
[program:squid]
command=/usr/sbin/squid -N -f /etc/squid/squid.conf
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
[program:nginx]
command=/usr/sbin/nginx -g "daemon off;"
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
▼ Some figure about setup Squid Proxy
I can view Squid page via HTTPS normally before set it as proxy server on Windows. Can view Squid page normally via HTTPS URL
Proxy setting on Windows 11 Proxy setting on Windows 11
But, I cannot view any pages after setting up Proxy Server. I cannot view any pages after setting up Proxy Server.
★I've been using many days to researched, but I can't found solution to fix this problem. So, could someone give me guidance to fix this hard problem?