Resources »

Guides »

Security »

Proxy Outgoing HTTP Requests Through Squid

Introduction

Squid1 is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. When integrated with Cerb, a Squid proxy provides several benefits:

  • Bandwidth reduction by caching frequently-requested content.
  • Improved response times for external API calls and web requests.
  • Enhanced security through centralized traffic control.
  • Detailed logging of outbound traffic.
  • Content filtering and access control for external services.
  • Server acceleration for better performance.

This guide will help you set up a Squid proxy in Docker and configure Cerb to route all outgoing HTTP requests through it.

Requirements

  • Docker installed and running
  • A working Cerb installation in Docker
  • htpasswd utility (part of apache2-utils on Ubuntu/Debian, httpd-tools on CentOS/RHEL, or Apache HTTP Server on Windows/macOS)

Setting Up Squid Proxy

Create Required Directories

First, create a directory structure to hold your Squid configuration:

mkdir ~/squid-setup
cd ~/squid-setup
mkdir squid-config

Create Squid Configuration Files

echo "http_port 3128
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all" > squid-config/squid.conf

Create password file

When prompted, enter a secure password.

htpasswd -c squid-config/passwords cerb_proxy

Run Squid Docker Container

Start the Squid proxy container with your configuration files. This command maps port 8888 on your host to port 3128 in the container and mounts your configuration files.

docker run -d \       
  --name squid-proxy \
  -e TZ=UTC \
  -p 8888:3128 \
  -v $(pwd)/squid-config/squid.conf:/etc/squid/squid.conf \
  -v $(pwd)/squid-config/passwords:/etc/squid/passwords \
  ubuntu/squid:5.2-22.04_beta

Test proxy with curl

Verify that your proxy is working correctly by making a test request through it. This command uses curl to fetch the first 100 characters from a Cerb documentation page.

curl -s -x "http://cerb_proxy:FJ\!3G\!ht3Y@localhost:8888" -H "Accept: application/json" "https://cerb.ai/docs/history/" | head -c 100

Configuring Cerb

Update the configuration file

In production

Edit the framework.config.php file and add the following line with the other define() statements at the top:

define('DEVBLOCKS_HTTP_PROXY', 'http://cerb_proxy:YOUR_PASSWORD@host.docker.internal:8888');
  • Replace YOUR_PASSWORD with your Squid password.
  • Replace host.docker.internal with your Squid hostname.

In Docker

For a Docker-based Cerb installation, you need to modify the configuration file to use the Squid proxy. This will be a file like cerb.config.php in the install/docker/_conf/ directory.

host.docker.internal is a special DNS name that resolves to the host machine from inside Docker containers.

Verifying Integration

Let's send an HTTP Get request from Cerb and verify we are routing through our Squid proxy.

We will use an example from automations to make the request.

We can now monitor the Squid access logs to confirm requests from Cerb are being proxied.

docker exec squid-proxy tail -n 50 /var/log/squid/access.log

References