Last active
September 30, 2020 08:26
-
-
Save poupas/9fab99e0b2bd3d0bddb2c6b29af07d7d to your computer and use it in GitHub Desktop.
Throttled forward proxy container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
proxy: | |
image: golang:1.14-alpine | |
ports: | |
- "8080:8080" | |
environment: | |
- DOWN_BW=34000 | |
- UP_BW=3400 | |
- UP_IF=eth0 | |
- DOWN_IF=ifb0 | |
volumes: | |
- /lib/modules:/lib/modules | |
cap_add: | |
- SYS_MODULE | |
- NET_ADMIN | |
command: | |
- /bin/ash | |
- -c | |
- " | |
set -xe | |
&& apk add git iproute2 kmod curl bash | |
&& git clone https://github.com/caddyserver/forwardproxy.git | |
&& cd forwardproxy | |
&& GO111MODULE=on go install github.com/caddyserver/forwardproxy/cmd/caddy | |
&& cd - | |
&& mkdir -p /opt | |
&& mv /go/bin/caddy /opt | |
\ | |
&& tc qdisc add dev $${UP_IF} root handle 1: htb default 20 | |
&& tc class add dev $${UP_IF} parent 1: classid 1:1 htb rate 1gbit prio 1 | |
&& tc class add dev $${UP_IF} parent 1: classid 1:2 htb rate $${UP_BW}kbit prio 5 | |
&& RATE=$$((20*$${UP_BW}/100)) | |
&& tc class add dev $${UP_IF} parent 1:2 classid 1:10 htb \ | |
rate $${RATE}kbit ceil $$((95*$${UP_BW}/100))kbit \ | |
prio 1 | |
&& RATE=$$((40*$${UP_BW}/100)) | |
&& tc class add dev $${UP_IF} parent 1:2 classid 1:20 htb \ | |
rate $${RATE}kbit ceil $$((95*$${UP_BW}/100))kbit \ | |
prio 2 | |
&& RATE=$$((20*$${UP_BW}/100)) | |
&& tc class add dev $${UP_IF} parent 1:2 classid 1:30 htb \ | |
rate $${RATE}kbit ceil $$((90*$${UP_BW}/100))kbit \ | |
prio 3 | |
\ | |
&& tc qdisc add dev $${UP_IF} parent 1:10 handle 10: sfq perturb 10 quantum 6000 | |
&& tc qdisc add dev $${UP_IF} parent 1:20 handle 20: sfq perturb 10 quantum 6000 | |
&& tc qdisc add dev $${UP_IF} parent 1:30 handle 30: sfq perturb 10 quantum 6000 | |
\ | |
&& { for range in 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8; do | |
tc filter add dev $${UP_IF} parent 1: protocol ip prio 1 u32 match ip dst $${range} flowid 1:1; | |
done } | |
&& tc filter add dev $${UP_IF} parent 1: protocol ip prio 10 u32 \ | |
match ip tos 0x10 0xff flowid 1:10 | |
&& tc filter add dev $${UP_IF} parent 1: protocol ip prio 11 u32 \ | |
match ip protocol 1 0xff flowid 1:10 | |
&& tc filter add dev $${UP_IF} parent 1: protocol ip prio 12 u32 \ | |
match ip protocol 6 0xff \ | |
match u8 0x05 0x0f at 0 \ | |
match u16 0x0000 0xffc0 at 2 \ | |
flowid 1:10 | |
\ | |
&& { modprobe ifb || true; } | |
&& { ip link add $${DOWN_IF} type ifb || true; } | |
&& ip link set dev $${DOWN_IF} up | |
&& tc qdisc add dev $${UP_IF} handle ffff: ingress | |
&& tc filter add dev $${UP_IF} parent ffff: protocol ip u32 match u32 0 0 \ | |
action mirred egress redirect dev $${DOWN_IF} | |
&& tc qdisc add dev $${DOWN_IF} root handle 2: htb default 2 | |
&& tc class add dev $${DOWN_IF} parent 2: classid 2:1 htb rate 1gbit prio 1 | |
&& tc class add dev $${DOWN_IF} parent 2: classid 2:2 htb rate $${DOWN_BW}kbit | |
&& { for range in 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8; do | |
tc filter add dev $${DOWN_IF} parent 2: protocol ip prio 1 u32 match ip src $${range} flowid 2:1; | |
done } | |
\ | |
&& printf ' | |
localhost {\n | |
\tforwardproxy {\n | |
\t\thide_ip\n | |
\t\thide_via\n | |
\t\tdial_timeout 30\n | |
\t\tresponse_timeout 30\n | |
\t}\n | |
}\n | |
' > /opt/Caddyfile | |
&& adduser -D caddy | |
&& su - caddy -c '/opt/caddy -port 8080 -conf /opt/Caddyfile' | |
" | |
restart: always |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment