poupas/docker-compose.yml

## docker-compose.yml
proxy:
  image: golang:1.14-alpine
  ports:
  - "8080:8080"
  environment:
  - DOWN_BW=34000
  - UP_BW=3400
  - UP_IF=eth0
  - DOWN_IF=ifb0
  volumes:
  - /lib/modules:/lib/modules
  cap_add:
  - SYS_MODULE
  - NET_ADMIN
  command:
  - /bin/ash
  - -c
  - "
    set -xe
    && apk add git iproute2 kmod curl bash
    && git clone https://github.com/caddyserver/forwardproxy.git
    && cd forwardproxy
    && GO111MODULE=on go install github.com/caddyserver/forwardproxy/cmd/caddy
    && cd -
    && mkdir -p /opt
    && mv /go/bin/caddy /opt
    \
    && tc qdisc add dev $${UP_IF} root handle 1: htb default 20
    && tc class add dev $${UP_IF} parent 1: classid 1:1 htb rate 1gbit prio 1
    && tc class add dev $${UP_IF} parent 1: classid 1:2 htb rate $${UP_BW}kbit prio 5
    && RATE=$$((20*$${UP_BW}/100))
    && tc class add dev $${UP_IF} parent 1:2 classid 1:10 htb \
           rate $${RATE}kbit ceil $$((95*$${UP_BW}/100))kbit \
           prio 1
    && RATE=$$((40*$${UP_BW}/100))
    && tc class add dev $${UP_IF} parent 1:2 classid 1:20 htb \
          rate $${RATE}kbit ceil $$((95*$${UP_BW}/100))kbit \
          prio 2
    && RATE=$$((20*$${UP_BW}/100))
    && tc class add dev $${UP_IF} parent 1:2 classid 1:30 htb \
         rate $${RATE}kbit ceil $$((90*$${UP_BW}/100))kbit \
         prio 3
    \
    && tc qdisc add dev $${UP_IF} parent 1:10 handle 10: sfq perturb 10 quantum 6000
    && tc qdisc add dev $${UP_IF} parent 1:20 handle 20: sfq perturb 10 quantum 6000
    && tc qdisc add dev $${UP_IF} parent 1:30 handle 30: sfq perturb 10 quantum 6000
    \
    && { for range in 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8; do
             tc filter add dev $${UP_IF} parent 1: protocol ip prio 1 u32 match ip dst $${range} flowid 1:1;
         done }
    && tc filter add dev $${UP_IF} parent 1: protocol ip prio 10 u32 \
           match ip tos 0x10 0xff  flowid 1:10
    && tc filter add dev $${UP_IF} parent 1: protocol ip prio 11 u32 \
          match ip protocol 1 0xff flowid 1:10
    && tc filter add dev $${UP_IF} parent 1: protocol ip prio 12 u32 \
           match ip protocol 6 0xff \
           match u8 0x05 0x0f at 0 \
           match u16 0x0000 0xffc0 at 2 \
           flowid 1:10
    \
    && { modprobe ifb || true; }
    && { ip link add $${DOWN_IF} type ifb || true; }
    && ip link set dev $${DOWN_IF} up
    && tc qdisc add dev $${UP_IF} handle ffff: ingress
    && tc filter add dev $${UP_IF} parent ffff: protocol ip u32 match u32 0 0 \
           action mirred egress redirect dev $${DOWN_IF}
    && tc qdisc add dev $${DOWN_IF} root handle 2: htb default 2
    && tc class add dev $${DOWN_IF} parent 2: classid 2:1 htb rate 1gbit prio 1
    && tc class add dev $${DOWN_IF} parent 2: classid 2:2 htb rate $${DOWN_BW}kbit
    && { for range in 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8; do
            tc filter add dev $${DOWN_IF} parent 2: protocol ip prio 1 u32 match ip src $${range} flowid 2:1;
         done }
    \
    && printf '
    localhost {\n
    \tforwardproxy {\n
    \t\thide_ip\n
    \t\thide_via\n
    \t\tdial_timeout 30\n
    \t\tresponse_timeout 30\n
    \t}\n
    }\n
    ' > /opt/Caddyfile
    && adduser -D caddy
    && su - caddy -c '/opt/caddy -port 8080 -conf /opt/Caddyfile'
    "
  restart: always
	proxy:
	image: golang:1.14-alpine
	ports:
	- "8080:8080"
	environment:
	- DOWN_BW=34000
	- UP_BW=3400
	- UP_IF=eth0
	- DOWN_IF=ifb0
	volumes:
	- /lib/modules:/lib/modules
	cap_add:
	- SYS_MODULE
	- NET_ADMIN
	command:
	- /bin/ash
	- -c
	- "
	set -xe
	&& apk add git iproute2 kmod curl bash
	&& git clone https://github.com/caddyserver/forwardproxy.git
	&& cd forwardproxy
	&& GO111MODULE=on go install github.com/caddyserver/forwardproxy/cmd/caddy
	&& cd -
	&& mkdir -p /opt
	&& mv /go/bin/caddy /opt
	\
	&& tc qdisc add dev $${UP_IF} root handle 1: htb default 20
	&& tc class add dev $${UP_IF} parent 1: classid 1:1 htb rate 1gbit prio 1
	&& tc class add dev $${UP_IF} parent 1: classid 1:2 htb rate $${UP_BW}kbit prio 5
	&& RATE=$$((20*$${UP_BW}/100))
	&& tc class add dev $${UP_IF} parent 1:2 classid 1:10 htb \
	rate $${RATE}kbit ceil $$((95*$${UP_BW}/100))kbit \
	prio 1
	&& RATE=$$((40*$${UP_BW}/100))
	&& tc class add dev $${UP_IF} parent 1:2 classid 1:20 htb \
	rate $${RATE}kbit ceil $$((95*$${UP_BW}/100))kbit \
	prio 2
	&& RATE=$$((20*$${UP_BW}/100))
	&& tc class add dev $${UP_IF} parent 1:2 classid 1:30 htb \
	rate $${RATE}kbit ceil $$((90*$${UP_BW}/100))kbit \
	prio 3
	\
	&& tc qdisc add dev $${UP_IF} parent 1:10 handle 10: sfq perturb 10 quantum 6000
	&& tc qdisc add dev $${UP_IF} parent 1:20 handle 20: sfq perturb 10 quantum 6000
	&& tc qdisc add dev $${UP_IF} parent 1:30 handle 30: sfq perturb 10 quantum 6000
	\
	&& { for range in 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8; do
	tc filter add dev $${UP_IF} parent 1: protocol ip prio 1 u32 match ip dst $${range} flowid 1:1;
	done }
	&& tc filter add dev $${UP_IF} parent 1: protocol ip prio 10 u32 \
	match ip tos 0x10 0xff flowid 1:10
	&& tc filter add dev $${UP_IF} parent 1: protocol ip prio 11 u32 \
	match ip protocol 1 0xff flowid 1:10
	&& tc filter add dev $${UP_IF} parent 1: protocol ip prio 12 u32 \
	match ip protocol 6 0xff \
	match u8 0x05 0x0f at 0 \
	match u16 0x0000 0xffc0 at 2 \
	flowid 1:10
	\
	&& { modprobe ifb \|\| true; }
	&& { ip link add $${DOWN_IF} type ifb \|\| true; }
	&& ip link set dev $${DOWN_IF} up
	&& tc qdisc add dev $${UP_IF} handle ffff: ingress
	&& tc filter add dev $${UP_IF} parent ffff: protocol ip u32 match u32 0 0 \
	action mirred egress redirect dev $${DOWN_IF}
	&& tc qdisc add dev $${DOWN_IF} root handle 2: htb default 2
	&& tc class add dev $${DOWN_IF} parent 2: classid 2:1 htb rate 1gbit prio 1
	&& tc class add dev $${DOWN_IF} parent 2: classid 2:2 htb rate $${DOWN_BW}kbit
	&& { for range in 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8; do
	tc filter add dev $${DOWN_IF} parent 2: protocol ip prio 1 u32 match ip src $${range} flowid 2:1;
	done }
	\
	&& printf '
	localhost {\n
	\tforwardproxy {\n
	\t\thide_ip\n
	\t\thide_via\n
	\t\tdial_timeout 30\n
	\t\tresponse_timeout 30\n
	\t}\n
	}\n
	' > /opt/Caddyfile
	&& adduser -D caddy
	&& su - caddy -c '/opt/caddy -port 8080 -conf /opt/Caddyfile'
	"
	restart: always