Hugging Face's logo

Spaces:
eikarna
/
Mntp
Running

App Files Community
eikarna commited on
Commit
df6eb01
Β·
1 Parent(s): 3104f83

fix(security_file_certgen): not found

Browse files
Files changed (2) hide show
  1. Dockerfile +4 -88
  2. README.md +71 -4
Dockerfile CHANGED
@@ -1,36 +1,15 @@
1
  # Use Ubuntu as the base image
2
- FROM ubuntu:22.04
3
 
4
  # Set environment variables to avoid interactive prompts during installation
5
  ENV DEBIAN_FRONTEND=noninteractive
6
 
7
- # Install Squid and required packages
8
  RUN apt-get update && \
9
- apt-get install -y squid openssl ca-certificates libssl-dev && \
10
  apt-get clean && \
11
  rm -rf /var/lib/apt/lists/*
12
 
13
- # Create SSL certificate directory
14
- RUN mkdir -p /etc/squid/certs
15
-
16
- # Generate a private key and self-signed certificate for HTTPS support
17
- RUN openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 \
18
- -keyout /etc/squid/certs/squid.key \
19
- -out /etc/squid/certs/squid.pem \
20
- -subj "/C=ID/ST=Jawa Barat/L=Bogor/O=Nix Foundation/CN=localhost"
21
-
22
- # Create certificate database for SSL bumping
23
- RUN cd /etc/squid/certs && \
24
- openssl x509 -in squid.pem -outform DER -out squid.der && \
25
- openssl dhparam -outform PEM -out /etc/squid/certs/dhparam.pem 2048
26
-
27
- # Set proper permissions for certificates
28
- RUN chmod 644 /etc/squid/certs/squid.pem
29
- RUN chmod 600 /etc/squid/certs/squid.key
30
- RUN chmod 644 /etc/squid/certs/squid.der
31
- RUN chmod 644 /etc/squid/certs/dhparam.pem
32
- RUN chown -R proxy:proxy /etc/squid/certs
33
-
34
  # Create directories for logs and cache
35
  RUN mkdir -p /var/log/squid && \
36
  mkdir -p /var/spool/squid && \
@@ -53,58 +32,8 @@ cache_swap_low 90\n\
53
  # Anonymize headers\n\
54
  forwarded_for delete\n\
55
  via off\n\
56
- request_header_access Allow allow all\n\
57
- request_header_access Authorization allow all\n\
58
- request_header_access WWW-Authenticate allow all\n\
59
- request_header_access Proxy-Authorization allow all\n\
60
- request_header_access Proxy-Authenticate allow all\n\
61
- request_header_access Cache-Control allow all\n\
62
- request_header_access Content-Encoding allow all\n\
63
- request_header_access Content-Length allow all\n\
64
- request_header_access Content-Type allow all\n\
65
- request_header_access Date allow all\n\
66
- request_header_access Expires allow all\n\
67
- request_header_access Host allow all\n\
68
- request_header_access If-Modified-Since allow all\n\
69
- request_header_access Last-Modified allow all\n\
70
- request_header_access Location allow all\n\
71
- request_header_access Pragma allow all\n\
72
- request_header_access Accept allow all\n\
73
- request_header_access Accept-Charset allow all\n\
74
- request_header_access Accept-Encoding allow all\n\
75
- request_header_access Accept-Language allow all\n\
76
- request_header_access Content-Language allow all\n\
77
- request_header_access Mime-Version allow all\n\
78
- request_header_access Retry-After allow all\n\
79
- request_header_access Title allow all\n\
80
- request_header_access Connection allow all\n\
81
- request_header_access Proxy-Connection allow all\n\
82
- request_header_access User-Agent allow all\n\
83
- request_header_access Cookie allow all\n\
84
- request_header_access All deny all\n\
85
- \n\
86
- # Remove sensitive headers\n\
87
- response_header_access Server deny all\n\
88
- response_header_access X-Powered-By deny all\n\
89
- response_header_access X-AspNet-Version deny all\n\
90
- response_header_access X-AspNetMvc-Version deny all\n\
91
- response_header_access X-Developer deny all\n\
92
- response_header_access X-Originating-IP deny all\n\
93
- response_header_access X-Client-IP deny all\n\
94
- response_header_access X-Host deny all\n\
95
- response_header_access X-Forwarded-For deny all\n\
96
- response_header_access X-Forwarded-Host deny all\n\
97
- response_header_access X-Forwarded-Server deny all\n\
98
- response_header_access Via deny all\n\
99
- response_header_access All allow all\n\
100
  \n\
101
  # Access control lists\n\
102
- acl all src 0.0.0.0/0\n\
103
- acl localnet src 10.0.0.0/8\n\
104
- acl localnet src 172.16.0.0/12\n\
105
- acl localnet src 192.168.0.0/16\n\
106
- acl localnet src fc00::/7\n\
107
- acl localnet src fe80::/10\n\
108
  acl SSL_ports port 443\n\
109
  acl Safe_ports port 80\n\
110
  acl Safe_ports port 443\n\
@@ -122,15 +51,6 @@ http_access deny CONNECT !SSL_ports\n\
122
  # Final deny rule\n\
123
  http_access deny all\n\
124
  \n\
125
- # SSL bumping for HTTPS support\n\
126
- acl ssl_ports port 443\n\
127
- ssl_bump server-first all\n\
128
- sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB\n\
129
- sslcrtd_children 5\n\
130
- \n\
131
- # High anonymity settings\n\
132
- header_replace User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36\n\
133
- \n\
134
  # Logging\n\
135
  access_log /var/log/squid/access.log\n\
136
  cache_log /var/log/squid/cache.log\n\
@@ -150,14 +70,10 @@ half_closed_clients off' > /etc/squid/squid.conf
150
  RUN chown root:proxy /etc/squid/squid.conf && \
151
  chmod 644 /etc/squid/squid.conf
152
 
153
- # Create SSL database for certificate generation
154
- RUN /usr/lib/squid/security_file_certgen -c -s /var/lib/ssl_db -M 4MB && \
155
- chown -R proxy:proxy /var/lib/ssl_db
156
-
157
  # Initialize cache directory
158
  RUN squid -z
159
 
160
- # Expose HTTP port (HTTPS will be handled through CONNECT method)
161
  EXPOSE 7860
162
 
163
  # Health check
 
1
  # Use Ubuntu as the base image
2
+ FROM ubuntu:24.04
3
 
4
  # Set environment variables to avoid interactive prompts during installation
5
  ENV DEBIAN_FRONTEND=noninteractive
6
 
7
+ # Install Squid
8
  RUN apt-get update && \
9
+ apt-get install -y squid && \
10
  apt-get clean && \
11
  rm -rf /var/lib/apt/lists/*
12
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
13
  # Create directories for logs and cache
14
  RUN mkdir -p /var/log/squid && \
15
  mkdir -p /var/spool/squid && \
 
32
  # Anonymize headers\n\
33
  forwarded_for delete\n\
34
  via off\n\
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
35
  \n\
36
  # Access control lists\n\
 
 
 
 
 
 
37
  acl SSL_ports port 443\n\
38
  acl Safe_ports port 80\n\
39
  acl Safe_ports port 443\n\
 
51
  # Final deny rule\n\
52
  http_access deny all\n\
53
  \n\
 
 
 
 
 
 
 
 
 
54
  # Logging\n\
55
  access_log /var/log/squid/access.log\n\
56
  cache_log /var/log/squid/cache.log\n\
 
70
  RUN chown root:proxy /etc/squid/squid.conf && \
71
  chmod 644 /etc/squid/squid.conf
72
 
 
 
 
 
73
  # Initialize cache directory
74
  RUN squid -z
75
 
76
+ # Expose HTTP port
77
  EXPOSE 7860
78
 
79
  # Health check
README.md CHANGED
@@ -1,12 +1,79 @@
1
  ---
2
- title: xin
3
- emoji: πŸ“š
4
  colorFrom: indigo
5
  colorTo: purple
6
  sdk: docker
7
  pinned: false
8
  license: mit
9
- short_description: Hello World!
10
  app_port: 7860
11
  ---
12
- Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
  ---
2
+ title: High Anonymity Squid Proxy
3
+ emoji: 🌐
4
  colorFrom: indigo
5
  colorTo: purple
6
  sdk: docker
7
  pinned: false
8
  license: mit
9
+ short_description: A high anonymity Squid proxy server
10
  app_port: 7860
11
  ---
12
+
13
+ # High Anonymity Squid Proxy
14
+
15
+ This is a Dockerized Squid proxy server configured for high anonymity. It removes identifying headers and supports both HTTP and HTTPS connections through the CONNECT method.
16
+
17
+ ## Features
18
+
19
+ - High anonymity mode (removes identifying headers)
20
+ - Support for HTTP and HTTPS websites
21
+ - Configurable port (default: 7860)
22
+ - Access logging
23
+ - Performance optimizations
24
+
25
+ ## How It Works
26
+
27
+ This proxy works by:
28
+
29
+ 1. Handling HTTP requests directly with header anonymization
30
+ 2. Tunneling HTTPS requests through the CONNECT method (without decrypting them)
31
+
32
+ The proxy does not decrypt HTTPS traffic, which means:
33
+ - It works with all HTTPS websites
34
+ - It maintains user privacy (the proxy cannot see HTTPS content)
35
+ - Some advanced filtering features are not available for HTTPS traffic
36
+
37
+ ## Configuration
38
+
39
+ The proxy is configured with the following settings:
40
+
41
+ - Port: 7860
42
+ - Anonymity: High (removes Via, Forwarded-For, and other identifying headers)
43
+ - User-Agent: Spoofed to Chrome 91
44
+ - Access Control: Open to all IPs (0.0.0.0/0)
45
+
46
+ ## Deployment on Hugging Face Spaces
47
+
48
+ 1. Create a new Space on Hugging Face
49
+ 2. Select "Docker" as the SDK
50
+ 3. Upload the Dockerfile and this README.md
51
+ 4. The proxy will automatically start on port 7860
52
+
53
+ ## Usage
54
+
55
+ After deployment, you can use the proxy by connecting to the Space URL on port 7860:
56
+
57
+ ```
58
+ http://<your-space-name>.hf.space:7860
59
+ ```
60
+
61
+ ## Customization
62
+
63
+ To customize the configuration, you can modify the squid.conf generation section in the Dockerfile. Some common customizations:
64
+
65
+ - Change the port: Modify the `http_port` directive in the squid.conf
66
+ - Adjust anonymity settings: Edit the header removal sections
67
+ - Restrict access by IP: Modify the ACL settings
68
+
69
+ ## Security Considerations
70
+
71
+ This proxy is configured for high anonymity but is open to all IP addresses by default. For production use, consider:
72
+
73
+ 1. Restricting access by IP address
74
+ 2. Adding authentication
75
+ 3. Regularly updating the base Ubuntu image
76
+
77
+ ## License
78
+
79
+ This project is licensed under the MIT License.