Hi all, I'm running into a blocking issue while deploying Squid 6.13 via Docker (in a Docker Swarm setup) using a Dockerfile based on b4tman/docker-squid <https://github.com/b4tman/docker-squid>. My goal is to enable the *PROXY protocol* support via the following config line:
http_port 3128 proxy-protocol However, on startup I consistently get this error: 2025/04/08 13:14:44| Processing Configuration File: /etc/squid/my-squid.conf (depth 0) 2025/04/08 13:14:44| FATAL: Unknown http_port option 'proxy-protocol'. 2025/04/08 13:14:44| FATAL: Bungled /etc/squid/my-squid.conf line 1: http_port 3128 proxy-protocol 2025/04/08 13:14:44| Squid Cache (Version 6.13): Terminated abnormally. ------------------------------ 🔍 *What I’ve Done So Far:* - Using Squid *6.13* (confirmed) - Verified --enable-proxy-auth, --enable-auth-*, and many other flags in my Dockerfile - Using the Dockerfile provided by b4tman/docker-squid repo - Running on *Docker Swarm* and mapping config via: volumes: - ./config/squid.conf:/etc/squid/my-squid.conf:ro - SQUID_CONFIG_FILE is set properly, and the config loads — until it hits that line. ------------------------------ ❓ *What is proxy-protocol supposed to do?* The proxy-protocol option is designed to allow Squid to accept *original client IP addresses* from trusted proxies or load balancers (e.g., HAProxy, AWS ELB, Traefik) via the PROXY protocol <https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt>. It lets you do things like: http_port 3128 proxy-protocol Instead of seeing the IP of the load balancer, Squid gets the real client IP passed in the PROXY header — which is essential for proper logging, ACLs, or geo-restrictions in reverse-proxy environments. ------------------------------ 🚫 *Current Blocker* Despite enabling many Squid features in the Docker build, this one fails with Unknown http_port option 'proxy-protocol', which usually means the *binary wasn't compiled with support* for it. ------------------------------ 🛠️ *Questions / Help Needed* - Is --with-proxy-protocol or equivalent *compile flag* required to enable this? (I can't find it in the list of ./configure options for Squid.) - Has anyone used proxy-protocol successfully with Squid 6.13 in Docker or with the b4tman/docker-squid base image? - Is there a specific patch, module, or feature flag I'm missing? Thanks in advance — this feature is critical for deployment in Swarm behind a reverse proxy, and I’m stuck! Best regards, *Michael Tint* Linux Admin
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
