On 2025-04-08 08:24, Michael Tint wrote:
I'm running into a blocking issue while deploying Squid 6.13 ... My goal is
to enable the PROXY protocol support via the following config line:
http_port 3128 proxy-protocol
The correct http_port option name for enabling PROXY protocol support is
not "proxy-protocol" but "require-proxy-header". See http_port directive
description in your generated squid.conf.documented or at
https://www.squid-cache.org/Doc/config/http_port/
HTH,
Alex.
However, on startup I consistently get this error:
|2025/04/08 13:14:44| Processing Configuration File:
/etc/squid/my-squid.conf (depth 0) 2025/04/08 13:14:44| FATAL: Unknown
http_port option 'proxy-protocol'. 2025/04/08 13:14:44| FATAL: Bungled
/etc/squid/my-squid.conf line 1: http_port 3128 proxy-protocol
2025/04/08 13:14:44| Squid Cache (Version 6.13): Terminated abnormally. |
------------------------------------------------------------------------
🔍 *What I’ve Done So Far:*
*
Using Squid *6.13* (confirmed)
*
Verified |--enable-proxy-auth|, |--enable-auth-*|, and many other
flags in my Dockerfile
*
Using the Dockerfile provided by |b4tman/docker-squid| repo
*
Running on *Docker Swarm* and mapping config via:
|volumes: - ./config/squid.conf:/etc/squid/my-squid.conf:ro |
*
|SQUID_CONFIG_FILE| is set properly, and the config loads — until it
hits that line.
------------------------------------------------------------------------
❓ *What is |proxy-protocol| supposed to do?*
The |proxy-protocol| option is designed to allow Squid to accept
*original client IP addresses* from trusted proxies or load balancers
(e.g., HAProxy, AWS ELB, Traefik) via the PROXY protocol
<https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt>.
It lets you do things like:
|http_port 3128 proxy-protocol |
Instead of seeing the IP of the load balancer, Squid gets the real
client IP passed in the PROXY header — which is essential for proper
logging, ACLs, or geo-restrictions in reverse-proxy environments.
------------------------------------------------------------------------
🚫 *Current Blocker*
Despite enabling many Squid features in the Docker build, this one fails
with |Unknown http_port option 'proxy-protocol'|, which usually means
the *binary wasn't compiled with support* for it.
------------------------------------------------------------------------
🛠️ *Questions / Help Needed*
*
Is |--with-proxy-protocol| or equivalent *compile flag* required to
enable this? (I can't find it in the list of |./configure| options
for Squid.)
*
Has anyone used |proxy-protocol| successfully with Squid 6.13 in
Docker or with the |b4tman/docker-squid| base image?
*
Is there a specific patch, module, or feature flag I'm missing?
Thanks in advance — this feature is critical for deployment in Swarm
behind a reverse proxy, and I’m stuck!
Best regards,
*Michael Tint*
Linux Admin
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
