Hi Alex, Thank you very much for your quick and helpful response regarding the PROXY protocol configuration.
Your clarification about using require-proxy-header instead of proxy-protocol was spot on — I’ve updated my squid.conf accordingly, and it now seems to be working as expected. I really appreciate your support and guidance on this! Best regards, Michael Tin On Tue, 8 Apr 2025 at 14:09, Alex Rousskov <rouss...@measurement-factory.com> wrote: > On 2025-04-08 08:24, Michael Tint wrote: > > > I'm running into a blocking issue while deploying Squid 6.13 ... My goal > is > > to enable the PROXY protocol support via the following config line: > > > > http_port 3128 proxy-protocol > > > The correct http_port option name for enabling PROXY protocol support is > not "proxy-protocol" but "require-proxy-header". See http_port directive > description in your generated squid.conf.documented or at > https://www.squid-cache.org/Doc/config/http_port/ > > HTH, > > Alex. > > > > > However, on startup I consistently get this error: > > > > |2025/04/08 13:14:44| Processing Configuration File: > > /etc/squid/my-squid.conf (depth 0) 2025/04/08 13:14:44| FATAL: Unknown > > http_port option 'proxy-protocol'. 2025/04/08 13:14:44| FATAL: Bungled > > /etc/squid/my-squid.conf line 1: http_port 3128 proxy-protocol > > 2025/04/08 13:14:44| Squid Cache (Version 6.13): Terminated abnormally. | > > > > ------------------------------------------------------------------------ > > > > > > 🔍 *What I’ve Done So Far:* > > > > * > > > > Using Squid *6.13* (confirmed) > > > > * > > > > Verified |--enable-proxy-auth|, |--enable-auth-*|, and many other > > flags in my Dockerfile > > > > * > > > > Using the Dockerfile provided by |b4tman/docker-squid| repo > > > > * > > > > Running on *Docker Swarm* and mapping config via: > > > > |volumes: - ./config/squid.conf:/etc/squid/my-squid.conf:ro | > > > > * > > > > |SQUID_CONFIG_FILE| is set properly, and the config loads — until it > > hits that line. > > > > ------------------------------------------------------------------------ > > > > > > ❓ *What is |proxy-protocol| supposed to do?* > > > > The |proxy-protocol| option is designed to allow Squid to accept > > *original client IP addresses* from trusted proxies or load balancers > > (e.g., HAProxy, AWS ELB, Traefik) via the PROXY protocol > > <https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt>. > > > > It lets you do things like: > > > > |http_port 3128 proxy-protocol | > > > > Instead of seeing the IP of the load balancer, Squid gets the real > > client IP passed in the PROXY header — which is essential for proper > > logging, ACLs, or geo-restrictions in reverse-proxy environments. > > > > ------------------------------------------------------------------------ > > > > > > 🚫 *Current Blocker* > > > > Despite enabling many Squid features in the Docker build, this one fails > > with |Unknown http_port option 'proxy-protocol'|, which usually means > > the *binary wasn't compiled with support* for it. > > > > ------------------------------------------------------------------------ > > > > > > 🛠️ *Questions / Help Needed* > > > > * > > > > Is |--with-proxy-protocol| or equivalent *compile flag* required to > > enable this? (I can't find it in the list of |./configure| options > > for Squid.) > > > > * > > > > Has anyone used |proxy-protocol| successfully with Squid 6.13 in > > Docker or with the |b4tman/docker-squid| base image? > > > > * > > > > Is there a specific patch, module, or feature flag I'm missing? > > > > Thanks in advance — this feature is critical for deployment in Swarm > > behind a reverse proxy, and I’m stuck! > > > > Best regards, > > > > > > *Michael Tint* > > Linux Admin > > > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > https://lists.squid-cache.org/listinfo/squid-users > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
