feat: add Docker support with Dockerfile, docker-compose, and example config files

Author: hightemp

.dockerignore

@@ -0,0 +1,13 @@
+https_proxy
+https_proxy_static
+*.pem
+config.yaml
+config.http.yaml
+config.https.yaml
+.git
+.github
+README.md
+Makefile
+test.sh
+generate_certs.sh
+packaging

Dockerfile

@@ -0,0 +1,18 @@
+# syntax=docker/dockerfile:1
+
+FROM golang:1.22-alpine AS builder
+WORKDIR /src
+COPY go.mod go.sum* ./
+RUN go mod download
+COPY main.go ./
+RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o /out/https_proxy main.go
+
+FROM alpine:3.20
+RUN apk add --no-cache ca-certificates tini \
+    && adduser -D -H -u 10001 proxy
+COPY --from=builder /out/https_proxy /usr/bin/https_proxy
+COPY config.docker.yaml /etc/https_proxy/config.yaml
+EXPOSE 8080 8443
+USER proxy
+ENTRYPOINT ["/sbin/tini","--","/usr/bin/https_proxy"]
+CMD ["-config","/etc/https_proxy/config.yaml"]

Makefile

@@ -3,8 +3,9 @@ VERSION = $(shell cat VERSION | tr -d '[:space:]')
 INSTALL_DIR = /usr/bin
 CONFIG_DIR = /etc/$(PROJECT_NAME)
 SYSTEMD_DIR = /etc/systemd/system
+DOCKER_IMAGE = hightemp/$(PROJECT_NAME)
 
-.PHONY: build run clean install uninstall install-service uninstall-service start stop restart status enable disable release
+.PHONY: build run clean install uninstall install-service uninstall-service start stop restart status enable disable release docker-build docker-push docker-release
 
 build:
 	CGO_ENABLED=0 go build -o $(PROJECT_NAME) main.go
@@ -97,4 +98,14 @@ release:
 	git tag -f "v$(VERSION)"
 	git push
 	git push -f --tags
-	@echo "Released v$(VERSION)"
+	@echo "Released v$(VERSION)"
+
+docker-build:
+	docker build -t $(DOCKER_IMAGE):$(VERSION) -t $(DOCKER_IMAGE):latest .
+
+docker-push: docker-build
+	docker push $(DOCKER_IMAGE):$(VERSION)
+	docker push $(DOCKER_IMAGE):latest
+
+docker-release: docker-push
+	@echo "Pushed $(DOCKER_IMAGE):$(VERSION) and :latest"

README.md

@@ -28,6 +28,50 @@ A secure HTTP/HTTPS proxy server in Go with Basic authentication, TLS support, a
 
 Download the latest binary from the [Releases](https://github.com/hightemp/https_proxy/releases) page.
 
+### Docker
+
+One-liner (HTTP proxy on port 8080, default user/pass `user`/`pass`):
+
+```sh
+docker run -d --name https_proxy -p 8080:8080 hightemp/https_proxy:latest
+```
+
+With a custom config:
+
+```sh
+docker run -d --name https_proxy -p 8080:8080 -v $(pwd)/config.yaml:/etc/https_proxy/config.yaml:ro hightemp/https_proxy:latest
+```
+
+### Docker Compose (HTTP + HTTPS with Let's Encrypt)
+
+The bundled [docker-compose.yml](docker-compose.yml) starts an HTTP proxy, an HTTPS proxy, and a `certbot` sidecar that issues and auto-renews Let's Encrypt certificates into a shared volume.
+
+1. Copy example configs and edit them (set domain, credentials, ports):
+
+    ```sh
+    cp config.http.example.yaml config.http.yaml
+    cp config.https.example.yaml config.https.yaml
+    ```
+
+2. Issue the initial Let's Encrypt certificate (port 80 must be reachable on your domain):
+
+    ```sh
+    docker compose run --rm --service-ports certbot certonly \
+      --standalone -d example.com -m you@example.com --agree-tos --no-eff-email
+    ```
+
+3. Start the stack:
+
+    ```sh
+    docker compose up -d
+    ```
+
+Certbot will renew certificates automatically every 12 hours. Restart the HTTPS proxy after renewal if needed:
+
+```sh
+docker compose restart https-proxy
+```
+
 ### Build from source
 
 1. Clone the repository:
@@ -131,6 +175,9 @@ make start / stop / restart / status
 | `make uninstall` | Remove binary and service (keep config) |
 | `make uninstall-full` | Remove everything including config |
 | `make release` | Tag version from `VERSION` file and push |
+| `make docker-build` | Build Docker image `hightemp/https_proxy:VERSION` and `:latest` |
+| `make docker-push` | Build and push image to Docker Hub |
+| `make docker-release` | Alias for `docker-push` |
 
 ## Release
 

config.docker.yaml

@@ -0,0 +1,7 @@
+proxy_addr: 0.0.0.0:8080
+username: user
+password: pass
+proto: http
+cert_path: ""
+key_path: ""
+# upstream_proxy: https://user:pass@upstream-proxy:8080

config.http.example.yaml

@@ -0,0 +1,7 @@
+proxy_addr: 0.0.0.0:8080
+username: user
+password: pass
+proto: http
+cert_path: ""
+key_path: ""
+# upstream_proxy: https://user:pass@upstream-proxy:8080

config.https.example.yaml

@@ -0,0 +1,7 @@
+proxy_addr: 0.0.0.0:8443
+username: user
+password: pass
+proto: https
+cert_path: /etc/letsencrypt/live/example.com/fullchain.pem
+key_path: /etc/letsencrypt/live/example.com/privkey.pem
+# upstream_proxy: https://user:pass@upstream-proxy:8080

docker-compose.yml

@@ -0,0 +1,43 @@
+services:
+  # Plain HTTP proxy
+  http-proxy:
+    image: hightemp/https_proxy:latest
+    container_name: https_proxy_http
+    restart: unless-stopped
+    ports:
+      - "8080:8080"
+    volumes:
+      - ./config.http.yaml:/etc/https_proxy/config.yaml:ro
+
+  # HTTPS proxy with Let's Encrypt certificates (read from shared volume)
+  https-proxy:
+    image: hightemp/https_proxy:latest
+    container_name: https_proxy_https
+    restart: unless-stopped
+    ports:
+      - "8443:8443"
+    volumes:
+      - ./config.https.yaml:/etc/https_proxy/config.yaml:ro
+      - letsencrypt:/etc/letsencrypt:ro
+    depends_on:
+      - certbot
+
+  # Let's Encrypt certificate manager.
+  # First-time issue (replace DOMAIN and EMAIL):
+  #   docker compose run --rm --service-ports certbot certonly \
+  #     --standalone -d DOMAIN -m EMAIL --agree-tos --no-eff-email
+  # Then `docker compose up -d` runs auto-renewal in a loop.
+  certbot:
+    image: certbot/certbot:latest
+    container_name: https_proxy_certbot
+    restart: unless-stopped
+    ports:
+      - "80:80"
+    volumes:
+      - letsencrypt:/etc/letsencrypt
+      - certbot-www:/var/www/certbot
+    entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --quiet; sleep 12h & wait $${!}; done"
+
+volumes:
+  letsencrypt:
+  certbot-www: