[squid-users] Fwd: Issue with proxy-protocol in http_port on Squid 6.13 via Docker

Tue Apr 8 12:24:24 UTC 2025

Hi all,

I'm running into a blocking issue while deploying Squid 6.13 via Docker (in
a Docker Swarm setup) using a Dockerfile based on b4tman/docker-squid
<https://github.com/b4tman/docker-squid>. My goal is to enable the *PROXY
protocol* support via the following config line:

http_port 3128 proxy-protocol

However, on startup I consistently get this error:

2025/04/08 13:14:44| Processing Configuration File:
/etc/squid/my-squid.conf (depth 0)
2025/04/08 13:14:44| FATAL: Unknown http_port option 'proxy-protocol'.
2025/04/08 13:14:44| FATAL: Bungled /etc/squid/my-squid.conf line 1:
http_port 3128 proxy-protocol
2025/04/08 13:14:44| Squid Cache (Version 6.13): Terminated abnormally.

------------------------------
🔍 *What I’ve Done So Far:*

   -

   Using Squid *6.13* (confirmed)
   -

   Verified --enable-proxy-auth, --enable-auth-*, and many other flags in
   my Dockerfile
   -

   Using the Dockerfile provided by b4tman/docker-squid repo
   -

   Running on *Docker Swarm* and mapping config via:

volumes:
  - ./config/squid.conf:/etc/squid/my-squid.conf:ro

   -

   SQUID_CONFIG_FILE is set properly, and the config loads — until it hits
   that line.

------------------------------
❓ *What is proxy-protocol supposed to do?*

The proxy-protocol option is designed to allow Squid to accept *original
client IP addresses* from trusted proxies or load balancers (e.g., HAProxy,
AWS ELB, Traefik) via the PROXY protocol
<https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt>.

It lets you do things like:

http_port 3128 proxy-protocol

Instead of seeing the IP of the load balancer, Squid gets the real client
IP passed in the PROXY header — which is essential for proper logging,
ACLs, or geo-restrictions in reverse-proxy environments.
------------------------------
🚫 *Current Blocker*

Despite enabling many Squid features in the Docker build, this one fails
with Unknown http_port option 'proxy-protocol', which usually means the *binary
wasn't compiled with support* for it.
------------------------------
🛠️ *Questions / Help Needed*

   -

   Is --with-proxy-protocol or equivalent *compile flag* required to enable
   this? (I can't find it in the list of ./configure options for Squid.)
   -

   Has anyone used proxy-protocol successfully with Squid 6.13 in Docker or
   with the b4tman/docker-squid base image?
   -

   Is there a specific patch, module, or feature flag I'm missing?

Thanks in advance — this feature is critical for deployment in Swarm behind
a reverse proxy, and I’m stuck!

Best regards,

*Michael Tint*
Linux Admin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20250408/055ce868/attachment.htm>