[squid-users] Fwd: Issue with proxy-protocol in http_port on Squid 6.13 via Docker
Alex Rousskov
rousskov at measurement-factory.com
Tue Apr 8 13:09:16 UTC 2025
On 2025-04-08 08:24, Michael Tint wrote:
> I'm running into a blocking issue while deploying Squid 6.13 ... My goal is
> to enable the PROXY protocol support via the following config line:
>
> http_port 3128 proxy-protocol
The correct http_port option name for enabling PROXY protocol support is
not "proxy-protocol" but "require-proxy-header". See http_port directive
description in your generated squid.conf.documented or at
https://www.squid-cache.org/Doc/config/http_port/
HTH,
Alex.
> However, on startup I consistently get this error:
>
> |2025/04/08 13:14:44| Processing Configuration File:
> /etc/squid/my-squid.conf (depth 0) 2025/04/08 13:14:44| FATAL: Unknown
> http_port option 'proxy-protocol'. 2025/04/08 13:14:44| FATAL: Bungled
> /etc/squid/my-squid.conf line 1: http_port 3128 proxy-protocol
> 2025/04/08 13:14:44| Squid Cache (Version 6.13): Terminated abnormally. |
>
> ------------------------------------------------------------------------
>
>
> 🔍 *What I’ve Done So Far:*
>
> *
>
> Using Squid *6.13* (confirmed)
>
> *
>
> Verified |--enable-proxy-auth|, |--enable-auth-*|, and many other
> flags in my Dockerfile
>
> *
>
> Using the Dockerfile provided by |b4tman/docker-squid| repo
>
> *
>
> Running on *Docker Swarm* and mapping config via:
>
> |volumes: - ./config/squid.conf:/etc/squid/my-squid.conf:ro |
>
> *
>
> |SQUID_CONFIG_FILE| is set properly, and the config loads — until it
> hits that line.
>
> ------------------------------------------------------------------------
>
>
> ❓ *What is |proxy-protocol| supposed to do?*
>
> The |proxy-protocol| option is designed to allow Squid to accept
> *original client IP addresses* from trusted proxies or load balancers
> (e.g., HAProxy, AWS ELB, Traefik) via the PROXY protocol
> <https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt>.
>
> It lets you do things like:
>
> |http_port 3128 proxy-protocol |
>
> Instead of seeing the IP of the load balancer, Squid gets the real
> client IP passed in the PROXY header — which is essential for proper
> logging, ACLs, or geo-restrictions in reverse-proxy environments.
>
> ------------------------------------------------------------------------
>
>
> 🚫 *Current Blocker*
>
> Despite enabling many Squid features in the Docker build, this one fails
> with |Unknown http_port option 'proxy-protocol'|, which usually means
> the *binary wasn't compiled with support* for it.
>
> ------------------------------------------------------------------------
>
>
> 🛠️ *Questions / Help Needed*
>
> *
>
> Is |--with-proxy-protocol| or equivalent *compile flag* required to
> enable this? (I can't find it in the list of |./configure| options
> for Squid.)
>
> *
>
> Has anyone used |proxy-protocol| successfully with Squid 6.13 in
> Docker or with the |b4tman/docker-squid| base image?
>
> *
>
> Is there a specific patch, module, or feature flag I'm missing?
>
> Thanks in advance — this feature is critical for deployment in Swarm
> behind a reverse proxy, and I’m stuck!
>
> Best regards,
>
>
> *Michael Tint*
> Linux Admin
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list