[squid-users] Fwd: Issue with proxy-protocol in http_port on Squid 6.13 via Docker

Tue Apr 8 13:22:48 UTC 2025

Hi Alex,

Thank you very much for your quick and helpful response regarding the PROXY
protocol configuration.

Your clarification about using require-proxy-header instead of
proxy-protocol was spot on — I’ve updated my squid.conf accordingly, and it
now seems to be working as expected.

I really appreciate your support and guidance on this!

Best regards,

Michael Tin

On Tue, 8 Apr 2025 at 14:09, Alex Rousskov <rousskov at measurement-factory.com>
wrote:

> On 2025-04-08 08:24, Michael Tint wrote:
>
> > I'm running into a blocking issue while deploying Squid 6.13 ... My goal
> is
> > to enable the PROXY protocol support via the following config line:
> >
> > http_port 3128 proxy-protocol
>
>
> The correct http_port option name for enabling PROXY protocol support is
> not "proxy-protocol" but "require-proxy-header". See http_port directive
> description in your generated squid.conf.documented or at
> https://www.squid-cache.org/Doc/config/http_port/
>
> HTH,
>
> Alex.
>
>
>
> > However, on startup I consistently get this error:
> >
> > |2025/04/08 13:14:44| Processing Configuration File:
> > /etc/squid/my-squid.conf (depth 0) 2025/04/08 13:14:44| FATAL: Unknown
> > http_port option 'proxy-protocol'. 2025/04/08 13:14:44| FATAL: Bungled
> > /etc/squid/my-squid.conf line 1: http_port 3128 proxy-protocol
> > 2025/04/08 13:14:44| Squid Cache (Version 6.13): Terminated abnormally. |
> >
> > ------------------------------------------------------------------------
> >
> >
> >       🔍 *What I’ve Done So Far:*
> >
> >   *
> >
> >     Using Squid *6.13* (confirmed)
> >
> >   *
> >
> >     Verified |--enable-proxy-auth|, |--enable-auth-*|, and many other
> >     flags in my Dockerfile
> >
> >   *
> >
> >     Using the Dockerfile provided by |b4tman/docker-squid| repo
> >
> >   *
> >
> >     Running on *Docker Swarm* and mapping config via:
> >
> > |volumes: - ./config/squid.conf:/etc/squid/my-squid.conf:ro |
> >
> >   *
> >
> >     |SQUID_CONFIG_FILE| is set properly, and the config loads — until it
> >     hits that line.
> >
> > ------------------------------------------------------------------------
> >
> >
> >       ❓ *What is |proxy-protocol| supposed to do?*
> >
> > The |proxy-protocol| option is designed to allow Squid to accept
> > *original client IP addresses* from trusted proxies or load balancers
> > (e.g., HAProxy, AWS ELB, Traefik) via the PROXY protocol
> > <https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt>.
> >
> > It lets you do things like:
> >
> > |http_port 3128 proxy-protocol |
> >
> > Instead of seeing the IP of the load balancer, Squid gets the real
> > client IP passed in the PROXY header — which is essential for proper
> > logging, ACLs, or geo-restrictions in reverse-proxy environments.
> >
> > ------------------------------------------------------------------------
> >
> >
> >       🚫 *Current Blocker*
> >
> > Despite enabling many Squid features in the Docker build, this one fails
> > with |Unknown http_port option 'proxy-protocol'|, which usually means
> > the *binary wasn't compiled with support* for it.
> >
> > ------------------------------------------------------------------------
> >
> >
> >       🛠️ *Questions / Help Needed*
> >
> >   *
> >
> >     Is |--with-proxy-protocol| or equivalent *compile flag* required to
> >     enable this? (I can't find it in the list of |./configure| options
> >     for Squid.)
> >
> >   *
> >
> >     Has anyone used |proxy-protocol| successfully with Squid 6.13 in
> >     Docker or with the |b4tman/docker-squid| base image?
> >
> >   *
> >
> >     Is there a specific patch, module, or feature flag I'm missing?
> >
> > Thanks in advance — this feature is critical for deployment in Swarm
> > behind a reverse proxy, and I’m stuck!
> >
> > Best regards,
> >
> >
> > *Michael Tint*
> > Linux Admin
> >
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > https://lists.squid-cache.org/listinfo/squid-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20250408/3feb36c3/attachment-0001.htm>