change

Bumps the docker group with 1 update: library/gcc.


Updates `library/gcc` from 13.3.0 to 14.2.0

---
updated-dependencies:
- dependency-name: library/gcc
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.dockerignore

@@ -0,0 +1,6 @@
+## Ignore everything
+*
+
+## Except the following files (and directories)
+!/3proxy.cfg.json
+!/3proxy.cfg.mustach

.editorconfig

@@ -1,3 +1,5 @@
+# EditorConfig docs: <https://editorconfig.org/>
+
 root = true
 
 [*]
@@ -5,8 +7,9 @@ charset = utf-8
 end_of_line = lf
 insert_final_newline = true
 indent_style = space
-indent_size = 4
+indent_size = 2
 trim_trailing_whitespace = true
 
-[*.{yml, yaml, sh, conf}]
-indent_size = 2
+[{*.yml,*.yaml}]
+ij_any_spaces_within_braces = false
+ij_any_spaces_within_brackets = false

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# @link <https://help.github.com/en/articles/about-code-owners>
+
+* @tarampampam

.github/dependabot.yml

@@ -0,0 +1,17 @@
+# yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json
+# docs: https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/customizing-dependency-updates
+
+version: 2
+
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    groups: {github-actions: {patterns: ['*']}}
+    schedule: {interval: monthly}
+    assignees: [tarampampam]
+
+  - package-ecosystem: docker
+    directory: /
+    groups: {docker: {patterns: ['*']}}
+    schedule: {interval: monthly}
+    assignees: [tarampampam]

.github/release.yml

@@ -0,0 +1,13 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-release-config.json
+# docs: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+
+changelog:
+  categories:
+    - title: 🛠 Fixes
+      labels: [type:fix, type:bug]
+    - title: 🚀 Features
+      labels: [type:feature, type:feature_request]
+    - title: 📦 Dependency updates
+      labels: [dependencies]
+    - title: Other Changes
+      labels: ['*']

.github/renovate.json

@@ -0,0 +1,7 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "github>tarampampam/.github//renovate/default",
+    ":rebaseStalePrs"
+  ]
+}

.github/workflows/documentation.yml

@@ -0,0 +1,22 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+# docs: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
+
+name: 📚 Documentation
+
+on:
+  push:
+    branches: [master, main]
+    paths: ['README.md']
+
+jobs:
+  docker-hub-description:
+    name: Docker Hub Description
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: peter-evans/dockerhub-description@v4
+        with:
+          username: ${{ secrets.DOCKER_LOGIN }}
+          password: ${{ secrets.DOCKER_USER_PASSWORD }}
+          repository: tarampampam/3proxy

.github/workflows/release.yml

@@ -1,28 +1,86 @@
-name: release
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+# docs: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
+
+name: 🚀 Release
 
 on:
-  release: # Docs: <https://git.io/JeBz1#release-event-release>
-    types: [published]
+  release: {types: [published]}
+  workflow_dispatch: {}
 
 jobs:
-  docker-image:
-    name: Build docker image
+  build-docker-image:
+    name: Build the docker image
     runs-on: ubuntu-latest
     steps:
-      - name: Check out code
-        uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+      - uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_LOGIN }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - {uses: gacts/github-slug@v1, id: slug}
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ghcr.io/${{ github.actor }}/3proxy:latest
+            ghcr.io/${{ github.actor }}/3proxy:${{ steps.slug.outputs.version }}
+            ghcr.io/${{ github.actor }}/3proxy:${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}
+            ghcr.io/${{ github.actor }}/3proxy:${{ steps.slug.outputs.version-major }}
+            docker.io/tarampampam/3proxy:latest
+            docker.io/tarampampam/3proxy:${{ steps.slug.outputs.version }}
+            docker.io/tarampampam/3proxy:${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}
+            docker.io/tarampampam/3proxy:${{ steps.slug.outputs.version-major }}
 
-      - name: Generate image tag value
-        run: echo "::set-env name=IMAGE_TAG::${GITHUB_REF##*/[vV]}" # `/refs/tags/v1.2.3` -> `1.2.3`
+  helm-pack:
+    name: Pack the Helm chart
+    runs-on: ubuntu-latest
+    needs: [build-docker-image]
+    defaults: {run: {working-directory: ./deployments/helm}}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: azure/setup-helm@v4
+      - {uses: gacts/github-slug@v1, id: slug}
+      - run: |
+          helm package \
+            --app-version "${{ steps.slug.outputs.version }}" \
+            --version "${{ steps.slug.outputs.version }}" .
+      - uses: actions/upload-artifact@v4
+        with:
+          name: helm-chart
+          path: ./deployments/helm/*.tgz
+          if-no-files-found: error
+          retention-days: 1
 
-      - name: Make docker login
-        run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_LOGIN }}" --password-stdin &> /dev/null
-
-      - name: Build image
-        run: docker build --tag "tarampampam/3proxy:${IMAGE_TAG}" --tag "tarampampam/3proxy:latest" -f ./Dockerfile .
-
-      - name: Push version image
-        run: docker push "tarampampam/3proxy:${IMAGE_TAG}"
-
-      - name: Push latest image
-        run: docker push "tarampampam/3proxy:latest"
+  helm-publish:
+    name: Put the Helm chart to the GitHub pages branch
+    runs-on: ubuntu-latest
+    needs: [helm-pack]
+    steps:
+      - {uses: actions/checkout@v4, with: {ref: gh-pages}}
+      - uses: azure/setup-helm@v4
+      - uses: actions/download-artifact@v4
+        with: {name: helm-chart, path: ./helm-charts}
+      - name: Update the index.yaml
+        run: |
+          helm repo index \
+            --url https://${{ github.actor }}.github.io/${{ github.event.repository.name }}/helm-charts/ \
+            --merge \
+            ./helm-charts/index.yaml \
+            ./helm-charts
+      - {uses: gacts/directory-listing@v1, with: {overwrite: true}}
+      - name: Commit and push the changes
+        run: |
+          git config user.name "${{ github.actor }}"
+          git config user.email "${{ github.actor }}@users.noreply.github.com"
+          git add .
+          git commit -m "Helm chart release"
+          git push origin gh-pages

.github/workflows/tests.yml

@@ -1,85 +1,114 @@
-name: tests
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+# docs: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
+
+name: 🧪 Tests
 
 on:
+  workflow_dispatch: {}
   push:
-    branches:
-      - master
-    tags-ignore:
-      - '**'
+    branches: [master, main]
+    paths-ignore: ['**.md']
+    tags-ignore: ['**']
   pull_request:
-  schedule:
-    - cron: '0 0 * * 0' # once in a week, docs: <https://git.io/JvxXE#onschedule>
+    paths-ignore: ['**.md']
 
-jobs: # Docs: <https://git.io/JvxXE>
-  docker-image:
-    name: Build and use docker image
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  gitleaks:
+    name: Check for GitLeaks
     runs-on: ubuntu-latest
     steps:
-      - name: Check out code
-        uses: actions/checkout@v2
+      - {uses: actions/checkout@v4, with: {fetch-depth: 0}}
+      - uses: gacts/gitleaks@v1
 
-      - name: Build docker image
-        run: docker build -f ./Dockerfile --tag image:local .
+  lint-charts:
+    name: Lint the chart
+    runs-on: ubuntu-latest
+    defaults: {run: {working-directory: ./deployments/helm}}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: azure/setup-helm@v4
+      - run: helm dependency update .
+      - run: helm template . > /dev/null
+      - run: helm lint --strict .
 
-      - name: Run docker image with default settings
-        run: |
-          docker run --rm -d \
-            -p "3128:3128/tcp" \
-            -p "1080:1080/tcp" \
-            image:local
-
-      - name: Pause
-        run: sleep 2
+  build-image:
+    name: Build the docker image
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: docker build -f ./Dockerfile --tag 3proxy:local .
+      - run: docker save 3proxy:local > ./docker-image.tar
+      - uses: actions/upload-artifact@v4
+        with:
+          name: docker-image
+          path: ./docker-image.tar
+          retention-days: 1
 
+  try-to-use:
+    name: Try to use the docker image (auth ${{ matrix.auth }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        auth: [yes, no]
+    needs: [build-image]
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: docker-image
+          path: .artifact
+      - working-directory: .artifact
+        run: docker load < docker-image.tar
+      - if: matrix.auth != 'yes'
+        run: docker run --rm -d -p "3128:3128/tcp" -p "1080:1080/tcp" 3proxy:local
+      - if: matrix.auth == 'yes'
+        run: docker run --rm -d -p "3128:3128/tcp" -p "1080:1080/tcp" -e "PROXY_LOGIN=evil" -e "PROXY_PASSWORD=live" -e 'EXTRA_ACCOUNTS={"foo":"bar"}' 3proxy:local
+      - run: sleep 3
       - name: Try to use HTTP proxy
+        if: matrix.auth != 'yes'
         run: |
           curl -v --fail \
             --proxy http://127.0.0.1:3128 \
             --connect-timeout 3 \
             --max-time 3 \
-            https://github.com/robots.txt
-
+            https://www.cloudflare.com/robots.txt
       - name: Try to use SOCKS proxy
+        if: matrix.auth != 'yes'
         run: |
           curl -v --fail \
             --proxy socks5://127.0.0.1:1080 \
             --connect-timeout 3 \
             --max-time 3 \
-            https://github.com/robots.txt
-
-      - name: Stop container
-        run: docker stop $(docker ps -a --filter ancestor=image:local -q)
-
-      - name: Run docker image with auth settings
-        run: |
-          docker run --rm -d \
-            -p "3128:3128/tcp" \
-            -p "1080:1080/tcp" \
-            -e "AUTH_REQUIRED=true" \
-            -e "PROXY_LOGIN=evil" \
-            -e "PROXY_PASSWORD=live" \
-            image:local
-
-      - name: Pause
-        run: sleep 2
-
-      - name: Try to use HTTP proxy
+            https://www.cloudflare.com/robots.txt
+      - name: Try to use HTTP proxy (with auth)
+        if: matrix.auth == 'yes'
         run: |
           curl -v --fail \
             --proxy http://127.0.0.1:3128 \
             --proxy-user evil:live \
             --connect-timeout 3 \
             --max-time 3 \
-            https://github.com/robots.txt
-
-      - name: Try to use SOCKS proxy
+            https://www.cloudflare.com/robots.txt
+      - name: Try to use HTTP proxy (with auth, extra user)
+        if: matrix.auth == 'yes'
+        run: |
+          curl -v --fail \
+            --proxy http://127.0.0.1:3128 \
+            --proxy-user foo:bar \
+            --connect-timeout 3 \
+            --max-time 3 \
+            https://www.cloudflare.com/robots.txt
+      - name: Try to use SOCKS proxy (with auth)
+        if: matrix.auth == 'yes'
         run: |
           curl -v --fail \
             --proxy socks5://127.0.0.1:1080 \
             --proxy-user evil:live \
             --connect-timeout 3 \
             --max-time 3 \
-            https://github.com/robots.txt
-
-      - name: Stop container
-        run: docker stop $(docker ps -a --filter ancestor=image:local -q)
+            https://www.cloudflare.com/robots.txt
+      - run: docker stop $(docker ps -a --filter ancestor=3proxy:local -q)

3proxy.cfg.json

@@ -0,0 +1,24 @@
+{
+  "log": {
+    "output": "${LOG_OUTPUT:-/dev/stdout}"
+  },
+  "name_servers": [
+    "${PRIMARY_RESOLVER:-1.0.0.1}",
+    "${SECONDARY_RESOLVER:-8.8.4.4}",
+    "1.1.1.1",
+    "9.9.9.9",
+    "8.8.8.8"
+  ],
+  "name_servers_cache": 65536,
+  "max_connections": "${MAX_CONNECTIONS:-1024}",
+  "auth": {
+    "login": "${PROXY_LOGIN:-}",
+    "password": "${PROXY_PASSWORD:-}",
+    "extra_accounts": ${EXTRA_ACCOUNTS:-{}}
+  },
+  "ports": {
+    "proxy": "${PROXY_PORT:-3128}",
+    "socks": "${SOCKS_PORT:-1080}"
+  },
+  "extra_config": "${EXTRA_CONFIG}"
+}

3proxy.cfg.mustach

@@ -0,0 +1,44 @@
+#!/bin/3proxy
+config /etc/3proxy/3proxy.cfg
+
+system "echo `which 3proxy`': Starting 3proxy'"
+
+{{#name_servers}}
+nserver {{ . }}
+{{/name_servers}}
+
+nscache {{ name_servers_cache }}
+timeouts 1 5 30 60 180 1800 15 60
+
+log {{ log.output }}
+logformat "-\""+_G{""time_unix"":%t, ""proxy"":{""type:"":""%N"", ""port"":%p}, ""error"":{""code"":""%E""}, ""auth"":{""user"":""%U""}, ""client"":{""ip"":""%C"", ""port"":%c}, ""server"":{""ip"":""%R"", ""port"":%r}, ""bytes"":{""sent"":%O, ""received"":%I}, ""request"":{""hostname"":""%n""}, ""message"":""%T""}"
+
+maxconn {{ max_connections }}
+
+{{#auth.login}}
+{{#auth.password}}
+users {{ auth.login }}:CL:{{ auth.password }}
+auth strong
+allow {{ auth.login }}
+{{/auth.password}}
+{{/auth.login}}
+
+# Listen on both IPv4 and IPv6 for incoming and outgoing traffic
+external 0.0.0.0
+external ::
+internal 0.0.0.0
+internal ::
+
+{{#extra_config}}
+# Additional configuration
+{{extra_config}}
+{{/extra_config}}
+
+# IPv4 & IPv6 Support for SOCKS5 & HTTP
+proxy -a -p{{ ports.proxy }}
+socks -a -p{{ ports.socks }}
+
+proxy -6 -a -p{{ ports.proxy }}
+socks -6 -a -p{{ ports.socks }}
+
+flush

CHANGELOG.md

@@ -1,14 +0,0 @@
-# Changelog
-
-All notable changes to this package will be documented in this file.
-
-The format is based on [Keep a Changelog][keepachangelog] and this project adheres to [Semantic Versioning][semver].
-
-## v0.1.0
-
-### Changed
-
-- First project release
-
-[keepachangelog]:https://keepachangelog.com/en/1.0.0/
-[semver]:https://semver.org/spec/v2.0.0.html

Dockerfile

@@ -1,54 +1,91 @@
-# Image page: <https://hub.docker.com/_/alpine>
-FROM alpine:latest as builder
+# syntax=docker/dockerfile:1
 
-# e.g.: `docker build --build-arg "VERSION=0.8.13" .`
-ARG VERSION="0.8.13"
+FROM docker.io/library/gcc:15.1.0 AS builder
 
+# renovate: source=github-tags name=3proxy/3proxy
+ARG Z3PROXY_VERSION=0.9.5
+
+# Fetch 3proxy sources
 RUN set -x \
-    && apk add --no-cache \
-        ca-certificates \
-        linux-headers \
-        build-base \
-        git \
-    && update-ca-certificates \
-    && git clone --branch ${VERSION} https://github.com/z3APA3A/3proxy.git /tmp/3proxy \
-    && cd /tmp/3proxy \
-    && echo '#define ANONYMOUS 1' >> /tmp/3proxy/src/3proxy.h \
-    && make -f Makefile.Linux
+    && git -c advice.detachedHead=false clone --depth 1 --branch "${Z3PROXY_VERSION}" https://github.com/3proxy/3proxy.git /tmp/3proxy
 
-FROM alpine:latest
+WORKDIR /tmp/3proxy
+
+# Patch sources
+RUN set -x \
+    && echo '#define ANONYMOUS 1' >> ./src/3proxy.h \
+    # proxy.c source: <https://github.com/3proxy/3proxy/blob/0.9.3/src/proxy.c>
+    && sed -i 's~\(<\/head>\)~<style>:root{--color-bg-primary:#fff;--color-text-primary:#131313;--color-text-secondary:#232323}\
+@media (prefers-color-scheme: dark){:root{--color-bg-primary:#212121;--color-text-primary:#fafafa;--color-text-secondary:#bbb}}\
+html,body{height:100%;font-family:sans-serif;background-color:var(--color-bg-primary);color:var(--color-text-primary);margin:0;\
+padding:0;text-align:center}body{align-items:center;display:flex;justify-content:center;flex-direction:column;height:100vh}\
+h1,h2{margin-bottom:0;font-size:2.5em}h2::before{content:'"'"'Proxy error'"'"';display:block;font-size:.4em;\
+color:var(--color-text-secondary);font-weight:100}h3,p{color:var(--color-text-secondary)}</style>\1~' ./src/proxy.c \
+    && cat ./src/proxy.c | grep '</head>'
+
+# And compile
+RUN set -x \
+    && echo "" >> ./Makefile.Linux \
+    && echo "PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin SSLPlugin" >> ./Makefile.Linux \
+    && echo "LIBS = -l:libcrypto.a -l:libssl.a -ldl" >> ./Makefile.Linux \
+    && make -f Makefile.Linux \
+    && strip ./bin/3proxy \
+    && strip ./bin/StringsPlugin.ld.so \
+    && strip ./bin/TrafficPlugin.ld.so \
+    && strip ./bin/PCREPlugin.ld.so \
+    && strip ./bin/TransparentPlugin.ld.so \
+    && strip ./bin/SSLPlugin.ld.so \
+    && cp /lib/$(gcc -dumpmachine)/libdl.so.* /tmp/3proxy/
+
+# Prepare filesystem for 3proxy running
+FROM docker.io/library/alpine:latest AS buffer
+
+# create a directory for the future root filesystem
+WORKDIR /tmp/rootfs
+
+# prepare the root filesystem
+RUN set -x \
+    && mkdir -p ./etc ./bin ./usr/local/3proxy/libexec ./etc/3proxy \
+    && echo '3proxy:x:10001:10001::/nonexistent:/sbin/nologin' > ./etc/passwd \
+    && echo '3proxy:x:10001:' > ./etc/group \
+    && apk add --no-cache --virtual .build-deps curl ca-certificates \
+    && update-ca-certificates \
+    && curl -SsL -o ./bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_$(arch)" \
+    && chmod +x ./bin/dumb-init \
+    && apk del .build-deps
+
+COPY --from=builder /tmp/3proxy/libdl.so.* ./lib/
+COPY --from=builder /tmp/3proxy/bin/3proxy ./bin/3proxy
+COPY --from=builder /tmp/3proxy/bin/*.ld.so ./usr/local/3proxy/libexec/
+COPY --from=ghcr.io/tarampampam/mustpl:0.1.1 /bin/mustpl ./bin/mustpl
+COPY 3proxy.cfg.json ./etc/3proxy/3proxy.cfg.json
+COPY 3proxy.cfg.mustach ./etc/3proxy/3proxy.cfg.mustach
+
+RUN chown -R 10001:10001 ./etc/3proxy
+
+# Merge into a single layer
+FROM docker.io/library/busybox:stable-glibc
 
 LABEL \
-    org.label-schema.name="3proxy" \
-    org.label-schema.description="Tiny free proxy server" \
-    org.label-schema.url="https://github.com/tarampampam/3proxy-docker" \
-    org.label-schema.vcs-url="https://github.com/tarampampam/3proxy-docker" \
-    org.label-schema.docker.cmd="docker run --rm -d -p \"3128:3128/tcp\" -p \"1080:1080/tcp\" this_image" \
-    org.label-schema.vendor="tarampampam" \
-    org.label-schema.license="WTFPL" \
-    org.label-schema.schema-version="1.0"
+    org.opencontainers.image.title="3proxy" \
+    org.opencontainers.image.description="Tiny free proxy server" \
+    org.opencontainers.image.url="https://github.com/tarampampam/3proxy-docker" \
+    org.opencontainers.image.source="https://github.com/tarampampam/3proxy-docker" \
+    org.opencontainers.image.vendor="Tarampampam" \
+    org.opencontainers.image.licenses="WTFPL"
 
-COPY docker-entrypoint.sh /docker-entrypoint.sh
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /tmp/3proxy/src/3proxy /usr/bin/3proxy
-COPY --from=builder /tmp/3proxy/cfg/3proxy.cfg.sample /etc/3proxy/3proxy.cfg
-
-RUN set -x \
-    # Unprivileged user creation <https://stackoverflow.com/a/55757473/12429735RUN>
-    && adduser \
-        --disabled-password \
-        --gecos "" \
-        --home /nonexistent \
-        --shell /sbin/nologin \
-        --no-create-home \
-        --uid 10001 \
-        3proxy \
-    && touch /etc/3proxy/passwd \
-    && chown 3proxy:3proxy -R /etc/3proxy
+# Import from builder
+COPY --from=buffer /tmp/rootfs /
 
 # Use an unprivileged user
 USER 3proxy:3proxy
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+ENTRYPOINT [ \
+    "/bin/mustpl", \
+    "-f", "/etc/3proxy/3proxy.cfg.json", \
+    "-o", "/etc/3proxy/3proxy.cfg", \
+    "/etc/3proxy/3proxy.cfg.mustach", \
+    "--", "/bin/dumb-init" \
+]
 
-CMD ["/usr/bin/3proxy", "/etc/3proxy/3proxy.cfg"]
+CMD ["/bin/3proxy", "/etc/3proxy/3proxy.cfg"]

README.md

@@ -1,100 +1,138 @@
-<p align="center">
-  <img src="https://hsto.org/webt/kp/e1/ud/kpe1udvcjss_-wtmrws-w9radke.png" width="96" alt="" />
-</p>
+# This is a fork of 
+https://github.com/tarampampam/3proxy-docker
+
 
 # Docker image with [3proxy][link_3proxy]
 
-[![Build Status][badge_build_status]][link_build_status]
-[![Release Status][badge_release_status]][link_build_status]
-[![Image size][badge_size_latest]][link_docker_hub]
-[![Docker Pulls][badge_docker_pulls]][link_docker_hub]
-[![License][badge_license]][link_license]
-
-## Why this image created?
-
-3proxy is awesome and lightweight proxy-server. This image contains stable version with it and can be configured using environment variables.
+3proxy is a powerful and lightweight proxy server. This image includes the stable version and can be easily
+configured using environment variables. By default, it operates with anonymous proxy settings to hide client
+information and logs activity in JSON format.
 
 > Page on `hub.docker.com` can be [found here][link_docker_hub].
 
 TCP ports:
 
-Port number | Description
------------ | -----------
-`3128`      | [HTTP proxy](https://3proxy.org/doc/man8/proxy.8.html)
-`1080`      | [SOCKS proxy](https://3proxy.org/doc/man8/socks.8.html)
+| Port number | Description                                             |
+|-------------|---------------------------------------------------------|
+| `3128`      | [HTTP proxy](https://3proxy.org/doc/man8/proxy.8.html)  |
+| `1080`      | [SOCKS proxy](https://3proxy.org/doc/man8/socks.8.html) |
 
 ## Supported tags
 
-[![image stats](https://dockeri.co/image/tarampampam/3proxy)][link_docker_tags]
+| Registry                               | Image                        |
+|----------------------------------------|------------------------------|
+| [GitHub Container Registry][link_ghcr] | `ghcr.io/tarampampam/3proxy` |
+| [Docker Hub][link_docker_hub] (mirror) | `tarampampam/3proxy`         |
 
-All supported image tags [can be found here][link_docker_tags].
+> [!NOTE]
+> It’s recommended to avoid using the `latest` tag, as **major** upgrades may include breaking changes.
+> Instead, use specific tags in `X.Y.Z` format for version consistency.
 
-## Supported environment variables
+All supported image tags can be [found here][link_docker_tags].
 
-Variable name    | Description                               | Example
----------------- | ----------------------------------------- | ---------------
-`AUTH_REQUIRED`  | Require authorization? (default: `false`) | `true`, `false`
-`PROXY_LOGIN`    | Authorization login                       | `username`
-`PROXY_PASSWORD` | Authorization password                    | `password`
+> Starting with version 1.8.2, the `arm64` architecture is supported (in addition to `amd64`):
 
-## How can I use this?
+```shell
+docker run --rm mplatform/mquery ghcr.io/tarampampam/3proxy:1.8.2
 
-For example:
-
-```bash
-$ docker run --rm -d \
-    -p "3128:3128/tcp" \
-    -p "1080:1080/tcp" \
-    tarampampam/3proxy:latest
+Image: ghcr.io/tarampampam/3proxy:1.8.2
+ * Manifest List: Yes (Image type: application/vnd.docker.distribution.manifest.list.v2+json)
+ * Supported platforms:
+   - linux/amd64
+   - linux/arm64
 ```
 
-Or with auth settings:
+## Supported Environment Variables
+
+| Variable Name        | Description                                                                                                           | Example                           |
+|----------------------|-----------------------------------------------------------------------------------------------------------------------|-----------------------------------|
+| `PROXY_LOGIN`        | Authorization login (empty by default)                                                                                | `username`                        |
+| `PROXY_PASSWORD`     | Authorization password (empty by default)                                                                             | `password`                        |
+| `EXTRA_ACCOUNTS`     | Additional proxy users (JSON object format)                                                                           | `{"evil":"live", "guest":"pass"}` |
+| `PRIMARY_RESOLVER`   | Primary DNS resolver (`1.0.0.1` by default)                                                                           | `8.8.8.8:5353/tcp`                |
+| `SECONDARY_RESOLVER` | Secondary DNS resolver (`8.8.4.4` by default)                                                                         | `2001:4860:4860::8844`            |
+| `MAX_CONNECTIONS`    | Maximum number of connections (`1024` by default)                                                                     | `2056`                            |
+| `PROXY_PORT`         | HTTP proxy port (`3128` by default)                                                                                   | `8080`                            |
+| `SOCKS_PORT`         | SOCKS proxy port (`1080` by default)                                                                                  | `8888`                            |
+| `EXTRA_CONFIG`       | Additional 3proxy configuration (appended to the **end** of the config file, but before `proxy` and `flush`)          | `# line 1\n# line 2`              |
+| `LOG_OUTPUT`         | Path for log output (`/dev/stdout` by default; set to `/dev/null` to disable logging)                                 | `/tmp/3proxy.log`                 |
+
+## Helm Chart
+
+To install it on Kubernetes (K8s), please use the Helm chart from [ArtifactHUB][artifact-hub].
+
+[artifact-hub]:https://artifacthub.io/packages/helm/proxy-3proxy/proxy-3proxy
+
+## How to Use This Image
+
+Example usage:
 
 ```bash
-$ docker run --rm -d \
-    -p "3128:3128/tcp" \
-    -p "1080:1080/tcp" \
-    -e "AUTH_REQUIRED=true" \
-    -e "PROXY_LOGIN=evil" \
-    -e "PROXY_PASSWORD=live" \
-    tarampampam/3proxy:latest
+docker run --rm -d \
+  -p "3128:3128/tcp" \
+  -p "1080:1080/tcp" \
+  ghcr.io/tarampampam/3proxy:1
 ```
 
-## Changes log
+With authentication and custom resolver settings:
 
-[![Release date][badge_release_date]][link_releases]
-[![Commits since latest release][badge_commits_since_release]][link_commits]
+```bash
+docker run --rm -d \
+  -p "3128:3128/tcp" \
+  -p "1080:1080/tcp" \
+  -e "PROXY_LOGIN=evil" \
+  -e "PROXY_PASSWORD=live" \
+  -e "PRIMARY_RESOLVER=2001:4860:4860::8888" \
+  ghcr.io/tarampampam/3proxy:1
+```
 
-Changes log can be [found here][link_changes_log].
+Docker compose example:
+
+```yaml
+services:
+  3proxy:
+    image: ghcr.io/tarampampam/3proxy:1
+    environment:
+      PROXY_LOGIN: evil
+      PROXY_PASSWORD: live
+      MAX_CONNECTIONS: 10000
+      PROXY_PORT: 8000
+      SOCKS_PORT: 8001
+      PRIMARY_RESOLVER: 77.88.8.8
+      SECONDARY_RESOLVER: 8.8.8.8
+    ports:
+      - '8000:8000/tcp'
+      - '8001:8001/tcp'
+```
+
+## Releasing
+
+Publishing a new version is straightforward:
+
+1. Make the necessary changes in this repository.
+2. "Publish" a new release on the repository's releases page.
+
+Docker images will be automatically built and published.
+
+> Note: The `latest` tag will be overwritten in both registries when a new release is published.
 
 ## Support
 
 [![Issues][badge_issues]][link_issues]
 [![Issues][badge_pulls]][link_pulls]
 
-If you will find any package errors, please, [make an issue][link_create_issue] in current repository.
+If you encounter any issues, please [open an issue][link_create_issue] in this repository.
 
 ## License
 
-WTFPL. Use anywhere for your pleasure.
+This project is licensed under the WTFPL. Use it freely and enjoy!
 
-[badge_build_status]:https://img.shields.io/github/workflow/status/tarampampam/3proxy-docker/tests/master?logo=github&label=build
-[badge_release_status]:https://img.shields.io/github/workflow/status/tarampampam/3proxy-docker/release/master?logo=github&label=release
-[badge_release_date]:https://img.shields.io/github/release-date/tarampampam/3proxy-docker.svg?style=flat-square&maxAge=180
-[badge_commits_since_release]:https://img.shields.io/github/commits-since/tarampampam/3proxy-docker/latest.svg?style=flat-square&maxAge=180
 [badge_issues]:https://img.shields.io/github/issues/tarampampam/3proxy-docker.svg?style=flat-square&maxAge=180
 [badge_pulls]:https://img.shields.io/github/issues-pr/tarampampam/3proxy-docker.svg?style=flat-square&maxAge=180
-[badge_license]:https://img.shields.io/github/license/tarampampam/3proxy-docker.svg?longCache=true
-[badge_size_latest]:https://img.shields.io/docker/image-size/tarampampam/3proxy/latest?maxAge=30
-[badge_docker_pulls]:https://img.shields.io/docker/pulls/tarampampam/3proxy.svg
-[link_releases]:https://github.com/tarampampam/3proxy-docker/releases
-[link_commits]:https://github.com/tarampampam/3proxy-docker/commits
-[link_changes_log]:https://github.com/tarampampam/3proxy-docker/blob/master/CHANGELOG.md
 [link_issues]:https://github.com/tarampampam/3proxy-docker/issues
 [link_pulls]:https://github.com/tarampampam/3proxy-docker/pulls
-[link_build_status]:https://travis-ci.org/tarampampam/3proxy-docker
 [link_create_issue]:https://github.com/tarampampam/3proxy-docker/issues/new
-[link_license]:https://github.com/tarampampam/3proxy-docker/blob/master/LICENSE
 [link_docker_tags]:https://hub.docker.com/r/tarampampam/3proxy/tags
 [link_docker_hub]:https://hub.docker.com/r/tarampampam/3proxy/
-[link_3proxy]:https://github.com/z3APA3A/3proxy
+[link_ghcr]:https://github.com/tarampampam/3proxy-docker/pkgs/container/3proxy
+[link_3proxy]:https://github.com/3proxy/3proxy

deployments/helm/Chart.yaml

@@ -0,0 +1,13 @@
+# yaml-language-server: $schema=https://json.schemastore.org/chart.json
+
+apiVersion: v2
+name: proxy-3proxy
+description: Powerful and lightweight proxy server, written in pure C
+
+type: application
+version: 0.0.0 # will be replaced by the release workflow
+appVersion: 0.0.0 # will be replaced by the release workflow
+icon: https://github.com/user-attachments/assets/023186cf-b153-459c-8417-038fd87a2065
+home: https://github.com/3proxy/3proxy
+sources: [https://github.com/tarampampam/3proxy-docker]
+keywords: [proxy, 3proxy, http, socks]

deployments/helm/README.md

@@ -0,0 +1,35 @@
+# 3proxy
+
+Important note: Since the chart is released together with the app under the same version (i.e., the chart version
+matches the app version), its versioning is not compatible with semantic versioning (SemVer). I will do my best to
+avoid non-backward-compatible changes in the chart, but due to Murphy's Law, I cannot guarantee that they will
+never occur.
+
+Also, this chart does not include Ingress configuration. If you need it, please, create it manually.
+
+## Usage
+
+```shell
+helm repo add proxy-3proxy https://tarampampam.github.io/3proxy-docker/helm-charts
+helm repo update
+
+helm install my-3proxy proxy-3proxy/proxy-3proxy --version <version_here>
+```
+
+Alternatively, add the following lines to your `Chart.yaml`:
+
+```yaml
+dependencies:
+  - name: proxy-3proxy
+    version: <version_here>
+    repository: https://tarampampam.github.io/3proxy-docker/helm-charts
+```
+
+And override the default values in your `values.yaml`:
+
+```yaml
+proxy-3proxy:
+  # ...
+  service: {ports: {http: 3128}}
+  # ...
+```

deployments/helm/templates/_helpers.tpl

@@ -0,0 +1,52 @@
+{{/* Define namespace of chart, useful for multi-namespace deployments */}}
+{{- define "proxy-3proxy.namespace" -}}
+  {{- if .Values.namespaceOverride }}
+    {{- .Values.namespaceOverride }}
+  {{- else }}
+    {{- .Release.Namespace }}
+  {{- end }}
+{{- end }}
+
+{{/* Expand the name of the chart */}}
+{{- define "proxy-3proxy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "proxy-3proxy.fullname" -}}
+  {{- if .Values.fullnameOverride }}
+    {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- $name := default .Chart.Name .Values.nameOverride }}
+    {{- if contains $name .Release.Name }}
+      {{- .Release.Name | trunc 63 | trimSuffix "-" }}
+    {{- else }}
+      {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{/* Create chart name and version as used by the chart label */}}
+{{- define "proxy-3proxy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/* Common labels */}}
+{{- define "proxy-3proxy.commonLabels" -}}
+helm.sh/chart: {{ include "proxy-3proxy.chart" . }}
+{{ include "proxy-3proxy.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/* Selector labels */}}
+{{- define "proxy-3proxy.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "proxy-3proxy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

deployments/helm/templates/deployment.yaml

@@ -0,0 +1,194 @@
+{{- if .Values.deployment.enabled }}
+apiVersion: apps/v1
+kind: {{ .Values.deployment.kind | default "Deployment" }}
+
+metadata:
+  name: {{ include "proxy-3proxy.fullname" . }}
+  namespace: {{ template "proxy-3proxy.namespace" . }}
+  labels:
+    {{- include "proxy-3proxy.commonLabels" . | nindent 4 }}
+
+spec:
+  {{- with .Values.deployment }}
+  replicas: {{ .replicas | default 1 }}
+  selector:
+    matchLabels:
+      {{- include "proxy-3proxy.selectorLabels" $ | nindent 6 }}
+  template:
+    metadata:
+      {{- with .podAnnotations }}
+      annotations:
+        {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "proxy-3proxy.commonLabels" $ | nindent 8 }}
+        {{- with .labels }}
+        {{- tpl (toYaml .) $ | nindent 8 }}
+        {{- end }}
+    spec:
+      automountServiceAccountToken: false
+      {{- with .imagePullSecrets }}
+      imagePullSecrets:
+        {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ include "proxy-3proxy.fullname" $ }}
+
+          {{- with .securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+            readOnlyRootFilesystem: false
+          {{- end }}
+
+          {{- with $.Values.image }}
+          image: "{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
+          imagePullPolicy: {{ .pullPolicy | default "IfNotPresent" }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: 3128
+              protocol: TCP
+            - name: socks
+              containerPort: 1080
+              protocol: TCP
+          env:
+            - {name: PROXY_PORT, value: "3128"}
+            - {name: SOCKS_PORT, value: "1080"}
+          {{- with $.Values.config }}
+            {{- with .log }}
+            {{- $logOutputEnvName := "LOG_OUTPUT" }}
+            {{- if eq .enabled false }}
+            - {name: {{ $logOutputEnvName }}, value: "/dev/null"}
+            {{- else if .output }}
+            - {name: {{ $logOutputEnvName }}, value: "{{ .output }}"}
+            {{- end }}
+            {{- end }}
+
+            {{- with .auth.login }}
+            {{- $authLoginEnvName := "PROXY_LOGIN" }}
+            {{- if .plain }}
+            - {name: {{ $authLoginEnvName }}, value: "{{ .plain }}"}
+            {{- else if .fromSecret.enabled }}
+            - name: {{ $authLoginEnvName }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ tpl .fromSecret.secretName $ | quote }}
+                  key: {{ tpl .fromSecret.secretKey $ | quote }}
+            {{- else if .fromConfigMap.enabled }}
+            - name: {{ $authLoginEnvName }}
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ tpl .fromConfigMap.configMapName $ | quote }}
+                  key: {{ tpl .fromConfigMap.configMapKey $ | quote }}
+            {{- end }}
+            {{- end }}
+
+            {{- with .auth.password }}
+            {{- $authPasswordEnvName := "PROXY_PASSWORD" }}
+            {{- if .plain }}
+            - {name: {{ $authPasswordEnvName }}, value: "{{ .plain }}"}
+            {{- else if .fromSecret.enabled }}
+            - name: {{ $authPasswordEnvName }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ tpl .fromSecret.secretName $ | quote }}
+                  key: {{ tpl .fromSecret.secretKey $ | quote }}
+            {{- else if .fromConfigMap.enabled }}
+            - name: {{ $authPasswordEnvName }}
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ tpl .fromConfigMap.configMapName $ | quote }}
+                  key: {{ tpl .fromConfigMap.configMapKey $ | quote }}
+            {{- end }}
+            {{- end }}
+
+            {{- with .auth.extraAccounts }}
+            {{- $extraAuthAccountsEnvName := "EXTRA_ACCOUNTS" }}
+            {{- if .plain }}
+            - name: {{ $extraAuthAccountsEnvName }}
+              value: >-
+                {{ .plain | toJson }}
+            {{- else if .fromSecret.enabled }}
+            - name: {{ $extraAuthAccountsEnvName }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ tpl .fromSecret.secretName $ | quote }}
+                  key: {{ tpl .fromSecret.secretKey $ | quote }}
+            {{- else if .fromConfigMap.enabled }}
+            - name: {{ $extraAuthAccountsEnvName }}
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ tpl .fromConfigMap.configMapName $ | quote }}
+                  key: {{ tpl .fromConfigMap.configMapKey $ | quote }}
+            {{- end }}
+            {{- end }}
+
+            {{- if .dns.primaryResolver }}
+            - {name: PRIMARY_RESOLVER, value: "{{ .dns.primaryResolver }}"}
+            {{- end }}
+
+            {{- if .dns.secondaryResolver }}
+            - {name: SECONDARY_RESOLVER, value: "{{ .dns.secondaryResolver }}"}
+            {{- end }}
+
+            {{- if ne .limits.maxConnections nil }}
+            - {name: MAX_CONNECTIONS, value: "{{ .limits.maxConnections }}"}
+            {{- end }}
+
+            {{- if .extraConfig }}
+            - name: EXTRA_CONFIG
+              value: >-
+                {{ .extraConfig }}
+            {{- end }}
+            {{- with $.Values.deployment.env }}
+            {{- tpl (toYaml .) $ | nindent 12 }}
+            {{- end }}
+          {{- end }}
+
+          {{- with .args }}
+          args:
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
+
+          {{- with .probe }}
+          livenessProbe:
+            tcpSocket: {port: "{{ .port }}"}
+            periodSeconds: {{ .interval }}
+            initialDelaySeconds: {{ .initialDelay }}
+          readinessProbe:
+            tcpSocket: {port: "{{ .port }}"}
+            periodSeconds: {{ .interval }}
+            initialDelaySeconds: {{ .initialDelay }}
+          {{- end }}
+
+          {{- with .resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+
+          {{- with .volumeMounts }}
+          volumeMounts:
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
+
+      {{- with .volumes }}
+      volumes:
+        {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+
+      {{- with .nodeSelector }}
+      nodeSelector:
+        {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+
+      {{- with .affinity }}
+      affinity:
+        {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+
+      {{- with .tolerations }}
+      tolerations:
+        {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end }}

deployments/helm/templates/service.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.service.enabled }}
+apiVersion: v1
+kind: Service
+
+metadata:
+  name: {{ include "proxy-3proxy.fullname" . }}
+  namespace: {{ template "proxy-3proxy.namespace" . }}
+  labels:
+    {{- include "proxy-3proxy.commonLabels" . | nindent 4 }}
+
+spec:
+  {{- with .Values.service }}
+  type: {{ .type }}
+  {{- with .externalName }}
+  externalName: {{ . }}
+  {{- end }}
+  ports:
+    - name: http
+      port: {{ .ports.http }}
+      targetPort: http
+      protocol: TCP
+    - name: socks
+      port: {{ .ports.socks }}
+      targetPort: socks
+      protocol: TCP
+  selector:
+    {{- include "proxy-3proxy.selectorLabels" $ | nindent 4 }}
+  {{- end }}
+{{- end }}

deployments/helm/values.schema.json

@@ -0,0 +1,367 @@
+{
+  "$schema": "https://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "properties": {
+    "nameOverride": {
+      "oneOf": [
+        {"type": "string", "minLength": 1},
+        {"type": "null"}
+      ]
+    },
+    "fullnameOverride": {
+      "oneOf": [
+        {"type": "string", "minLength": 1},
+        {"type": "null"}
+      ]
+    },
+    "namespaceOverride": {
+      "oneOf": [
+        {"type": "string", "minLength": 1},
+        {"type": "null"}
+      ]
+    },
+    "image": {
+      "type": "object",
+      "properties": {
+        "repository": {"type": "string", "minLength": 1},
+        "tag": {
+          "oneOf": [
+            {"type": "string", "minLength": 1},
+            {"type": "null"}
+          ]
+        },
+        "pullPolicy": {
+          "oneOf": [
+            {"type": "string", "enum": ["Always", "IfNotPresent", "Never"]},
+            {"type": "null"}
+          ]
+        }
+      }
+    },
+    "deployment": {
+      "type": "object",
+      "properties": {
+        "enabled": {"type": "boolean"},
+        "kind": {"type": "string"},
+        "replicas": {"type": "integer"},
+        "podAnnotations": {
+          "type": "object",
+          "additionalProperties": {"type": "string", "minLength": 1}
+        },
+        "labels": {
+          "type": "object",
+          "additionalProperties": {"type": "string", "minLength": 1}
+        },
+        "imagePullSecrets": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "name": {"type": "string"}
+            },
+            "minProperties": 1
+          }
+        },
+        "securityContext": {
+          "type": "object",
+          "properties": {
+            "runAsNonRoot": {"type": "boolean"},
+            "runAsUser": {"type": "integer"},
+            "runAsGroup": {"type": "integer"}
+          }
+        },
+        "probe": {
+          "type": "object",
+          "properties": {
+            "port": {"type": "string", "enum": ["http", "socks"]},
+            "interval": {"type": "integer"},
+            "initialDelay": {"type": "integer"}
+          }
+        },
+        "resources": {
+          "type": "object",
+          "properties": {
+            "requests": {
+              "type": "object",
+              "properties": {
+                "cpu": {"type": "string"},
+                "memory": {"type": "string"}
+              }
+            },
+            "limits": {
+              "type": "object",
+              "properties": {
+                "cpu": {"type": "string"},
+                "memory": {"type": "string"}
+              }
+            }
+          }
+        },
+        "volumes": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "name": {"type": "string"},
+              "configMap": {
+                "type": "object",
+                "properties": {
+                  "name": {"type": "string"}
+                }
+              },
+              "secret": {
+                "type": "object",
+                "properties": {
+                  "secretName": {"type": "string"}
+                }
+              },
+              "persistentVolumeClaim": {
+                "type": "object",
+                "properties": {
+                  "claimName": {"type": "string"}
+                }
+              }
+            }
+          }
+        },
+        "volumeMounts": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "name": {"type": "string"},
+              "mountPath": {"type": "string"},
+              "subPath": {"type": "string"},
+              "readOnly": {"type": "boolean"}
+            }
+          }
+        },
+        "nodeSelector": {
+          "type": "object",
+          "additionalProperties": {"type": "string", "minLength": 1}
+        },
+        "affinity": {
+          "type": "object",
+          "properties": {
+            "nodeAffinity": {"type": "object"},
+            "podAffinity": {"type": "object"},
+            "podAntiAffinity": {"type": "object"}
+          }
+        },
+        "tolerations": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "key": {"type": "string"},
+              "operator": {"type": "string"},
+              "value": {"type": "string"},
+              "effect": {"type": "string"}
+            }
+          }
+        },
+        "env": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "name": {"type": "string"},
+              "value": {"type": "string"},
+              "valueFrom": {"type": "object"}
+            }
+          }
+        },
+        "args": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "minLength": 1
+          }
+        }
+      }
+    },
+    "service": {
+      "type": "object",
+      "properties": {
+        "enabled": {"type": "boolean"},
+        "type": {
+          "type": "string",
+          "enum": ["ClusterIP", "NodePort", "LoadBalancer", "ExternalName"]
+        },
+        "externalName": {
+          "oneOf": [
+            {"type": "string", "minLength": 1},
+            {"type": "null"}
+          ]
+        },
+        "ports": {
+          "type": "object",
+          "properties": {
+            "http": {"type": "integer", "minimum": 1, "maximum": 65535},
+            "socks": {"type": "integer", "minimum": 1, "maximum": 65535}
+          }
+        }
+      }
+    },
+    "ingress": {
+      "type": "object",
+      "properties": {
+        "enabled": {"type": "boolean"},
+        "className": {
+          "oneOf": [
+            {"type": "string", "minLength": 1},
+            {"type": "null"}
+          ]
+        },
+        "annotations": {
+          "type": "object",
+          "additionalProperties": {"type": "string", "minLength": 1}
+        },
+        "hosts": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "host": {"type": "string", "minLength": 1},
+              "paths": {
+                "type": "array",
+                "items": {
+                  "type": "object",
+                  "properties": {
+                    "path": {"type": "string", "minLength": 1},
+                    "pathType": {"type": "string", "minLength": 1}
+                  }
+                }
+              }
+            }
+          }
+        },
+        "tls": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "hosts": {"type": "array"},
+              "secretName": {"type": "string"}
+            }
+          }
+        }
+      }
+    },
+    "config": {
+      "type": "object",
+      "properties": {
+        "log": {
+          "type": "object",
+          "properties": {
+            "enabled": {"type": "boolean"},
+            "output": {
+              "oneOf": [
+                {"type": "string", "minLength": 2, "examples": ["/dev/stdout"]},
+                {"type": "null"}
+              ]
+            }
+          }
+        },
+        "auth": {
+          "type": "object",
+          "properties": {
+            "login": {
+              "type": "object",
+              "properties": {
+                "plain": {
+                  "oneOf": [
+                    {"type": "string", "minLength": 1},
+                    {"type": "null"}
+                  ]
+                },
+                "fromSecret": {
+                  "type": "object",
+                  "properties": {
+                    "enabled": {"type": "boolean"},
+                    "secretName": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]},
+                    "secretKey": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]}
+                  }
+                },
+                "fromConfigMap": {
+                  "type": "object",
+                  "properties": {
+                    "enabled": {"type": "boolean"},
+                    "configMapName": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]},
+                    "configMapKey": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]}
+                  }
+                }
+              }
+            },
+            "password": {
+              "type": "object",
+              "properties": {
+                "plain": {
+                  "oneOf": [
+                    {"type": "string", "minLength": 1},
+                    {"type": "null"}
+                  ]
+                },
+                "fromSecret": {
+                  "type": "object",
+                  "properties": {
+                    "enabled": {"type": "boolean"},
+                    "secretName": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]},
+                    "secretKey": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]}
+                  }
+                },
+                "fromConfigMap": {
+                  "type": "object",
+                  "properties": {
+                    "enabled": {"type": "boolean"},
+                    "configMapName": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]},
+                    "configMapKey": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]}
+                  }
+                }
+              }
+            },
+            "extraAccounts": {
+              "type": "object",
+              "properties": {
+                "plain": {
+                  "type": "object",
+                  "additionalProperties": {"type": "string", "minLength": 1}
+                },
+                "fromSecret": {
+                  "type": "object",
+                  "properties": {
+                    "enabled": {"type": "boolean"},
+                    "secretName": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]},
+                    "secretKey": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]}
+                  }
+                },
+                "fromConfigMap": {
+                  "type": "object",
+                  "properties": {
+                    "enabled": {"type": "boolean"},
+                    "configMapName": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]},
+                    "configMapKey": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]}
+                  }
+                }
+              }
+            }
+          }
+        },
+        "dns": {
+          "type": "object",
+          "properties": {
+            "primaryResolver": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]},
+            "secondaryResolver": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]}
+          }
+        },
+        "limits": {
+          "type": "object",
+          "properties": {
+            "maxConnections": {"oneOf": [{"type": "integer", "minimum": 1}, {"type": "null"}]}
+          }
+        },
+        "extraConfig": {"oneOf": [{"type": "string", "minLength": 1}, {"type": "null"}]}
+      }
+    }
+  }
+}

deployments/helm/values.yaml

@@ -0,0 +1,149 @@
+# -- The name of the Helm release
+fullnameOverride: null
+# -- This is to override the chart name
+nameOverride: null
+# -- Override the default Release Namespace for Helm
+namespaceOverride: null
+
+image:
+  # -- The image repository to pull from
+  repository: ghcr.io/tarampampam/3proxy
+  # -- Defines the image pull policy
+  pullPolicy: IfNotPresent
+  # -- Overrides the image tag whose default is the chart appVersion
+  tag: null
+
+deployment:
+  # -- Enable deployment
+  enabled: true
+  # -- The deployment kind
+  kind: Deployment
+  # -- How many replicas to run
+  replicas: 1
+  # -- Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+  #    It supports templating. One can set it with values like some/name: '{{ template "some.name" . }}'
+  #    For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  podAnnotations: {} # supports templating
+  # -- Additional deployment labels (e.g. for filtering deployment by custom labels)
+  labels: {} # supports templating
+  # -- This is for the secretes for pulling an image from a private repository more information can be found
+  #    here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  imagePullSecrets: [] # supports templating
+  # -- Security context for the pod, more information can be found here:
+  #    https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 10001  # as defined in the Dockerfile
+    runAsGroup: 10001 # as defined in the Dockerfile
+  probe:
+    # -- The port to probe (containerPort, "http" or "socks")
+    port: http
+    # -- How often (in seconds) to perform the probe
+    interval: 10
+    # -- Number of seconds after the container has started before liveness probes are initiated
+    initialDelay: 2
+  # -- Resource limits and requests, more information can be found here:
+  #    https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+  resources:
+    requests: {memory: 16Mi}
+    limits: {memory: 128Mi}
+  # -- Additional volumes to add to the pod, more information can be found here:
+  #    https://kubernetes.io/docs/concepts/storage/volumes/
+  volumes: [] # supports templating
+  # -- Additional volumeMounts to add to the container (for instance when using fs storage driver)
+  volumeMounts: [] # supports templating
+  # -- Node selector for pod assignment, more information can be found here:
+  #    https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  nodeSelector: {} # supports templating
+  # -- Affinity for pod assignment, more information can be found here:
+  #    https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  affinity: {} # supports templating
+  # -- Tolerations for pod assignment, more information can be found here:
+  #    https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+  tolerations: [] # supports templating
+  # -- The list of additional environment variables to set in the container
+  env: [] # supports templating
+  # -- The list of additional arguments to pass to the container
+  args: [] # supports templating
+
+service:
+  # -- Enable service
+  enabled: true
+  # -- Sets the service type more information can be found here:
+  #    https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+  type: ClusterIP
+  # -- External name for the service (for type=ExternalName)
+  externalName: null
+  # -- Sets the port, more information can be found here:
+  #    https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
+  ports:
+    # -- The port number for the proxy to listen on
+    http: 3128
+    # -- The same, but for socks proxy
+    socks: 1080
+
+config:
+  log:
+    # -- Enable logging (set to false to disable)
+    enabled: true
+    # -- The output log file
+    # @default /dev/stdout
+    output: null
+
+  auth:
+    login:
+      # -- Username (login) for proxy authentication, provided as a plain value
+      plain: null
+      fromSecret:
+        # -- Enable getting the username from a secret
+        enabled: false
+        secretName: null # supports templating
+        secretKey: null  # supports templating
+      fromConfigMap:
+        # -- Enable getting the username from a config map
+        enabled: false
+        configMapName: null # supports templating
+        configMapKey: null  # supports templating
+    password:
+      # -- Password for proxy authentication, provided as a plain value
+      plain: null
+      fromSecret:
+        # -- Enable getting the password from a secret
+        enabled: false
+        secretName: null # supports templating
+        secretKey: null  # supports templating
+      fromConfigMap:
+        # -- Enable getting the password from a config map
+        enabled: false
+        configMapName: null # supports templating
+        configMapKey: null  # supports templating
+    extraAccounts:
+      # -- The list of additional accounts to add to the configuration (a hashmap of username:password)
+      plain: {}
+      fromSecret:
+        # -- Enable getting the extra accounts from a secret (the value should be a JSON object)
+        enabled: false
+        secretName: null # supports templating
+        secretKey: null  # supports templating
+      fromConfigMap:
+        # -- Enable getting the extra accounts from a config map (the value should be a JSON object)
+        enabled: false
+        configMapName: null # supports templating
+        configMapKey: null  # supports templating
+
+  dns:
+    # -- Primary DNS server
+    # @default 1.0.0.1 (Cloudflare)
+    primaryResolver: null
+    # -- Secondary DNS server
+    # @default 8.8.4.4 (Google)
+    secondaryResolver: null
+
+  limits:
+    # -- The maximum number of connections
+    # @default 1024
+    maxConnections: null
+
+  # -- Additional 3proxy configuration (appended to the end of the config file, but before `proxy` and `flush`),
+  #    new lines should be separated by `\n`, i.e.: "# line 1\n# line 2"
+  extraConfig: null

docker-compose.yaml

@@ -0,0 +1,21 @@
+version: "3.8"
+
+services:
+  3proxy-docker:
+    container_name: 3proxy-server
+    hostname: 3proxy-server
+    build:
+      context: .
+      dockerfile: Dockerfile
+    network_mode: host
+    restart: unless-stopped
+    environment:
+      PROXY_LOGIN: username
+      PROXY_PASSWORD: "Password"
+      PRIMARY_RESOLVER: 1.1.1.1
+      SECONDARY_RESOLVER: 152.53.118.246
+      MAX_CONNECTIONS: 1024
+      PROXY_PORT: 3128
+      SOCKS_PORT: 1080
+    labels:
+      com.centurylinklabs.watchtower.enable: "false"

docker-entrypoint.sh

@@ -1,62 +0,0 @@
-#!/usr/bin/env sh
-set -e
-
-AUTH_REQUIRED=${AUTH_REQUIRED:-false} # true|false
-PROXY_LOGIN=${PROXY_LOGIN:-} # string
-PROXY_PASSWORD=${PROXY_PASSWORD:-} # string
-
-if [ "$AUTH_REQUIRED" = "true" ]; then
-  if [ -z "$PROXY_LOGIN" ]; then
-    (>&2 echo "$0: environment variable 'PROXY_LOGIN' is not specified!"); exit 1;
-  fi;
-
-  if [ -z "$PROXY_PASSWORD" ]; then
-    (>&2 echo "$0: environment variable 'PROXY_PASSWORD' is not specified!"); exit 1;
-  fi;
-
-  echo "$0: setup '${PROXY_LOGIN}:${PROXY_PASSWORD}' as proxy user";
-  echo "${PROXY_LOGIN}:CL:${PROXY_PASSWORD}" > /etc/3proxy/passwd
-fi;
-
-echo "$0: rewrite configuration file";
-cat << \EOF > /etc/3proxy/3proxy.cfg
-#!/usr/bin/3proxy
-config /etc/3proxy/3proxy.cfg
-
-# you may use system to execute some external command if proxy starts
-system "echo `which 3proxy`': Starting 3proxy'"
-
-# We can configure nservers to avoid unsafe gethostbyname() usage
-nserver 1.0.0.1
-nserver 1.1.1.1
-nserver 8.8.4.4
-nserver 8.8.8.8
-
-# nscache is good to save speed, traffic and bandwidth
-nscache 65536
-
-# Here we can change timeout values
-timeouts 1 5 30 60 180 1800 15 60
-
-log /dev/stdout
-logformat "- +_L%t.%.  %N.%p %E %U %C:%c %R:%r %O %I %h %T"
-
-maxconn 1024
-
-#AUTH_SETTINGS
-
-proxy -a -p3128
-socks -a -p1080
-
-flush
-EOF
-
-if [ "$AUTH_REQUIRED" = "true" ]; then
-  echo "$0: setup auth settings in configuration file";
-
-  sed -i "s~#AUTH_SETTINGS~users \$/etc/3proxy/passwd\nauth strong\nallow ${PROXY_LOGIN}~" /etc/3proxy/3proxy.cfg
-fi;
-
-cat /etc/3proxy/3proxy.cfg
-
-exec "$@"