github · Mossaka · Feb 25, 2026 · Copilot · Feb 25, 2026 · Copilot
@@ -138,12 +138,8 @@ fi
 echo "[iptables] Allow traffic to Squid proxy (${SQUID_IP}:${SQUID_PORT})..."
 iptables -t nat -A OUTPUT -d "$SQUID_IP" -j RETURN
 
-# Allow traffic to API proxy sidecar (when enabled)
-# AWF_API_PROXY_IP is set by docker-manager.ts when --enable-api-proxy is used
-if [ -n "$AWF_API_PROXY_IP" ]; then
-  echo "[iptables] Allow traffic to API proxy sidecar (${AWF_API_PROXY_IP})..."
-  iptables -t nat -A OUTPUT -d "$AWF_API_PROXY_IP" -j RETURN
-fi
+# Note: API auth proxy traffic to Squid IP on ports 10000-10002 is already allowed
+# by the rule above (iptables -t nat -A OUTPUT -d "$SQUID_IP" -j RETURN)
 
 # Bypass Squid for host.docker.internal when host access is enabled.
 # MCP gateway traffic to host.docker.internal gets DNAT'd to Squid,
@@ -281,10 +277,8 @@ iptables -A OUTPUT -p tcp -d 127.0.0.11 --dport 53 -j ACCEPT
 # Allow traffic to Squid proxy (after NAT redirection)
 iptables -A OUTPUT -p tcp -d "$SQUID_IP" -j ACCEPT
 
-# Allow traffic to API proxy sidecar (when enabled)
-if [ -n "$AWF_API_PROXY_IP" ]; then
-  iptables -A OUTPUT -p tcp -d "$AWF_API_PROXY_IP" -j ACCEPT
-fi
+# Note: API auth proxy traffic to Squid IP on ports 10000-10002 is already allowed
+# by the rule above (iptables -A OUTPUT -p tcp -d "$SQUID_IP" -j ACCEPT)
 
 # Drop all other TCP traffic (default deny policy)
 # This ensures that only explicitly allowed ports can be accessed

@@ -1,27 +1,36 @@
 FROM ubuntu/squid:latest
 
-# Install additional tools for debugging, healthcheck, and SSL Bump
+# Install additional tools for debugging, healthcheck, SSL Bump, and Node.js (for auth proxy)
 # Retry logic handles transient 404s when Ubuntu archive supersedes package versions mid-build
 RUN set -eux; \
-    PKGS="curl dnsutils net-tools netcat-openbsd openssl squid-openssl"; \
+    PKGS="curl dnsutils net-tools netcat-openbsd openssl squid-openssl nodejs npm"; \
     apt-get update && \
     apt-get install -y --only-upgrade gpgv && \
     ( apt-get install -y --no-install-recommends $PKGS || \
       (rm -rf /var/lib/apt/lists/* && apt-get update && \
        apt-get install -y --no-install-recommends $PKGS) ) && \
     rm -rf /var/lib/apt/lists/*
 
-# Create log directory and SSL database directory
-RUN mkdir -p /var/log/squid && \
-    chown -R proxy:proxy /var/log/squid
+# Create log directories
+RUN mkdir -p /var/log/squid /var/log/api-proxy && \
+    chown -R proxy:proxy /var/log/squid /var/log/api-proxy
+
+# Copy API proxy files and install dependencies
+WORKDIR /app/api-proxy
+COPY package*.json ./
+RUN npm ci --omit=dev
+COPY server.js ./
+
+# Reset workdir
+WORKDIR /
 
 # Copy entrypoint script
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 RUN chmod +x /usr/local/bin/entrypoint.sh
 
 # Expose Squid port (3128 for HTTP, 3129 for HTTPS with SSL Bump)
-EXPOSE 3128
-EXPOSE 3129
+# and API proxy ports (10000-10002 for LLM provider proxies)
+EXPOSE 3128 3129 10000 10001 10002
 
 # Use entrypoint to fix permissions before starting Squid
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
@@ -19,5 +19,51 @@ if [ -d "/var/spool/squid_ssl_db" ]; then
   echo "[squid-entrypoint] SSL certificate database ready"
 fi
 
-# Start Squid
-exec squid -N -d 1
+# Start Node.js auth proxy if API keys are configured
+# Security mitigation 3a: Run Node.js as non-root 'proxy' user
+if [ -n "$OPENAI_API_KEY" ] || [ -n "$ANTHROPIC_API_KEY" ] || [ -n "$COPILOT_GITHUB_TOKEN" ]; then
+  echo "[squid-entrypoint] Starting API auth proxy..."
+
+  # Fix permissions on api-proxy log directory
+  chown -R proxy:proxy /var/log/api-proxy
+  chmod -R 755 /var/log/api-proxy
+
+  # Route through localhost Squid (not external IP)
+  export HTTP_PROXY="http://localhost:3128"
+  export HTTPS_PROXY="http://localhost:3128"
+
+  # Security mitigation 3a: Drop to non-root 'proxy' user before starting Node.js
+  su -s /bin/sh proxy -c "HTTP_PROXY='$HTTP_PROXY' HTTPS_PROXY='$HTTPS_PROXY' \
+    OPENAI_API_KEY='${OPENAI_API_KEY:-}' \
+    ANTHROPIC_API_KEY='${ANTHROPIC_API_KEY:-}' \
+    COPILOT_GITHUB_TOKEN='${COPILOT_GITHUB_TOKEN:-}' \
+    node /app/api-proxy/server.js" &
-  su -s /bin/sh proxy -c "HTTP_PROXY='$HTTP_PROXY' HTTPS_PROXY='$HTTPS_PROXY' \
-    OPENAI_API_KEY='${OPENAI_API_KEY:-}' \
-    ANTHROPIC_API_KEY='${ANTHROPIC_API_KEY:-}' \
-    COPILOT_GITHUB_TOKEN='${COPILOT_GITHUB_TOKEN:-}' \
-    node /app/api-proxy/server.js" &
+  # Preserve environment so proxy and API key variables are available to Node.js
+  su -m -s /bin/sh proxy -c "node /app/api-proxy/server.js" &
-  su -s /bin/sh proxy -c "HTTP_PROXY='$HTTP_PROXY' HTTPS_PROXY='$HTTPS_PROXY' \
-    OPENAI_API_KEY='${OPENAI_API_KEY:-}' \
-    ANTHROPIC_API_KEY='${ANTHROPIC_API_KEY:-}' \
-    COPILOT_GITHUB_TOKEN='${COPILOT_GITHUB_TOKEN:-}' \
-    node /app/api-proxy/server.js" &
+  # Preserve environment so proxy and API key variables are available to Node.js
+  su -m -s /bin/sh proxy -c "node /app/api-proxy/server.js" &
+  API_PROXY_PID=$!
+  echo "[squid-entrypoint] API auth proxy started as non-root (PID: $API_PROXY_PID)"
+fi
+
+# Security mitigation 3c: Don't use 'exec squid' - manage both processes properly
+# Start Squid in background (not foreground with exec)
+squid -N -d 1 &
+SQUID_PID=$!
+echo "[squid-entrypoint] Squid started (PID: $SQUID_PID)"
+
+# Graceful shutdown handler for both processes
+cleanup() {
+  echo "[squid-entrypoint] Shutting down..."
+  kill $SQUID_PID 2>/dev/null || true
+  if [ -n "$API_PROXY_PID" ]; then
+    kill $API_PROXY_PID 2>/dev/null || true
+  fi
+  wait
+}
+trap cleanup TERM INT
+
+# Wait for either process to exit
+wait -n
+EXIT_CODE=$?
+echo "[squid-entrypoint] A process exited with code $EXIT_CODE, shutting down..."
+
+# Clean up remaining processes
+cleanup
+exit $EXIT_CODE