mitm proxy standalone

docker-compose.yml

# REVERSE_URI="https://google.com" BIND_ADDRESS=0.0.0.0 BIND_PORT="3080" docker compose up -d
# curl localhost:3080
services:
  traefik:
    image: traefik:v2.5
    command:
      - "--ping=true"
      - "--log.level=INFO"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.constraints=Label(`traefik.mitmproxy`, `true`)"
      - "--entrypoints.mitmproxy-web.address=:80"
      - "--entrypoints.mitmproxy-web.forwardedheaders.trustedips=0.0.0.0/0"
      - "--entryPoints.mitmproxy-web.forwardedHeaders.insecure"
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
        max-file: "3"
    ports:
      - "${BIND_ADDRESS:-0.0.0.0}:${BIND_PORT:-80}:80"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - 'traefik.enable=true'
      - 'traefik.mitmproxy=true'
      - 'traefik.http.routers.traefik-mitmproxy.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)'
      - 'traefik.http.routers.traefik-mitmproxy.priority=5000'
      - 'traefik.http.routers.traefik-mitmproxy.entrypoints=mitmproxy-web'
      - 'traefik.http.routers.traefik-mitmproxy.service=api@internal'
      - 'traefik.http.routers.traefik-mitmproxy.middlewares=traefik-mitmproxy-auth'
      - 'traefik.http.middlewares.traefik-mitmproxy-auth.basicauth.users=admin:{SHA}0tTNr469Z7oY3fDRwNoUXE2vTBw='
    networks:
      - mitmproxy
    healthcheck:
      test: traefik healthcheck --ping
      start_period: 5s
      interval: 5s
      retries: 30

  mitmproxy:
    image: mitmproxy/mitmproxy
    command: "mitmweb --no-web-open-browser --listen-host 0.0.0.0 --listen-port 80 --web-host 0.0.0.0 --web-port 8080 --mode reverse:${REVERSE_URI:-'https://google.com:443'} --no-http2 --set web_password='admin'"
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
        max-file: "3"
    healthcheck:
      test: /bin/bash -c "</dev/tcp/localhost/8080"
      start_period: 6s
      interval: 6s
      retries: 50
    networks:
      - mitmproxy
    depends_on:
      traefik:
        condition: service_healthy
    labels:
      traefik.enable: "true"
      traefik.mitmproxy: "true"
      traefik.http.services.mitmproxy-web.loadbalancer.server.port: "80"
      traefik.http.routers.mitmproxy-web.service: "mitmproxy-web"
      traefik.http.routers.mitmproxy-web.entrypoints: "mitmproxy-web"
      traefik.http.routers.mitmproxy-web.rule: "PathPrefix(`/`)"
      traefik.http.routers.mitmproxy-web.priority: 3000
      traefik.http.services.mitmproxy-gui.loadbalancer.server.port: "8080"
      traefik.http.routers.mitmproxy-gui.service: "mitmproxy-gui"
      traefik.http.routers.mitmproxy-gui.entrypoints: "mitmproxy-web"
      traefik.http.routers.mitmproxy-gui.rule: "PathPrefix(`/mitmproxy-gui/`)"
      traefik.http.routers.mitmproxy-gui.priority: 3200
      traefik.http.routers.mitmproxy-gui.middlewares: "mitmproxy-gui@docker, mitmproxy-gui-header-host@docker"
      traefik.http.middlewares.mitmproxy-gui.stripprefix.prefixes: "/mitmproxy-gui/"
      traefik.http.middlewares.mitmproxy-gui.stripprefix.forceslash: "true"
      traefik.http.middlewares.mitmproxy-gui-header-host.headers.customrequestheaders.Host: "127.0.0.1"
      traefik.http.middlewares.mitmproxy-gui-header-host.headers.customrequestheaders.Origin: ""
      traefik.http.middlewares.mitmproxy-gui-header-host.headers.customrequestheaders.X-Forwarded-Proto: "https"
networks:
  mitmproxy: