# Monitoring private networks Monitor HTTP endpoints on private networks using the Squid HTTP proxy and basic authentication. Let Better Stack securely access your internal services without exposing them to the internet. ## Squid + Basic auth with htpasswd in a single container This setup runs Squid and its authentication mechanism within a single Docker container for simplicity. ### 1. Create files on the host Create a folder, for example `squid/`, with the following files: ```config [label /etc/squid/squid.conf] # Listen http_port 3128 # Basic auth using an htpasswd file auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords auth_param basic realm Squid Proxy acl authenticated proxy_auth REQUIRED # Only allow authenticated users http_access allow authenticated http_access deny all # (Optional) allow common safe ports acl SSL_ports port 443 acl Safe_ports port 80 443 1025-65535 http_access deny !Safe_ports # Logging access_log stdio:/var/log/squid/access.log # Recommended in containers pid_filename /var/run/squid.pid coredump_dir /var/spool/squid ``` Create an `htpasswd`-style file. The easiest way to generate a password entry is using a temporary Docker container: ```shell [label bash] docker run --rm -it --entrypoint sh httpd:2.4-alpine -lc \ 'apk add --no-cache apache2-utils >/dev/null; htpasswd -nbB user1 "pass1"' ``` ``` [label /etc/squid/passwords] user1:$2y$10$................................................... ``` Take the output (it will look similar to `user1:$2y$...`) and put it into the `squid/passwords` file. Each user should be on a new line. ### 2. Run Squid with Docker Compose Create a `docker-compose.yml` file in the same directory as your `squid/` folder: ```yaml [label docker-compose.yml] services: squid: image: ubuntu/squid:latest container_name: squid ports: - "3128:3128" volumes: - ./squid/squid.conf:/etc/squid/squid.conf:ro - ./squid/passwords:/etc/squid/passwords:ro - squid_cache:/var/spool/squid - squid_logs:/var/log/squid restart: unless-stopped volumes: squid_cache: squid_logs: ``` Start the Squid proxy: ```shell [label bash] docker compose up -d ``` ### 3. Test the proxy You can test the proxy functionality using `curl`: ```shell [label bash] curl -v -x http://user1:pass1@localhost:3128 http://example.com/ ``` ``` [output] * Trying 127.0.0.1:3128... * Connected to localhost (127.0.0.1) port 3128 (#0) * Proxy auth using Basic with user 'user1' > GET http://example.com/ HTTP/1.1 > Host: example.com > Proxy-Authorization: Basic dXNlcjE6cGFzczE= > User-Agent: curl/7.81.0 > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html; charset=UTF-8 < Content-Length: 1256 ... (response from example.com) [/output] ``` For browsers or other clients, configure the proxy settings: - **Proxy host**: `your-host` (the IP address or hostname where your Docker container is running) - **Proxy port**: `3128` - **Username/password**: The `user1`/`pass1` credentials you set up. ## Configure Better Stack monitors Once your Squid proxy is running and accessible, you can configure your [HTTP keyword monitors](https://betterstack.com/docs/uptime/keyword-monitor/) in Better Stack. When creating or editing an HTTP keyword monitor: 1. Scroll down to **Advanced settings**. 2. In the **Proxy Host** and **Proxy Port** fields, enter the host for your proxy without the URL schema, optionally including authentication: `user1:pass1@proxyhost` and `3128`. Replace `user1` and `pass1` with your proxy credentials, and `proxyhost` with the IP address or hostname of your Squid proxy server. 3. In the **URL to monitor** field, enter the internal HTTP endpoint you wish to monitor, for example: `http://internal-ip:80/` This setup routes your Better Stack monitors through the authenticated Squid proxy, allowing you to monitor internal HTTP endpoints securely.