mcbane87 / docker-squid-proxy Goto Github PK

Dockerfile 45.55% Shell 54.45%

docker-squid-proxy's Introduction

A squid docker image based on debians slim releases with ssl support.
So you should be able to listen on http and https ports.

Branches / Tags

Docker-Tag	Branch	Debian Version	Squid Version	Status
stretch	stretch	Stretch (9)	3.5	Discontinued
buster	buster	Buster (10)	4.6	Active
bullseye	bullseye	Bullseye (11)	4.13	Active
bookworm	bookworm	Bookworm (12)	>= 5.2	Active
latest	master	Sid	>= 5.2	Active

Thanks to the awesome work of balenalib (GIT: qemu-execve / resin-xbuild),
I was able to cross build this image for arm and aarch64.
In order to download this image for other architechtures just use this tags-scheme:

distahl/<Docker-Tag>-x86
distahl/<Docker-Tag>-armv5
distahl/<Docker-Tag>-armv7hf
distahl/<Docker-Tag>-arm64v8

Please note:
There is no <Docker-Tag>-amd64, because this is the default if you only use <Docker-Tag>

HowTo Build

docker build \
  -t squid . \
  -f <Dockerfile>

HowTo Create

docker create \
  --name squid \
  -e TZ=Europe/London \
  -e PROXY_UID=13 \
  -e PROXY_GID=13 \
  -v SomePath:/etc/squid \
  -v SomePath:/var/log/squid \
  -v SomePath:/var/spool/squid \
  -p 3128:3128 \
  -p 3129:3129 \
  distahl/squid

If you have build the image yourself, switch the last line from distahl/squid to squid.

Environment

Variable	Default	Description
TS	Europe/London	The timezone to use.
PROXY_UID	13	The user id to use for the squid process.
PROXY_GID	13	The group id to use for the squid process.

Volumes

Volume	Description
/etc/squid	The configuration directory. If no `squid.conf` file is found inside this directory, then the default files will be copied into this directory on docker start.
/var/log/squid	The directory where you can find logfiles.
/var/spool/squid	By default, this is used for core dumps and cache

Ports

Port	Description
3128	HTTP Port
3129	HTTPS Port

Additional Info

On first start, if there is no ssl directory and squid.conf file found inside /etc/squid, this image will create the ssl directory and adds a selfsigned certificate. Among the certificate you will find a .pfxfile, which can be imported by Windows to make it trusted. The pfx behaviour is working for Chrome based Browsers, but not for Firefox. In Firefox, just add an exception using the settings.

If you want to customize the selfsigned cert to match your domain/host, then add a file called ssl-selfsigned.conf to /etc/squid. This way the openssl command will use your config to create certificates on startup. But this will only happen if there is no /etc/squid/ssl directory and also no /etc/squid/squid.conf file.

Of course you can also add your own (official) certificates into ssl directory and point to them using the config files, which should be best pratice.

docker-squid-proxy's People

Contributors

Stargazers

Watchers

Forkers

fgggid srckod kevinpawsey ozlevka

docker-squid-proxy's Issues

All branches: Bug with "space tab" in start-squid.sh

my squid.conf

http_port 0.0.0.0:46001
icp_port 0

acl localnet src 0.0.0.1-0.255.255.255	        # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8			# RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10			# RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 		# RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12			# RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16			# RFC 1918 local private network (LAN)
acl localnet src fc00::/7       		# RFC 4193 local private network range
acl localnet src fe80::/10      		# RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80			# http
acl Safe_ports port 21			# ftp
acl Safe_ports port 22			# ssh
acl Safe_ports port 443			# https
acl CONNECT method CONNECT

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/.htpasswd
auth_param basic children 15
auth_param basic realm Welcome to Proxy Server
auth_param basic credentialsttl 5 hours
auth_param basic casesensitive on
acl auth proxy_auth REQUIRED
http_access allow auth

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

http_access allow localnet
http_access allow localhost

http_access deny all

cache_dir ufs /var/spool/squid 500 16 256
coredump_dir /var/spool/squid

cache_effective_user proxy

refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

negative_ttl 0 
dns_v4_first on
#dns_nameservers 1.1.1.1
#dns_nameservers 8.8.8.8 8.8.4.4

positive_dns_ttl 8 hours
negative_dns_ttl 30 seconds

pinger_enable off
half_closed_clients off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95

client_persistent_connections off
server_persistent_connections off

visible_hostname unknown
via off
forwarded_for transparent
httpd_suppress_version_string on

request_header_access Allow allow all 
request_header_access Authorization allow all 
request_header_access WWW-Authenticate allow all 
request_header_access Proxy-Authorization allow all 
request_header_access Proxy-Authenticate allow all 
request_header_access Cache-Control allow all 
request_header_access Content-Encoding allow all 
request_header_access Content-Length allow all 
request_header_access Content-Type allow all 
request_header_access Date allow all 
request_header_access Expires allow all 
request_header_access Host allow all 
request_header_access If-Modified-Since allow all 
request_header_access Last-Modified allow all 
request_header_access Location allow all 
request_header_access Pragma allow all 
request_header_access Accept allow all 
request_header_access Accept-Charset allow all 
request_header_access Accept-Encoding allow all 
request_header_access Accept-Language allow all 
request_header_access Content-Language allow all 
request_header_access Mime-Version allow all 
request_header_access Retry-After allow all 
request_header_access Title allow all 
request_header_access Connection allow all 
request_header_access Proxy-Connection allow all 
request_header_access User-Agent allow all 
request_header_access Cookie allow all 
request_header_access All deny all

my docker-compose.yml

version: '3.3'
services:
    squid:
        ports:
            - '46001:46001'
        image: 'distahl/squid:latest'
        volumes:
            - './config:/etc/squid'
            - './../squid_log:/var/log/squid' 
            - './../squid_cache:/var/spool/squid'
        environment:
            - PROXY_UID=1000
            - PROXY_GID=1000                  
        container_name: dsquid

1- host has user "squid" with UID=1000 & GID=1000
2- host volume directories owner and group set to "squid:squid" with UID=1000 & GID=1000
3- docker-compose up command executed under "squid" user with sudo privileges

sudo docker-compose up

the result

2021/02/11 16:02:03| Created PID file (/run/squid.pid)
2021/02/11 16:02:03| Set Current Directory to /var/spool/squid
2021/02/11 16:02:03| Starting Squid Cache version 4.13 for x86_64-pc-linux-gnu...
2021/02/11 16:02:03| Service Name: squid
2021/02/11 16:02:03| Process ID 37
2021/02/11 16:02:03| Process Roles: master worker
2021/02/11 16:02:03| With 65535 file descriptors available
2021/02/11 16:02:03| Initializing IP Cache...
2021/02/11 16:02:03| DNS Socket created at 0.0.0.0, FD 3
2021/02/11 16:02:03| Adding nameserver 127.0.0.11 from /etc/resolv.conf
2021/02/11 16:02:03| Adding ndots 1 from /etc/resolv.conf
2021/02/11 16:02:03| helperOpenServers: Starting 0/15 'basic_ncsa_auth' processes
2021/02/11 16:02:03| helperOpenServers: No 'basic_ncsa_auth' processes needed.
2021/02/11 16:02:03| Logfile: opening log daemon:/var/log/squid/access.log
2021/02/11 16:02:03| Logfile Daemon: opening log /var/log/squid/access.log
2021/02/11 16:02:04| Unlinkd pipe opened on FD 14
2021/02/11 16:02:04| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2021/02/11 16:02:04| Store logging disabled
2021/02/11 16:02:04| Swap maxSize 512000 + 262144 KB, estimated 59549 objects
2021/02/11 16:02:04| Target number of buckets: 2977
2021/02/11 16:02:04| Using 8192 Store buckets
2021/02/11 16:02:04| Max Mem  size: 262144 KB
2021/02/11 16:02:04| Max Swap size: 512000 KB
2021/02/11 16:02:04| ERROR: /var/spool/squid/00: (2) No such file or directory
2021/02/11 16:02:04| Not currently OK to rewrite swap log.
2021/02/11 16:02:04| storeDirWriteCleanLogs: Operation aborted.
2021/02/11 16:02:04| FATAL: 	Failed to verify one of the swap directories, Check cache.log
	for details.  Run 'squid -z' to create swap directories
	if needed, or if running Squid for the first time.
2021/02/11 16:02:04| Squid Cache (Version 4.13): Terminated abnormally.
CPU Usage: 0.031 seconds = 0.014 user + 0.017 sys
Maximum Resident Size: 123808 KB
Page faults with physical i/o: 0
2021/02/11 16:02:04| Removing PID file (/run/squid.pid)

I even tried to run squid container with changed entrypoint to /bin/bash then run ./start-squid.sh with the same result
I think there is problem with the start-squid.sh when trying to create spool dirs because when I disable caching in squid.conf squid container run without problem and squid logs access.log && cache.log copied to host volume directory ./../squid_log

update:

I started the container with these lines commented in squid.conf to be able to access the conatiner bash

# cache_dir ufs /var/spool/squid 500 16 256
# coredump_dir /var/spool/squid
# cache_effective_user proxy

then after the container started I uncommented the lines in squid.conf on host volume directory ./config/squid.conf to enable the cache again then what I did

cd /var/spool/squid
/usr/sbin/squid -z -f /etc/squid/squid.conf

1- the spool directories created and copied to host volume directory ./../squid_cache
2- the owner of volume host directories is squid:squid
3- the owner of container directories proxy:proxy

which means start-squid.sh failed to create spool directories for some reason

I stoped squid container then

sudo docker-compose up

the result

2021/02/11 17:45:09| Created PID file (/run/squid.pid)
2021/02/11 17:45:09| Set Current Directory to /var/spool/squid
2021/02/11 17:45:09| Starting Squid Cache version 4.13 for x86_64-pc-linux-gnu...
2021/02/11 17:45:09| Service Name: squid
2021/02/11 17:45:09| Process ID 37
2021/02/11 17:45:09| Process Roles: master worker
2021/02/11 17:45:09| With 65535 file descriptors available
2021/02/11 17:45:09| Initializing IP Cache...
2021/02/11 17:45:09| DNS Socket created at 0.0.0.0, FD 3
2021/02/11 17:45:09| Adding nameserver 127.0.0.11 from /etc/resolv.conf
2021/02/11 17:45:09| Adding ndots 1 from /etc/resolv.conf
2021/02/11 17:45:09| helperOpenServers: Starting 0/15 'basic_ncsa_auth' processes
2021/02/11 17:45:09| helperOpenServers: No 'basic_ncsa_auth' processes needed.
2021/02/11 17:45:09| Logfile: opening log daemon:/var/log/squid/access.log
2021/02/11 17:45:09| Logfile Daemon: opening log /var/log/squid/access.log
2021/02/11 17:45:09| Unlinkd pipe opened on FD 14
2021/02/11 17:45:09| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2021/02/11 17:45:09| Store logging disabled
2021/02/11 17:45:09| Swap maxSize 512000 + 262144 KB, estimated 59549 objects
2021/02/11 17:45:09| Target number of buckets: 2977
2021/02/11 17:45:09| Using 8192 Store buckets
2021/02/11 17:45:09| Max Mem  size: 262144 KB
2021/02/11 17:45:09| Max Swap size: 512000 KB
2021/02/11 17:45:09| Rebuilding storage in /var/spool/squid (no log)
2021/02/11 17:45:09| Using Least Load store dir selection
2021/02/11 17:45:09| Set Current Directory to /var/spool/squid
2021/02/11 17:45:09| Finished loading MIME types and icons.
2021/02/11 17:45:09| HTCP Disabled.
2021/02/11 17:45:09| Squid plugin modules loaded: 0
2021/02/11 17:45:09| Adaptation support is off.
2021/02/11 17:45:09| Accepting HTTP Socket connections at local=0.0.0.0:46001 remote=[::] FD 16 flags=9
2021/02/11 17:45:09| Configuring Parent dgost1/49152/0
2021/02/11 17:45:09| Configuring Parent dgost2/49153/0
2021/02/11 17:45:09| Configuring Parent dgost3/49154/0
2021/02/11 17:45:09| Configuring Parent dgost4/49155/0
2021/02/11 17:45:09| Configuring Parent dgost5/49156/0
2021/02/11 17:45:09| Configuring Parent dgost6/49157/0
2021/02/11 17:45:09| Done scanning /var/spool/squid dir (0 entries)
2021/02/11 17:45:09| Finished rebuilding storage from disk.
2021/02/11 17:45:09|         0 Entries scanned
2021/02/11 17:45:09|         0 Invalid entries.
2021/02/11 17:45:09|         0 With invalid flags.
2021/02/11 17:45:09|         0 Objects loaded.
2021/02/11 17:45:09|         0 Objects expired.
2021/02/11 17:45:09|         0 Objects cancelled.
2021/02/11 17:45:09|         0 Duplicate URLs purged.
2021/02/11 17:45:09|         0 Swapfile clashes avoided.
2021/02/11 17:45:09|   Took 0.14 seconds (  0.00 objects/sec).
2021/02/11 17:45:09| Beginning Validation Procedure
2021/02/11 17:45:09|   Completed Validation Procedure
2021/02/11 17:45:09|   Validated 0 Entries
2021/02/11 17:45:09|   store_swap_size = 0.00 KB
2021/02/11 17:45:10| storeLateRelease: released 0 objects

Originally posted by @srcKod in #2 (comment)

Squid Cache: Terminated abnormally

Crated container using the command below:

docker create \
  --name squid \
  -e TZ=Europe/Istanbul \
  -e PROXY_UID=13 \
  -e PROXY_GID=13 \
  -v /storage/squid/squid:/etc/squid \
  -v /storage/squid/log:/var/log/squid \
  -v /var/media/external/temp/squid/spool:/var/spool/squid \
  -p 3128:3128 \
  -p 3129:3129 \
  distahl/squid:buster-arm64v8

Error log:

###########################################################,
No userdefined /etc/squid/squid.conf found. Will now copy the dist files.,
###########################################################,
'/etc/squid.dist/squid.conf' -> '/etc/squid/squid.conf',
'/etc/squid.dist/errorpage.css' -> '/etc/squid/errorpage.css',
'/etc/squid.dist/conf.d' -> '/etc/squid/conf.d',
'/etc/squid.dist/conf.d/debian.conf' -> '/etc/squid/conf.d/debian.conf',
'/etc/squid.dist/conf.d/ssl.conf' -> '/etc/squid/conf.d/ssl.conf',
'/etc/squid.dist/ssl-selfsigned.conf' -> '/etc/squid/ssl-selfsigned.conf',
###########################################################,
#########################################################################,
No /etc/squid/ssl directory found. Will now create selfsigned certificates.,
#########################################################################,
Generating a RSA private key,
...........................................................................................................................................................................................++++,
..........................................++++,
writing new private key to '/etc/squid/ssl/selfsigned.key',
-----,
#########################################################################,
2021/01/10 18:43:16| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.,
WARNING: Cannot write log file: /var/log/squid/cache.log,
/var/log/squid/cache.log: Permission denied,
         messages will be sent to 'stderr'.,
2021/01/10 18:43:16| Created PID file (/var/run/squid.pid),
2021/01/10 18:43:16| Set Current Directory to /var/spool/squid,
WARNING: Cannot write log file: /var/log/squid/cache.log,
/var/log/squid/cache.log: Permission denied,
         messages will be sent to 'stderr'.,
2021/01/10 18:43:16| WARNING: Closing open FD    2,
2021/01/10 18:43:16| Starting Squid Cache version 4.6 for aarch64-unknown-linux-gnu...,
2021/01/10 18:43:16| Service Name: squid,
2021/01/10 18:43:16| Process ID 57,
2021/01/10 18:43:16| Process Roles: master worker,
2021/01/10 18:43:16| With 65535 file descriptors available,
2021/01/10 18:43:16| Initializing IP Cache...,
2021/01/10 18:43:16| DNS Socket created at 0.0.0.0, FD 7,
2021/01/10 18:43:16| Adding domain lan from /etc/resolv.conf,
2021/01/10 18:43:16| Adding nameserver 192.168.1.1 from /etc/resolv.conf,
2021/01/10 18:43:16| Logfile: opening log daemon:/var/log/squid/access.log,
2021/01/10 18:43:16| Logfile Daemon: opening log /var/log/squid/access.log,
2021/01/10 18:43:16| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec,
2021/01/10 18:43:16| Store logging disabled,
2021/01/10 18:43:16| Swap maxSize 0 + 262144 KB, estimated 20164 objects,
2021/01/10 18:43:16| Target number of buckets: 1008,
2021/01/10 18:43:16| Using 8192 Store buckets,
2021/01/10 18:43:16| Max Mem  size: 262144 KB,
2021/01/10 18:43:16| Max Swap size: 0 KB,
2021/01/10 18:43:16| Using Least Load store dir selection,
2021/01/10 18:43:16| Set Current Directory to /var/spool/squid,
fopen: Permission denied,
2021/01/10 18:43:16| Finished loading MIME types and icons.,
2021/01/10 18:43:16| HTCP Disabled.,
2021/01/10 18:43:16| Pinger socket opened on FD 13,
2021/01/10 18:43:16| Squid plugin modules loaded: 0,
2021/01/10 18:43:16| Adaptation support is off.,
2021/01/10 18:43:16| Accepting HTTPS Socket connections at local=0.0.0.0:3129 remote=[::] FD 10 flags=9,
2021/01/10 18:43:16| Accepting HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 11 flags=9,
2021/01/10 18:43:16| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.,
2021/01/10 18:43:16| pinger: Initialising ICMP pinger ...,
2021/01/10 18:43:16| Open  icmp_sock: (1) Operation not permitted,
2021/01/10 18:43:16| pinger: Unable to start ICMP pinger.,
2021/01/10 18:43:16| Open  icmp_sock: (1) Operation not permitted,
2021/01/10 18:43:16| pinger: Unable to start ICMPv6 pinger.,
2021/01/10 18:43:16| FATAL: pinger: Unable to open any ICMP sockets.,
2021/01/10 18:43:17| logfileHandleWrite: daemon:/var/log/squid/access.log: error writing ((32) Broken pipe),
2021/01/10 18:43:17| Closing HTTP(S) port 0.0.0.0:3129,
2021/01/10 18:43:17| Closing HTTP(S) port 0.0.0.0:3128,
2021/01/10 18:43:17| storeDirWriteCleanLogs: Starting...,
2021/01/10 18:43:17|   Finished.  Wrote 0 entries.,
2021/01/10 18:43:17|   Took 0.00 seconds (  0.00 entries/sec).,
2021/01/10 18:43:17| FATAL: I don't handle this error well!,
2021/01/10 18:43:17| Squid Cache (Version 4.6): Terminated abnormally.,
CPU Usage: 0.230 seconds = 0.190 user + 0.040 sys,
Maximum Resident Size: 103536 KB,
Page faults with physical i/o: 0,
2021/01/10 18:43:17| Removing PID file (/var/run/squid.pid),
2021/01/10 18:43:17| Closing Pinger socket on FD 13,

Repo is not linked to Docker Hub

There is no link to this repo on the Docker Hub page so it is a bit difficult to find this page to report issues, review the Dockerfile, etc. Could it be added?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble