1
0
mirror of https://github.com/b4tman/docker-squid.git synced 2024-11-22 03:06:53 +00:00

Merge branch 'master' into v5

# Conflicts:
#	Dockerfile
This commit is contained in:
Dmitry Belyaev 2021-08-10 10:38:56 +03:00
commit 3ce1d078b7
Signed by: b4tman
GPG Key ID: 41A00BF15EA7E5F3
7 changed files with 305 additions and 94 deletions

37
.drone.yml Normal file
View File

@ -0,0 +1,37 @@
---
kind: pipeline
type: docker
name: arm32 images
platform:
os: linux
arch: arm
steps:
- name: squid image for dockerhub
image: plugins/docker
settings:
repo: docker.io/b4tman/squid
auto_tag: true
auto_tag_suffix: armhf
pull_image: true
registry: docker.io
username: b4tman
password:
from_secret: docker_password
config:
from_secret: docker_config
- name: squid-armhf image for github packages
image: plugins/docker
settings:
repo: ghcr.io/b4tman/squid-armhf
auto_tag: true
pull_image: true
registry: ghcr.io
username: b4tman
password:
from_secret: github_password
config:
from_secret: docker_config
trigger:
ref:
- refs/tags/**
- refs/heads/master

14
.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,14 @@
version: 2
updates:
- package-ecosystem: docker
directory: "/"
schedule:
interval: monthly
time: "02:00"
open-pull-requests-limit: 10
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: monthly
time: "03:00"

View File

@ -5,79 +5,213 @@ on:
# Publish `master` as Docker `latest` image.
branches:
- master
# Publish `v1.2.3` tags as releases.
tags:
- v*
# Run tests for any PRs.
# Run tests for PRs to `master` branch.
pull_request:
branches:
- "master"
jobs:
test:
runs-on: ubuntu-18.04
test:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Build squid image
run: docker build . --file Dockerfile --tag b4tman/squid
- name: Test image
run: docker-compose -f docker-compose.test.yml up sut
- name: Build 'ssl-bump' image
run: docker build ssl-bump --tag b4tman/squid:ssl-bump
- uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: b4tman
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build squid image
uses: docker/build-push-action@v2
with:
context: .
push: false
tags: b4tman/squid
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
outputs: type=image,name=b4tman/squid,push=false
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Test image
run: docker-compose -f docker-compose.test.yml up sut
- name: Build 'ssl-bump' image
uses: docker/build-push-action@v2
with:
context: ssl-bump
push: false
file: ssl-bump/Dockerfile
tags: b4tman/squid:ssl-bump
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
push:
needs: test
runs-on: ubuntu-18.04
if: github.event_name == 'push'
runs-on: ubuntu-20.04
if: github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v2
- name: Build squid image
run: docker build . --file Dockerfile --tag b4tman/squid
- name: Build 'ssl-bump' image
run: docker build ssl-bump --tag b4tman/squid:ssl-bump
- name: Log into registry
run: echo "${{ secrets.GITHUB_PKGS_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin
- name: Push squid image
run: |
IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/squid
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
# Use Docker `latest` tag convention
[ "$VERSION" == "master" ] && VERSION=latest
echo IMAGE_ID=$IMAGE_ID
echo VERSION=$VERSION
docker tag b4tman/squid $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION
- name: Push 'ssl-bump' image
run: |
IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/ssl-bump
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
# Use Docker `latest` tag convention
[ "$VERSION" == "master" ] && VERSION=latest
echo IMAGE_ID=$IMAGE_ID
echo VERSION=$VERSION
docker tag b4tman/squid:ssl-bump $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION
- uses: actions/checkout@v2
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
images: |
b4tman/squid
ghcr.io/b4tman/squid
flavor: |
latest=${{ github.ref == 'refs/heads/master' }}
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Docker meta (ssl-bump)
id: meta_ssl_bump
uses: docker/metadata-action@v3
with:
images: |
b4tman/squid
ghcr.io/b4tman/squid
flavor: |
latest=false
suffix=-ssl-bump
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Docker meta (ssl-bump ghcr)
id: meta_ssl_bump_ghcr
uses: docker/metadata-action@v3
with:
images: |
ghcr.io/b4tman/squid-ssl-bump
flavor: |
latest=${{ github.ref == 'refs/heads/master' }}
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: b4tman
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GHCR
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Build squid image
uses: docker/build-push-action@v2
with:
context: .
push: true
platforms: linux/amd64,linux/arm/v7
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Build 'ssl-bump' image
uses: docker/build-push-action@v2
with:
context: ssl-bump
push: true
file: ssl-bump/Dockerfile
platforms: linux/amd64,linux/arm/v7
tags: ${{ steps.meta_ssl_bump.outputs.tags }}
labels: ${{ steps.meta_ssl_bump.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Build 'ssl-bump' image for ghcr
uses: docker/build-push-action@v2
with:
context: ssl-bump
push: true
file: ssl-bump/Dockerfile
platforms: linux/amd64,linux/arm/v7
tags: ${{ steps.meta_ssl_bump_ghcr.outputs.tags }}
labels: ${{ steps.meta_ssl_bump_ghcr.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache

View File

@ -1,7 +1,11 @@
FROM alpine:3.11.3 as build
FROM alpine:3.14.0 as build
ENV SQUID_VER 5.0.1
ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E
# fix conflict with libretls and libressl
RUN set -x && \
apk add --no-cache libretls && \
apk upgrade --no-cache libretls
RUN set -x && \
apk add --no-cache \
@ -26,15 +30,13 @@ RUN set -x && \
cd /tmp/build && \
curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \
curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc
COPY squid-keys.asc /tmp
RUN set -x && \
cd /tmp/build && \
export GNUPGHOME="$(mktemp -d)" && \
( \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys ${SQUID_SIG_KEY} || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys ${SQUID_SIG_KEY} || \
gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys ${SQUID_SIG_KEY} \
) && \
gpg --import /tmp/squid-keys.asc && \
gpg --batch --verify squid-${SQUID_VER}.tar.gz.asc squid-${SQUID_VER}.tar.gz && \
rm -rf "$GNUPGHOME"
@ -63,7 +65,7 @@ RUN set -x && \
--enable-epoll \
--enable-external-acl-helpers="file_userip,unix_group,wbinfo_group" \
--enable-auth-ntlm="fake" \
--enable-auth-negotiate="wrapper" \
--enable-auth-negotiate="kerberos,wrapper" \
--enable-silent-rules \
--disable-mit \
--enable-heimdal \
@ -93,15 +95,18 @@ RUN set -x && \
--with-openssl \
--with-pidfile=/var/run/squid/squid.pid
RUN set -x && \
cd /tmp/build && \
make -j $(grep -cs ^processor /proc/cpuinfo) && \
make install
RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf
RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf
nproc=$(n=$(nproc) ; max_n=6 ; [ $n -le $max_n ] && echo $n || echo $max_n) && \
make -j $nproc && \
make install && \
cd tools/squidclient && make && make install-strip
FROM alpine:3.11.3
RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf
RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf
FROM alpine:3.14.0
ENV SQUID_CONFIG_FILE /etc/squid/squid.conf
ENV TZ Europe/Moscow
@ -110,18 +115,25 @@ RUN set -x && \
deluser squid 2>/dev/null; delgroup squid 2>/dev/null; \
addgroup -S squid -g 3128 && adduser -S -u 3128 -G squid -g squid -H -D -s /bin/false -h /var/cache/squid squid
# fix conflict with libretls and libressl
RUN set -x && \
apk add --no-cache libretls && \
apk upgrade --no-cache libretls
RUN apk add --no-cache \
libstdc++ \
heimdal-libs \
libcap \
libressl3.0-libcrypto \
libressl3.0-libssl \
libressl3.3-libcrypto \
libressl3.3-libssl \
libltdl
COPY --from=build /etc/squid/ /etc/squid/
COPY --from=build /usr/lib/squid/ /usr/lib/squid/
COPY --from=build /usr/share/squid/ /usr/share/squid/
COPY --from=build /usr/sbin/squid /usr/sbin/squid
COPY --from=build /usr/bin/squidclient /usr/bin/squidclient
RUN install -d -o squid -g squid \
/var/cache/squid \

View File

@ -1,13 +1,19 @@
[![](https://images.microbadger.com/badges/image/b4tman/squid.svg)](https://microbadger.com/images/b4tman/squid "Get your own image badge on microbadger.com")
[![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=b4tman/docker-squid)](https://dependabot.com)
![Docker Build Status](https://img.shields.io/docker/build/b4tman/squid)
[![Drone Build Status](https://cloud.drone.io/api/badges/b4tman/docker-squid/status.svg?ref=refs/heads/master)](https://cloud.drone.io/b4tman/docker-squid)
![Docker Build Status](https://img.shields.io/docker/cloud/build/b4tman/squid)
![Docker Image CI Status](https://github.com/b4tman/docker-squid/workflows/Docker%20Image%20CI/badge.svg)
# docker-squid
Docker Squid container based on Alpine Linux.
Automated builds of the image are available on [Dockerhub](https://hub.docker.com/r/b4tman/squid).
Automated builds of the image are available on:
- DockerHub:
- [b4tman/squid](https://hub.docker.com/r/b4tman/squid)
- Github:
- [ghcr.io/b4tman/squid](https://github.com/users/b4tman/packages/container/package/squid)
- [ghcr.io/b4tman/squid-armhf](https://github.com/users/b4tman/packages/container/package/squid-armhf)
- [ghcr.io/b4tman/squid-ssl-bump](https://github.com/users/b4tman/packages/container/package/squid-ssl-bump)
# Quick Start
@ -30,7 +36,6 @@ docker-compose up
- **SQUID_CONFIG_FILE**: Specify the configuration file for squid. Defaults to `/etc/squid/squid.conf`.
## Example:
```bash
@ -40,4 +45,4 @@ docker run -p 3128:3128 \
b4tman/squid
```
This will start a squid container with your config file `/srv/docker/squid/squid.conf`.
This will start a squid container with your config file `/srv/docker/squid/squid.conf`.

View File

@ -1,11 +1,20 @@
version: '2'
version: '2.3'
services:
proxy:
build: .
image: squidproxy
build:
context: .
dockerfile: Dockerfile
healthcheck:
test: ["CMD", "sh", "-exc", "squidclient -T 3 mgr:info 2> /dev/null | grep -qF '200 OK'"]
interval: 5s
timeout: 3s
retries: 5
start_period: 1s
sut:
image: alpine:3.10.1
image: squidproxy
links:
- proxy
depends_on:
- proxy
command: sh -exc "apk add --update curl && sleep 5 && exec curl --proxy http://proxy:3128 -I http://google.com/"
command: sh -exc "sleep 10 && squidclient -h proxy -T 3 'https://postman-echo.com/get?squidtest=ok' 2> /dev/null | grep -qF '200 OK'"

BIN
squid-keys.asc Normal file

Binary file not shown.