b4tman/docker-squid
1
0
Fork 0
mirror of https://github.com/b4tman/docker-squid.git synced 2026-03-11 23:13:47 +00:00
Code Issues Packages Releases Activity

Enable localnet ACL by default in base image

Browse Source
This commit is contained in:
Dmitry Belyaev
2026-03-03 13:16:36 +03:00
parent b29bf01bef
commit 9d1249ebcf
4 changed files with 17 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile
View File

@@ -127,8 +127,8 @@ COPY --from=build /usr/lib/squid/ /usr/lib/squid/
COPY --from=build /usr/share/squid/ /usr/share/squid/
COPY --from=build /usr/sbin/squid /usr/sbin/squid
COPY --from=build /usr/bin/squidclient /usr/bin/squidclient
COPY --chmod=755 run.sh /
COPY --chmod=755 run.sh /
RUN install -d -o squid -g squid \
/var/cache/squid \
@@ -139,6 +139,7 @@ RUN install -d -o squid -g squid \
/etc/squid/conf.d \
/etc/squid/conf.d.tail && \
touch /etc/squid/conf.d/placeholder.conf
COPY localnet.conf /etc/squid/conf.d/
COPY squid-log.conf /etc/squid/conf.d.tail/
VOLUME ["/var/cache/squid"]

3
README.md
View File

@@ -30,6 +30,9 @@ docker-compose up
# Configuration
By default, the image now includes a local network allow-list (`/etc/squid/conf.d/localnet.conf`) so clients from RFC1918/RFC4193 ranges can connect without mounting an extra ACL file.
## Environment variables:
- **SQUID_CONFIG_FILE**: Specify the configuration file for squid. Defaults to `/etc/squid/squid.conf`.

2
docker-compose.test.yml
View File

@@ -2,8 +2,6 @@ version: '2.3'
services:
proxy:
image: "${TEST_TAG}"
volumes:
- './test_localnet.conf:/etc/squid/conf.d/test_localnet.conf:ro'
healthcheck:
test: ["CMD", "sh", "-exc", "squidclient -T 3 mgr:info 2> /dev/null | grep -qF '200 OK'"]
interval: 5s

22
test_localnet.conf → localnet.conf
View File

@@ -1,11 +1,11 @@
acl localnet1 src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet1 src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet1 src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet1 src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet1 src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet1 src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet1 src fc00::/7 # RFC 4193 local private network range
acl localnet1 src fe80::/10 # RFC 4291 link-local (directly plugged) machines
http_access allow localnet1
http_access allow localhost manager
acl localnet1 src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet1 src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet1 src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet1 src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet1 src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet1 src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet1 src fc00::/7 # RFC 4193 local private network range
acl localnet1 src fe80::/10 # RFC 4291 link-local (directly plugged) machines
http_access allow localnet1
http_access allow localhost manager