diff --git a/Dockerfile b/Dockerfile index 05f90af..36f23b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,116 @@ -FROM alpine +FROM alpine:3.5 MAINTAINER b4tman +ENV SQUID_VER 3.5.25 +ENV TZ Europe/Moscow ENV SQUID_CONFIG_FILE=/etc/squid/squid.conf -COPY docker-entrypoint.sh / -RUN apk add --no-cache squid &&\ - chmod 755 /docker-entrypoint.sh -ENTRYPOINT ["/docker-entrypoint.sh"] +RUN set -x && \ + deluser squid 2>/dev/null; delgroup squid 2>/dev/null; \ + addgroup -S squid -g 3128 && adduser -S -u 3128 -G squid -g squid -H -D -s /bin/false -h /var/cache/squid squid + +RUN apk add --no-cache \ + libstdc++ \ + heimdal-libs \ + libcap \ + libressl2.4-libcrypto \ + libressl2.4-libssl \ + libltdl + +RUN apk add --no-cache --virtual .build-deps \ + gcc \ + g++ \ + libc-dev \ + alpine-conf \ + tzdata \ + curl \ + gnupg \ + libressl-dev \ + perl-dev \ + autoconf \ + automake \ + make \ + pkgconfig \ + heimdal-dev \ + libtool \ + libcap-dev \ + linux-headers && \ + \ + mkdir -p /tmp/build && \ + cd /tmp/build && \ + curl -SsL http://www.squid-cache.org/Versions/v3/${SQUID_VER%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \ + curl -SsL http://www.squid-cache.org/Versions/v3/${SQUID_VER%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc && \ + \ + export GNUPGHOME="$(mktemp -d)" && \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys EA31CC5E9488E5168D2DCC5EB268E706FF5CF463 && \ + gpg --batch --verify squid-${SQUID_VER}.tar.gz.asc squid-${SQUID_VER}.tar.gz && \ + \ + tar --strip 1 -xzf squid-${SQUID_VER}.tar.gz && \ + export CFLAGS="-g0 -O2" && \ + export CXXFLAGS="$CFLAGS" && \ + export LDFLAGS="-s" && \ + ./configure \ + --build="$(uname -m)" \ + --host="$(uname -m)" \ + --prefix=/usr \ + --datadir=/usr/share/squid \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/lib/squid \ + --localstatedir=/var \ + --with-logdir=/var/log/squid \ + --disable-strict-error-checking \ + --disable-arch-native \ + --enable-removal-policies="lru,heap" \ + --enable-auth-digest \ + --enable-auth-basic="getpwnam,NCSA" \ + --enable-epoll \ + --enable-external-acl-helpers="file_userip,unix_group,wbinfo_group" \ + --enable-auth-ntlm="fake" \ + --enable-auth-negotiate="wrapper" \ + --enable-silent-rules \ + --disable-mit \ + --enable-heimdal \ + --enable-delay-pools \ + --enable-arp-acl \ + --enable-openssl \ + --enable-ssl-crtd \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-referer-log \ + --enable-async-io \ + --enable-truncate \ + --enable-arp-acl \ + --enable-htcp \ + --enable-carp \ + --enable-poll \ + --enable-follow-x-forwarded-for \ + --enable-storeio="diskd rock" \ + --enable-ipv6 \ + --enable-translation \ + --disable-snmp \ + --disable-dependency-tracking \ + --with-large-files \ + --with-default-user=squid \ + --with-openssl \ + --with-pidfile=/var/run/squid/squid.pid \ + make && \ + make install && \ + install -d -o squid -g squid \ + /var/cache/squid \ + /var/log/squid \ + /var/run/squid && \ + chmod +x /usr/lib/squid/* &&\ + \ + /sbin/setup-timezone -z $TZ && \ + \ + apk del .build-deps && \ + cd / && \ + rm -rf /tmp/build "$GNUPGHOME" VOLUME ["/var/cache/squid"] EXPOSE 3128/tcp -CMD ["squid"] +USER squid + +CMD ["sh", "-c", "/usr/sbin/squid -f ${SQUID_CONFIG_FILE} -z && exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} -NYCd 1"]