From c26a595f3380240541fc317d8131e58378c3c721 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 4 May 2017 11:09:20 +0300 Subject: [PATCH 1/5] build from source --- Dockerfile | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 108 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 05f90af..36f23b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,116 @@ -FROM alpine +FROM alpine:3.5 MAINTAINER b4tman +ENV SQUID_VER 3.5.25 +ENV TZ Europe/Moscow ENV SQUID_CONFIG_FILE=/etc/squid/squid.conf -COPY docker-entrypoint.sh / -RUN apk add --no-cache squid &&\ - chmod 755 /docker-entrypoint.sh -ENTRYPOINT ["/docker-entrypoint.sh"] +RUN set -x && \ + deluser squid 2>/dev/null; delgroup squid 2>/dev/null; \ + addgroup -S squid -g 3128 && adduser -S -u 3128 -G squid -g squid -H -D -s /bin/false -h /var/cache/squid squid + +RUN apk add --no-cache \ + libstdc++ \ + heimdal-libs \ + libcap \ + libressl2.4-libcrypto \ + libressl2.4-libssl \ + libltdl + +RUN apk add --no-cache --virtual .build-deps \ + gcc \ + g++ \ + libc-dev \ + alpine-conf \ + tzdata \ + curl \ + gnupg \ + libressl-dev \ + perl-dev \ + autoconf \ + automake \ + make \ + pkgconfig \ + heimdal-dev \ + libtool \ + libcap-dev \ + linux-headers && \ + \ + mkdir -p /tmp/build && \ + cd /tmp/build && \ + curl -SsL http://www.squid-cache.org/Versions/v3/${SQUID_VER%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \ + curl -SsL http://www.squid-cache.org/Versions/v3/${SQUID_VER%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc && \ + \ + export GNUPGHOME="$(mktemp -d)" && \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys EA31CC5E9488E5168D2DCC5EB268E706FF5CF463 && \ + gpg --batch --verify squid-${SQUID_VER}.tar.gz.asc squid-${SQUID_VER}.tar.gz && \ + \ + tar --strip 1 -xzf squid-${SQUID_VER}.tar.gz && \ + export CFLAGS="-g0 -O2" && \ + export CXXFLAGS="$CFLAGS" && \ + export LDFLAGS="-s" && \ + ./configure \ + --build="$(uname -m)" \ + --host="$(uname -m)" \ + --prefix=/usr \ + --datadir=/usr/share/squid \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/lib/squid \ + --localstatedir=/var \ + --with-logdir=/var/log/squid \ + --disable-strict-error-checking \ + --disable-arch-native \ + --enable-removal-policies="lru,heap" \ + --enable-auth-digest \ + --enable-auth-basic="getpwnam,NCSA" \ + --enable-epoll \ + --enable-external-acl-helpers="file_userip,unix_group,wbinfo_group" \ + --enable-auth-ntlm="fake" \ + --enable-auth-negotiate="wrapper" \ + --enable-silent-rules \ + --disable-mit \ + --enable-heimdal \ + --enable-delay-pools \ + --enable-arp-acl \ + --enable-openssl \ + --enable-ssl-crtd \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-referer-log \ + --enable-async-io \ + --enable-truncate \ + --enable-arp-acl \ + --enable-htcp \ + --enable-carp \ + --enable-poll \ + --enable-follow-x-forwarded-for \ + --enable-storeio="diskd rock" \ + --enable-ipv6 \ + --enable-translation \ + --disable-snmp \ + --disable-dependency-tracking \ + --with-large-files \ + --with-default-user=squid \ + --with-openssl \ + --with-pidfile=/var/run/squid/squid.pid \ + make && \ + make install && \ + install -d -o squid -g squid \ + /var/cache/squid \ + /var/log/squid \ + /var/run/squid && \ + chmod +x /usr/lib/squid/* &&\ + \ + /sbin/setup-timezone -z $TZ && \ + \ + apk del .build-deps && \ + cd / && \ + rm -rf /tmp/build "$GNUPGHOME" VOLUME ["/var/cache/squid"] EXPOSE 3128/tcp -CMD ["squid"] +USER squid + +CMD ["sh", "-c", "/usr/sbin/squid -f ${SQUID_CONFIG_FILE} -z && exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} -NYCd 1"] From 880ff47f404e6f2fa40c6bb946275566d873e3ea Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 4 May 2017 13:34:08 +0300 Subject: [PATCH 2/5] xtrace on build and enable-epoll --- Dockerfile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 36f23b8..9b3391d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,9 @@ FROM alpine:3.5 MAINTAINER b4tman ENV SQUID_VER 3.5.25 +ENV SQUID_SIG_KEY EA31CC5E9488E5168D2DCC5EB268E706FF5CF463 +ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow -ENV SQUID_CONFIG_FILE=/etc/squid/squid.conf RUN set -x && \ deluser squid 2>/dev/null; delgroup squid 2>/dev/null; \ @@ -17,7 +18,8 @@ RUN apk add --no-cache \ libressl2.4-libssl \ libltdl -RUN apk add --no-cache --virtual .build-deps \ +RUN set -x && \ + apk add --no-cache --virtual .build-deps \ gcc \ g++ \ libc-dev \ @@ -38,11 +40,11 @@ RUN apk add --no-cache --virtual .build-deps \ \ mkdir -p /tmp/build && \ cd /tmp/build && \ - curl -SsL http://www.squid-cache.org/Versions/v3/${SQUID_VER%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \ - curl -SsL http://www.squid-cache.org/Versions/v3/${SQUID_VER%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc && \ + curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%.*.*}/${SQUID_VER%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \ + curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%.*.*}/${SQUID_VER%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc && \ \ export GNUPGHOME="$(mktemp -d)" && \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys EA31CC5E9488E5168D2DCC5EB268E706FF5CF463 && \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SQUID_SIG_KEY} && \ gpg --batch --verify squid-${SQUID_VER}.tar.gz.asc squid-${SQUID_VER}.tar.gz && \ \ tar --strip 1 -xzf squid-${SQUID_VER}.tar.gz && \ @@ -83,7 +85,7 @@ RUN apk add --no-cache --virtual .build-deps \ --enable-arp-acl \ --enable-htcp \ --enable-carp \ - --enable-poll \ + --enable-epoll \ --enable-follow-x-forwarded-for \ --enable-storeio="diskd rock" \ --enable-ipv6 \ From 711ae72e14fc8505220e4924014c6e1a0e9b6206 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 11 May 2017 09:59:38 +0300 Subject: [PATCH 3/5] logging to stdout --- Dockerfile | 3 +++ squid-log.conf | 4 ++++ 2 files changed, 7 insertions(+) create mode 100644 squid-log.conf diff --git a/Dockerfile b/Dockerfile index 9b3391d..441389a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -110,6 +110,9 @@ RUN set -x && \ cd / && \ rm -rf /tmp/build "$GNUPGHOME" +COPY squid-log.conf /etc/squid/squid-log.conf +RUN echo 'include /etc/squid/squid-log.conf' >> "$SQUID_CONFIG_FILE" + VOLUME ["/var/cache/squid"] EXPOSE 3128/tcp diff --git a/squid-log.conf b/squid-log.conf new file mode 100644 index 0000000..a71be89 --- /dev/null +++ b/squid-log.conf @@ -0,0 +1,4 @@ +logfile_rotate 0 +cache_store_log none +access_log stdio:/proc/self/fd/1 +cache_log stdio:/proc/self/fd/2 From 1df9cc980e0d67cc1ddf75700c1a3cee8b234575 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 11 May 2017 10:01:17 +0300 Subject: [PATCH 4/5] entrypoint removed --- docker-entrypoint.sh | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 docker-entrypoint.sh diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh deleted file mode 100644 index 2b68ea6..0000000 --- a/docker-entrypoint.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -set -e - -if [ "$1" = 'squid' ]; then - mkdir -p /var/log/squid - mkdir -p /var/cache/squid - - if [ ! "$(ls -A /var/cache/squid)" ]; then - /usr/sbin/squid -f ${SQUID_CONFIG_FILE} -z - fi - - exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} -NYCd 1 -else - exec "$@" -fi From c91e73c4564662c15f30b742cba6821ad8ec2696 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 11 May 2017 14:35:08 +0300 Subject: [PATCH 5/5] include conf.d/*.conf --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 441389a..6fb3fce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -110,8 +110,9 @@ RUN set -x && \ cd / && \ rm -rf /tmp/build "$GNUPGHOME" -COPY squid-log.conf /etc/squid/squid-log.conf -RUN echo 'include /etc/squid/squid-log.conf' >> "$SQUID_CONFIG_FILE" +RUN echo 'include /etc/squid/conf.d/*.conf' >> "$SQUID_CONFIG_FILE" && \ + install -d -m 755 -o squid -g squid /etc/squid/conf.d +COPY squid-log.conf /etc/squid/conf.d/ VOLUME ["/var/cache/squid"] EXPOSE 3128/tcp