b4tman/docker-squid
1
0
Fork 0
mirror of https://github.com/b4tman/docker-squid.git synced 2025-07-30 07:43:39 +00:00
Code Issues Packages Releases Activity

Compare commits

..

2 Commits
abfd29ad78 ... v6.0.2

Author SHA1 Message Date
Dmitry
09aba63183 push v6 images 2023-05-02 17:11:44 +03:00
Dmitry
358cbfef87 bump squid to 6.0.2 2023-05-02 15:53:55 +03:00
8 changed files with 30 additions and 87 deletions

69
.github/workflows/dockerimage.yml vendored

@@ -5,7 +5,7 @@ on:
# Publish `master` as Docker `latest` image.
branches:
- master
- v5
- v6
# Publish `v1.2.3` tags as releases.
tags:
@@ -23,23 +23,23 @@ jobs:
test:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
username: b4tman
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cache Docker layers
uses: actions/cache@v4.0.0
uses: actions/cache@v3.3.1
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -47,7 +47,7 @@ jobs:
${{ runner.os }}-buildx-
- name: Build squid image
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
context: .
push: false
@@ -65,48 +65,23 @@ jobs:
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Test image
run: |
set -ex
docker compose -f docker-compose.test.yml up --pull never sut --exit-code-from sut
docker compose -f docker-compose.test.yml down
run: docker compose -f docker-compose.test.yml up --pull never sut
- name: set base image for 'ssl-bump'
- name: Build 'ssl-bump' image
run: |
sed -i "s%FROM b4tman/squid%FROM $TEST_TAG%" ssl-bump/Dockerfile
- name: Build 'ssl-bump' image
uses: docker/build-push-action@v5
with:
context: .
push: false
load: true
tags: ${{ env.TEST_TAG }}-ssl-bump
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
docker build ssl-bump
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Test 'ssl-bump' image
run: |
set -ex
TEST_TAG="${TEST_TAG}-ssl-bump" docker compose -f docker-compose.test.yml up --pull never sut --exit-code-from sut
docker compose -f docker-compose.test.yml down
push:
needs: test
runs-on: ubuntu-20.04
if: github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v4
with:
images: |
b4tman/squid
@@ -120,7 +95,7 @@ jobs:
- name: Docker meta (ssl-bump)
id: meta_ssl_bump
uses: docker/metadata-action@v5
uses: docker/metadata-action@v4
with:
images: |
b4tman/squid
@@ -135,7 +110,7 @@ jobs:
- name: Docker meta (ssl-bump ghcr)
id: meta_ssl_bump_ghcr
uses: docker/metadata-action@v5
uses: docker/metadata-action@v4
with:
images: |
ghcr.io/b4tman/squid-ssl-bump
@@ -147,13 +122,13 @@ jobs:
type=semver,pattern={{major}}.{{minor}}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
- name: Cache Docker layers
uses: actions/cache@v4.0.0
uses: actions/cache@v3.3.1
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -161,20 +136,20 @@ jobs:
${{ runner.os }}-buildx-
- name: Login to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
username: b4tman
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GHCR
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Build squid image
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
context: .
push: true
@@ -193,7 +168,7 @@ jobs:
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Build 'ssl-bump' image
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
context: ssl-bump
push: true
@@ -213,7 +188,7 @@ jobs:
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Build 'ssl-bump' image for ghcr
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
context: ssl-bump
push: true

2
.github/workflows/stale.yml vendored

@@ -18,7 +18,7 @@ jobs:
pull-requests: write
steps:
- uses: actions/stale@v9
- uses: actions/stale@v8
with:
days-before-stale: 182
days-before-close: 7

12
Dockerfile

@@ -1,6 +1,6 @@
FROM alpine:3.19.1 as build
FROM alpine:3.17.3 as build
ARG SQUID_VER=6.7
ARG SQUID_VER=6.0.2
RUN set -x && \
apk add --no-cache \
@@ -58,7 +58,7 @@ RUN set -x && \
--disable-arch-native \
--enable-removal-policies="lru,heap" \
--enable-auth-digest \
--enable-auth-basic="getpwnam,NCSA,DB,RADIUS" \
--enable-auth-basic="getpwnam,NCSA,DB" \
--enable-basic-auth-helpers="DB" \
--enable-epoll \
--enable-external-acl-helpers="file_userip,unix_group,wbinfo_group" \
@@ -86,7 +86,7 @@ RUN set -x && \
--enable-storeio="diskd rock" \
--enable-ipv6 \
--enable-translation \
--enable-snmp \
--disable-snmp \
--disable-dependency-tracking \
--with-large-files \
--with-default-user=squid \
@@ -106,7 +106,7 @@ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf && \
# --- --- --- --- --- --- --- --- ---
FROM alpine:3.19.1
FROM alpine:3.17.3
ENV SQUID_CONFIG_FILE /etc/squid/squid.conf
ENV TZ Europe/Moscow
@@ -148,4 +148,4 @@ EXPOSE 3128/tcp
USER squid
CMD ["sh", "-c", "rm -f /var/run/squid/squid.pid ; /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -z && exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -YCd 1"]
CMD ["sh", "-c", "/usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -z && exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -YCd 1"]

2
docker-compose.test.yml

@@ -2,8 +2,6 @@ version: '2.3'
services:
proxy:
image: "${TEST_TAG}"
volumes:
- './test_localnet.conf:/etc/squid/conf.d/test_localnet.conf:ro'
healthcheck:
test: ["CMD", "sh", "-exc", "squidclient -T 3 mgr:info 2> /dev/null | grep -qF '200 OK'"]
interval: 5s

BIN
squid-keys.asc

Binary file not shown.

7
ssl-bump/Dockerfile

@@ -1,9 +1,4 @@
FROM b4tman/squid
COPY run.sh /
USER root
RUN chmod 755 /run.sh
USER squid
CMD ["/run.sh"]
CMD ["sh", "-c", "(test -d /var/cache/squid/ssl_db || /usr/lib/squid/security_file_certgen -c -s /var/cache/squid/ssl_db -M 4MB) && /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -z && exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -YCd 1"]

14
ssl-bump/run.sh

@@ -1,14 +0,0 @@
#!/bin/sh
set -x
# init ssl_db
if [ ! -d /var/cache/squid/ssl_db ]; then
/usr/lib/squid/security_file_certgen -c -s /var/cache/squid/ssl_db -M 4MB
fi
# init cache
/usr/sbin/squid -f "${SQUID_CONFIG_FILE}" --foreground -z
# run squid
exec /usr/sbin/squid -f "${SQUID_CONFIG_FILE}" --foreground -YCd 1

11
test_localnet.conf

@@ -1,11 +0,0 @@
acl localnet1 src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet1 src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet1 src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet1 src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet1 src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet1 src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet1 src fc00::/7 # RFC 4193 local private network range
acl localnet1 src fe80::/10 # RFC 4291 link-local (directly plugged) machines
http_access allow localnet1
http_access allow localhost manager