b4tman / docker-squid Goto Github PK
View Code? Open in Web Editor NEWSquid in docker container based on Alpine Linux
License: MIT License
Squid in docker container based on Alpine Linux
License: MIT License
this is a nice repo i have used for one year, but after upgrading my raspberry pi to 64bit OS, it's not supported. so i start to build this docker image by tag v4.16.0, this is a good version for me. here is the build error:
`
[linux/arm64 build 9/11] RUN set -x && cd /tmp/build && nproc=$(n=$(nproc) ; max_n=6 ; [ $n -le $max_n ] && echo $n || echo $max_n) && make -j $nproc && make install && cd tools/squidclient && make && make install-strip:
#17 0.083 + cd /tmp/build
#17 0.090 + nproc
#17 0.105 + n=2
#17 0.106 + max_n=6
#17 0.108 + '[' 2 -le 6 ]
#17 0.113 + echo 2
#17 0.116 + nproc=2
#17 0.117 + make -j 2
#17 0.217 Making all in compat
#17 0.271 make[1]: Entering directory '/tmp/build/compat'
#17 0.291 CXX assert.lo
#17 0.294 CXX compat.lo
#17 2.194 CXX debug.lo
#17 2.664 CC eui64_aton.lo
#17 4.217 CXX getaddrinfo.lo
#17 4.996 CXX getnameinfo.lo
#17 6.198 CC GnuRegex.lo
#17 6.942 CXX inet_ntop.lo
#17 7.684 CXX inet_pton.lo
#17 8.981 CXX memrchr.lo
#17 9.695 CXX shm.lo
#17 10.96 CXX statvfs.lo
#17 12.12 CXX strnstr.lo
#17 12.91 CC strnrchr.lo
#17 15.05 CXX xalloc.lo
#17 15.21 CXX xstrerror.lo
#17 17.98 CXX xstring.lo
#17 17.99 CXX xstrto.lo
#17 21.04 CXX mswindows.lo
#17 22.90 CXXLD libcompatsquid.la
#17 24.93 make[1]: Leaving directory '/tmp/build/compat'
#17 24.93 Making all in lib
#17 24.99 make[1]: Entering directory '/tmp/build/lib'
#17 25.05 Making all in ntlmauth
#17 25.10 make[2]: Entering directory '/tmp/build/lib/ntlmauth'
#17 25.12 CXX ntlmauth.lo
#17 33.70 CXXLD libntlmauth.la
#17 34.73 make[2]: Leaving directory '/tmp/build/lib/ntlmauth'
#17 34.79 make[2]: Entering directory '/tmp/build/lib'
#17 34.81 CC base64.lo
#17 34.81 CC charset.lo
#17 37.14 CC html_quote.lo
#17 38.52 CC md5.lo
#17 39.86 CC rfc1738.lo
#17 42.32 CC rfc2617.lo
#17 43.13 CXX hash.lo
#17 45.46 CC getfullhostname.lo
#17 47.75 CC heap.lo
#17 48.10 CC iso3307.lo
#17 50.79 CC radix.lo
#17 51.84 CC rfc1123.lo
#17 55.05 CXX Splay.lo
#17 57.10 CC stub_memaccount.lo
#17 58.38 CC util.lo
#17 59.06 CC xusleep.lo
#17 61.38 CCLD libmiscencoding.la
#17 61.49 CXXLD libmisccontainers.la
#17 62.64 CXXLD libmiscutil.la
#17 64.16 make[2]: Leaving directory '/tmp/build/lib'
#17 64.17 make[1]: Leaving directory '/tmp/build/lib'
#17 64.17 Making all in libltdl
#17 64.24 make[1]: Entering directory '/tmp/build/libltdl'
#17 64.29 GEN libltdl/lt__argz.h
#17 64.32 make all-am
#17 64.39 make[2]: Entering directory '/tmp/build/libltdl'
#17 64.47 CC libltdlc_la-lt__alloc.lo
#17 64.48 Error while loading /usr/local/sbin/mkdir: No such file or directory
#17 64.48 make[2]: *** [Makefile:624: loaders/.deps/.dirstamp] Error 1
#17 64.48 make[2]: *** Waiting for unfinished jobs....
#17 66.17 make[2]: Leaving directory '/tmp/build/libltdl'
#17 66.17 make[1]: *** [Makefile:522: all] Error 2
#17 66.17 make[1]: Leaving directory '/tmp/build/libltdl'
#17 66.18 make: *** [Makefile:588: all-recursive] Error 1
`
please help, thx.
I've been testing out the v6 version and noticed that it lacks 'basic_radius_auth'. Could you possibly add radius authentication? Thank you very much!
I intend to use Cacti to monitor the status of Squid via SNMP. However, it seems that SNMP is not enabled by default in Squid. Can you provide instructions on how to enable SNMP?
Required for managing credentials on mysql, but not included?
https://wiki.squid-cache.org/ConfigExamples/Authenticate/Mysql
b4tman/squid:5.2
/ $ ls -alh /usr/lib/squid
total 508K
drwxr-xr-x 2 root root 4.0K Oct 4 13:58 .
drwxr-xr-x 1 root root 4.0K Oct 4 13:58 ..
-rwxr-xr-x 1 root root 13.8K Oct 4 13:58 basic_getpwnam_auth
-rwxr-xr-x 1 root root 26.0K Oct 4 13:58 basic_ncsa_auth
-rwxr-xr-x 1 root root 82.1K Oct 4 13:58 cachemgr.cgi
-rwxr-xr-x 1 root root 21.8K Oct 4 13:58 digest_file_auth
-rwxr-xr-x 1 root root 21.8K Oct 4 13:58 diskd
-rwxr-xr-x 1 root root 17.8K Oct 4 13:58 ext_file_userip_acl
-rwxr-xr-x 1 root root 17.8K Oct 4 13:58 ext_unix_group_acl
-rwxr-xr-x 1 root root 5.0K Oct 4 13:58 ext_wbinfo_group_acl
-rwxr-xr-x 1 root root 7.0K Oct 4 13:58 helper-mux
-rwxr-xr-x 1 root root 12.7K Oct 4 13:58 log_db_daemon
-rwxr-xr-x 1 root root 13.8K Oct 4 13:58 log_file_daemon
-rwxr-xr-x 1 root root 13.7K Oct 4 13:58 negotiate_kerberos_auth
-rwxr-xr-x 1 root root 13.6K Oct 4 13:58 negotiate_kerberos_auth_test
-rwxr-xr-x 1 root root 21.7K Oct 4 13:58 negotiate_wrapper_auth
-rwxr-xr-x 1 root root 25.8K Oct 4 13:58 ntlm_fake_auth
-rwxr-xr-x 1 root root 7.3K Oct 4 13:58 security_fake_certverify
-rwxr-xr-x 1 root root 94.1K Oct 4 13:58 security_file_certgen
-rwxr-xr-x 1 root root 4.0K Oct 4 13:58 storeid_file_rewrite
-rwxr-xr-x 1 root root 14.0K Oct 4 13:58 unlinkd
-rwxr-xr-x 1 root root 13.8K Oct 4 13:58 url_fake_rewrite
-rwxr-xr-x 1 root root 2.5K Oct 4 13:58 url_fake_rewrite.sh
-rwxr-xr-x 1 root root 4.6K Oct 4 13:58 url_lfs_rewrite
My squid is suddenly reporting an error and is not functioning properly. How can I address this?
It seems related to my use of radius, but I haven't made any recent changes to the settings.
2023/10/10 03:40:10 kid1| DNS IPv4 socket created at 0.0.0.0, FD 8
2023/10/10 03:40:10 kid1| Adding nameserver 127.0.0.11 from /etc/resolv.conf
2023/10/10 03:40:10 kid1| Adding ndots 1 from /etc/resolv.conf
2023/10/10 03:40:10 kid1| helperOpenServers: Starting 0/5 'basic_radius_auth' processes
2023/10/10 03:40:10 kid1| helperOpenServers: No 'basic_radius_auth' processes needed.
2023/10/10 03:40:10 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2023/10/10 03:40:10 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2023/10/10 03:40:10 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2023/10/10 03:40:10 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2023/10/10 03:40:10 kid1| Store logging disabled
2023/10/10 03:40:10 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2023/10/10 03:40:10 kid1| Target number of buckets: 1008
2023/10/10 03:40:10 kid1| Using 8192 Store buckets
2023/10/10 03:40:10 kid1| Max Mem size: 262144 KB
2023/10/10 03:40:10 kid1| Max Swap size: 0 KB
2023/10/10 03:40:10 kid1| Using Least Load store dir selection
2023/10/10 03:40:10 kid1| Set Current Directory to /var/spool/squid
2023/10/10 03:40:10 kid1| Finished loading MIME types and icons.
2023/10/10 03:40:10 kid1| HTCP Disabled.
2023/10/10 03:40:10 kid1| Adaptation support is off.
2023/10/10 03:40:10 kid1| Accepting HTTPS Socket connections at conn2 local=0.0.0.0:3128 remote=[::] FD 11 flags=9
listening port: 3128
2023/10/10 03:40:11 kid1| storeLateRelease: released 0 objects
2023/10/10 03:42:25 kid1| Starting new basicauthenticator helpers...
current master transaction: master85
2023/10/10 03:42:25 kid1| helperOpenServers: Starting 1/5 'basic_radius_auth' processes
current master transaction: master85
2023/10/10 03:42:25 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
current master transaction: master85
When running docker-compose, it is found that the time zone displayed in the docker logs log is not the local time zone. If docker alpine wants to set the local time zone, the following modifications need to be made:
apk add tzdata
`
FROM alpine:3.19.1 as build
ARG SQUID_VER=6.8
RUN set -x &&
apk add --no-cache
gcc
g++
libc-dev
curl
gnupg
openssl-dev
openssl-libs-static
perl-dev
autoconf
automake
make
pkgconfig
heimdal-dev
libtool
libcap-dev
linux-headers
WORKDIR /tmp/build
RUN set -x &&
curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz &&
curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc
COPY squid-keys.asc /tmp/build
RUN set -x &&
GNUPGHOME="$(mktemp -d)" &&
export GNUPGHOME &&
gpg --import squid-keys.asc &&
gpg --batch --verify squid-${SQUID_VER}.tar.gz.asc squid-${SQUID_VER}.tar.gz &&
rm -rf "$GNUPGHOME"
RUN set -x &&
tar --strip 1 -xzf squid-${SQUID_VER}.tar.gz &&
MACHINE=$(uname -m) &&
CFLAGS="-g0 -O2"
CXXFLAGS="-g0 -O2"
LDFLAGS="-s"
./configure
--build="$MACHINE"
--host="$MACHINE"
--prefix=/usr
--datadir=/usr/share/squid
--sysconfdir=/etc/squid
--libexecdir=/usr/lib/squid
--localstatedir=/var
--with-logdir=/var/log/squid
--disable-strict-error-checking
--disable-arch-native
--enable-removal-policies="lru,heap"
--enable-auth-digest
--enable-auth-basic="getpwnam,NCSA,DB,RADIUS"
--enable-basic-auth-helpers="DB"
--enable-epoll
--enable-external-acl-helpers="file_userip,unix_group,wbinfo_group"
--enable-auth-ntlm="fake"
--enable-auth-negotiate="kerberos,wrapper"
--enable-silent-rules
--disable-mit
--enable-heimdal
--enable-delay-pools
--enable-arp-acl
--enable-openssl
--enable-ssl-crtd
--enable-security-cert-generators="file"
--enable-ident-lookups
--enable-useragent-log
--enable-cache-digests
--enable-referer-log
--enable-async-io
--enable-truncate
--enable-arp-acl
--enable-htcp
--enable-carp
--enable-epoll
--enable-follow-x-forwarded-for
--enable-storeio="diskd rock"
--enable-ipv6
--enable-translation
--enable-snmp
--disable-dependency-tracking
--with-large-files
--with-default-user=squid
--with-openssl
--with-pidfile=/var/run/squid/squid.pid
RUN set -x &&
nproc=$(n=$(nproc) ; max_n=6 ; echo $(( n <= max_n ? n : max_n )) ) &&
make -j $nproc &&
make install
WORKDIR /tmp/build/tools/squidclient
RUN make && make install-strip
RUN sed -i '1s;^;include /etc/squid/conf.d/.conf\n;' /etc/squid/squid.conf &&
echo 'include /etc/squid/conf.d.tail/.conf' >> /etc/squid/squid.conf
FROM alpine:3.19.1
ENV SQUID_CONFIG_FILE /etc/squid/squid.conf
ENV TZ Europe/Moscow
RUN set -x &&
deluser squid 2>/dev/null; delgroup squid 2>/dev/null;
addgroup -S squid -g 3128 && adduser -S -u 3128 -G squid -g squid -H -D -s /bin/false -h /var/cache/squid squid
RUN apk add --no-cache
libstdc++
heimdal-libs
libcap
libltdl
tzdata
COPY --from=build /etc/squid/ /etc/squid/
COPY --from=build /usr/lib/squid/ /usr/lib/squid/
COPY --from=build /usr/share/squid/ /usr/share/squid/
COPY --from=build /usr/sbin/squid /usr/sbin/squid
COPY --from=build /usr/bin/squidclient /usr/bin/squidclient
RUN install -d -o squid -g squid
/var/cache/squid
/var/log/squid
/var/run/squid &&
chmod +x /usr/lib/squid/* &&
install -d -m 755 -o squid -g squid
/etc/squid/conf.d
/etc/squid/conf.d.tail &&
touch /etc/squid/conf.d/placeholder.conf
COPY squid-log.conf /etc/squid/conf.d.tail/
RUN set -x &&
apk add --no-cache --virtual .tz alpine-conf tzdata &&
/sbin/setup-timezone -z $TZ &&
apk del .tz
VOLUME ["/var/cache/squid"]
EXPOSE 3128/tcp
USER squid
CMD ["sh", "-c", "rm -f /var/run/squid/squid.pid ; /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -z && exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -YCd 1"]
`
How to use it on arm64 architecture?
Hi Dmitry,
I noticed that the current setting of squid.conf
is:
$ diff -wU 1 squid.conf.default squid.conf
--- squid.conf.default 2019-08-06 09:34:21.000000000 -0400
+++ squid.conf 2019-08-06 09:34:30.000000000 -0400
@@ -76 +76,2 @@
refresh_pattern . 0 20% 4320
+include /etc/squid/conf.d/*.conf
However, there are cases that settings need to be added to the front of squid.conf
, e.g., when specifying squid authentication -- better put up front. Would you consider adding it please?
If so, I propose something like this:
$ diff -wU 1 squid.conf.default squid.conf
--- squid.conf.default 2019-08-06 09:34:21.000000000 -0400
+++ squid.conf 2019-08-08 17:35:37.239905486 -0400
@@ -1 +1,2 @@
+include /etc/squid/conf.d/front-*.conf
#
@@ -76 +77,2 @@
refresh_pattern . 0 20% 4320
+include /etc/squid/conf.d/rear-*.conf
The use of pair front/rear
is the best I came up so far. E.g., if using append/prepend
, then the file order would be wrong (those being appended are showing in the front when doing ls
). The pair begin/end
is OK by the order, but I was looking for a prefix pair that of similar length (if not the same).
Please consider.
Thanks!
why do you enable negotiate wrapper auth but doesn't enable kerberos auth? The build image doesn't enable it. Afterwards image can't use the kerberos auth. Btw, thanks for your effort you are the only one to keep update the squid docker image.
When I use the command 'docker restart squid8012-edge' to restart the containers, Squid does not restart properly and this error occurs.
Is there a configuration error? Please advise, thank you.
squid8012-edge | 2023/07/06 19:16:46| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
squid8012-edge | 2023/07/06 19:16:46| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46| Processing Configuration File: /etc/squid/squid.conf (depth 0)
squid8012-edge | 2023/07/06 19:16:46| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46| Created PID file (/var/run/squid/squid.pid)
squid8012-edge | 2023/07/06 19:16:46 kid1| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
squid8012-edge | 2023/07/06 19:16:46 kid1| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46 kid1| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46 kid1| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46 kid1| Processing Configuration File: /etc/squid/squid.conf (depth 0)
squid8012-edge | 2023/07/06 19:16:46 kid1| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46 kid1| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46 kid1| Set Current Directory to /var/spool/squid
squid8012-edge | 2023/07/06 19:16:46 kid1| Creating missing swap directories
squid8012-edge | 2023/07/06 19:16:46 kid1| No cache_dir stores are configured.
squid8012-edge | 2023/07/06 19:16:46| Removing PID file (/var/run/squid/squid.pid)
squid8012-edge | 2023/07/06 19:16:46| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
squid8012-edge | 2023/07/06 19:16:46| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46| Processing Configuration File: /etc/squid/squid.conf (depth 0)
squid8012-edge | 2023/07/06 19:16:46| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46| aclIpParseIpData: IPv6 has not been enabled.
squid8012-edge | 2023/07/06 19:16:46| Created PID file (/var/run/squid/squid.pid)
squid8012-edge | 2023/07/06 19:16:46 kid1| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
squid8012-edge | 2023/07/06 19:16:46 kid1| aclIpParseIpData: IPv6 has not been enabled.
#docker compose file
squid8012-edge:
image: b4tman/squid:v6
container_name: squid8012-edge
ports:
- "3128:3128"
volumes:
- /docker-data/squid8012-edge/etc/squid/squid.conf:/etc/squid/squid.conf
- /docker-data/squid8012-edge/etc/squid/ssl:/etc/squid/ssl
- /docker-data/squid8012-edge/var/spool/squid:/var/spool/squid
- /docker-data/squid8012-edge/var/logs/squid:/var/log/squid
environment:
- TZ=Asia/Shanghai
networks:
squid_network:
ipv4_address: 172.16.0.212
restart: always
I was wondering if there were any plans to use an updated alpine image any time soon. We are using the 5.7 image, and scans show vulnerabilities. Or if you have any recommendations to deal with them. Thanks in advance.
I am trying to use the 6.6-ssl-bump image, and it fails, you can help?
My logs
squid | 2024/01/21 01:28:01 kid1| Adding domain sa-east-1.compute.internal from /etc/resolv.conf
squid | 2024/01/21 01:28:01 kid1| Adding nameserver 127.0.0.11 from /etc/resolv.conf
squid | 2024/01/21 01:28:01 kid1| Adding ndots 1 from /etc/resolv.conf
squid | 2024/01/21 01:28:01 kid1| Logfile: opening log stdio:/proc/self/fd/1
squid | 2024/01/21 01:28:01 kid1| Not currently OK to rewrite swap log.
squid | 2024/01/21 01:28:01 kid1| storeDirWriteCleanLogs: Operation aborted.
squid | 2024/01/21 01:28:01 kid1| FATAL: Cannot open '/proc/self/fd/1' for writing.
squid | The parent directory must be writeable by the
squid | user 'squid', which is the cache_effective_user
squid | set in squid.conf.
squid | 2024/01/21 01:28:01 kid1| Squid Cache (Version 6.5): Terminated abnormally.
squid | 2024/01/21 01:28:01| Removing PID file (/var/run/squid/squid.pid)
My docker-compose.yml
version: '3.9'
x-logging: &logging
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "1"
services:
tor:
image: dperson/torproxy
container_name: tor
restart: unless-stopped
squid:
ports:
- 3199:3199 # TOR
image: 'b4tman/squid:6.6-ssl-bump'
volumes:
- './config/:/etc/squid/conf.d/'
container_name: squid
environment:
- SQUID_CONFIG_FILE=/etc/squid/conf.d/squid.conf
extra_hosts:
- 'host.docker.internal:host-gateway'
healthcheck:
test: [ CMD-SHELL, 'export https_proxy=127.0.0.1:3199 && export http_proxy=127.0.0.1:3199 && wget -q -Y on -O - https://checkip.amazonaws.com || exit 1' ]
retries: 5
timeout: 10s
start_period: 60s
interval: 300s
ulimits:
nofile: { soft: 65536, hard: 65536 }
restart: always
squid.conf
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl Allowed_IP src "/etc/squid/conf.d/allowed_ip.txt"
http_access allow Allowed_IP
http_access allow localnet
http_access allow localhost manager
http_access deny manager
http_access allow all # cambio deny por allow
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
cache allow all
cache_dir ufs /var/cache/squid 5000 16 256
maximum_object_size 8 MB
cache_mem 256 MB
refresh_pattern ^http:// 0 20% 60
refresh_pattern ^https:// 0 20% 60
# Otras configuraciones
visible_hostname unkown
forwarded_for off
request_header_access X-Forwarded-For deny all
request_header_access Cache-Control allow all # cambio deny por allow
request_header_access Via deny all
reply_header_access X-Forwarded-For deny all
reply_header_access Cache-Control allow all # cambio deny por allow
reply_header_access Via deny all
reply_header_access X-Squid-Error deny all
never_direct allow all
server_persistent_connections off
client_persistent_connections off
access_log stdio:/proc/self/fd/1 combined
# Define una ACL para el puerto 3199 ######### TOR-PROXY
http_port 3199
acl puerto_3199 localport 3199
http_access allow puerto_3199
cache_peer tor parent 8118 0 no-digest no-netdb-exchange connect-fail-limit=2 connect-timeout=8 round-robin no-query allow-miss proxy-only name=tor
cache_peer_access tor allow puerto_3199
Is it possible to use this image as an http proxy. When the following statement
http_port 3128 ssl-bump
generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/etc/config/myca.pem
key=/etc/config/myca.pem
is added to the config file, then the following error occurs
2019/01/29 20:49:39 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2019/01/29 20:49:39 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2019/01/29 20:49:39 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2019/01/29 20:49:39 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2019/01/29 20:49:39 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2019/01/29 20:49:39 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
(security_file_certgen): Uninitialized SSL certificate database directory: /var/cache/squid/ssl_db. To initialize, run "security_file_certgen -c -s /var/cache/squid/ssl_db".
2019/01/29 20:49:39 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2019/01/29 20:49:39 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
(security_file_certgen): Uninitialized SSL certificate database directory: /var/cache/squid/ssl_db. To initialize, run "security_file_certgen -c -s /var/cache/squid/ssl_db".
2019/01/29 20:49:39 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2019/01/29 20:49:39 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
Do you know what could be wrong?
Hi,
Thanks for this project - I was just wondering why the latest
tag is only built for amd64 - I'm trying to run this on a RPI swarm and it's failing as it's not built for ARM
I tried pulling the armhf
tag which works, however it hasn't been updated for 2 years so the Squid/Alpine versions are out of date.
Thanks!
Build: https://cloud.drone.io/b4tman/docker-squid/52/1/2
Docker version: 19.03.8
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/main: temporary error (try again later)
111 | fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/armhf/APKINDEX.tar.gz
112 | 4157952912:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
Release Notes for Alpine 3.13.0
Alpine Linux 3.13.0 requires the host Docker to be version 19.03.9 (which contains backported moby commit 89fabf0) or greater and the host libseccomp to be version 2.4.2 (which contains backported libseccomp commit bf747eb) or greater.
Hi,
When I try to use b4tman/squid
, I'll get the "Recv failure: Connection reset by peer" error:
$ docker run -d -p 3128:3128 b4tman/squid
0fbd6e8d8d34d601f699527734e45dba197aa7af95dcf79d93ae3cf17f3f84d2
$ curl --proxy http://localhost:3128 http://google.com
curl: (56) Recv failure: Connection reset by peer
My b4tman/squid
is the latest that I got minutes ago.
$ docker images | grep squid
b4tman/squid latest 487ec5b0a870 29 hours ago 29.9MB
Please help. THX!
Under load the squid container seems to restart the process very often and drop all current connections.
kid1| assertion failed: tunnel.cc:1227: "!waitingForConnectExchange"
current master transaction: master55
I'm using latest image from ghcr.io/b4tman/squid-ssl-bump
, and it seems it has issues with permissions.
ghcr.io/b4tman/squid-ssl-bump:6.7
doesn't work
ghcr.io/b4tman/squid-ssl-bump:6.6
- works well
SIGHUP does not seem to work
docker kill --signal=SIGHUP mysquidcontainername
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.