squid源码构建容器镜像

源码获取

squid-5.9官网地址
wget -c http://www.squid-cache.org/Versions/v5/squid-5.9.tar.xz

编译

# 系统环境
root@192-168-3-11:~# head -5 /etc/os-release
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy

# 依赖
apt -y install build-essential

# tar xf squid-5.9.tar.xz && cd squid-5.9 && ls
acinclude     contrib       INSTALL      RELEASENOTES.html
aclocal.m4    CONTRIBUTORS  lib          scripts
bootstrap.sh  COPYING       libltdl      SPONSORS
cfgaux        CREDITS       Makefile.am  src
ChangeLog     doc           Makefile.in  test-suite
compat        errors        po4a.conf    tools
configure     icons         QUICKSTART
configure.ac  include       README

# 创建/app目录
root@192-168-3-11:~/squid-5.9# mkdir /app

# 编译
./configure --prefix=/app/squid --enable-linux-netfilter --enable-gnuregex --with-default-user=squid --enable-ltdl-convenience && make -j`nproc` && make install && echo ok
## 输出ok正常
make[2]: 对“install-exec-am”无需做任何事。
make[2]: 对“install-data-am”无需做任何事。
make[2]: 离开目录“/root/squid-5.9”
make[1]: 离开目录“/root/squid-5.9”
ok

# 检测
root@192-168-3-11:~/squid-5.9# cd /app/squid
root@192-168-3-11:/app/squid# ls
bin  etc  libexec  sbin  share  var
root@192-168-3-11:/app/squid# ./sbin/squid -v
Squid Cache: Version 5.9
Service Name: squid
configure options:  '--prefix=/app/squid' '--enable-linux-netfilter' '--enable-gnuregex' '--with-default-user=squid' '--enable-ltdl-convenience'

编译后文件修改

/app/squid/etc/squid.conf,http协议3128端口正向代理

acl localnet src 192.168.250.0/24       # RFC 1918 local private network (LAN)
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http

acl CONNECT method CONNECT

cache_swap_low 90
cache_swap_high 95

cache_mem 32 MB 

minimum_object_size 0 KB
maximum_object_size 32768 KB

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access deny to_localhost
http_access deny to_linklocal
http_access allow localnet
http_access deny all

http_port 3128

cache_effective_user squid
cache_effective_group squid

#cache_dir ufs /app/squid/var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /app/squid/var/cache/squid

# access_log
access_log daemon:/app/squid/var/logs/access.log combined
logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh


#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

创建/app/squid/sbin/docker-entrypoint.sh

#!/bin/bash
set -e
exec squid -N -d1 -f "$@" 

添加执行权限chmod +x docker-entrypoint.sh

Dockerfile构建镜像

/app/Dockerfile

# syntax=docker/dockerfile:1
FROM debian:latest
WORKDIR /app/squid
COPY ./squid /app/squid
RUN useradd -m -s /bin/bash squid  \
&& chown -R squid:squid /app \
&& apt update \
&& apt upgrade -y \
&& apt -y install libxml2-dev procps 
VOLUME /app/squid
EXPOSE 3128
USER squid
ENV PATH=$PATH:/app/squid/sbin
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["/app/squid/etc/squid.conf"]

执行命令

# 如果网络不好，可以打包/app目录，转移到别的远程机器构建
root@ecs-hk:~/app# docker build -t squid:v5.9 --no-cache .
[+] Building 31.9s (13/13) FINISHED             docker:default
 => [internal] load build definition from Dockerfile      0.1s
 => => transferring dockerfile: 415B                      0.0s
 => [internal] load .dockerignore                         0.1s
 => => transferring context: 2B                           0.0s
 => resolve image config for docker.io/docker/dockerfile  1.7s
 => [auth] docker/dockerfile:pull token for registry-1.d  0.0s
 => CACHED docker-image://docker.io/docker/dockerfile:1@  0.0s
 => [internal] load metadata for docker.io/library/debia  1.2s
 => [auth] library/debian:pull token for registry-1.dock  0.0s
 => [1/4] FROM docker.io/library/debian:latest@sha256:ea  0.0s
 => CACHED [2/4] WORKDIR /app/squid                       0.0s
 => [internal] load build context                         1.7s
 => => transferring context: 77.94MB                      1.6s
 => [3/4] COPY ./squid /app/squid                         1.9s
 => [4/4] RUN useradd -m -s /bin/bash squid  && chown -  19.7s
 => exporting to image                                    5.1s
 => => exporting layers                                   5.1s
 => => writing image sha256:2517d0383aaf56f1e046b59a531d  0.0s 
 => => naming to docker.io/library/squid:v5.9             0.0s 

# 查看镜像
root@ecs-hk:~/app# docker images | grep squid
squid                                         v5.9               2517d0383aaf   About a minute ago   472MB

镜像测试

# 创建测试容器
root@192-168-3-11:~# docker run -itd --name test --rm -p 3128:3128 squid:v5.9
8e77d57feea060224444547d13c7dd9b7bd997434428cc879e20150390d58d49
root@192-168-3-11:~# docker ps
CONTAINER ID   IMAGE        COMMAND                   CREATED          STATUS          PORTS                                       NAMES
8e77d57feea0   squid:v5.9   "docker-entrypoint.s…"   20 seconds ago   Up 18 seconds   0.0.0.0:3128->3128/tcp, :::3128->3128/tcp   test

# 容器进程
docker exec -it test ps aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
squid          1  0.5 14.6 567604 145104 pts/0   Ss+  06:19   0:00 squid -N -d1 -f /app/squid/etc/squid.conf
squid          7  0.0  0.1   5648  1800 ?        Ss   06:19   0:00 (logfile-daemon) /app/squid/var/logs/access.log
squid          8 20.0  0.4   8100  4012 pts/1    Rs+  06:19   0:00 ps aux

# 实时日志
root@192-168-3-11:~# docker exec -it test tail -f /app/squid/var/logs/access.log

# 另一台机器访问测试
xyl@terminal:~/download$ curl -x http://192.168.3.11:3128 -L www.baidu.com

# 日志出现，镜像可用
root@192-168-3-11:~# docker exec -it test tail -f /app/squid/var/logs/access.log
192.168.5.2 - - [22/Sep/2023:06:11:41 +0000] "GET http://www.baidu.com/ HTTP/1.1" 403 3848 "-" "curl/7.74.0" TCP_DENIED:HIER_NONE