diff --git a/Dockerfile b/Dockerfile index 37526ef..bccf069 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,12 @@ -FROM ubuntu:14.10 -MAINTAINER Rob Haswell - -RUN apt-get -qqy update -RUN apt-get -qqy upgrade -RUN apt-get -qqy install apache2-utils squid3 - -# If you are prone to gouging your eyes out, do not read the following 2 lines -RUN sed -i 's@#\tauth_param basic program /usr/lib/squid3/basic_ncsa_auth /usr/etc/passwd@auth_param basic program /usr/lib/squid3/basic_ncsa_auth /usr/etc/passwd\nacl ncsa_users proxy_auth REQUIRED@' /etc/squid3/squid.conf -RUN sed -i 's@^http_access allow localhost$@\0\nhttp_access allow ncsa_users@' /etc/squid3/squid.conf - -RUN mkdir /usr/etc - +FROM ubuntu:18.04 +LABEL maintainer="Rob Haswell " + +RUN apt-get -y update && \ + apt-get -y upgrade &&\ + apt-get install -y apache2-utils squid && \ + rm -rf /var/lib/apt/lists/* +COPY squid.conf /etc/squid/squid.conf +COPY init.sh / EXPOSE 3128 -VOLUME /var/log/squid3 -ADD init /init -CMD ["/init"] +CMD ["/bin/bash", "/init.sh"] diff --git a/README.md b/README.md index eb0d92c..d8de641 100644 --- a/README.md +++ b/README.md @@ -1,43 +1,32 @@ -squid-docker-simple-auth -======================== +# squid-docker-simple-auth A simple (and fragile) Dockerfile for launching an authenticated squid proxy. The user must specify authentication credentials via the following environment variables: -``` +```bash SQUID_USERNAME=foo SQUID_PASSWORD=bar ``` An example invocation would be: -``` +```bash docker run -e SQUID_USERNAME=foo -e SQUID_PASSWORD=bar -p 3128:3128 robhaswell/squid-authenticated ``` -Details -======= +## Details -Environment variables ---------------------- +### Environment variables * SQUID_USERNAME * SQUID_PASSWORD -Ports ------ +### Ports * 3128 -Volumes -------- - -* `/var/log/squid3` - -Ideas for Improvement -===================== +## Ideas for Improvement -* Output logs to stdout. * The range of authentication options could be expanded through more configuration options. * Supply a full configuration file that has been well considered instead of hacking up Ubuntu's defaults. diff --git a/init b/init deleted file mode 100755 index 37e797e..0000000 --- a/init +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -htpasswd -bc /usr/etc/passwd "${SQUID_USERNAME}" "${SQUID_PASSWORD}" -exec squid3 -N $* diff --git a/init.sh b/init.sh new file mode 100755 index 0000000..cf59e91 --- /dev/null +++ b/init.sh @@ -0,0 +1,4 @@ +#!/bin/sh +htpasswd -bc /etc/squid/squid_passwd "${SQUID_USERNAME}" "${SQUID_PASSWORD}" +chown proxy /proc/self/fd/1 +exec squid3 -N $* diff --git a/squid.conf b/squid.conf new file mode 100644 index 0000000..63be0b0 --- /dev/null +++ b/squid.conf @@ -0,0 +1,27 @@ +cache_log stdio:/dev/stdout +access_log stdio:/dev/stdout +cache_store_log stdio:/dev/stdout + +auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/squid_passwd +acl all src all +acl ncsa_users proxy_auth REQUIRED +acl SSL_ports port 443 # SSL +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 # https +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl Safe_ports port 5190 # ICQ +acl CONNECT method CONNECT + +http_access allow ncsa_users +http_access allow !Safe_ports +http_access allow !SSL_ports +http_access deny all +http_port 3128 +dns_v4_first on