123 lines
5.8 KiB
Docker
123 lines
5.8 KiB
Docker
FROM debian:buster
|
|
|
|
ENV SQUID_CACHE_DIR=/var/spool/squid \
|
|
SQUID_LOG_DIR=/var/log/squid \
|
|
SQUID_USER=proxy \
|
|
|
|
WORKDIR /tmp
|
|
|
|
RUN apt-get update && apt-get --no-install-recommends -y build-dep squid && apt-get install --no-install-recommends -y wget tar xz-utils libssl-dev libssl1.1 \
|
|
&& mkdir squid && wget http://www.squid-cache.org/Versions/v4/$SQUID_VERSION.tar.gz \
|
|
&& tar -C squid --strip-components=1 -xvf $SQUID_VERSION \
|
|
&& cd squid \
|
|
&& ./configure \
|
|
--prefix=/usr \
|
|
--datadir=/usr/share \
|
|
--build=x86_64-linux-gnu \
|
|
--enable-cache-digests \
|
|
--includedir=/usr/include \
|
|
--program-prefix= \
|
|
--libdir=/usr/lib \
|
|
--libexecdir=/usr/lib/squid \
|
|
--localstatedir=/var \
|
|
--sharedstatedir=/usr/com \
|
|
--mandir=/usr/share/man \
|
|
--infodir=/usr/share/info \
|
|
--enable-icap-client \
|
|
--enable-icap-support \
|
|
--enable-async-io \
|
|
--with-pthreads \
|
|
--bindir=/usr/sbin \
|
|
--sbindir=/usr/sbin \
|
|
--with-squid=/usr/lib/squid \
|
|
--disable-ipv6 \
|
|
--enable-ltdl-convenience \
|
|
--disable-ident-lookups \
|
|
--enable-http-violations \
|
|
build_alias="x86_64-linux-gnu" \
|
|
CFLAGS="-g -O2 -g -Wall -O2" \
|
|
LDFLAGS= \
|
|
CPPFLAGS= \
|
|
CXXFLAGS="-g -O2 -g -Wall -O2" \
|
|
--without-netfilter-conntrack \
|
|
--disable-arch-native \
|
|
--enable-follow-x-forwarded-for \
|
|
--enable-ssl \
|
|
--enable-ssl-crtd \
|
|
--with-openssl \
|
|
--enable-storeio="aufs,diskd,ufs" \
|
|
--exec-prefix=/usr \
|
|
--enable-auth-basic="LDAP" \
|
|
--enable-auth-digest="LDAP" \
|
|
--enable-auth-ntlm \
|
|
--enable-auth-negotiate \
|
|
--with-krb5-config=no \
|
|
--without-mit-krb5 \
|
|
--enable-icap-client \
|
|
--sysconfdir=/etc/squid \
|
|
--with-filedescriptors=48000 \
|
|
--enable-delay-pools \
|
|
--with-large-files \
|
|
--enable-removal-policies="lru,heap" \
|
|
&& make \
|
|
# Instal
|
|
&& cd /tmp/squid && apt-get install --no-install-recommends -y libxml2 ca-certificates \
|
|
&& adduser --no-create-home --uid 1161 --group --system squid \
|
|
&& mkdir -p /usr/lib/squid/errors/French \
|
|
&& mkdir -p /usr/lib/squid/icons \
|
|
&& mkdir /etc/squid/ \
|
|
&& mkdir -p /var/spool/squid \
|
|
&& mkdir -p /var/log/squid \
|
|
&& cp src/auth/basic/LDAP/basic_ldap_auth /usr/lib/squid/ \
|
|
&& cp src/auth/digest/LDAP/digest_ldap_auth /usr/lib/squid/ \
|
|
&& cp src/log/DB/log_db_daemon /usr/lib/squid/ \
|
|
&& cp src/log/file/log_file_daemon /usr/lib/squid/ \
|
|
&& cp src/unlinkd /usr/lib/squid/ \
|
|
&& cp src/http/url_rewriters/LFS/url_lfs_rewrite /usr/lib/squid/ \
|
|
&& cp src/http/url_rewriters/fake/url_fake_rewrite /usr/lib/squid/ \
|
|
&& cp src/http/url_rewriters/fake/url_fake_rewrite.sh /usr/lib/squid/ \
|
|
&& cp src/mime.conf.default /usr/lib/squid/ \
|
|
&& cp src/security/cert_validators/fake/security_fake_certverify /usr/lib/squid/ \
|
|
&& cp src/security/cert_generators/file/security_file_certgen /usr/lib/squid/ \
|
|
&& cp src/acl/external/delayer/ext_delayer_acl /usr/lib/squid/ \
|
|
&& cp src/acl/external/SQL_session/ext_sql_session_acl /usr/lib/squid/ \
|
|
&& cp src/acl/external/wbinfo_group/ext_wbinfo_group_acl /usr/lib/squid/ \
|
|
&& cp src/acl/external/LDAP_group/ext_ldap_group_acl /usr/lib/squid/ \
|
|
&& cp src/acl/external/eDirectory_userip/ext_edirectory_userip_acl /usr/lib/squid/ \
|
|
&& cp src/acl/external/unix_group/ext_unix_group_acl /usr/lib/squid/ \
|
|
&& cp src/store/id_rewriters/file/storeid_file_rewrite /usr/lib/squid/ \
|
|
&& cp src/DiskIO/DiskDaemon/diskd /usr/lib/squid/ \
|
|
&& cp -r icons/silk/ /usr/lib/squid/icons/silk/ \
|
|
&& cp icons/*.png /usr/lib/squid/icons/ \
|
|
# Audit de secu 05-03-2020 : on enleve les reference au MI et a squid dans les pages d'erreur
|
|
&& sed -i "s/Générée le %T par %h (%s)/Générée le %T par %h/g" errors/fr/* \
|
|
&& sed -i 's/Votre administrateur proxy est <a href="mailto:%w%W">%w<\/a>/Veuillez contacter le support SSI/g' errors/fr/* \
|
|
&& sed -i "/SN.png/d" errors/errorpage.css \
|
|
&& sed -i "s/background: url('http:\/\/www.squid-cache.org\/Artwork\/SN.png') no-repeat left;/\/\* background: url('http:\/\/www.squid-cache.org\/Artwork\/SN.png') no-repeat left; \*\//g" errors/errorpage.css \
|
|
&& cp errors/fr/* /usr/lib/squid/errors/French/ \
|
|
&& cp errors/errorpage.css /etc/squid \
|
|
&& cp src/squid /usr/sbin/ \
|
|
&& cp tools/squidclient/squidclient /usr/sbin/ \
|
|
&& cp src/mime.conf.default /etc/squid/mime.conf \
|
|
&& cp tools/systemd/squid.service /lib/systemd/system/ \
|
|
&& chown -Rf squid /etc/squid \
|
|
&& chown -Rf squid /usr/lib/squid \
|
|
&& chown -Rf squid /var/log/squid \
|
|
&& chown -Rf squid /var/spool/squid \
|
|
&& rm /etc/localtime \
|
|
&& ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime \
|
|
# Clean
|
|
&& apt-get remove -y --purge libssl-dev wget make gcc g++ xz-utils libldap2-dev libpam0g-dev libdb-dev cdbs libsasl2-dev debhelper libcppunit-dev libkrb5-dev comerr-dev libcap2-dev libecap3-dev libexpat1-dev libxml2-dev autotools-dev libltdl-dev dpkg-dev pkg-config libnetfilter-conntrack-dev nettle-dev libgnutls28-dev lsb-release libldap2-dev libpam0g-dev libdb-dev cdbs libsasl2-dev debhelper libcppunit-dev libkrb5-dev comerr-dev libcap2-dev libecap3-dev libexpat1-dev libxml2-dev autotools-dev libltdl-dev dpkg-dev pkg-config libnetfilter-conntrack-dev nettle-dev libgnutls28-dev lsb-release \
|
|
&& apt-get auto-remove -y && apt-get clean autoclean \
|
|
# Remove for first layer
|
|
&& rm -rf /var/lib/apt/lists/* && rm -Rf /tmp/* && rm -Rf /var/cache/*
|
|
# Packages dependencies installation for running and clean again
|
|
RUN apt-get update && apt-get install -y --no-install-recommends net-tools rsync libexpat1 libltdl7 libxml2 openssl ca-certificates libldap-2.4-2 libecap3 libdb5.3 libatomic1 \
|
|
&& rm -rf /var/lib/apt/lists/* && rm -Rf /tmp/*
|
|
|
|
RUN chmod +x /run.sh && rm /etc/localtime
|
|
HEALTHCHECK CMD squidclient -p 3128 || exit 1
|
|
EXPOSE 3128
|
|
ENTRYPOINT ["/run.sh"]
|
|
|