README.md

Squid

Squid Proxy build scripts

What is it

Dockerfile running Squid Proxy (v4.17) & (v5.2) using SSL on an Alpine base image.

http://www.squid-cache.org/Intro/

---

Why you'd use it

http://www.squid-cache.org/Intro/why.html

---

How to use

1. Prerequisites

This setup was tested on Linux Ubuntu.

• Install Docker Engine for Ubuntu
• Git
• Understanding Files & Directories

File/Directory	How to Use
config/	contains squid configuration files. modify or add squid.conf files here More info on Squid configuration examples.
Dockerfile	contains Squid default version, system dependencies, entrypoint
configs	map squid options to their configuration arguments only modify when adding options You can find the index of all options here for Squid4 & here for Squid5
configs_switch	controls which arguments (from configs) are run while configuring & compiling Squid set an option to 1 when you want to use it while compiling Squid, 0 otherwise
configure_squid.sh	bash script functions to download & setup squid, check enabled services from configs_switch, download their dependent packages, and compile Squid with configuration options from configs. if SSL is enabled, then a self-signed certificate is created and the SSL DB is created and cleared. if you'd like to modify certificate details > go to create_cert()
docker-entrypoint.sh	log permissions + keep container running

Note: Make sure you've modified required files before building the docker image. If not, it'll run it's current default: ICAP + SSL enabled configuration for Squid 4.17. You'll still need to modify squid.conf according to your needs. Check our articles below for setups and squid configuration files.

• Understanding placeholders for Docker commands

Placeholders	Usage
{version_number}	Default is 4 for Squid4.17, Modify to 5 for Squid5.4
{host_port_number}	port number of host device ports used in this document are 8080 and 8081
{tag_name}	refers to tags tags used in this document are squid4 & squid5
{container_name}	name assigned to container names used in this document are squid4_proxy & squid5_proxy
{container_id}	you can get the id of a container by running sudo docker ps -a container id's used in this document are d8ddfe0c3670 and 825cc1cdde56

---

2. Setup Environment

2.1. Manual Build

• Clone the project:

  $ git clone https://github.com/egirna/squid.git
  

• Change directory & list all files and directories:

  cd squid & ls
  ## git checkout develop  -> staging version
  
  

• Build Docker image

  sudo docker build --pull --rm -t {tag_name}:latest --build-arg version={version_number} "."
  

  Squid4

  sudo docker build --pull --rm -t squid4:latest "."
  

  Squid5

  sudo docker build --pull --rm -t squid5:latest --build-arg version=5 "."
  

2.2 Dockerhub

• Pull Docker Images

  sudo docker pull shereenfarag/alpine-squid-proxy:{tag_name}
  

  Squid4

  sudo docker pull shereenfarag/alpine-squid-proxy:squid4
  

  Squid5

  sudo docker pull shereenfarag/alpine-squid-proxy:squid5
  

3. Run Squid Container

• Run Docker container on port forwarding

  sudo docker run --name {container_name} -it -d -p {host_port_number}:3128 {tag_name}
  

  Squid4

  sudo docker run --name squid4_proxy -it -d -p 8080:3128 squid4
  

  Squid5

  sudo docker run --name squid5_proxy -it -d -p 8081:3128 squid5
  

• Start Squid in container:

  sudo docker exec -d {container_name} squid
  

  Squid4

  sudo docker exec -d squid4_proxy squid
  

  Squid5

  sudo docker exec -d squid5_proxy squid
  

• Verify your container is running by listing all containers:

  sudo docker ps -a
  

You should be able to see that the status is Up.

CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                                       NAMES
825cc1cdde56   squid5    "/docker-entrypoint.…"   2 minutes ago   Up 2 minutes   0.0.0.0:8081->3128/tcp, :::8081->3128/tcp   squid5_proxy

d8ddfe0c3670   squid4    "/docker-entrypoint.…"   3 seconds ago   Up 2 seconds   0.0.0.0:8080->3128/tcp, :::8080->3128/tcp   squid4_proxy

• Verify Squid is running on your local host

  curl -I http://localhost:{port_number}
  

  Squid4

  curl -I http://localhost:8080
  

  You should be able to see the following response, including Squid's version.

  HTTP/1.1 400 Bad Request
  Server: squid/4.17
  Mime-Version: 1.0
  Date: Thu, 03 Mar 2022 15:11:21 GMT
  Content-Type: text/html;charset=utf-8
  Content-Length: 3509
  X-Squid-Error: ERR_INVALID_URL 0
  Vary: Accept-Language
  Content-Language: en
  X-Cache: MISS from d8ddfe0c3670
  Via: 1.1 d8ddfe0c3670 (squid/4.17)
  Connection: close
  

  Squid5

  curl -I http://localhost:8081
  

  You should be able to see the following response, including Squid's version.

  HTTP/1.1 400 Bad Request
  Server: squid/5.4.1
  Mime-Version: 1.0
  Date: Thu, 03 Mar 2022 14:40:41 GMT
  Content-Type: text/html;charset=utf-8
  Content-Length: 3510
  X-Squid-Error: ERR_INVALID_URL 0
  Vary: Accept-Language
  Content-Language: en
  X-Cache: MISS from 825cc1cdde56
  Via: 1.1 825cc1cdde56 (squid/5.4.1)
  Connection: close
  

• Using SSL & importing self-signed certificate to client browser

  • in your host machine, copy the certificate to your current directory

  sudo docker cp {container_name}:/etc/squid/cert/ca_cert.der .
  

  Squid4

  sudo docker cp squid4_proxy:/etc/squid/cert/ca_cert.der .
  

  Squid5

  sudo docker cp squid5_proxy:/etc/squid/cert/ca_cert.der .
  

  • to import on Firefox:

    • settings > search for certificates > view certificates button > you should be able to see the certificates manager > click on Import

    

    • you'll be prompted the following when you choose your certificate > trust to identify websites and email users.

    

    • in settings > search for proxy > input manual proxy data & enable for HTTPS

      

• To check certificate data in browser

  • navigate to an HTTPS based website
  • click on the lock in the address bar

  

  • you should be able to see the data for Verified by: as Organization (O) or Organization Unit (OU) modified in configure squid script

  

  • view certificate should show you the subject name as per configure squid script

  

• Access container terminal for logs

sudo docker exec -it {container_id} /bin/ash

Squid4

sudo docker exec -it d8ddfe0c3670 /bin/ash

Squid5

sudo docker exec -it 825cc1cdde56 /bin/ash

• For debug and error messages generated by Squid:

tail -f /var/log/squid/cache.log

For key information about HTTP transactions [client IP address (or hostname), requested URI, response size, etc.]:

tail -f /var/log/squid/access.log

• Run squid with different squid.conf

  • if you've created the file inside the docker image, using vi editor, then run:

  squid -f /path/to/newsquid
  

  • if you've modified squid.conf inside the docker image, using vi editor, then run:

  squid -k reconfigure
  

  • if you've modified a squid.conf. file in the repository folder configs, after build the docker image, then run:

  sudo docker cp foo.txt container_id:/foo.txt
  

  Squid4

  sudo docker cp config/squid.conf d8ddfe0c3670:/etc/squid/squid.conf
  

  Squid5

  sudo docker cp config/squid.conf 825cc1cdde56:/etc/squid/squid.conf
  

• reconfigure squid

  sudo docker exec -d {container_name} squid -k reconfigure
  

  Squid4

  sudo docker exec -d squid4_proxy squid -k reconfigure
  

  Squid5

  sudo docker exec -d squid5_proxy squid -k reconfigure
  

Demo Video

Squid Articles

• Allowing & Blocking Websites with Squid
• Basic Authentication with Squid
• ICAP + SSL Squid v4.17 Setup
• ICAP + SSL Squid v5 Setup

todo

• pipeline: build & push image to dockerhub