A squid docker image based on debians slim releases with ssl support.
So you should be able to listen on http and https ports.
| Docker-Tag | Branch | Debian Version | Squid Version | Status |
|---|---|---|---|---|
| stretch | stretch | Stretch (9) | 3.5 | Discontinued |
| buster | buster | Buster (10) | 4.6 | Active |
| bullseye | bullseye | Bullseye (11) | 4.13 | Active |
| bookworm | bookworm | Bookworm (12) | >= 5.2 | Active |
| latest | master | Sid | >= 5.2 | Active |
Thanks to the awesome work of balenalib (GIT: qemu-execve / resin-xbuild),
I was able to cross build this image for arm and aarch64.
In order to download this image for other architechtures just use this tags-scheme:
distahl/<Docker-Tag>-x86
distahl/<Docker-Tag>-armv5
distahl/<Docker-Tag>-armv7hf
distahl/<Docker-Tag>-arm64v8
Please note:
There is no <Docker-Tag>-amd64, because this is the default if you only use <Docker-Tag>
docker build \
-t squid . \
-f <Dockerfile>
docker create \
--name squid \
-e TZ=Europe/London \
-e PROXY_UID=13 \
-e PROXY_GID=13 \
-v SomePath:/etc/squid \
-v SomePath:/var/log/squid \
-v SomePath:/var/spool/squid \
-p 3128:3128 \
-p 3129:3129 \
distahl/squid
If you have build the image yourself, switch the last line from distahl/squid to squid.
| Variable | Default | Description |
|---|---|---|
| TS | Europe/London | The timezone to use. |
| PROXY_UID | 13 | The user id to use for the squid process. |
| PROXY_GID | 13 | The group id to use for the squid process. |
| Volume | Description |
|---|---|
| /etc/squid | The configuration directory. If no squid.conf file is found inside this directory, then the default files will be copied into this directory on docker start. |
| /var/log/squid | The directory where you can find logfiles. |
| /var/spool/squid | By default, this is used for core dumps and cache |
| Port | Description |
|---|---|
| 3128 | HTTP Port |
| 3129 | HTTPS Port |
On first start, if there is no ssl directory and squid.conf file found inside /etc/squid, this image will create the ssl directory and adds a selfsigned certificate. Among the certificate you will find a .pfxfile, which can be imported by Windows to make it trusted. The pfx behaviour is working for Chrome based Browsers, but not for Firefox. In Firefox, just add an exception using the settings.
If you want to customize the selfsigned cert to match your domain/host, then add a file called ssl-selfsigned.conf to /etc/squid. This way the openssl command will use your config to create certificates on startup. But this will only happen if there is no /etc/squid/ssl directory and also no /etc/squid/squid.conf file.
Of course you can also add your own (official) certificates into ssl directory and point to them using the config files, which should be best pratice.