반응형
    
    
    
  Squid를 Docker 컨테이너로 실행하는 방법
1. Docker 설치
Docker를 설치해야 합니다.
2. Squid Docker 이미지 다운로드
Docker Hub에서 Squid의 공식 이미지를 다운로드하실 수 있습니다.
- docker hub

3. docker compose 파일 생성
vim docker-compose.yamlversion: '3.9'
services:
  squid-container:
    image: ubuntu/squid:5.2-22.04_beta
    restart: always
    container_name: squid-container
    volumes:
      - ./squid.conf:/etc/squid/squid.conf
    ports:
      - 8080:31284. Squid 환경 설정 파일
Squid 컨테이너를 실행하기 위해서는 몇 가지 환경 변수와 포트 매핑을 설정해야 합니다.
cat squid.confacl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16         # RFC 1918 local private network (LAN)
acl localnet src fc00::/7               # RFC 4193 local private network range
acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*.conf
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern .               0       20%     4320/etc/squid/conf.d/*.conf
더보기
---
$ cat conf.d/debian.conf#
# Squid configuration settings for Debian
#
# Logs are managed by logrotate on Debian
logfile_rotate 0
# For extra security Debian packages only allow
# localhost to use the proxy on new installs
#
http_access allow localnet$ cat conf.d/rock.conf# Set max_filedescriptors to avoid using system's RLIMIT_NOFILE. See LP: #1978272
max_filedescriptors 1024---
squid 운영을 위한 설정
docker compose 파일 편집
vim docker-compose.yamlversion: '3.9'
services:
  squid-container:
    image: ubuntu/squid:5.2-22.04_beta
    restart: always
    container_name: squid-container
    volumes:
      - ./squid.conf:/etc/squid/squid.conf
      - ./domains.list:/etc/squid/domains.txt
      - ./ips.list:/etc/squid/ips.txt
      - ./log:/var/log/squid
    ports:
      - 8080:3128Squid 환경 설정 파일 편집
vim squid.conf# Access Control Lists (ACLs)
acl aws_vpc_cidr src 172.16.0.0/16
acl idc_cidr src 192.168.50.0/24
acl idc_cidr src 192.168.20.0/24
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# 특정 IP 주소 또는 도메인 허용
acl allow_ip dst "/etc/squid/ips.txt"
acl allow_domain dstdomain "/etc/squid/domains.txt"
http_access allow aws_vpc_cidr allow_ip
http_access allow aws_vpc_cidr allow_domain
http_access allow idc_cidr allow_ip
http_access allow idc_cidr allow_domain
# Deny all other connections
http_access deny all
# Port Configuration
http_port 3128
# Log Configuration
access_log daemon:/var/log/squid/access.log
# Cache Configuration
cache_mem 512 MB
maximum_object_size 128 MB
cache_dir ufs /var/spool/squid 10000 16 256
# Refresh Patterns
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern . 0 20% 4320
# via version off
via off
# Server version off
httpd_suppress_version_string on
reply_header_access Server deny all
# Cache version off
reply_header_access X-Cache deny all
reply_header_access X-Cache-Lookup deny all도메인 리스트 파일 생성
vim domains.list.ubuntu.com
.naver.com아이피 주소 리스트 파일 생성
vim ips.list27.0.236.139Squid log 디렉토리 생성
mkdir logSquid log의 소유권 설정
chown 13.13 logdocker compose 유효성 검사
docker-compose configdocker compose 실행
docker-compose up -ddocker compose 컨테이너 목록 확인
docker-compose ps$ docker-compose ps
     Name                    Command               State           Ports         
---------------------------------------------------------------------------------
squid-container   entrypoint.sh -f /etc/squi ...   Up      0.0.0.0:8080->3128/tcpdocker-compose exec squid-container bash
728x90
    
    
  반응형
    
    
    
  '리눅스' 카테고리의 다른 글
| 우분투에서 Chrony를 설치하고 설정하는 방법 (0) | 2023.05.15 | 
|---|---|
| 우분투에서 Squid 및 Webmin을 설치하는 방법 (0) | 2023.05.14 | 
| 리눅스에서 프록시를 지정하는 방법 (0) | 2023.05.12 | 
| docker proxy 설정하는 방법(환경 변수 구성) (0) | 2023.05.11 | 
| nginx와 php-fpm을 사용하는 경우 *.html 파일에서도 PHP 코드를 실행하도록 설정하는 방법 (0) | 2023.05.09 | 
 
                  
                 
                  
                 
                  
                