• 採用 ubuntu/squid 版本

  vi docker-compose.yml

  services:
    squid:
      image: ubuntu/squid:latest
      hostname: squid
      container_name: squid
      environment: 
        - TZ=Asia/Taipei
      ports:
        - 3128:3128
      # volumes:
      #   - './conf/squid.conf:/etc/squid/squid.conf:ro'
      #   - './conf/passwords:/etc/squid/passwords:ro'
      restart: always

  docker compose up -d

1. 將 squid.conf 掛出來進行後續設定編輯

   mkdir -p conf
   docker cp squid:/etc/squid/squid.conf ./conf/

2. 修改 docker-compose.yml

   services:
     squid:
       image: ubuntu/squid:latest
       hostname: squid
       container_name: squid
       environment:
         - TZ=Asia/Taipei
       ports:
         - 3128:3128
       volumes:
         - './conf/squid.conf:/etc/squid/squid.conf:ro'
       #   - './conf/passwords:/etc/squid/passwords:ro'
       restart: always

3. 修改 squid.conf

   vi ./conf/squid.conf

   :
   acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines
   
   acl SSL_ports port 443 8006
   acl Safe_ports port 8006        # PVE manager
   acl Safe_ports port 80          # http
   acl Safe_ports port 21          # ftp
   acl Safe_ports port 443         # https
   :
   # For example, to allow access from your local networks, you may uncomment the
   # following rule (and/or add rules that match your definition of "local"):
   http_access allow localnet
   :

• 重新啟動 docker compose

  docker compose restart

• 參考 - https://stackoverflow.com/questions/74014600/custom-etc-hosts-file-in-dockerfile

1. 將 docker-compose.yml 內加上 extra_hosts:
2. 加上要指定的 hostname 與 IP 資訊 Exp. “www.ichiayi.com:192.168.11.133” “web.ichiayi.com:192.168.11.134”
3. 範例如下:

   services:
     squid:
       image: ubuntu/squid:latest
       hostname: squid
       container_name: squid
       environment:
         - TZ=Asia/Taipei
       extra_hosts:
         - "www.ichiayi.com:192.168.11.133" 
         - "web.ichiayi.com:192.168.11.134"
       ports:
         - 3128:3128
       volumes:
         - './conf/squid.conf:/etc/squid/squid.conf:ro'
       #   - './conf/passwords:/etc/squid/passwords:ro'
       restart: always

4. 重啟 docker compose

   docker compose up -d

以下是在 CentOS 7 與 Ubuntu 20.04 底下安裝與設定 Squid Proxy Server

sudo -i
apt install squid
apt list -a squid

root@iiidevops1:~# apt list -a squid
Listing... Done
squid/focal-updates,focal-security,now 4.10-1ubuntu1.2 amd64 [installed]
squid/focal 4.10-1ubuntu1 amd64

su - root
yum install -y squid httpd-tools

[root@ct-squid ~]# rpm -q squid
squid-3.5.20-12.el7.x86_64

• 允許 ftp 的 Proxy 功能
• 允許 https 使用 port 7443 的 SSL Proxy 功能
• 允許 Google Talk 使用 port 5222 的 http Proxy 功能
• 假設指定只有 來自 61.67.71.0/24 與 220.130.131.238 的 IP 範圍才可以使用
• 允許接受 SVN 的延伸指令 REPORT MERGE MKACTIVITY CHECKOUT

vi /etc/squid/squid.conf

:
ftp_user [email protected]
:
acl SSL_ports port 443 7443
:
acl Safe_ports port 443		# https
acl Safe_ports port 7443	# https-g2b2c
acl Safe_ports port 5222	# GoogleTalk
:
acl our_networks src 61.67.71.0/24 220.130.131.238/32
http_access allow our_networks
:

• 如果要讓所有的 IP (公開的 proxy) 都可存取, 可以增加以下的設定

  :
  # all networks
  acl all_networks src all
  :
  # allow all
  http_access allow all_networks
  
  # And finally deny all other access to this proxy
  :

• 如果需要設定 Proxy 使用者的帳號密碼, 就執行以下這部分

  vi /etc/squid/squid.conf

  :
  auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
  :
  acl password proxy_auth REQUIRED
  http_access allow password
  :

• 第一次建立帳號

  htpasswd -c /etc/squid/passwd jonathan

• 之後建立帳號或修改密碼

  htpasswd /etc/squid/passwd tryweb

systemctl restart squid.service
systemctl enable squid.service

• http://spyker729.blogspot.com/2011/01/ubuntusquid-proxy-server.html
• https://hub.docker.com/r/ubuntu/squid
• https://www.gushiciku.cn/pl/pXRg/zh-tw