Update squid version and fix little bugs (#7)

neutron-ah · Iliya Polyakov · web-flow · commit aaa8e606c6d2 · 2020-08-28T10:19:17.000+10:00
* update build

* fix security_file_certgen option

* fix sources.list generate

* fix ssl_bump rule

* add install nano

Co-authored-by: Iliya Polyakov &lt;iliya.polyakov@taskdata.ru&gt;
diff --git a/docker-squid/Dockerfile b/docker-squid/Dockerfile
@@ -10,16 +10,16 @@ RUN if [ ! -z "$TRUST_CERT" ]; then \
     fi
 
 # Normalize apt sources
-RUN cat /etc/apt/sources.list | grep -v '^#' | sed /^$/d | sort | uniq > sources.tmp.1 && \
-    cat /etc/apt/sources.list | sed s/deb\ /deb-src\ /g | grep -v '^#' | sed /^$/d | sort | uniq > sources.tmp.2 && \
-    cat sources.tmp.1 sources.tmp.2 > /etc/apt/sources.list && \
+RUN cat /etc/apt/sources.list | grep -v '^#' | sed /^$/d > sources.tmp.1 && \
+    cat /etc/apt/sources.list | sed s/deb\ /deb-src\ /g | grep -v '^#' | sed /^$/d > sources.tmp.2 && \
+    cat sources.tmp.1 sources.tmp.2 | sort -u > /etc/apt/sources.list && \
     rm -f sources.tmp.1 sources.tmp.2
 
 RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get build-dep -y squid && \
-    DEBIAN_FRONTEND=noninteractive apt-get install -y wget tar xz-utils libssl-dev
+    DEBIAN_FRONTEND=noninteractive apt-get install -y wget tar xz-utils libssl-dev nano
 
-ARG SQUID_VERSION=4.0.21
+ARG SQUID_VERSION=4.0.25
 
 # TODO: verify the squid download with the signing key
 RUN mkdir /src \
@@ -64,7 +64,8 @@ RUN cd /src/squid && \
 		--with-filedescriptors=65536 \
 		--with-large-files \
 		--with-default-user=proxy \
-        	--disable-arch-native
+        --disable-arch-native \
+        --disable-ipv6
 		
 ARG CONCURRENCY=1
 
diff --git a/docker-squid/squid.bsh b/docker-squid/squid.bsh
@@ -38,7 +38,7 @@ chown proxy: /dev/stdout
 chown proxy: /dev/stderr
 
 # Initialize the certificates database
-/usr/libexec/security_file_certgen -c -s /var/spool/squid4/ssl_db
+/usr/libexec/security_file_certgen -c -s /var/spool/squid4/ssl_db -M 4MB
 chown -R proxy: /var/spool/squid4/ssl_db
 
 #ssl_crtd -c -s
diff --git a/docker-squid/squid.conf.p2 b/docker-squid/squid.conf.p2
@@ -30,7 +30,7 @@ http_port {{HTTP_PORT}} {% if MITM_PROXY|default:"" == "yes" %} ssl-bump \
 {% endif %}
 
 {% if MITM_PROXY|default:"" == "yes" %}
-ssl_bump server-first all
+ssl_bump bump all
 {% endif %}
 
 {% if ICP_PORT|default:"" != "" %}
