Go to file
Maurizio Porrato 0fd49bbca3
ci/woodpecker/push/lint Pipeline was successful Details
ci/woodpecker/push/docker Pipeline was successful Details
ci/woodpecker/tag/lint Pipeline was successful Details
ci/woodpecker/tag/docker Pipeline was successful Details
Add support for store_id_program
2022-09-29 09:02:32 +01:00
.woodpecker CI: remove awk lint step 2022-09-28 09:02:27 +01:00
.gitignore Basic functionality fully working 2022-08-20 23:06:29 +01:00
Dockerfile Add support for store_id_program 2022-09-29 09:02:32 +01:00
README.md Added README 2022-08-21 10:16:00 +01:00
install-ca.sh Add CA install script 2022-08-21 17:33:06 +01:00
rewrites.yaml Implement merge strategy 2022-09-22 09:16:23 +01:00
run.sh Add support for store_id_program 2022-09-29 09:02:32 +01:00
squid.conf Add support for store_id_program 2022-09-29 09:02:32 +01:00




This container image is meant to be used as a software package caching proxy. It employs the SSL bumping feature built into the Squid web proxy in order to allow caching of files fetched through a TLS connection.

Two volumes can be mounted: one at /var/cache/squid to hold the cached content and one at /certs for generated site certs and CA certificate and key. Specifically, if not provided, the CA key will be automatically created at /certs/ca/key.pem and the CA cert will be /certs/ca/cert.pem. For convenience it is possible to fetch the CA certificate from any proxy client by requesting http://proxy/ca.crt.

The generated site certs will be stored under /certs/ssl_db. Normally there is no need to anything with those files: they are just kept around in order to avoid regenerating certs for sites that have been already visited after restarting the container.

Example usage

To run the container:

docker run -it \
    -p 3128:3128 \
    -v package-cache:/var/cache/squid \
    -v proxy-certs:/certs \
    --rm git.worn.eu/containers/package-cache

To use the package cache from another container:

docker run -it \
    --env http_proxy=http://$PROXY_IP:3128 \
    --env https_proxy=http://$PROXY_IP:3128 \
    --rm alpine sh

For SSL bumping to work we need to trust the proxy's CA, so from within the new container we run:

mkdir -p /usr/local/share/ca-certificates
wget -qO- http://proxy/ca.crt | \
    tee -a /etc/ssl/certs/ca-certificates.crt \
    > /usr/local/share/ca-certificates/proxy.crt
apk add ca-certificates