Docker containers contain their own OS and environment and dependencies and all inside the container. It doesn't need to match the host OS. Kernel is the main thing shared between the container and the host.
Keen to know who is running Squid in a Docker container on their Pi 4 via LE 10 and, if so, which particular flavour / release from which repository.
So far, all the trusted container images I've found are based on Ubuntu or similar Linux for arm64, so I can't use them.
Thanks
If you want to find a squid docker container that works on ARM devices try this link https://hub.docker.com/search?q=squid…rchitecture=arm
Docker containers contain their own OS and environment and dependencies and all inside the container. It doesn't need to match the host OS. Kernel is the main thing shared between the container and the host.
Umm, but that doesn't answer the question I asked, it's just a statement about the nature of Docker containers.... which I already know.
If you personally are running Squid as a container in Docker in LE 10 on a Pi4, then please advise which image you personally are using.
If you want to find a squid docker container that works on ARM devices try this link https://hub.docker.com/search?q=squid…rchitecture=arm
Are you personally using any of those particular container images on your Docker on your Pi4, as per my question, or are you just giving me a link to all Arm based Squid images in Docker hub, which I already know about? Also, none of those images comes from what I consider to be a trusted or verified source, hence why I don't want to use them.
I don't know what you are looking for:
1.- I don't use RPi, I use x86_64
2.- b4tman/squid for ARM seems popular and reliable to me, just look at the dockerfile on github, it does not have any type of deception:
FROM alpine:3.15.4 as build
ENV SQUID_VER 5.5
RUN set -x && \
apk add --no-cache \
gcc \
g++ \
libc-dev \
curl \
gnupg \
libressl-dev \
perl-dev \
autoconf \
automake \
make \
pkgconfig \
heimdal-dev \
libtool \
libcap-dev \
linux-headers
RUN set -x && \
mkdir -p /tmp/build && \
cd /tmp/build && \
curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \
curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc
COPY squid-keys.asc /tmp
RUN set -x && \
cd /tmp/build && \
export GNUPGHOME="$(mktemp -d)" && \
gpg --import /tmp/squid-keys.asc && \
gpg --batch --verify squid-${SQUID_VER}.tar.gz.asc squid-${SQUID_VER}.tar.gz && \
rm -rf "$GNUPGHOME"
RUN set -x && \
cd /tmp/build && \
tar --strip 1 -xzf squid-${SQUID_VER}.tar.gz && \
\
CFLAGS="-g0 -O2" \
CXXFLAGS="-g0 -O2" \
LDFLAGS="-s" \
\
./configure \
--build="$(uname -m)" \
--host="$(uname -m)" \
--prefix=/usr \
--datadir=/usr/share/squid \
--sysconfdir=/etc/squid \
--libexecdir=/usr/lib/squid \
--localstatedir=/var \
--with-logdir=/var/log/squid \
--disable-strict-error-checking \
--disable-arch-native \
--enable-removal-policies="lru,heap" \
--enable-auth-digest \
--enable-auth-basic="getpwnam,NCSA,DB" \
--enable-basic-auth-helpers="DB" \
--enable-epoll \
--enable-external-acl-helpers="file_userip,unix_group,wbinfo_group" \
--enable-auth-ntlm="fake" \
--enable-auth-negotiate="kerberos,wrapper" \
--enable-silent-rules \
--disable-mit \
--enable-heimdal \
--enable-delay-pools \
--enable-arp-acl \
--enable-openssl \
--enable-ssl-crtd \
--enable-security-cert-generators="file" \
--enable-ident-lookups \
--enable-useragent-log \
--enable-cache-digests \
--enable-referer-log \
--enable-async-io \
--enable-truncate \
--enable-arp-acl \
--enable-htcp \
--enable-carp \
--enable-epoll \
--enable-follow-x-forwarded-for \
--enable-storeio="diskd rock" \
--enable-ipv6 \
--enable-translation \
--disable-snmp \
--disable-dependency-tracking \
--with-large-files \
--with-default-user=squid \
--with-openssl \
--with-pidfile=/var/run/squid/squid.pid
# fix build
RUN set -x && \
mkdir -p /tmp/build/tools/squidclient/tests && \
mkdir -p /tmp/build/tools/tests
RUN set -x && \
cd /tmp/build && \
nproc=$(n=$(nproc) ; max_n=6 ; [ $n -le $max_n ] && echo $n echo $max_n) && \
make -j $nproc && \
make install && \
cd tools/squidclient && make && make install-strip
RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf
RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf
FROM alpine:3.15.4
ENV SQUID_CONFIG_FILE /etc/squid/squid.conf
ENV TZ Europe/Moscow
RUN set -x && \
deluser squid 2>/dev/null; delgroup squid 2>/dev/null; \
addgroup -S squid -g 3128 && adduser -S -u 3128 -G squid -g squid -H -D -s /bin/false -h /var/cache/squid squid
RUN apk add --no-cache \
libstdc++ \
heimdal-libs \
libcap \
libressl3.4-libcrypto \
libressl3.4-libssl \
libltdl
COPY --from=build /etc/squid/ /etc/squid/
COPY --from=build /usr/lib/squid/ /usr/lib/squid/
COPY --from=build /usr/share/squid/ /usr/share/squid/
COPY --from=build /usr/sbin/squid /usr/sbin/squid
COPY --from=build /usr/bin/squidclient /usr/bin/squidclient
RUN install -d -o squid -g squid \
/var/cache/squid \
/var/log/squid \
/var/run/squid && \
chmod +x /usr/lib/squid/*
RUN install -d -m 755 -o squid -g squid \
/etc/squid/conf.d \
/etc/squid/conf.d.tail
RUN touch /etc/squid/conf.d/placeholder.conf
COPY squid-log.conf /etc/squid/conf.d.tail/
RUN set -x && \
apk add --no-cache --virtual .tz alpine-conf tzdata && \
/sbin/setup-timezone -z $TZ && \
apk del .tz
VOLUME ["/var/cache/squid"]
EXPOSE 3128/tcp
USER squid
CMD ["sh", "-c", "/usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -z && exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -YCd 1"]
b4tman/squid for ARM seems popular and reliable to me, just look at the dockerfile on github, it does not have any type of deception:
Reading through the docker build files was something I was hoping to avoid, as I don't know what quite a few of the included packages and libraries are for without doing further research to assure myself they're trustworthy. I also want to find if others have used specific pre-built containers and found any discernable performance differences.
Maybe I'm just try to cheat too much and should do more of the investigation work myself?
