Build a proxy server with squid with Docker. I'm not doing anything special.
firewall-cmd --add-masquerade --zone=public --permanent
firewall-cmd --reload
Create an image so that it can be reused. Create an appropriate directory to put the Dockerfile and the configuration file.
mkdir -p /opt/docker/proxy
cd /opt/docker/proxy
/opt/docker/proxy/proxy.df
FROM centos:centos8
ENV TZ='Asia/Tokyo'
RUN ln -sf /usr/share/zoneinfo/Asia/Tokyo /etc/localtime ; \
dnf -y update ; dnf install -y squid ; \
sed -i -e "s/http_port 3128/http_port 8080/" /etc/squid/squid.conf ; \
systemctl enable squid ; \
dnf -y install rsyslog ;
COPY rsyslog.conf /etc
CMD [ "/usr/sbin/init" ]
Transfer syslog to a remote location using the module ʻimfile that detects changes in the local log file. The forwarding destination is specified by UDP: 514 to the syslog server created in another entry. Since it belongs to the Docker network ʻinfraserv-network
for network services, it is possible to transfer under the host name syslog
.
/opt/docker/proxy/rsyslog.conf
module(load="imfile")
input(type="imfile"
file="/var/log/squid/access.log"
tag="pseudolog_squid_access_log"
facility="local0"
severity="notice")
:syslogtag, isequal, "pseudolog_squid_access_log" @syslog:514
Once you have created the Dockerfile, build it.
docker build --force-rm -t infraserv:proxy . -f ./proxy.df && \
docker run --cap-add sys_admin --security-opt seccomp:unconfined -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--network infraserv-network -it -d --name proxy --hostname proxy -p 8080:8080 infraserv:proxy
If you get moss with dnf, the following command may work.
# firewall-cmd --add-masquerade --permanent
# firewall-cmd --reload
Check with Diagnosis-kun, etc. http://taruo.net/e/
Recommended Posts