Comments (14)
Hi!
To fix that, you can add the 'sudo' package, and then add the 'squid' user to sudoers whith this:
echo -e "Defaults:squid !requiretty" > /etc/sudoers.d/squid
echo -e "squid ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/squid
Then, add 'USER squid' label just before the ENTRYPOINT label and modify the 'ENTRIPOINT command' to be executed with 'sudo'.
With this, the '/dev/stdout', '/dev/stderr' and '/dev/stdin' will be created with the 'squid' user. The squid father-process will run as 'root' user, and its child-processes as 'squid' user; being thus, they will be able to write in '/dev/stdout', '/dev/stderr' and '/dev/stdin'.
The last thing that you need to do is add the followings lines to the 'squid.conf' to redirect the logs to the '/dev/stdout':
logfile_rotate 0
cache_log stdio:/dev/stdout
access_log stdio:/dev/stdout
cache_store_log stdio:/dev/stdout
If you need an example, please use this repo https://github.com/mgvazquez/docker-squid-proxy
I hope it has been helpfull.
Sorry for my limited English.
from docker-squid.
Use tail with the retry option and run it in the background. I put these two lines in a script that supervisord
calls.
tail -vn 0 -F /var/log/squid/access.log /var/log/squid/cache.log &
/usr/sbin/squid -f /etc/squid/squid.conf -N
If you are using bash you can simplify tail:
tail -vn 0 -F /var/log/squid/{cache,access}.log &
from docker-squid.
If you are working in Kubernetes, you can also run a parallel container in a pod containing squid container. This container will tail these (/var/log/squid/{cache,access}.log or any other) logs on its stdout.
---
kind: Pod
apiVersion: v1
metadata:
name: squid-proxy
labels:
app: squid
spec:
volumes:
- name: log-dir
emptyDir: {}
containers:
- name: squid
image: scbunn/squid:latest
volumeMounts:
- name: log-dir
mountPath: "/var/log/squid/"
- name: tailer
image: busybox
command:
- "/bin/sh"
- "-c"
args:
- tail -F /var/log/squid/access.log
volumeMounts:
- name: log-dir
mountPath: "/var/log/squid/"
from docker-squid.
Hi,
This issue is a bit outdated but another trick is to simply use /proc/self/fd/1
instead of sudo and redirecting things to /dev
.
A lot is going on in /proc
, and /proc/self
expose a couple of interesting things regarding the current process. In this case, /proc/self/fd/0
is stdin for this process, 1 is stdout, and 2 is stderr.
from docker-squid.
USER proxy
worked for me on debian:buster-slim
based image.
I had to create, chown, and set the pid folder first though, to avoid the initialization crashing on default pid path owned by root:
RUN mkdir -p /run/squid \
&& chown proxy:proxy /run/squid \
&& echo 'pid_filename /var/run/squid/squid.pid' >> /etc/squid/squid.conf
USER proxy
from docker-squid.
I don't use squid anymore, but it worked. This was in my conf file :
logfile_rotate 0
access_log stdio:/proc/self/fd/1
And add the container launch as squid :
USER squid
ENTRYPOINT ["squid", "-N", "-d", "1"]
Be sure to have the related conf file to be readable by the squid user.
from docker-squid.
Pretty old issue, but I've found myself in the same waters, and I came up with a different solution:
- First we add in our Dockerfile the
proxy
user to thetty
group to be able to write tostdout
(squid has already been installed, and the userproxy
has been created)
RUN usermod -a -G tty proxy
- Then we add the following configuration to
squid.cfg
. I write directly to/dev/tty
instead of/dev/stdout
because I found that thatstdout
actually redirects to a different/dev/tty
depending on the user
logfile_rotate 0
cache_log stdio:/dev/tty
access_log stdio:/dev/tty
cache_store_log stdio:/dev/tty
from docker-squid.
Does not seem to work: (also tried fd/1)
2019/04/15 17:16:05| Logfile: opening log stdio:/proc/self/fd/2
2019/04/15 17:16:05| storeDirWriteCleanLogs: Starting...
2019/04/15 17:16:05| Finished. Wrote 0 entries.
2019/04/15 17:16:05| Took 0.00 seconds ( 0.00 entries/sec).
2019/04/15 17:16:05| FATAL: Cannot open '/proc/self/fd/2' for writing.
The parent directory must be writeable by the
user 'squid', which is the cache_effective_user
set in squid.conf.
2019/04/15 17:16:05| Squid Cache (Version 4.4): Terminated abnormally.
But using USER
works (#5 (comment)).
from docker-squid.
I don't use squid anymore, but it worked.
For others that have gone down this path I want to explain why squid probably wasn't able to write to /dev/stdout
When squid is run as the squid user, writing directly to /dev/stdout
or /proc/self/fd/1
shouldn't be possible.
http://www.squid-cache.org/mail-archive/squid-users/200509/0507.html
Linux denies access to /proc/self/fd/ for processes who have assumed another userid
More information on proc
: https://manpages.debian.org/stretch/manpages/proc.5.en.html
from docker-squid.
symlinking /var/log/squid/*.log to /dev/(stdout|stderr) will not work because writing to logs happens with the squid user
from docker-squid.
This issue is a bit outdated but another trick is to simply use
/proc/self/fd/1
instead of sudo and redirecting things to/dev
.A lot is going on in
/proc
, and/proc/self
expose a couple of interesting things regarding the current process. In this case,/proc/self/fd/0
is stdin for this process, 1 is stdout, and 2 is stderr.
I tried this but was not able to make it work, I think because it looks like squid closes all FDs as root and then forks to the user squid. If I am doing something wrong, would love if someone could point it out because I'm not thrilled with the sudo solution, though that does work in the meantime.
from docker-squid.
logfile_rotate 0 cache_log stdio:/dev/stdout access_log stdio:/dev/stdout cache_store_log stdio:/dev/stdout
One other point of note is that if you run the container as the "proxy" user (the user squid suid's to) then this works without any sudo needed.
from docker-squid.
Hi all, I am facing an issue when run the squid container. kindly help me who to fix this
error message
docker file
entrypoint.sh file
[root@ip-192-168-4-198 devops]# cat entrypoint.sh
#!/bin/bash
set -e
#Run confd to render config file(s)
CONFD_BACKEND="${CONFD_BACKEND:-env}"
echo "Run confd with backend ${CONFD_BACKEND}"
/opt/confd/bin/confd -onetime -backend $CONFD_BACKEND || exit 1
################
#Grant permissions to /dev/stdout for spawned squid process
chown ${SQUID_USER}:${SQUID_USER} /dev/stdout
create_log_dir() {
mkdir -p ${SQUID_LOG_DIR}
chmod -R 755 ${SQUID_LOG_DIR}
chown -R ${SQUID_USER}:${SQUID_USER} ${SQUID_LOG_DIR}
}
create_cache_dir() {
mkdir -p ${SQUID_CACHE_DIR}
chown -R ${SQUID_USER}:${SQUID_USER} ${SQUID_CACHE_DIR}
}
create_log_dir
create_cache_dir
#allow arguments to be passed to squid
if [[ ${1:0:1} = '-' ]]; then
EXTRA_ARGS="$@"
set --
elif [[ ${1} == squid || ${1} == $(which squid) ]]; then
EXTRA_ARGS="${@:2}"
set --
fi
#default behaviour is to launch squid
if [[ -z ${1} ]]; then
if [[ ! -d ${SQUID_CACHE_DIR}/00 ]]; then
echo "Initializing cache..."
$(which squid) -N -f /etc/squid/squid.conf -z
fi
echo "Starting squid..."
exec
else
exec "$@"
fi
from docker-squid.
It looks like if you are using SME mod (workers > 1), the logs cannot be gathered in Docker logs... Tried /dev/stdout or symlink way but no luck. Any idea?
from docker-squid.
Related Issues (3)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-squid.