logging needs to be redirected to stdout and stderr about docker-squid HOT 14 OPEN

Hi!

To fix that, you can add the 'sudo' package, and then add the 'squid' user to sudoers whith this:

echo -e "Defaults:squid !requiretty" > /etc/sudoers.d/squid
echo -e "squid ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/squid

Then, add 'USER squid' label just before the ENTRYPOINT label and modify the 'ENTRIPOINT command' to be executed with 'sudo'.

With this, the '/dev/stdout', '/dev/stderr' and '/dev/stdin' will be created with the 'squid' user. The squid father-process will run as 'root' user, and its child-processes as 'squid' user; being thus, they will be able to write in '/dev/stdout', '/dev/stderr' and '/dev/stdin'.

The last thing that you need to do is add the followings lines to the 'squid.conf' to redirect the logs to the '/dev/stdout':

logfile_rotate 0
cache_log stdio:/dev/stdout
access_log stdio:/dev/stdout
cache_store_log stdio:/dev/stdout

If you need an example, please use this repo https://github.com/mgvazquez/docker-squid-proxy

I hope it has been helpfull.
Sorry for my limited English.

from docker-squid.

Use tail with the retry option and run it in the background. I put these two lines in a script that supervisord calls.

tail -vn 0 -F /var/log/squid/access.log /var/log/squid/cache.log &
/usr/sbin/squid -f /etc/squid/squid.conf -N

If you are using bash you can simplify tail:

tail -vn 0 -F /var/log/squid/{cache,access}.log &

from docker-squid.

If you are working in Kubernetes, you can also run a parallel container in a pod containing squid container. This container will tail these (/var/log/squid/{cache,access}.log or any other) logs on its stdout.

---
kind: Pod
apiVersion: v1
metadata:
  name: squid-proxy
  labels:
    app: squid
spec:
  volumes:
  - name: log-dir
    emptyDir: {}
  containers:
  - name: squid
    image: scbunn/squid:latest
    volumeMounts:
    - name: log-dir
      mountPath: "/var/log/squid/"
  - name: tailer
    image: busybox
    command:
    - "/bin/sh"
    - "-c"
    args:
    - tail -F /var/log/squid/access.log
    volumeMounts:
    - name: log-dir
      mountPath: "/var/log/squid/"

from docker-squid.

Hi,

This issue is a bit outdated but another trick is to simply use /proc/self/fd/1 instead of sudo and redirecting things to /dev.

A lot is going on in /proc, and /proc/self expose a couple of interesting things regarding the current process. In this case, /proc/self/fd/0 is stdin for this process, 1 is stdout, and 2 is stderr.

from docker-squid.

USER proxy worked for me on debian:buster-slim based image.
I had to create, chown, and set the pid folder first though, to avoid the initialization crashing on default pid path owned by root:

RUN mkdir -p /run/squid \
 && chown proxy:proxy /run/squid \
 && echo 'pid_filename /var/run/squid/squid.pid' >> /etc/squid/squid.conf

USER proxy

from docker-squid.

I don't use squid anymore, but it worked. This was in my conf file :

logfile_rotate 0
access_log stdio:/proc/self/fd/1

And add the container launch as squid :

USER squid
ENTRYPOINT ["squid", "-N", "-d", "1"]

Be sure to have the related conf file to be readable by the squid user.

from docker-squid.

Pretty old issue, but I've found myself in the same waters, and I came up with a different solution:

1. First we add in our Dockerfile the proxy user to the tty group to be able to write to stdout (squid has already been installed, and the user proxy has been created)

RUN usermod -a -G tty proxy

2. Then we add the following configuration to squid.cfg. I write directly to /dev/tty instead of /dev/stdout because I found that that stdout actually redirects to a different /dev/tty depending on the user

logfile_rotate 0
cache_log stdio:/dev/tty
access_log stdio:/dev/tty
cache_store_log stdio:/dev/tty

from docker-squid.

Does not seem to work: (also tried fd/1)

2019/04/15 17:16:05| Logfile: opening log stdio:/proc/self/fd/2
2019/04/15 17:16:05| storeDirWriteCleanLogs: Starting...
2019/04/15 17:16:05|   Finished.  Wrote 0 entries.
2019/04/15 17:16:05|   Took 0.00 seconds (  0.00 entries/sec).
2019/04/15 17:16:05| FATAL: Cannot open '/proc/self/fd/2' for writing.
        The parent directory must be writeable by the
        user 'squid', which is the cache_effective_user
        set in squid.conf.
2019/04/15 17:16:05| Squid Cache (Version 4.4): Terminated abnormally.

But using USER works (#5 (comment)).

from docker-squid.

I don't use squid anymore, but it worked.

For others that have gone down this path I want to explain why squid probably wasn't able to write to /dev/stdout

When squid is run as the squid user, writing directly to /dev/stdout or /proc/self/fd/1 shouldn't be possible.

http://www.squid-cache.org/mail-archive/squid-users/200509/0507.html

Linux denies access to /proc/self/fd/ for processes who have assumed another userid

More information on proc: https://manpages.debian.org/stretch/manpages/proc.5.en.html

from docker-squid.

symlinking /var/log/squid/*.log to /dev/(stdout|stderr) will not work because writing to logs happens with the squid user

from docker-squid.

This issue is a bit outdated but another trick is to simply use /proc/self/fd/1 instead of sudo and redirecting things to /dev.

A lot is going on in /proc, and /proc/self expose a couple of interesting things regarding the current process. In this case, /proc/self/fd/0 is stdin for this process, 1 is stdout, and 2 is stderr.

I tried this but was not able to make it work, I think because it looks like squid closes all FDs as root and then forks to the user squid. If I am doing something wrong, would love if someone could point it out because I'm not thrilled with the sudo solution, though that does work in the meantime.

from docker-squid.

logfile_rotate 0
cache_log stdio:/dev/stdout
access_log stdio:/dev/stdout
cache_store_log stdio:/dev/stdout

One other point of note is that if you run the container as the "proxy" user (the user squid suid's to) then this works without any sudo needed.

from docker-squid.

Hi all, I am facing an issue when run the squid container. kindly help me who to fix this

error message

docker file

entrypoint.sh file

[root@ip-192-168-4-198 devops]# cat entrypoint.sh
#!/bin/bash
set -e

#Run confd to render config file(s)
CONFD_BACKEND="${CONFD_BACKEND:-env}"

echo "Run confd with backend ${CONFD_BACKEND}"
/opt/confd/bin/confd -onetime -backend $CONFD_BACKEND || exit 1
################
#Grant permissions to /dev/stdout for spawned squid process
chown ${SQUID_USER}:${SQUID_USER} /dev/stdout

create_log_dir() {
mkdir -p ${SQUID_LOG_DIR}
chmod -R 755 ${SQUID_LOG_DIR}
chown -R ${SQUID_USER}:${SQUID_USER} ${SQUID_LOG_DIR}
}

create_cache_dir() {
mkdir -p ${SQUID_CACHE_DIR}
chown -R ${SQUID_USER}:${SQUID_USER} ${SQUID_CACHE_DIR}
}

create_log_dir
create_cache_dir

#allow arguments to be passed to squid
if [[ ${1:0:1} = '-' ]]; then
EXTRA_ARGS="$@"
set --
elif [[ ${1} == squid || ${1} == $(which squid) ]]; then
EXTRA_ARGS="${@:2}"
set --
fi

#default behaviour is to launch squid
if [[ -z ${1} ]]; then
if [[ ! -d ${SQUID_CACHE_DIR}/00 ]]; then
echo "Initializing cache..."
$(which squid) -N -f /etc/squid/squid.conf -z
fi
echo "Starting squid..."
exec $(which squid) -f /etc/squid/squid.conf -NYCd 1 ${EXTRA_ARGS}
else
exec "$@"
fi

from docker-squid.

It looks like if you are using SME mod (workers > 1), the logs cannot be gathered in Docker logs... Tried /dev/stdout or symlink way but no luck. Any idea?

from docker-squid.