[squid-users] Squid inside docker
Graham Wharton
graham at gwharton.me.uk
Wed Sep 8 15:55:42 UTC 2021
Hi all,
I made a little progress on this.
If you run squid as root, it forks and assumes the identity of the cache_effective_user. When it does this, it is denied access to stdout.
If you run squid as user squid (or whoever your cache_effective_user), it does not change user, and the squid user has full access to write to stdout, so
access_log stdio:/dev/stdout
cache_log stdio:/dev/stdout
works fine if the process is started as user squid.
I do get the following in the logs on startup, so not sure what this refers to, or whether it is important
2021-09-08T16:49:15.056+01:00 2021/09/08 16:49:15| helperOpenServers: Starting 5/32 'security_file_certgen' processes
2021-09-08T16:49:15.057+01:00 2021/09/08 16:49:15| WARNING: no_suid: setuid(0): (1) Operation not permitted
2021-09-08T16:49:15.057+01:00 2021/09/08 16:49:15| WARNING: no_suid: setuid(0): (1) Operation not permitted
2021-09-08T16:49:15.059+01:00 2021/09/08 16:49:15| WARNING: no_suid: setuid(0): (1) Operation not permitted
2021-09-08T16:49:15.061+01:00 2021/09/08 16:49:15| WARNING: no_suid: setuid(0): (1) Operation not permitted
2021-09-08T16:49:15.065+01:00 2021/09/08 16:49:15| WARNING: no_suid: setuid(0): (1) Operation not permitted
But squid launches and runs just fine.
Hope this helps anyone in the same position.
Regards
Graham
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Alex Rousskov
Sent: 08 September 2021 15:45
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid inside docker
On 9/8/21 8:06 AM, Graham Wharton wrote:
> Are you aware of any options to direct the access log to stdout aswell
> as the cache log?
I suspect it is possible to hack it, but I think it is better to send access log records to a dedicated TCP server (which can probably be as simple as netcat) or syslog (which can also forward them to a remote
server) because cache_log format does not support isolating mixed-in access_log records well.
HTH,
Alex.
> -----Original Message-----
> From: Alex Rousskov <rousskov at measurement-factory.com>
> Sent: 07 September 2021 14:08
> To: Graham Wharton <graham at gwharton.me.uk>;
> squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Squid inside docker
>
> On 9/7/21 8:57 AM, Graham Wharton wrote:
>> It would be great if something could be done to help squid running
>> inside docker, Particularly
>
>> 1. Logging to stdout/stderr
>
> stderr logging is already supported: "squid -d1 ...".
>
> FWIW, there is also syslog which, when enabled, gets level-0/1 messages:
> "squid -s ...".
>
>
>> 2. bash-5.1# squid -k reconfigure
>>
>> 2021/09/07 13:55:50| FATAL: Bad PID file (/var/run/squid.pid)
>> contains unreasonably small PID value: 1
>
> Already fixed in master/v6 (commit 3db00ca). The one-character fix is trivial to port to any modern Squid version.
>
>
> HTH,
>
> Alex.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list