test: squid:4

.drone/drone-home.jsonnet

@@ -49,7 +49,7 @@ local publicSecrets = import 'lib/public-secrets.libsonnet';
         '/stack/squid'
       ),
       images.wait(15),
-      /*images.docker {
+      images.docker {
         name +: 'build docker image:',
         environment +: environment.environmentSecrets([
           'LOCAL_DOCKER_REGISTRY',
@@ -71,7 +71,7 @@ local publicSecrets = import 'lib/public-secrets.libsonnet';
           'docker push $${LOCAL_DOCKER_REGISTRY}squid',
           'docker logout $${LOCAL_DOCKER_REGISTRY}',
         ],
-      },*/
+      } /*
       compose([
         environment.envSet('local-docker-registry'),
         environment.envSet('local-registry-password'),
@@ -96,7 +96,7 @@ local publicSecrets = import 'lib/public-secrets.libsonnet';
             ]
           }
         },
-      ),
+      ),*/
     ],
   }
 ]

.drone/drone-home.yml

@@ -29,42 +29,25 @@ steps:
   commands:
   - sleep 15
 
-- name: deploy squid
+- name: "dockerbuild docker image:"
-  image: appleboy/drone-ssh
+  image: docker:dind
-  settings:
+  commands:
-    envs:
+  - set -e
-    - drone_tag
+  - pwd
-    - drone_commit
+  - sleep 15
-    - drone_build_number
+  - cd docker
-    - drone_repo_name
+  - docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"
-    - drone_repo_namespace
+  - docker build . -t $${LOCAL_DOCKER_REGISTRY}squid
-    - local_docker_registry
+  - docker push $${LOCAL_DOCKER_REGISTRY}squid
-    - local_registry_password
+  - docker logout $${LOCAL_DOCKER_REGISTRY}
-    host:
-      from_secret: ssh-host
-    key:
-      from_secret: ssh-key
-    port:
-      from_secret: ssh-port
-    script:
-    - set -e
-    - docker network prune -f
-    - cd /stack/squid/myCA
-    - cd ..
-    - docker stack rm squid
-    - sleep 60
-    - docker volume rm squid_squid-cache
-    - export SQUID_IMAGE=$${LOCAL_DOCKER_REGISTRY}squid
-    - docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"
-    - docker pull $${SQUID_IMAGE}
-    - docker stack deploy -c docker-compose.yml squid
-    username:
-      from_secret: ssh-user
   environment:
     LOCAL_DOCKER_REGISTRY:
       from_secret: local-docker-registry
     LOCAL_REGISTRY_PASSWORD:
       from_secret: local-registry-password
+  volumes:
+  - name: dockersock
+    path: /var/run
 
 services:
 - name: docker

docker/Dockerfile

@@ -3,14 +3,14 @@ RUN apt-get -y update
 RUN apt-get install -y curl supervisor git openssl  build-essential libssl-dev wget vim curl
 RUN mkdir -p /var/log/supervisor
 WORKDIR /apps/
-RUN wget -O - http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.27.tar.gz | tar zxfv - \
+RUN wget -O - http://www.squid-cache.org/Versions/v4/squid-4.12.tar.gz.asc | tar zxfv - \
     && CPU=$(( `nproc --all`-1 )) \
-    && cd /apps/squid-3.5.27/ \
+    && cd /apps/squid-4.12/ \
     && ./configure --prefix=/apps/squid --enable-icap-client --enable-ssl --with-openssl --enable-ssl-crtd --enable-auth --enable-basic-auth-helpers="NCSA" \
     && make -j$CPU \
     && make install \
     && cd /apps \
-    && rm -rf /apps/squid-3.5.27
+    && rm -rf /apps/squid-4.12
 ADD . /apps/
 
 RUN chown -R nobody:nogroup /apps/

docker/squid.intercept.conf

@@ -28,8 +28,8 @@ htcp_access deny all
 
 visible_hostname git.local-domain
 
-http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem version=4
+#http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem version=4
-#http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
+http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
 #https_port 3129 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
 
 always_direct allow all