Amazon Elastic Container Service (ECS)<\/code> \u3067\u3001 squid<\/code> \u3067\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fc\u69cb\u7bc9\u3057\u305f\u969b\u306b\u3001\u3044\u308d\u3044\u308d\u3068\u8003\u616e\u3059\u308b\u70b9\u304c\u3042\u3063\u305f\u306e\u3067\u3001\u5099\u5fd8\u9332\u3082\u517c\u306d\u3066\u307e\u3068\u3081\u3066\u307f\u308b\u3002<\/p>\n\n\n\n- Docker \u306e\u30a4\u30e1\u30fc\u30b8\u306f alpine<\/a><\/li>\n<\/ul>\n
\n- squid \u30e6\u30fc\u30b6\u30fc\u3092\u30b3\u30f3\u30c6\u30ca\u5185\u3067\u4f7f\u7528<\/a><\/li>\n<\/ul>\n
\n- squid \u30e6\u30fc\u30b6\u30fc\u306b sudo \u6a29\u9650\u3092\u4ed8\u4e0e<\/a><\/li>\n<\/ul>\n
\n- \u30ed\u30b0\u306e\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3092\u4fee\u6b63<\/a><\/li>\n<\/ul>\n
\n- \u30ed\u30b0\u306e\u51fa\u529b\u3092\u6a19\u6e96\u51fa\u529b\u306b\u3059\u308b<\/a><\/li>\n<\/ul>\n
\n- \u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u8a2d\u5b9a<\/a><\/li>\n<\/ul>\n
\n- \u8d77\u52d5\u30b9\u30af\u30ea\u30d7\u30c8<\/a><\/li>\n<\/ul>\n
\n- Dockerfile<\/a><\/li>\n<\/ul>\n
\n- \u53c2\u8003URL<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n
![\"\"](\"\/images\/squid_ecs\/squid_proxy_logo.png\")
<\/p>\n
Docker<\/code> \u306e\u30a4\u30e1\u30fc\u30b8\u306f alpine<\/code><\/h2>\nDocker<\/code> \u306e\u30a4\u30e1\u30fc\u30b8\u3068\u3057\u3066\u306f alpine<\/code> \u3092\u4f7f\u3063\u305f\u3002
\u3084\u306f\u308a\u30b5\u30a4\u30ba\u304c\u5c0f\u3055\u3044\u306e\u304c\u826f\u3044\u3002
\u30a4\u30e1\u30fc\u30b8\u304c\u5c0f\u3055\u3044\u3068\u3001 docker push<\/code> \u3084 docker pull<\/code> \u304c\u65e9\u3044\u3057\u3001\u30c7\u30d7\u30ed\u30a4\u3082\u65e9\u304f\u306a\u308b\u304b\u3089\u3002
\u4eca\u56de\u69cb\u7bc9\u3057\u305f\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fc\u306e\u30a4\u30e1\u30fc\u30b8\u3082\u30016MB\u307b\u3069\u306e\u5c0f\u3055\u3044\u3082\u306e\u3068\u306a\u3063\u305f\u3002<\/p>\nFROM alpine<\/code><\/pre>\nsquid<\/code> \u30e6\u30fc\u30b6\u30fc\u3092\u30b3\u30f3\u30c6\u30ca\u5185\u3067\u4f7f\u7528<\/h2>\nDockerfile<\/code> \u5185\u3067\u3001 USER<\/code> \u3068\u3057\u3066 squid<\/code> \u30e6\u30fc\u30b6\u30fc\u3092\u8a2d\u5b9a\u3002
\u30b3\u30f3\u30c6\u30ca\u5185\u3067\u306e\u3001\u5b9f\u884c\u30e6\u30fc\u30b6\u30fc\u3092 squid<\/code> \u3068\u3057\u305f\u3002<\/p>\nUSER squid<\/code><\/pre>\nsquid<\/code> \u30e6\u30fc\u30b6\u30fc\u306b sudo<\/code> \u6a29\u9650\u3092\u4ed8\u4e0e<\/h2>\nsquid<\/code> \u30e6\u30fc\u30b6\u30fc\u306b\u3001\u30ed\u30b0\u51fa\u529b\u5148\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3068\u3001\u30ad\u30e3\u30c3\u30b7\u30e5\u306e\u51fa\u529b\u5148\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u5bfe\u3057\u3066\u3001 chown<\/code> \u51fa\u6765\u308b\u3088\u3046\u306b sudo<\/code> \u8a2d\u5b9a\u3092\u8ffd\u52a0\u3002<\/p>\nsquid ALL=(ALL) NOPASSWD: \/bin\/chown -R squid:squid \/var\/log\/squid, \/bin\/chown -R squid:squid \/var\/cache\/squid\nDefaults:squid !requiretty<\/code><\/pre>\nDockerfile<\/code> \u5185\u3067\u4e0a\u8a18\u306e\u3088\u3046\u306b \/etc\/sudoers.d\/squid<\/code> \u3092\u4f5c\u6210\u3059\u308b\u3002<\/p>\nRUN apk --update add squid sudo && \n rm -rf \/var\/cache\/apk\/*\n\nRUN echo \"squid ALL=(ALL) NOPASSWD: \/bin\/chown -R squid:squid \/var\/log\/squid, \/bin\/chown -R squid:squid \/var\/cache\/squid\" >> \/etc\/sudoers.d\/squid && \n echo \"Defaults:squid !requiretty\" >> \/etc\/sudoers.d\/squid && \n chmod 440 \/etc\/sudoers.d\/squid<\/code><\/pre>\n\u30ed\u30b0\u306e\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3092\u4fee\u6b63<\/h2>\n
\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u8a2d\u5b9a\u3060\u3068\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306b\u30ed\u30b0\u304c\u51fa\u529b\u3055\u308c\u3066\u3001\u6642\u9593\u3084\u30e6\u30fc\u30b6\u30fc\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u7b49\u304c\u308f\u304b\u3089\u306a\u3044\u3002
\uff08\u4e0b\u8a18\u306f\u3001 curl<\/code> \u3067\u8a66\u3057\u3066\u307f\u305f\u3082\u306e\uff09<\/p>\n1518829122.573 118 172.20.0.1 TCP_TUNNEL\/200 38074 CONNECT mmmcorp.co.jp:443 - HIER_DIRECT\/52.196.192.109 -<\/code><\/pre>\n\/etc\/squid\/squid.conf<\/code> \u3092\u4e0b\u8a18\u306e\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u3066\u3001\u30ed\u30b0\u306e\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3067\u3001<\/p>\nlogformat combined [%tl] %>a %[ui %[un \"%rm %ru HTTP\/%rv\" %>Hs %<st \"%{Referer}>h\" \"%{User-Agent}>h\" %Ss:%Sh<\/code><\/pre>\n\u51fa\u529b\u3055\u308c\u308b\u30ed\u30b0\u3082\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u308b\u3002<\/p>\n
[17\/Feb\/2018:09:56:07 +0900] 172.20.0.1 - - \"CONNECT mmmcorp.co.jp:443 HTTP\/1.1\" 200 38073 \"-\" \"curl\/7.54.0\" TCP_TUNNEL:HIER_DIRECT<\/code><\/pre>\n\u30ed\u30b0\u306e\u51fa\u529b\u3092\u6a19\u6e96\u51fa\u529b\u306b\u3059\u308b<\/h2>\n
ECS<\/code> \u3092\u4f7f\u3046\u969b\u306b\u306f\u3001\u6a19\u6e96\u51fa\u529b\u3055\u308c\u305f\u3082\u306e\u304c CloudWatch Logs<\/code> \u306b\u30ed\u30b0\u3068\u3057\u3066\u6b8b\u308b\u3002
\u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u51fa\u529b\u3057\u3066\u3057\u307e\u3046\u3068\u3001\u30ed\u30b0\u306e\u5185\u5bb9\u304c\u30b3\u30f3\u30c6\u30ca\u5185\u306b\u5165\u3089\u306a\u3044\u3068\u78ba\u8a8d\u3067\u304d\u306a\u3044\u306e\u3067\u3001 squid<\/code> \u306e\u30ed\u30b0\u51fa\u529b\u3082\u6a19\u6e96\u51fa\u529b\u306b\u3059\u308b\u3088\u3046\u306b \/etc\/squid\/squid.conf<\/code> \u3067\u8a2d\u5b9a\u3092\u5909\u66f4\u3059\u308b\u3002 <\/p>\naccess_log stdio:\/proc\/self\/fd\/1 combined<\/code><\/pre>\n\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u8a2d\u5b9a<\/h2>\n
alpine<\/code> \u306e\u30a4\u30e1\u30fc\u30b8\u3092\u305d\u306e\u307e\u307e\u4f7f\u3046\u3068\u3001\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u304c UTC<\/code> \u306b\u306a\u3063\u3066\u3044\u308b\u306e\u3067\u3001\u30ed\u30b0\u7b49\u3092\u78ba\u8a8d\u3059\u308b\u969b\u306b\u3061\u3087\u3063\u3068\u5206\u304b\u308a\u3065\u3089\u3044\u3002
JST<\/code> \u306b\u5909\u66f4\u3059\u308b\u3002<\/p>\nENV TZ=Asia\/Tokyo\n\nRUN apk --update add squid tzdata sudo && \n cp \/usr\/share\/zoneinfo\/Asia\/Tokyo \/etc\/localtime && \n rm -rf \/var\/cache\/apk\/*<\/code><\/pre>\n\u74b0\u5883\u5909\u6570 TZ<\/code> \u3092 Asia\/Tokyo<\/code> \u3068\u8a2d\u5b9a\u3002
apk --update add tzdata<\/code> \u3067 tzdata<\/code> \u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3002
\/usr\/share\/zoneinfo\/Asia\/Tokyo<\/code> \u3092 \/etc\/localtime<\/code> \u306b\u30b3\u30d4\u30fc\u3059\u308b\u3002 <\/p>\n\u8d77\u52d5\u30b9\u30af\u30ea\u30d7\u30c8<\/h2>\n
squid<\/code> \u306e\u8d77\u52d5\u30b9\u30af\u30ea\u30d7\u30c8 start-squid.sh<\/code> \u306f\u4e0b\u8a18\u306e\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u305f\u3002<\/p>\n#!\/bin\/sh\n\nset -e\n\nCHOWN=$(\/usr\/bin\/which chown)\nSQUID=$(\/usr\/bin\/which squid)\n\n# Ensure permissions are set correctly on the Squid cache + log dir.\nsudo \"$CHOWN\" -R squid:squid \/var\/cache\/squid\nsudo \"$CHOWN\" -R squid:squid \/var\/log\/squid\n\n# Prepare the cache using Squid.\necho \"Initializing cache...\"\n\"$SQUID\" -z\n\n# Give the Squid cache some time to rebuild.\nsleep 5\n\n# Launch squid\necho \"Starting Squid...\"\nexec \"$SQUID\" -NYCd 1<\/code><\/pre>\nDockerfile<\/code><\/h2>\n\u6700\u7d42\u7684\u306a Dockerfile<\/code> \u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u611f\u3058\u306b\u306a\u3063\u305f\u3002<\/p>\nFROM alpine\n\nENV TZ=Asia\/Tokyo\n\nRUN apk --update add squid tzdata sudo && \n cp \/usr\/share\/zoneinfo\/Asia\/Tokyo \/etc\/localtime && \n rm -rf \/var\/cache\/apk\/*\n\nRUN echo \"squid ALL=(ALL) NOPASSWD: \/bin\/chown -R squid:squid \/var\/log\/squid, \/bin\/chown -R squid:squid \/var\/cache\/squid\" >> \/etc\/sudoers.d\/squid && \n echo \"Defaults:squid !requiretty\" >> \/etc\/sudoers.d\/squid && \n chmod 440 \/etc\/sudoers.d\/squid\n\nCOPY start-squid.sh \/usr\/local\/bin\/\nCOPY squid.conf \/etc\/squid\/\n\nUSER squid\n\nEXPOSE 3128\n\nCMD [\"\/usr\/local\/bin\/start-squid.sh\"]<\/code><\/pre>\n\u53c2\u8003URL<\/h2>\n
squid : logformat configuration directive<\/a><\/p>\ngmauleon\/docker-squid: Squid docker image based on Alpine<\/a><\/p>\n