From 0014c3f5b2a1272f9d72891413d6aecd6dbaa00b Mon Sep 17 00:00:00 2001 From: uazo Date: Fri, 6 Aug 2021 06:05:28 +0000 Subject: [PATCH] Remove privoxy, use squid --- images/privoxy/Dockerfile | 22 ------------------ images/privoxy/privoxy.conf | 18 --------------- images/squid/Dockerfile | 12 ++++++++++ images/squid/squid.conf | 23 +++++++++++++++++++ images/{privoxy => squid}/start-proxy.sh | 2 +- .../{privoxy/user.action => squid/whitelist} | 8 ++----- 6 files changed, 38 insertions(+), 47 deletions(-) delete mode 100644 images/privoxy/Dockerfile delete mode 100644 images/privoxy/privoxy.conf create mode 100644 images/squid/Dockerfile create mode 100644 images/squid/squid.conf rename images/{privoxy => squid}/start-proxy.sh (93%) rename images/{privoxy/user.action => squid/whitelist} (63%) diff --git a/images/privoxy/Dockerfile b/images/privoxy/Dockerfile deleted file mode 100644 index a46ae5c..0000000 --- a/images/privoxy/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -FROM ubuntu:latest - -ARG REMOTEEXEC_ADDR - -COPY user.action . -COPY privoxy.conf . -COPY start-proxy.sh . - -RUN apt-get update && apt-get install -y privoxy bash sudo socat - -#RUN useradd -u 2000 -m ghproxy \ -# && usermod -aG sudo ghproxy \ -# && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers - -#RUN useradd -m runner1 \ -# && usermod -aG sudo runner1 -# -#USER ghproxy - -CMD sudo chmod +x ./start-proxy.sh &&\ - REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\ - ./start-proxy.sh diff --git a/images/privoxy/privoxy.conf b/images/privoxy/privoxy.conf deleted file mode 100644 index a5847b2..0000000 --- a/images/privoxy/privoxy.conf +++ /dev/null @@ -1,18 +0,0 @@ -#confdir /etc/privoxy -logdir /var/log/privoxy - -#listen-address 127.0.0.1:8118 -listen-address 0.0.0.0:8118 - -debug 1024 -#debug 32768 # log all data read from the network -#debug 65536 # Log the applying actions - -toggle 1 -enable-remote-toggle 0 -enable-edit-actions 1 -enable-remote-http-toggle 0 -enforce-blocks 1 - -actionsfile user.action - diff --git a/images/squid/Dockerfile b/images/squid/Dockerfile new file mode 100644 index 0000000..1b55f07 --- /dev/null +++ b/images/squid/Dockerfile @@ -0,0 +1,12 @@ +FROM ubuntu:latest + +COPY whitelist /etc/squid/whitelist +COPY squid.conf /etc/squid/squid.conf +COPY start-proxy.sh . + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && apt-get install -y squid bash sudo socat + +CMD sudo chmod +x ./start-proxy.sh &&\ + ./start-proxy.sh diff --git a/images/squid/squid.conf b/images/squid/squid.conf new file mode 100644 index 0000000..7cb54a5 --- /dev/null +++ b/images/squid/squid.conf @@ -0,0 +1,23 @@ +http_port 8118 + +acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network +acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network +acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network + +acl SSL_ports port 443 +acl Safe_ports port 80 +acl Safe_ports port 443 +acl CONNECT method CONNECT + +acl whitelist dstdomain "/etc/squid/whitelist" +http_access deny !whitelist + +debug_options ALL,1 28,3 33,2 + +http_access deny manager +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports + +http_access allow localhost +http_access allow localnet +http_access deny all diff --git a/images/privoxy/start-proxy.sh b/images/squid/start-proxy.sh similarity index 93% rename from images/privoxy/start-proxy.sh rename to images/squid/start-proxy.sh index 90a3029..db86591 100644 --- a/images/privoxy/start-proxy.sh +++ b/images/squid/start-proxy.sh @@ -10,4 +10,4 @@ test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR & sudo chmod 777 /tmp/proxy/bots.sock -privoxy --no-daemon privoxy.conf +squid -N diff --git a/images/privoxy/user.action b/images/squid/whitelist similarity index 63% rename from images/privoxy/user.action rename to images/squid/whitelist index b7c4081..a7fb664 100644 --- a/images/privoxy/user.action +++ b/images/squid/whitelist @@ -1,7 +1,3 @@ -{ +block{blocked} } -/ # Block all URLs - -{ -block } .github.com .docker.io .docker.com @@ -9,7 +5,7 @@ .ubuntu.com # for buildeps -chromium.googlesource.com +#chromium.googlesource.com # for chr-source chrome-infra-packages.appspot.com @@ -17,4 +13,4 @@ chrome-infra-packages.appspot.com .googlesource.com # for goma client -chrome-infra-packages.appspot.com +#chrome-infra-packages.appspot.com