midou/bromite-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove privoxy, use squid

Browse Source
This commit is contained in:
uazo 2021-08-06 06:05:28 +00:00
parent 44020e2303
commit 0014c3f5b2
6 changed files with 38 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
images/privoxy/Dockerfile
View File

@ -1,22 +0,0 @@
FROM ubuntu:latest
ARG REMOTEEXEC_ADDR
COPY user.action .
COPY privoxy.conf .
COPY start-proxy.sh .
RUN apt-get update && apt-get install -y privoxy bash sudo socat
#RUN useradd -u 2000 -m ghproxy \
# && usermod -aG sudo ghproxy \
# && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
#RUN useradd -m runner1 \
# && usermod -aG sudo runner1
#
#USER ghproxy
CMD sudo chmod +x ./start-proxy.sh &&\
REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\
./start-proxy.sh

18
images/privoxy/privoxy.conf
View File

@ -1,18 +0,0 @@
#confdir /etc/privoxy
logdir /var/log/privoxy
#listen-address 127.0.0.1:8118
listen-address 0.0.0.0:8118
debug 1024
#debug 32768 # log all data read from the network
#debug 65536 # Log the applying actions
toggle 1
enable-remote-toggle 0
enable-edit-actions 1
enable-remote-http-toggle 0
enforce-blocks 1
actionsfile user.action

12
images/squid/Dockerfile Normal file
View File

@ -0,0 +1,12 @@
FROM ubuntu:latest
COPY whitelist /etc/squid/whitelist
COPY squid.conf /etc/squid/squid.conf
COPY start-proxy.sh .
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y squid bash sudo socat
CMD sudo chmod +x ./start-proxy.sh &&\
./start-proxy.sh

23
images/squid/squid.conf Normal file
View File

@ -0,0 +1,23 @@
http_port 8118
acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT
acl whitelist dstdomain "/etc/squid/whitelist"
http_access deny !whitelist
debug_options ALL,1 28,3 33,2
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all

2
images/privoxy/start-proxy.sh → images/squid/start-proxy.sh
View File

@ -10,4 +10,4 @@ test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR & socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
sudo chmod 777 /tmp/proxy/bots.sock sudo chmod 777 /tmp/proxy/bots.sock
privoxy --no-daemon privoxy.conf squid -N

8
images/privoxy/user.action → images/squid/whitelist
View File

@ -1,7 +1,3 @@
{ +block{blocked} }
/ # Block all URLs
{ -block }
.github.com .github.com
.docker.io .docker.io
.docker.com .docker.com
@ -9,7 +5,7 @@
.ubuntu.com .ubuntu.com
# for buildeps # for buildeps
chromium.googlesource.com #chromium.googlesource.com
# for chr-source # for chr-source
chrome-infra-packages.appspot.com chrome-infra-packages.appspot.com
@ -17,4 +13,4 @@ chrome-infra-packages.appspot.com
.googlesource.com .googlesource.com
# for goma client # for goma client
chrome-infra-packages.appspot.com #chrome-infra-packages.appspot.com