From 532a0475bf6a5f3cecbc57b24cfb4eeb3d1300ad Mon Sep 17 00:00:00 2001 From: uazo Date: Sat, 31 Jul 2021 10:06:38 +0000 Subject: [PATCH] add proxy support --- images/github-runner/Dockerfile | 15 +++++++++++---- images/github-runner/docker.default | 2 ++ images/github-runner/proxy.conf | 1 + images/github-runner/startup.sh | 7 +++++++ images/goma-server/start-goma-server.sh | 3 --- images/privoxy/Dockerfile | 13 +++++++++++++ images/privoxy/privoxy.conf | 18 ++++++++++++++++++ images/privoxy/start-proxy.sh | 12 ++++++++++++ images/privoxy/user.action | 20 ++++++++++++++++++++ 9 files changed, 84 insertions(+), 7 deletions(-) create mode 100644 images/github-runner/docker.default create mode 100644 images/github-runner/proxy.conf create mode 100644 images/privoxy/Dockerfile create mode 100644 images/privoxy/privoxy.conf create mode 100644 images/privoxy/start-proxy.sh create mode 100644 images/privoxy/user.action diff --git a/images/github-runner/Dockerfile b/images/github-runner/Dockerfile index c613b24..634202d 100644 --- a/images/github-runner/Dockerfile +++ b/images/github-runner/Dockerfile @@ -23,7 +23,7 @@ RUN mkdir -p /run/systemd && echo 'docker' > /run/systemd/container RUN apt-get update && \ apt-get install -y --no-install-recommends \ systemd systemd-sysv libsystemd0 ca-certificates dbus \ - iptables iproute2 kmod locales sudo udev && \ + iptables iproute2 kmod locales sudo udev socat && \ echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ apt-get clean -y && \ rm -rf /var/cache/debconf/* /var/lib/apt/lists/* /var/log/* /tmp/* /var/tmp/* \ @@ -50,7 +50,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y openssh-server mkdir /home/admin/.ssh && \ chown admin:admin /home/admin/.ssh -EXPOSE 22 +#EXPOSE 22 # Extra deps for GHA Runner ENV DEBIAN_FRONTEND=noninteractive @@ -63,7 +63,7 @@ RUN apt-get update \ wget \ zip \ git \ - pigz \ + pigz nano \ && rm -rf /var/lib/apt/list/* # Add and config runner user as sudo @@ -77,7 +77,7 @@ RUN useradd -m runner \ # Build args ARG TARGETPLATFORM=amd64 -ARG RUNNER_VERSION=2.302.1 +ARG RUNNER_VERSION=2.302.4 WORKDIR /runner # Runner download supports amd64 as x64 @@ -109,5 +109,12 @@ RUN chmod +x ./patched/runsvc.sh /usr/local/bin/startup.sh USER runner +ENV HTTP_PROXY="http://127.0.0.1:8118" +ENV HTTPS_PROXY="http://127.0.0.1:8118" +ENV http_proxy="http://127.0.0.1:8118" +ENV https_proxy="http://127.0.0.1:8118" +COPY docker.default /etc/default/docker +COPY proxy.conf /etc/apt/apt.conf.d/proxy.conf + ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] CMD ["startup.sh"] diff --git a/images/github-runner/docker.default b/images/github-runner/docker.default new file mode 100644 index 0000000..c1c981f --- /dev/null +++ b/images/github-runner/docker.default @@ -0,0 +1,2 @@ +export http_proxy="http://127.0.0.1:8118" +export https_proxy="http://127.0.0.1:8118" diff --git a/images/github-runner/proxy.conf b/images/github-runner/proxy.conf new file mode 100644 index 0000000..341a30d --- /dev/null +++ b/images/github-runner/proxy.conf @@ -0,0 +1 @@ +Acquire::http::Proxy "http://127.0.0.1:8118"; diff --git a/images/github-runner/startup.sh b/images/github-runner/startup.sh index 4cf3e46..f72a6da 100644 --- a/images/github-runner/startup.sh +++ b/images/github-runner/startup.sh @@ -1,8 +1,15 @@ #!/bin/bash +echo "Starting Proxy Support" +socat TCP-LISTEN:8118,reuseaddr,fork UNIX-CLIENT:/tmp/forward-proxy/proxy.sock & +sudo iptables -A INPUT -p tcp -s localhost --dport 8118 -j ACCEPT +sudo iptables -A INPUT -p tcp --dport 8118 -j DROP + echo "Starting supervisor (Docker)" sudo service docker start +#bash + if [ -n "${GITHUB_REPOSITORY}" ] then auth_url="https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPOSITORY}/actions/runners/registration-token" diff --git a/images/goma-server/start-goma-server.sh b/images/goma-server/start-goma-server.sh index c4e25c0..544be35 100755 --- a/images/goma-server/start-goma-server.sh +++ b/images/goma-server/start-goma-server.sh @@ -7,9 +7,6 @@ NC='\033[0m' # No Color echo -e ${RED} -------- start goma-server ${NC} -#test -f /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock -#socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR & - socat TCP-LISTEN:50051,reuseaddr,fork UNIX-CLIENT:/tmp/proxy/bots.sock & cd ./goma-server/ diff --git a/images/privoxy/Dockerfile b/images/privoxy/Dockerfile new file mode 100644 index 0000000..129f3ba --- /dev/null +++ b/images/privoxy/Dockerfile @@ -0,0 +1,13 @@ +FROM alpine:3.14 + +ARG REMOTEEXEC_ADDR + +COPY user.action . +COPY privoxy.conf . +COPY start-proxy.sh . + +RUN apk update && apk add privoxy bash sudo socat + +CMD sudo chmod +x ./start-proxy.sh &&\ + REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\ + ./start-proxy.sh diff --git a/images/privoxy/privoxy.conf b/images/privoxy/privoxy.conf new file mode 100644 index 0000000..a5847b2 --- /dev/null +++ b/images/privoxy/privoxy.conf @@ -0,0 +1,18 @@ +#confdir /etc/privoxy +logdir /var/log/privoxy + +#listen-address 127.0.0.1:8118 +listen-address 0.0.0.0:8118 + +debug 1024 +#debug 32768 # log all data read from the network +#debug 65536 # Log the applying actions + +toggle 1 +enable-remote-toggle 0 +enable-edit-actions 1 +enable-remote-http-toggle 0 +enforce-blocks 1 + +actionsfile user.action + diff --git a/images/privoxy/start-proxy.sh b/images/privoxy/start-proxy.sh new file mode 100644 index 0000000..86a9c5f --- /dev/null +++ b/images/privoxy/start-proxy.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +test -e /tmp/forward-proxy/proxy.sock && sudo rm /tmp/forward-proxy/proxy.sock +test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock + +socat UNIX-LISTEN:/tmp/forward-proxy/proxy.sock,reuseaddr,fork TCP:127.0.0.1:8118 & +socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR & + +sudo chmod 777 /tmp/forward-proxy/proxy.sock +sudo chmod 777 /tmp/proxy/bots.sock + +privoxy --no-daemon privoxy.conf diff --git a/images/privoxy/user.action b/images/privoxy/user.action new file mode 100644 index 0000000..b7c4081 --- /dev/null +++ b/images/privoxy/user.action @@ -0,0 +1,20 @@ +{ +block{blocked} } +/ # Block all URLs + +{ -block } +.github.com +.docker.io +.docker.com +.githubusercontent.com +.ubuntu.com + +# for buildeps +chromium.googlesource.com + +# for chr-source +chrome-infra-packages.appspot.com +.googleapis.com +.googlesource.com + +# for goma client +chrome-infra-packages.appspot.com