From e1bec95c9d16afeed81b4685969f56f7b2329915 Mon Sep 17 00:00:00 2001
From: OCram85 <ocram85@noreply.local>
Date: Wed, 12 Jul 2023 10:55:59 +0200
Subject: [PATCH] Adds entrypoint (#6)

#### :book: Summary

- Adds docker entrypoint bash script.

#### :bookmark_tabs: Test Plan

> :bulb: Select your test plan for the code changes.

- [x] CI pipeline tests
- [ ] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### :books: Additional Notes

<!-- A place for additional detail notes. -->

Co-authored-by: OCram85 <marco.blessing@googlemail.com>
Reviewed-on: https://gitea.ocram85.com/OCram85/swarmproxy/pulls/6
---
 .../{test.yaml => test.yaml.disabled}         |  0
 Dockerfile                                    | 49 ++++----------
 README.md                                     | 60 ++++++++++-------
 entrypoint.sh                                 | 67 +++++++++++++++++++
 4 files changed, 117 insertions(+), 59 deletions(-)
 rename .gitea/workflows/{test.yaml => test.yaml.disabled} (100%)
 create mode 100644 entrypoint.sh

diff --git a/.gitea/workflows/test.yaml b/.gitea/workflows/test.yaml.disabled
similarity index 100%
rename from .gitea/workflows/test.yaml
rename to .gitea/workflows/test.yaml.disabled
diff --git a/Dockerfile b/Dockerfile
index 3dfaed1..01acd65 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.18.2
 
-#LABEL build_version=""
+# Set labels manually, each build service differs in used or predefined labels.
 LABEL maintainer="OCram85"
 ARG VERSION
 LABEL build_version="${VERSION}"
@@ -17,8 +17,7 @@ LABEL org.opencontainers.image.url="https://gitea.ocram85.com/OCram85/swarmproxy
 LABEL org.opencontainers.image.source="https://gitea.ocram85.com/OCram85/swarmproxy.git"
 LABEL org.opencontainers.image.documentation="https://gitea.ocram85.com/OCram85/swarmproxy"
 
-# Use a custom UID/GID instead of the default system UID which has a greater possibility
-# for collisions with the host and other containers.
+# Use a individual user and group ip for files and process
 ENV TINYPROXY_UID 5123
 ENV TINYPROXY_GID 5123
 
@@ -28,46 +27,24 @@ ENV PORT "8888"
 ENV TIMEOUT "600"
 ENV LOGLEVEL "Info"
 ENV MAXCLIENTS "600"
-ENV FILTER_FILE "/etc/tinyproxy/filter"
+ENV FILTER_FILE "/app/filter"
 
-# Curl is for healthchecks.
+
+# get existing packages
+# curl for healthchecks and debugging
 RUN apk add --no-cache \
       tinyproxy curl
 
-RUN mv /etc/tinyproxy/tinyproxy.conf /etc/tinyproxy/tinyproxy.default.conf
+COPY entrypoint.sh /app/entrypoint.sh
 
-RUN <<EOF cat >> /etc/tinyproxy/tinyproxy.conf
-User $TINYPROXY_UID
-Group $TINYPROXY_GID
-Port $PORT
-Timeout $TIMEOUT
-DefaultErrorFile "/usr/share/tinyproxy/default.html"
+RUN touch /app/proxy.conf && \
+  chmod +x /app/entrypoint.sh && \
+  chown -R ${TINYPROXY_UID}:${TINYPROXY_GID} /app /etc/tinyproxy /var/log/tinyproxy
 
-StatHost "tinyproxy.stats"
-StatFile "/usr/share/tinyproxy/stats.html"
-
-LogLevel $LOGLEVEL
-MaxClients $MAXCLIENTS
-ViaProxyName "tinyproxy"
-
-Filter "$FILTER_FILE"
-FilterURLs Off
-FilterCaseSensitive Off
-FilterDefaultDeny Yes
-
-Allow 127.0.0.1/8
-Allow 10.0.0.0/8
-
-EOF
-
-RUN set -eu && \
-  CONFIG='/etc/tinyproxy/tinyproxy.conf' && \
-  [ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE) && \
-  [ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG"
-
-RUN chown -R ${TINYPROXY_UID}:${TINYPROXY_GID} /etc/tinyproxy /var/log/tinyproxy
 USER ${TINYPROXY_UID}:${TINYPROXY_GID}
+WORKDIR /app
 
 EXPOSE 8888
 
-ENTRYPOINT ["/usr/bin/tinyproxy", "-d"]
+ENTRYPOINT ["/app/entrypoint.sh"]
+CMD ["-c", "/app/proxy.conf", "-d"]
diff --git a/README.md b/README.md
index c047b20..029bed5 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@
 </p>
 
 <h1 align="center">
-  swarmproxy
+  Swarmproxy - Tame your traffic
 </h1>
 
 <p align="center">
@@ -26,10 +26,9 @@
 
 ### 1. ⚡ Get the image 📦
 
-You can download the image from the gitea embedded container registry: `gitea.ocram85.com/ocram85/swarmproxy` with these tags:
+You can download the image from the Gitea embedded container registry: `gitea.ocram85.com/ocram85/swarmproxy` with these tags:
 
-- `latest` - Is based on the lasted master branch commit.
-- `next` - Is a test build based on the pull request
+- `latest`, `main` - Is based on the lasted master branch commit.
 - `1`, `0.1`, `0.1.0` - tag based version.
 
 > **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.**
@@ -39,43 +38,58 @@ You can download the image from the gitea embedded container registry: `gitea.oc
 ```yaml
 version: "3.8"
 
-secrets:
-  upstream-proxy:
-    external: true
+networks:
+  egress:
+   attachable: true
+   #external: true
+
+#configs:
+#  filter_file:
+#    # config can be predefined / external or loaded from file
+#    #external: true
+#    file: ./filter.txt
+
+#secrets:
+#  upstream-proxy:
+#    external: true
 
 services:
   swarmproxy:
     image: gitea.ocram85.com/OCram85/swarmproxy:latest
+    deploy:
+      replicas: 1
+    #secrets:
+    #  - upstream-proxy
     environment:
-      # mandatory environment variables
-      - UPSTREAM_PROXY=
+      # Recommended settings
+      # Use an optional upstream proxy
+      #- UPSTREAM_PROXY=
       # Set UPSTREAM_PROXY as docker secret if your upstream needs authentication
       # Eg.: http://user:password@upstream.intra:3128
       #- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY
 
-      # optional settings
+      # OPTIONAL config keys
       #- TINYPROXY_UID=5123
       #- TINYPROXY_GID=5123
       #- PORT=8888
       #- TIMEOUT=600
       #- LOGLEVEL=Info
       #- MAXCLIENTS=600
-      #- FILTER_FILE=/ety/tinyproxy/filter
-    deploy:
-      replicas: 1
+      #- FILTER_FILE=/app/filter
     volumes:
-      # mount a single file into the container if you need the modify it afterwards
-      # You can reload the file with `kill -s USR1 $(pidof tinyproxy)`
-      - ./filter.txt:/etc/tinyproxy/filter:ro
-      # Use a docker config or volume in production
-      - 
+      # You can mount a single filter file into the container.
+      # To reload the file use the docker kill -s USR1 <container_id| container_name> command.
+      - ./filter.txt:/app/filter:ro
+    configs:
+      - source: filter_file
+        target: /app/filter
     networks:
-      - egress
+      egress:
+        aliases:
+          - swarmproxy
+          - proxy
+
 
-networks:
-  egress:
-   attachable: true
-   #external: true
 ```
 
 ## 😡 We're Using GitHub Under Protest
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..41a2f88
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env sh
+
+set -e
+
+CONFIG="/app/proxy.conf"
+
+function writeConfig() {
+    cat << EOF >> "$CONFIG"
+User $TINYPROXY_UID
+Group $TINYPROXY_GID
+Port $PORT
+Timeout $TIMEOUT
+DefaultErrorFile "/usr/share/tinyproxy/default.html"
+
+StatHost "tinyproxy.stats"
+StatFile "/usr/share/tinyproxy/stats.html"
+
+LogLevel $LOGLEVEL
+MaxClients $MAXCLIENTS
+ViaProxyName "Swarmproxy"
+
+Allow 127.0.0.1/8
+Allow 10.0.0.0/8
+
+EOF
+}
+
+function addUpstreamConfig() {
+  [ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE)
+  [ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG"
+}
+
+function addFilterConfig() {
+  if [ -f "$FILTER_FILE" ]; then
+    cat << FBLOCK >> "$CONFIG"
+Filter "$FILTER_FILE"
+FilterURLs Off
+FilterCaseSensitive Off
+FilterDefaultDeny Yes
+FBLOCK
+  else
+    echo "🦁 FILTER_FILE not found or set."
+  fi
+}
+
+function showConfig() {
+  echo "🦁 Final Swarmproxy config 🦁"
+  cat "$CONFIG"
+}
+
+function execTinyproxy() {
+  echo "🦁 Starting Tinyproxy..."
+  echo "args count: $#"
+  echo "args value: $@"
+  exec "/usr/bin/tinyproxy" "$@"
+}
+
+function main() {
+  writeConfig
+  addUpstreamConfig
+  addFilterConfig
+  showConfig
+  execTinyproxy $@
+}
+
+main $@
+echo "entrypoint end. 🚀"