generated from Templates/Baseline
#### 📖 Summary - Adds docker entrypoint bash script. #### 📑 Test Plan > 💡 Select your test plan for the code changes. - [x] CI pipeline tests - [ ] Custom test - [ ] No test plan ##### Details / Justification <!-- Add your test details or justification for missing tests here. --> #### 📚 Additional Notes <!-- A place for additional detail notes. --> Co-authored-by: OCram85 <marco.blessing@googlemail.com> Reviewed-on: #6
This commit is contained in:
parent
81738ff2f4
commit
e1bec95c9d
49
Dockerfile
49
Dockerfile
@ -1,6 +1,6 @@
|
|||||||
FROM alpine:3.18.2
|
FROM alpine:3.18.2
|
||||||
|
|
||||||
#LABEL build_version=""
|
# Set labels manually, each build service differs in used or predefined labels.
|
||||||
LABEL maintainer="OCram85"
|
LABEL maintainer="OCram85"
|
||||||
ARG VERSION
|
ARG VERSION
|
||||||
LABEL build_version="${VERSION}"
|
LABEL build_version="${VERSION}"
|
||||||
@ -17,8 +17,7 @@ LABEL org.opencontainers.image.url="https://gitea.ocram85.com/OCram85/swarmproxy
|
|||||||
LABEL org.opencontainers.image.source="https://gitea.ocram85.com/OCram85/swarmproxy.git"
|
LABEL org.opencontainers.image.source="https://gitea.ocram85.com/OCram85/swarmproxy.git"
|
||||||
LABEL org.opencontainers.image.documentation="https://gitea.ocram85.com/OCram85/swarmproxy"
|
LABEL org.opencontainers.image.documentation="https://gitea.ocram85.com/OCram85/swarmproxy"
|
||||||
|
|
||||||
# Use a custom UID/GID instead of the default system UID which has a greater possibility
|
# Use a individual user and group ip for files and process
|
||||||
# for collisions with the host and other containers.
|
|
||||||
ENV TINYPROXY_UID 5123
|
ENV TINYPROXY_UID 5123
|
||||||
ENV TINYPROXY_GID 5123
|
ENV TINYPROXY_GID 5123
|
||||||
|
|
||||||
@ -28,46 +27,24 @@ ENV PORT "8888"
|
|||||||
ENV TIMEOUT "600"
|
ENV TIMEOUT "600"
|
||||||
ENV LOGLEVEL "Info"
|
ENV LOGLEVEL "Info"
|
||||||
ENV MAXCLIENTS "600"
|
ENV MAXCLIENTS "600"
|
||||||
ENV FILTER_FILE "/etc/tinyproxy/filter"
|
ENV FILTER_FILE "/app/filter"
|
||||||
|
|
||||||
# Curl is for healthchecks.
|
|
||||||
|
# get existing packages
|
||||||
|
# curl for healthchecks and debugging
|
||||||
RUN apk add --no-cache \
|
RUN apk add --no-cache \
|
||||||
tinyproxy curl
|
tinyproxy curl
|
||||||
|
|
||||||
RUN mv /etc/tinyproxy/tinyproxy.conf /etc/tinyproxy/tinyproxy.default.conf
|
COPY entrypoint.sh /app/entrypoint.sh
|
||||||
|
|
||||||
RUN <<EOF cat >> /etc/tinyproxy/tinyproxy.conf
|
RUN touch /app/proxy.conf && \
|
||||||
User $TINYPROXY_UID
|
chmod +x /app/entrypoint.sh && \
|
||||||
Group $TINYPROXY_GID
|
chown -R ${TINYPROXY_UID}:${TINYPROXY_GID} /app /etc/tinyproxy /var/log/tinyproxy
|
||||||
Port $PORT
|
|
||||||
Timeout $TIMEOUT
|
|
||||||
DefaultErrorFile "/usr/share/tinyproxy/default.html"
|
|
||||||
|
|
||||||
StatHost "tinyproxy.stats"
|
|
||||||
StatFile "/usr/share/tinyproxy/stats.html"
|
|
||||||
|
|
||||||
LogLevel $LOGLEVEL
|
|
||||||
MaxClients $MAXCLIENTS
|
|
||||||
ViaProxyName "tinyproxy"
|
|
||||||
|
|
||||||
Filter "$FILTER_FILE"
|
|
||||||
FilterURLs Off
|
|
||||||
FilterCaseSensitive Off
|
|
||||||
FilterDefaultDeny Yes
|
|
||||||
|
|
||||||
Allow 127.0.0.1/8
|
|
||||||
Allow 10.0.0.0/8
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
RUN set -eu && \
|
|
||||||
CONFIG='/etc/tinyproxy/tinyproxy.conf' && \
|
|
||||||
[ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE) && \
|
|
||||||
[ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG"
|
|
||||||
|
|
||||||
RUN chown -R ${TINYPROXY_UID}:${TINYPROXY_GID} /etc/tinyproxy /var/log/tinyproxy
|
|
||||||
USER ${TINYPROXY_UID}:${TINYPROXY_GID}
|
USER ${TINYPROXY_UID}:${TINYPROXY_GID}
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
EXPOSE 8888
|
EXPOSE 8888
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/bin/tinyproxy", "-d"]
|
ENTRYPOINT ["/app/entrypoint.sh"]
|
||||||
|
CMD ["-c", "/app/proxy.conf", "-d"]
|
||||||
|
60
README.md
60
README.md
@ -13,7 +13,7 @@
|
|||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h1 align="center">
|
<h1 align="center">
|
||||||
swarmproxy
|
Swarmproxy - Tame your traffic
|
||||||
</h1>
|
</h1>
|
||||||
|
|
||||||
<p align="center">
|
<p align="center">
|
||||||
@ -26,10 +26,9 @@
|
|||||||
|
|
||||||
### 1. ⚡ Get the image 📦
|
### 1. ⚡ Get the image 📦
|
||||||
|
|
||||||
You can download the image from the gitea embedded container registry: `gitea.ocram85.com/ocram85/swarmproxy` with these tags:
|
You can download the image from the Gitea embedded container registry: `gitea.ocram85.com/ocram85/swarmproxy` with these tags:
|
||||||
|
|
||||||
- `latest` - Is based on the lasted master branch commit.
|
- `latest`, `main` - Is based on the lasted master branch commit.
|
||||||
- `next` - Is a test build based on the pull request
|
|
||||||
- `1`, `0.1`, `0.1.0` - tag based version.
|
- `1`, `0.1`, `0.1.0` - tag based version.
|
||||||
|
|
||||||
> **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.**
|
> **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.**
|
||||||
@ -39,43 +38,58 @@ You can download the image from the gitea embedded container registry: `gitea.oc
|
|||||||
```yaml
|
```yaml
|
||||||
version: "3.8"
|
version: "3.8"
|
||||||
|
|
||||||
secrets:
|
networks:
|
||||||
upstream-proxy:
|
egress:
|
||||||
external: true
|
attachable: true
|
||||||
|
#external: true
|
||||||
|
|
||||||
|
#configs:
|
||||||
|
# filter_file:
|
||||||
|
# # config can be predefined / external or loaded from file
|
||||||
|
# #external: true
|
||||||
|
# file: ./filter.txt
|
||||||
|
|
||||||
|
#secrets:
|
||||||
|
# upstream-proxy:
|
||||||
|
# external: true
|
||||||
|
|
||||||
services:
|
services:
|
||||||
swarmproxy:
|
swarmproxy:
|
||||||
image: gitea.ocram85.com/OCram85/swarmproxy:latest
|
image: gitea.ocram85.com/OCram85/swarmproxy:latest
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
||||||
|
#secrets:
|
||||||
|
# - upstream-proxy
|
||||||
environment:
|
environment:
|
||||||
# mandatory environment variables
|
# Recommended settings
|
||||||
- UPSTREAM_PROXY=
|
# Use an optional upstream proxy
|
||||||
|
#- UPSTREAM_PROXY=
|
||||||
# Set UPSTREAM_PROXY as docker secret if your upstream needs authentication
|
# Set UPSTREAM_PROXY as docker secret if your upstream needs authentication
|
||||||
# Eg.: http://user:password@upstream.intra:3128
|
# Eg.: http://user:password@upstream.intra:3128
|
||||||
#- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY
|
#- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY
|
||||||
|
|
||||||
# optional settings
|
# OPTIONAL config keys
|
||||||
#- TINYPROXY_UID=5123
|
#- TINYPROXY_UID=5123
|
||||||
#- TINYPROXY_GID=5123
|
#- TINYPROXY_GID=5123
|
||||||
#- PORT=8888
|
#- PORT=8888
|
||||||
#- TIMEOUT=600
|
#- TIMEOUT=600
|
||||||
#- LOGLEVEL=Info
|
#- LOGLEVEL=Info
|
||||||
#- MAXCLIENTS=600
|
#- MAXCLIENTS=600
|
||||||
#- FILTER_FILE=/ety/tinyproxy/filter
|
#- FILTER_FILE=/app/filter
|
||||||
deploy:
|
|
||||||
replicas: 1
|
|
||||||
volumes:
|
volumes:
|
||||||
# mount a single file into the container if you need the modify it afterwards
|
# You can mount a single filter file into the container.
|
||||||
# You can reload the file with `kill -s USR1 $(pidof tinyproxy)`
|
# To reload the file use the docker kill -s USR1 <container_id| container_name> command.
|
||||||
- ./filter.txt:/etc/tinyproxy/filter:ro
|
- ./filter.txt:/app/filter:ro
|
||||||
# Use a docker config or volume in production
|
configs:
|
||||||
-
|
- source: filter_file
|
||||||
networks:
|
target: /app/filter
|
||||||
- egress
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
egress:
|
egress:
|
||||||
attachable: true
|
aliases:
|
||||||
#external: true
|
- swarmproxy
|
||||||
|
- proxy
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## 😡 We're Using GitHub Under Protest
|
## 😡 We're Using GitHub Under Protest
|
||||||
|
67
entrypoint.sh
Normal file
67
entrypoint.sh
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
CONFIG="/app/proxy.conf"
|
||||||
|
|
||||||
|
function writeConfig() {
|
||||||
|
cat << EOF >> "$CONFIG"
|
||||||
|
User $TINYPROXY_UID
|
||||||
|
Group $TINYPROXY_GID
|
||||||
|
Port $PORT
|
||||||
|
Timeout $TIMEOUT
|
||||||
|
DefaultErrorFile "/usr/share/tinyproxy/default.html"
|
||||||
|
|
||||||
|
StatHost "tinyproxy.stats"
|
||||||
|
StatFile "/usr/share/tinyproxy/stats.html"
|
||||||
|
|
||||||
|
LogLevel $LOGLEVEL
|
||||||
|
MaxClients $MAXCLIENTS
|
||||||
|
ViaProxyName "Swarmproxy"
|
||||||
|
|
||||||
|
Allow 127.0.0.1/8
|
||||||
|
Allow 10.0.0.0/8
|
||||||
|
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
function addUpstreamConfig() {
|
||||||
|
[ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE)
|
||||||
|
[ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG"
|
||||||
|
}
|
||||||
|
|
||||||
|
function addFilterConfig() {
|
||||||
|
if [ -f "$FILTER_FILE" ]; then
|
||||||
|
cat << FBLOCK >> "$CONFIG"
|
||||||
|
Filter "$FILTER_FILE"
|
||||||
|
FilterURLs Off
|
||||||
|
FilterCaseSensitive Off
|
||||||
|
FilterDefaultDeny Yes
|
||||||
|
FBLOCK
|
||||||
|
else
|
||||||
|
echo "🦁 FILTER_FILE not found or set."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function showConfig() {
|
||||||
|
echo "🦁 Final Swarmproxy config 🦁"
|
||||||
|
cat "$CONFIG"
|
||||||
|
}
|
||||||
|
|
||||||
|
function execTinyproxy() {
|
||||||
|
echo "🦁 Starting Tinyproxy..."
|
||||||
|
echo "args count: $#"
|
||||||
|
echo "args value: $@"
|
||||||
|
exec "/usr/bin/tinyproxy" "$@"
|
||||||
|
}
|
||||||
|
|
||||||
|
function main() {
|
||||||
|
writeConfig
|
||||||
|
addUpstreamConfig
|
||||||
|
addFilterConfig
|
||||||
|
showConfig
|
||||||
|
execTinyproxy $@
|
||||||
|
}
|
||||||
|
|
||||||
|
main $@
|
||||||
|
echo "entrypoint end. 🚀"
|
Loading…
Reference in New Issue
Block a user