Adds entrypoint (#6)
All checks were successful
ci / docker (push) Successful in 23s

#### 📖 Summary

- Adds docker entrypoint bash script.

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [x] CI pipeline tests
- [ ] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### 📚 Additional Notes

<!-- A place for additional detail notes. -->

Co-authored-by: OCram85 <marco.blessing@googlemail.com>
Reviewed-on: #6
This commit is contained in:
OCram85 2023-07-12 10:55:59 +02:00
parent 81738ff2f4
commit e1bec95c9d
4 changed files with 117 additions and 59 deletions

View File

@ -1,6 +1,6 @@
FROM alpine:3.18.2 FROM alpine:3.18.2
#LABEL build_version="" # Set labels manually, each build service differs in used or predefined labels.
LABEL maintainer="OCram85" LABEL maintainer="OCram85"
ARG VERSION ARG VERSION
LABEL build_version="${VERSION}" LABEL build_version="${VERSION}"
@ -17,8 +17,7 @@ LABEL org.opencontainers.image.url="https://gitea.ocram85.com/OCram85/swarmproxy
LABEL org.opencontainers.image.source="https://gitea.ocram85.com/OCram85/swarmproxy.git" LABEL org.opencontainers.image.source="https://gitea.ocram85.com/OCram85/swarmproxy.git"
LABEL org.opencontainers.image.documentation="https://gitea.ocram85.com/OCram85/swarmproxy" LABEL org.opencontainers.image.documentation="https://gitea.ocram85.com/OCram85/swarmproxy"
# Use a custom UID/GID instead of the default system UID which has a greater possibility # Use a individual user and group ip for files and process
# for collisions with the host and other containers.
ENV TINYPROXY_UID 5123 ENV TINYPROXY_UID 5123
ENV TINYPROXY_GID 5123 ENV TINYPROXY_GID 5123
@ -28,46 +27,24 @@ ENV PORT "8888"
ENV TIMEOUT "600" ENV TIMEOUT "600"
ENV LOGLEVEL "Info" ENV LOGLEVEL "Info"
ENV MAXCLIENTS "600" ENV MAXCLIENTS "600"
ENV FILTER_FILE "/etc/tinyproxy/filter" ENV FILTER_FILE "/app/filter"
# Curl is for healthchecks.
# get existing packages
# curl for healthchecks and debugging
RUN apk add --no-cache \ RUN apk add --no-cache \
tinyproxy curl tinyproxy curl
RUN mv /etc/tinyproxy/tinyproxy.conf /etc/tinyproxy/tinyproxy.default.conf COPY entrypoint.sh /app/entrypoint.sh
RUN <<EOF cat >> /etc/tinyproxy/tinyproxy.conf RUN touch /app/proxy.conf && \
User $TINYPROXY_UID chmod +x /app/entrypoint.sh && \
Group $TINYPROXY_GID chown -R ${TINYPROXY_UID}:${TINYPROXY_GID} /app /etc/tinyproxy /var/log/tinyproxy
Port $PORT
Timeout $TIMEOUT
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatHost "tinyproxy.stats"
StatFile "/usr/share/tinyproxy/stats.html"
LogLevel $LOGLEVEL
MaxClients $MAXCLIENTS
ViaProxyName "tinyproxy"
Filter "$FILTER_FILE"
FilterURLs Off
FilterCaseSensitive Off
FilterDefaultDeny Yes
Allow 127.0.0.1/8
Allow 10.0.0.0/8
EOF
RUN set -eu && \
CONFIG='/etc/tinyproxy/tinyproxy.conf' && \
[ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE) && \
[ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG"
RUN chown -R ${TINYPROXY_UID}:${TINYPROXY_GID} /etc/tinyproxy /var/log/tinyproxy
USER ${TINYPROXY_UID}:${TINYPROXY_GID} USER ${TINYPROXY_UID}:${TINYPROXY_GID}
WORKDIR /app
EXPOSE 8888 EXPOSE 8888
ENTRYPOINT ["/usr/bin/tinyproxy", "-d"] ENTRYPOINT ["/app/entrypoint.sh"]
CMD ["-c", "/app/proxy.conf", "-d"]

View File

@ -13,7 +13,7 @@
</p> </p>
<h1 align="center"> <h1 align="center">
swarmproxy Swarmproxy - Tame your traffic
</h1> </h1>
<p align="center"> <p align="center">
@ -26,10 +26,9 @@
### 1. ⚡ Get the image 📦 ### 1. ⚡ Get the image 📦
You can download the image from the gitea embedded container registry: `gitea.ocram85.com/ocram85/swarmproxy` with these tags: You can download the image from the Gitea embedded container registry: `gitea.ocram85.com/ocram85/swarmproxy` with these tags:
- `latest` - Is based on the lasted master branch commit. - `latest`, `main` - Is based on the lasted master branch commit.
- `next` - Is a test build based on the pull request
- `1`, `0.1`, `0.1.0` - tag based version. - `1`, `0.1`, `0.1.0` - tag based version.
> **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.** > **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.**
@ -39,43 +38,58 @@ You can download the image from the gitea embedded container registry: `gitea.oc
```yaml ```yaml
version: "3.8" version: "3.8"
secrets: networks:
upstream-proxy: egress:
external: true attachable: true
#external: true
#configs:
# filter_file:
# # config can be predefined / external or loaded from file
# #external: true
# file: ./filter.txt
#secrets:
# upstream-proxy:
# external: true
services: services:
swarmproxy: swarmproxy:
image: gitea.ocram85.com/OCram85/swarmproxy:latest image: gitea.ocram85.com/OCram85/swarmproxy:latest
deploy:
replicas: 1
#secrets:
# - upstream-proxy
environment: environment:
# mandatory environment variables # Recommended settings
- UPSTREAM_PROXY= # Use an optional upstream proxy
#- UPSTREAM_PROXY=
# Set UPSTREAM_PROXY as docker secret if your upstream needs authentication # Set UPSTREAM_PROXY as docker secret if your upstream needs authentication
# Eg.: http://user:password@upstream.intra:3128 # Eg.: http://user:password@upstream.intra:3128
#- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY #- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY
# optional settings # OPTIONAL config keys
#- TINYPROXY_UID=5123 #- TINYPROXY_UID=5123
#- TINYPROXY_GID=5123 #- TINYPROXY_GID=5123
#- PORT=8888 #- PORT=8888
#- TIMEOUT=600 #- TIMEOUT=600
#- LOGLEVEL=Info #- LOGLEVEL=Info
#- MAXCLIENTS=600 #- MAXCLIENTS=600
#- FILTER_FILE=/ety/tinyproxy/filter #- FILTER_FILE=/app/filter
deploy:
replicas: 1
volumes: volumes:
# mount a single file into the container if you need the modify it afterwards # You can mount a single filter file into the container.
# You can reload the file with `kill -s USR1 $(pidof tinyproxy)` # To reload the file use the docker kill -s USR1 <container_id| container_name> command.
- ./filter.txt:/etc/tinyproxy/filter:ro - ./filter.txt:/app/filter:ro
# Use a docker config or volume in production configs:
- - source: filter_file
networks: target: /app/filter
- egress
networks: networks:
egress: egress:
attachable: true aliases:
#external: true - swarmproxy
- proxy
``` ```
## 😡 We're Using GitHub Under Protest ## 😡 We're Using GitHub Under Protest

67
entrypoint.sh Normal file
View File

@ -0,0 +1,67 @@
#!/usr/bin/env sh
set -e
CONFIG="/app/proxy.conf"
function writeConfig() {
cat << EOF >> "$CONFIG"
User $TINYPROXY_UID
Group $TINYPROXY_GID
Port $PORT
Timeout $TIMEOUT
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatHost "tinyproxy.stats"
StatFile "/usr/share/tinyproxy/stats.html"
LogLevel $LOGLEVEL
MaxClients $MAXCLIENTS
ViaProxyName "Swarmproxy"
Allow 127.0.0.1/8
Allow 10.0.0.0/8
EOF
}
function addUpstreamConfig() {
[ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE)
[ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG"
}
function addFilterConfig() {
if [ -f "$FILTER_FILE" ]; then
cat << FBLOCK >> "$CONFIG"
Filter "$FILTER_FILE"
FilterURLs Off
FilterCaseSensitive Off
FilterDefaultDeny Yes
FBLOCK
else
echo "🦁 FILTER_FILE not found or set."
fi
}
function showConfig() {
echo "🦁 Final Swarmproxy config 🦁"
cat "$CONFIG"
}
function execTinyproxy() {
echo "🦁 Starting Tinyproxy..."
echo "args count: $#"
echo "args value: $@"
exec "/usr/bin/tinyproxy" "$@"
}
function main() {
writeConfig
addUpstreamConfig
addFilterConfig
showConfig
execTinyproxy $@
}
main $@
echo "entrypoint end. 🚀"