diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index 897a0d5..25e6d04 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -1,26 +1,34 @@ name: ci -run-name: docker pipeline - on: push: - #branches: none #[ main ] - tags-ignore: - - '*' + branches: + - 'main' + tags: + - 'v*' pull_request: - #branches: none # [ main ] - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: + branches: + - 'main' + jobs: - test-build: + docker: runs-on: ubuntu-latest container: image: catthehacker/ubuntu:act-latest steps: - #- - # name: Set up QEMU - # uses: actions/setup-qemu-action@v2 + - + name: Docker meta + id: meta + uses: actions/metadata-action@v4 + with: + images: | + gitea.ocram85.com/ocram85/swarmproxy + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} - name: Set up Docker Buildx uses: actions/setup-buildx-action@v2 @@ -36,5 +44,6 @@ jobs: name: Build and push uses: actions/build-push-action@v4 with: - push: false - tags: gitea.ocram85.com/ocram85/swarmproxy:next + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml deleted file mode 100644 index 1c75bb0..0000000 --- a/.gitea/workflows/deploy.yaml +++ /dev/null @@ -1,50 +0,0 @@ -name: deployment - -run-name: tag based container build and push - -on: - push: - branches: - - 'master' - tags: - - 'v*' - -jobs: - deployment-job: - runs-on: ubuntu-latest - container: - image: catthehacker/ubuntu:act-latest - steps: - - - name: Docker meta - id: meta - uses: actions/metadata-action@v4 - with: - images: | - gitea.ocram85.com/ocram85/swarmproxy - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Set up QEMU - uses: actions/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: actions/setup-buildx-action@v2 - - - name: Login to Gitea Package Registry - uses: actions/login-action@v2 - with: - registry: gitea.ocram85.com - username: ${{ secrets.USERNAME }} - #password: ${{ secrets.PASSWORD }} - password: ${{ secrets.TOKEN }} - - - name: Build and push - uses: actions/build-push-action@v4 - with: - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - #tags: gitea.ocram85.com/ocram85/swarmproxy:next2 - diff --git a/.gitea/workflows/test.yaml b/.gitea/workflows/test.yaml new file mode 100644 index 0000000..c58dac3 --- /dev/null +++ b/.gitea/workflows/test.yaml @@ -0,0 +1,29 @@ +name: test + +run-name: docker pipeline + +on: [ 'push' ] + +jobs: + docker: + runs-on: ubuntu-latest + container: + image: catthehacker/ubuntu:act-latest + steps: + - + name: Set up Docker Buildx + uses: actions/setup-buildx-action@v2 + #- + # name: Login to Gitea Package Registry + # uses: actions/login-action@v2 + # with: + # registry: gitea.ocram85.com + # username: ${{ secrets.USERNAME }} + # password: ${{ secrets.TOKEN }} + - + name: Build and push + uses: actions/build-push-action@v4 + with: + push: false + #tags: gitea.ocram85.com/ocram85/swarmproxy:next + tags: ocram85/swarmproxy:test diff --git a/Dockerfile b/Dockerfile index a291253..3dfaed1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,6 +23,7 @@ ENV TINYPROXY_UID 5123 ENV TINYPROXY_GID 5123 ENV UPSTREAM_PROXY "" +ENV UPSTREAM_PROXY_FILE "" ENV PORT "8888" ENV TIMEOUT "600" ENV LOGLEVEL "Info" @@ -49,8 +50,6 @@ LogLevel $LOGLEVEL MaxClients $MAXCLIENTS ViaProxyName "tinyproxy" -#upstream http $UPSTREAM_PROXY "." - Filter "$FILTER_FILE" FilterURLs Off FilterCaseSensitive Off @@ -58,8 +57,14 @@ FilterDefaultDeny Yes Allow 127.0.0.1/8 Allow 10.0.0.0/8 + EOF +RUN set -eu && \ + CONFIG='/etc/tinyproxy/tinyproxy.conf' && \ + [ -z "$UPSTREAM_PROXY_FILE" ] || export UPSTREAM_PROXY=$(cat $UPSTREAM_PROXY_FILE) && \ + [ -z "$UPSTREAM_PROXY" ] || echo "upstream http $UPSTREAM_PROXY \".\"" >> "$CONFIG" + RUN chown -R ${TINYPROXY_UID}:${TINYPROXY_GID} /etc/tinyproxy /var/log/tinyproxy USER ${TINYPROXY_UID}:${TINYPROXY_GID} diff --git a/README.md b/README.md index 1822218..c047b20 100644 --- a/README.md +++ b/README.md @@ -17,23 +17,116 @@

- swarmproxy docker image + Swarmproxy is a simple http/https proxy for outbound traffic in a docker swarm cluster.

-

- - Main Branch Build Status - -

+## :book: About -## :book: General +## 🤖 Quickstart -> :bulb: tbd... +### 1. ⚡ Get the image 📦 + +You can download the image from the gitea embedded container registry: `gitea.ocram85.com/ocram85/swarmproxy` with these tags: + +- `latest` - Is based on the lasted master branch commit. +- `next` - Is a test build based on the pull request +- `1`, `0.1`, `0.1.0` - tag based version. + +> **💡 NOTE: See the [packages page](https://gitea.ocram85.com/OCram85/-/packages/container/swarmproxy/latest) for latest version and all other available tags.** + +### 2.a Run as Docker Swarm Stack + +```yaml +version: "3.8" + +secrets: + upstream-proxy: + external: true + +services: + swarmproxy: + image: gitea.ocram85.com/OCram85/swarmproxy:latest + environment: + # mandatory environment variables + - UPSTREAM_PROXY= + # Set UPSTREAM_PROXY as docker secret if your upstream needs authentication + # Eg.: http://user:password@upstream.intra:3128 + #- UPSTREAM_PROXY_FILE=/run/secrets/UPSTREAM_PROXY + + # optional settings + #- TINYPROXY_UID=5123 + #- TINYPROXY_GID=5123 + #- PORT=8888 + #- TIMEOUT=600 + #- LOGLEVEL=Info + #- MAXCLIENTS=600 + #- FILTER_FILE=/ety/tinyproxy/filter + deploy: + replicas: 1 + volumes: + # mount a single file into the container if you need the modify it afterwards + # You can reload the file with `kill -s USR1 $(pidof tinyproxy)` + - ./filter.txt:/etc/tinyproxy/filter:ro + # Use a docker config or volume in production + - + networks: + - egress + +networks: + egress: + attachable: true + #external: true +``` + +## 😡 We're Using GitHub Under Protest + +This project is currently **mirrored** to GitHub. This is not ideal; GitHub is a +proprietary, trade-secret system that is not Free and Open Source Software +(FOSS). We are deeply concerned about using a proprietary system like GitHub +to develop our FOSS project. We have an +[open Gitea repository ](https://gitea.ocram85.com/OCram85/swarmproxy/issues) where the +project contributors are actively discussing how we can move away from GitHub +in the long term. We urge you to read about the +[Give up GitHub](https://GiveUpGitHub.org) campaign from +[the Software Freedom Conservancy](https://sfconservancy.org) to understand +some of the reasons why GitHub is not a good place to host FOSS projects. + +If you are a contributor who personally has already quit using GitHub, please +[check this resource](https://gitea.ocram85.com/OCram85/swarmproxy) for how to send us contributions without +using GitHub directly. + +Any use of this project's code by GitHub Copilot, past or present, is done +without our permission. We do not consent to GitHub's use of this project's +code in Copilot. + +![Logo of the GiveUpGitHub campaign](https://sfconservancy.org/img/GiveUpGitHub.png) ## 🙏 Credits swarmproxy is based on the following projects and wouldn't be possible without them: -- [https://github.com/tinyproxy/tinyproxy](Tinyproxy) - The Tinyproxy project itself -- [https://github.com/kalaksi/docker-tinyproxy](docker-tinyproxy) - A containerized tinyproxy variant. -- [https://github.com/ajoergensen/docker-tinyproxy](docker-tinyproxy) - A containerized tinyproxy variant. +- [Tinyproxy](https://github.com/tinyproxy/tinyproxy) - The Tinyproxy project itself +- [docker-tinyproxy](https://github.com/kalaksi/docker-tinyproxy) - A containerized tinyproxy variant. +- [docker-tinyproxy](https://github.com/ajoergensen/docker-tinyproxy) - A containerized tinyproxy variant. + +## ⚖️ License (AGPLv3) + +![AGPL](https://www.gnu.org/graphics/agplv3-155x51.png) + +``` +Swarmproxy - A simple http/https proxy for outbound traffic in a docker swarm cluster. +Copyright (C) 2023 "OCram85 " + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +```