diff --git a/Dockerfile b/Dockerfile index 941d514..f486333 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,20 @@ -FROM alpine:3.16 +FROM docker.io/library/golang:1.19-alpine3.16 as builder + +# hadolint ignore=DL3018 +RUN apk add --no-cache build-base && \ + go install -ldflags "-s -w" -trimpath git.worn.eu/guru/squid-rewriter@latest + +############################################################################# + +FROM docker.io/library/alpine:3.16 # hadolint ignore=DL3018 RUN apk add --no-cache squid openssl darkhttpd -COPY run.sh rewrite.awk / +COPY run.sh / COPY install-ca.sh /static/ -COPY squid.conf /etc/squid/squid.conf -RUN chmod 0755 /run.sh /rewrite.awk ; mkdir /ca +COPY squid.conf rewrites.yaml /etc/squid/ +COPY --from=builder /go/bin/squid-rewriter /usr/local/bin/ +RUN chmod 0755 /run.sh /usr/local/bin/squid-rewriter ; mkdir /ca VOLUME /var/cache/squid EXPOSE 3128 diff --git a/rewrite.awk b/rewrite.awk deleted file mode 100755 index 6825f35..0000000 --- a/rewrite.awk +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/awk -f - -function handle_request(url, ip_fqdn, ident, method, kwargs) -{ - if (index(url, "http://proxy/") == 1) { - sub(/http:\/\/proxy\//, "http://127.0.0.1:9999/", url) - return "OK rewrite-url=" url - } - return "OK" -} - -$1 ~ /^[0-9]+$/ {request_id=$1 " "; request_url=$2; request_ip_fqdn=$3; request_ident=$4; request_method=$5; first_pair=6} -$1 !~ /^[0-9]+$/ {request_id=""; request_url=$1; request_ip_fqdn=$2; request_ident=$3; request_method=$4; first_pair=5} -{ - split("", kv); - for (i=first_pair; i<=NF; i++) { - split($i, parts, sep="=") - kv[parts[1]]=parts[2] - } - print request_id handle_request(request_url, request_ip_fqdn, request_ident, request_method, kv) -} diff --git a/rewrites.yaml b/rewrites.yaml new file mode 100644 index 0000000..85b836f --- /dev/null +++ b/rewrites.yaml @@ -0,0 +1,31 @@ +--- +# This is an example rewrite rules file +rewrites: + - name: static + urls: + - http://proxy/ + destination: http://127.0.0.1:9999/ + - name: alpine + distro: alpine + destination: https://dl-cdn.alpinelinux.org/alpine/ + - name: debian + distro: debian + destination: http://deb.debian.org/debian/ + - name: arch + distro: arch + destination: https://geo.mirror.pkgbuild.com/ + - name: fedora + distro: fedora + destination: https://fedora.mirrorservice.org/fedora/linux/ + - name: fedora + distro: fedora:epel + destination: https://fedora.mirrorservice.org/epel/ + - name: ubuntu + distro: ubuntu + destination: http://archive.ubuntu.com/ubuntu/ + - name: mint + distro: mint + destination: https://mirrors.layeronline.com/linuxmint/ + - name: slackware + distro: slackware + destination: https://www.mirrorservice.org/sites/ftp.slackware.com/pub/slackware/ diff --git a/run.sh b/run.sh index faae2c4..9201c9a 100755 --- a/run.sh +++ b/run.sh @@ -33,4 +33,11 @@ done squid -s ) & +( + sleep 3 + # Force the spawning of the rewrite process to avoid slowing down the first + # client request + http_proxy=http://127.0.0.1:3128 wget -qO /dev/null http://proxy/ca.crt +) & + syslogd -n -O - diff --git a/squid.conf b/squid.conf index 36501a3..c9306ac 100644 --- a/squid.conf +++ b/squid.conf @@ -48,8 +48,8 @@ refresh_pattern \.apk$ 129600 100% 129600 refresh_pattern \.(tar|iso)(\.[zZ]|\.gz|\.bz2?|\.xz|\.zstd?)?(\.sig)?$ 129600 100% 129600 refresh_pattern . 0 20% 4320 -url_rewrite_children 4 -url_rewrite_program /rewrite.awk +url_rewrite_children 1 +url_rewrite_program /usr/local/bin/squid-rewriter sslcrtd_program /usr/lib/squid/security_file_certgen -s /certs/ssl_db -M 4MB acl step1 at_step SslBump1