containers
/
package-cache
2
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Add CA install script
ci/woodpecker/push/lint Pipeline was successful Details
ci/woodpecker/push/docker Pipeline was successful Details
ci/woodpecker/tag/lint Pipeline was successful Details
ci/woodpecker/tag/docker Pipeline was successful Details

This commit is contained in:
Maurizio Porrato 2022-08-21 17:29:20 +01:00
parent fa5cdc677b
commit 7b66667868
4 changed files with 63 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -3,6 +3,7 @@ FROM alpine:3.16
# hadolint ignore=DL3018
RUN apk add --no-cache squid openssl darkhttpd
COPY run.sh rewrite.awk /
COPY install-ca.sh /static/
COPY squid.conf /etc/squid/squid.conf
RUN chmod 0755 /run.sh /rewrite.awk ; mkdir /ca

51
install-ca.sh Normal file
View File

@ -0,0 +1,51 @@
#!/bin/sh
CA_CRT_URL=http://proxy/ca.crt
download_ca_cert()
{
[ -e "$1" ] && return
type curl >/dev/null 2>&1 && curl -so "$1" "${CA_CRT_URL}"
[ -e "$1" ] && return
type wget >/dev/null 2>&1 && wget -qO "$1" "${CA_CRT_URL}"
[ -e "$1" ] && return
if type bash >/dev/null 2>&1 ; then
# shellcheck disable=SC2154
host_slash_port=$(echo "${http_proxy##http://}" | tr : /)
printf "exec 42<>/dev/tcp/%s ; echo -ne 'GET %s HTTP/1.0\r\nConnection: close\r\n\r\n' >&42 ; sed '0,/^\r$/d' <&42" "${host_slash_port}" "${CA_CRT_URL}" | bash
fi
}
install_alpine()
{
mkdir -p /usr/local/share/ca-certificates
download_ca_cert /usr/local/share/ca-certificates/proxy.crt
cat /usr/local/share/ca-certificates/proxy.crt >> /etc/ssl/certs/ca-certificates.crt
apk add ca-certificates
update-ca-certificates
}
install_arch()
{
download_ca_cert /etc/ca-certificates/trust-source/anchors/proxy.crt
update-ca-trust
}
install_debian()
{
mkdir -p /usr/local/share/ca-certificates
download_ca_cert /usr/local/share/ca-certificates/proxy.crt
update-ca-certificates
}
install_redhat()
{
download_ca_cert /etc/pki/ca-trust/source/anchors/proxy.crt
update-ca-trust
}
[ -e /etc/alpine-release ] && install_alpine
[ -e /etc/arch-release ] && install_arch
[ -e /etc/debian_version ] && install_debian
[ -e /etc/redhat-release ] && install_redhat

5
rewrite.awk
View File

@ -2,8 +2,9 @@
function handle_request(url, ip_fqdn, ident, method, kv)
{
if (url == "http://proxy/ca.crt") {
return "OK rewrite-url=http://127.0.0.1:9999/ca.crt"
if (index(url, "http://proxy/") == 1) {
sub(/http:\/\/proxy\//, "http://127.0.0.1:9999/", url)
return "OK rewrite-url=" url
}
return "OK"
}

14
run.sh
View File

@ -24,10 +24,12 @@ while [ -e /var/run/squid.pid ] ; do
sleep 1
done
syslogd
darkhttpd /static --port 9999 --chroot --daemon \
--uid nobody --gid nobody \
--no-listing
squid -s
(
sleep 1
darkhttpd /static --port 9999 --chroot --daemon \
--uid nobody --gid nobody \
--no-listing
squid -s
) &
tail -f /var/log/messages
syslogd -n -O -