Add CA install script
This commit is contained in:
parent
fa5cdc677b
commit
7b66667868
|
@ -3,6 +3,7 @@ FROM alpine:3.16
|
||||||
# hadolint ignore=DL3018
|
# hadolint ignore=DL3018
|
||||||
RUN apk add --no-cache squid openssl darkhttpd
|
RUN apk add --no-cache squid openssl darkhttpd
|
||||||
COPY run.sh rewrite.awk /
|
COPY run.sh rewrite.awk /
|
||||||
|
COPY install-ca.sh /static/
|
||||||
COPY squid.conf /etc/squid/squid.conf
|
COPY squid.conf /etc/squid/squid.conf
|
||||||
RUN chmod 0755 /run.sh /rewrite.awk ; mkdir /ca
|
RUN chmod 0755 /run.sh /rewrite.awk ; mkdir /ca
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,51 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
CA_CRT_URL=http://proxy/ca.crt
|
||||||
|
|
||||||
|
|
||||||
|
download_ca_cert()
|
||||||
|
{
|
||||||
|
[ -e "$1" ] && return
|
||||||
|
type curl >/dev/null 2>&1 && curl -so "$1" "${CA_CRT_URL}"
|
||||||
|
[ -e "$1" ] && return
|
||||||
|
type wget >/dev/null 2>&1 && wget -qO "$1" "${CA_CRT_URL}"
|
||||||
|
[ -e "$1" ] && return
|
||||||
|
if type bash >/dev/null 2>&1 ; then
|
||||||
|
# shellcheck disable=SC2154
|
||||||
|
host_slash_port=$(echo "${http_proxy##http://}" | tr : /)
|
||||||
|
printf "exec 42<>/dev/tcp/%s ; echo -ne 'GET %s HTTP/1.0\r\nConnection: close\r\n\r\n' >&42 ; sed '0,/^\r$/d' <&42" "${host_slash_port}" "${CA_CRT_URL}" | bash
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
install_alpine()
|
||||||
|
{
|
||||||
|
mkdir -p /usr/local/share/ca-certificates
|
||||||
|
download_ca_cert /usr/local/share/ca-certificates/proxy.crt
|
||||||
|
cat /usr/local/share/ca-certificates/proxy.crt >> /etc/ssl/certs/ca-certificates.crt
|
||||||
|
apk add ca-certificates
|
||||||
|
update-ca-certificates
|
||||||
|
}
|
||||||
|
|
||||||
|
install_arch()
|
||||||
|
{
|
||||||
|
download_ca_cert /etc/ca-certificates/trust-source/anchors/proxy.crt
|
||||||
|
update-ca-trust
|
||||||
|
}
|
||||||
|
|
||||||
|
install_debian()
|
||||||
|
{
|
||||||
|
mkdir -p /usr/local/share/ca-certificates
|
||||||
|
download_ca_cert /usr/local/share/ca-certificates/proxy.crt
|
||||||
|
update-ca-certificates
|
||||||
|
}
|
||||||
|
|
||||||
|
install_redhat()
|
||||||
|
{
|
||||||
|
download_ca_cert /etc/pki/ca-trust/source/anchors/proxy.crt
|
||||||
|
update-ca-trust
|
||||||
|
}
|
||||||
|
|
||||||
|
[ -e /etc/alpine-release ] && install_alpine
|
||||||
|
[ -e /etc/arch-release ] && install_arch
|
||||||
|
[ -e /etc/debian_version ] && install_debian
|
||||||
|
[ -e /etc/redhat-release ] && install_redhat
|
|
@ -2,8 +2,9 @@
|
||||||
|
|
||||||
function handle_request(url, ip_fqdn, ident, method, kv)
|
function handle_request(url, ip_fqdn, ident, method, kv)
|
||||||
{
|
{
|
||||||
if (url == "http://proxy/ca.crt") {
|
if (index(url, "http://proxy/") == 1) {
|
||||||
return "OK rewrite-url=http://127.0.0.1:9999/ca.crt"
|
sub(/http:\/\/proxy\//, "http://127.0.0.1:9999/", url)
|
||||||
|
return "OK rewrite-url=" url
|
||||||
}
|
}
|
||||||
return "OK"
|
return "OK"
|
||||||
}
|
}
|
||||||
|
|
14
run.sh
14
run.sh
|
@ -24,10 +24,12 @@ while [ -e /var/run/squid.pid ] ; do
|
||||||
sleep 1
|
sleep 1
|
||||||
done
|
done
|
||||||
|
|
||||||
syslogd
|
(
|
||||||
darkhttpd /static --port 9999 --chroot --daemon \
|
sleep 1
|
||||||
--uid nobody --gid nobody \
|
darkhttpd /static --port 9999 --chroot --daemon \
|
||||||
--no-listing
|
--uid nobody --gid nobody \
|
||||||
squid -s
|
--no-listing
|
||||||
|
squid -s
|
||||||
|
) &
|
||||||
|
|
||||||
tail -f /var/log/messages
|
syslogd -n -O -
|
||||||
|
|
Loading…
Reference in New Issue