Add CA install script
This commit is contained in:
parent
fa5cdc677b
commit
7b66667868
|
@ -3,6 +3,7 @@ FROM alpine:3.16
|
|||
# hadolint ignore=DL3018
|
||||
RUN apk add --no-cache squid openssl darkhttpd
|
||||
COPY run.sh rewrite.awk /
|
||||
COPY install-ca.sh /static/
|
||||
COPY squid.conf /etc/squid/squid.conf
|
||||
RUN chmod 0755 /run.sh /rewrite.awk ; mkdir /ca
|
||||
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
#!/bin/sh
|
||||
|
||||
CA_CRT_URL=http://proxy/ca.crt
|
||||
|
||||
|
||||
download_ca_cert()
|
||||
{
|
||||
[ -e "$1" ] && return
|
||||
type curl >/dev/null 2>&1 && curl -so "$1" "${CA_CRT_URL}"
|
||||
[ -e "$1" ] && return
|
||||
type wget >/dev/null 2>&1 && wget -qO "$1" "${CA_CRT_URL}"
|
||||
[ -e "$1" ] && return
|
||||
if type bash >/dev/null 2>&1 ; then
|
||||
# shellcheck disable=SC2154
|
||||
host_slash_port=$(echo "${http_proxy##http://}" | tr : /)
|
||||
printf "exec 42<>/dev/tcp/%s ; echo -ne 'GET %s HTTP/1.0\r\nConnection: close\r\n\r\n' >&42 ; sed '0,/^\r$/d' <&42" "${host_slash_port}" "${CA_CRT_URL}" | bash
|
||||
fi
|
||||
}
|
||||
|
||||
install_alpine()
|
||||
{
|
||||
mkdir -p /usr/local/share/ca-certificates
|
||||
download_ca_cert /usr/local/share/ca-certificates/proxy.crt
|
||||
cat /usr/local/share/ca-certificates/proxy.crt >> /etc/ssl/certs/ca-certificates.crt
|
||||
apk add ca-certificates
|
||||
update-ca-certificates
|
||||
}
|
||||
|
||||
install_arch()
|
||||
{
|
||||
download_ca_cert /etc/ca-certificates/trust-source/anchors/proxy.crt
|
||||
update-ca-trust
|
||||
}
|
||||
|
||||
install_debian()
|
||||
{
|
||||
mkdir -p /usr/local/share/ca-certificates
|
||||
download_ca_cert /usr/local/share/ca-certificates/proxy.crt
|
||||
update-ca-certificates
|
||||
}
|
||||
|
||||
install_redhat()
|
||||
{
|
||||
download_ca_cert /etc/pki/ca-trust/source/anchors/proxy.crt
|
||||
update-ca-trust
|
||||
}
|
||||
|
||||
[ -e /etc/alpine-release ] && install_alpine
|
||||
[ -e /etc/arch-release ] && install_arch
|
||||
[ -e /etc/debian_version ] && install_debian
|
||||
[ -e /etc/redhat-release ] && install_redhat
|
|
@ -2,8 +2,9 @@
|
|||
|
||||
function handle_request(url, ip_fqdn, ident, method, kv)
|
||||
{
|
||||
if (url == "http://proxy/ca.crt") {
|
||||
return "OK rewrite-url=http://127.0.0.1:9999/ca.crt"
|
||||
if (index(url, "http://proxy/") == 1) {
|
||||
sub(/http:\/\/proxy\//, "http://127.0.0.1:9999/", url)
|
||||
return "OK rewrite-url=" url
|
||||
}
|
||||
return "OK"
|
||||
}
|
||||
|
|
14
run.sh
14
run.sh
|
@ -24,10 +24,12 @@ while [ -e /var/run/squid.pid ] ; do
|
|||
sleep 1
|
||||
done
|
||||
|
||||
syslogd
|
||||
darkhttpd /static --port 9999 --chroot --daemon \
|
||||
--uid nobody --gid nobody \
|
||||
--no-listing
|
||||
squid -s
|
||||
(
|
||||
sleep 1
|
||||
darkhttpd /static --port 9999 --chroot --daemon \
|
||||
--uid nobody --gid nobody \
|
||||
--no-listing
|
||||
squid -s
|
||||
) &
|
||||
|
||||
tail -f /var/log/messages
|
||||
syslogd -n -O -
|
||||
|
|
Loading…
Reference in New Issue