#!/bin/sh

CERTS_DIR=/certs
CA_CERT_FILE="${CERTS_DIR}/ca/cert.pem"
CA_KEY_FILE="${CERTS_DIR}/ca/key.pem"

mkdir -p "${CERTS_DIR}/ca"
if [ ! -e "${CA_CERT_FILE}" ] || [ ! -e "${CA_KEY_FILE}" ] ; then
    rm -f "${CA_CERT_FILE}" "${CA_KEY_FILE}"
    openssl req -new -newkey rsa:2048 -sha256 -days 1500 -nodes -x509 \
        -extensions v3_ca -subj "/C=/ST=/L=/O=/OU=/CN=proxy" \
        -keyout "${CA_KEY_FILE}" -out "${CA_CERT_FILE}"
fi

mkdir -p /static
cp -f "${CA_CERT_FILE}" /static/ca.crt
openssl x509 -in "${CA_CERT_FILE}" -outform DER -out /static/ca.der

[ -d "${CERTS_DIR}/ssl_db" ] || /usr/lib/squid/security_file_certgen -c \
    -s "${CERTS_DIR}/ssl_db" -M 4MB
chown -R squid:squid "${CERTS_DIR}"

[ -e /var/cache/squid/swap.state ] || squid -z
while [ -e /var/run/squid.pid ] ; do
    sleep 1
done

(
    sleep 1
    /usr/local/bin/squid-rewriter -v \
        -listen 127.0.0.1:7777 \
        -dump /static/rewrites.txt \
        2>&1 | logger -p daemon.info -t rewriter
) &

(
    sleep 2
    darkhttpd /static --port 9999 --chroot --daemon \
        --uid nobody --gid nobody \
        --no-listing 
    squid -s
) &

syslogd -n -O -