b4tman/docker-squid
1
0
Fork 0
mirror of https://github.com/b4tman/docker-squid.git synced 2025-11-04 11:08:29 +00:00
Code Issues Packages Releases Activity

sslbump: rootless (#125)

Browse Source 
sslbump: shell script instead of long cmd

add 'ssl-bump' image test

add access_for_localnet for image test

allow_all instead of localnet for test

change test conf

fix test compose
This commit is contained in:
Dmitry Belyaev
2024-01-23 22:45:13 +03:00
committed by Dmitry Belyaev
parent 3ceca4d5f2
commit 12abc8228d
5 changed files with 58 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
.github/workflows/dockerimage.yml vendored
View File

@@ -65,13 +65,38 @@ jobs:
mv /tmp/.buildx-cache-new /tmp/.buildx-cache mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Test image - name: Test image
run: docker compose -f docker-compose.test.yml up --pull never sut run: |
set -ex
docker compose -f docker-compose.test.yml up --pull never sut --exit-code-from sut
docker compose -f docker-compose.test.yml down
- name: Build 'ssl-bump' image - name: set base image for 'ssl-bump'
run: | run: |
sed -i "s%FROM b4tman/squid%FROM $TEST_TAG%" ssl-bump/Dockerfile sed -i "s%FROM b4tman/squid%FROM $TEST_TAG%" ssl-bump/Dockerfile
docker build ssl-bump
- name: Build 'ssl-bump' image
uses: docker/build-push-action@v5
with:
context: .
push: false
load: true
tags: ${{ env.TEST_TAG }}-ssl-bump
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Test 'ssl-bump' image
run: |
set -ex
TEST_TAG="${TEST_TAG}-ssl-bump" docker compose -f docker-compose.test.yml up --pull never sut --exit-code-from sut
docker compose -f docker-compose.test.yml down
push: push:
needs: test needs: test
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04

2
docker-compose.test.yml
View File

@@ -2,6 +2,8 @@ version: '2.3'
services: services:
proxy: proxy:
image: "${TEST_TAG}" image: "${TEST_TAG}"
volumes:
- './test_localnet.conf:/etc/squid/conf.d/test_localnet.conf:ro'
healthcheck: healthcheck:
test: ["CMD", "sh", "-exc", "squidclient -T 3 mgr:info 2> /dev/null | grep -qF '200 OK'"] test: ["CMD", "sh", "-exc", "squidclient -T 3 mgr:info 2> /dev/null | grep -qF '200 OK'"]
interval: 5s interval: 5s

5
ssl-bump/Dockerfile
View File

@@ -1,4 +1,5 @@
FROM b4tman/squid FROM b4tman/squid
USER root COPY run.sh /
CMD ["sh", "-c", "(test -d /var/cache/squid/ssl_db || /usr/lib/squid/security_file_certgen -c -s /var/cache/squid/ssl_db -M 4MB) && /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -z && exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -YCd 1"]
CMD ["/run.sh"]

14
ssl-bump/run.sh Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/sh
set -x
# init ssl_db
if [ ! -d /var/cache/squid/ssl_db ]; then
/usr/lib/squid/security_file_certgen -c -s /var/cache/squid/ssl_db -M 4MB
fi
# init cache
/usr/sbin/squid -f "${SQUID_CONFIG_FILE}" --foreground -z
# run squid
exec /usr/sbin/squid -f "${SQUID_CONFIG_FILE}" --foreground -YCd 1

11
test_localnet.conf Normal file
View File

@@ -0,0 +1,11 @@
acl localnet1 src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet1 src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet1 src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet1 src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet1 src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet1 src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet1 src fc00::/7 # RFC 4193 local private network range
acl localnet1 src fe80::/10 # RFC 4291 link-local (directly plugged) machines
http_access allow localnet1
http_access allow localhost manager