Remove privoxy, use squid

2021-08-06 06:05:28 +00:00 · 2021-08-06 06:05:28 +00:00 · 0014c3f5b2
commit 0014c3f5b2
parent 44020e2303
6 changed files with 38 additions and 47 deletions
--- a/images/privoxy/Dockerfile
+++ b/images/privoxy/Dockerfile
@ -1,22 +0,0 @@
-FROM ubuntu:latest
-
-ARG REMOTEEXEC_ADDR
-
-COPY user.action .
-COPY privoxy.conf .
-COPY start-proxy.sh .
-
-RUN apt-get update && apt-get install -y privoxy bash sudo socat
-
-#RUN useradd -u 2000 -m ghproxy \
-#    && usermod -aG sudo ghproxy \
-#    && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
-
-#RUN useradd -m runner1 \
-#    && usermod -aG sudo runner1
-#
-#USER ghproxy
-
-CMD sudo chmod +x ./start-proxy.sh &&\
-    REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\
-    ./start-proxy.sh
--- a/images/privoxy/privoxy.conf
+++ b/images/privoxy/privoxy.conf
@ -1,18 +0,0 @@
-#confdir /etc/privoxy
-logdir /var/log/privoxy
-
-#listen-address 127.0.0.1:8118
-listen-address 0.0.0.0:8118
-
-debug 1024
-#debug 32768 # log all data read from the network
-#debug 65536 # Log the applying actions
-
-toggle 1
-enable-remote-toggle 0
-enable-edit-actions 1
-enable-remote-http-toggle 0
-enforce-blocks 1
-
-actionsfile user.action
-
--- a/images/squid/Dockerfile
+++ b/images/squid/Dockerfile
@ -0,0 +1,12 @@
+FROM ubuntu:latest
+
+COPY whitelist /etc/squid/whitelist
+COPY squid.conf /etc/squid/squid.conf
+COPY start-proxy.sh .
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y squid bash sudo socat
+
+CMD sudo chmod +x ./start-proxy.sh &&\
+    ./start-proxy.sh
--- a/images/squid/squid.conf
+++ b/images/squid/squid.conf
@ -0,0 +1,23 @@
+http_port 8118
+
+acl localnet src 10.0.0.0/8     # RFC 1918 possible internal network
+acl localnet src 172.16.0.0/12  # RFC 1918 possible internal network
+acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
+
+acl SSL_ports port 443
+acl Safe_ports port 80
+acl Safe_ports port 443
+acl CONNECT method CONNECT
+
+acl whitelist dstdomain "/etc/squid/whitelist"
+http_access deny !whitelist
+
+debug_options ALL,1 28,3 33,2
+
+http_access deny manager
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+
+http_access allow localhost
+http_access allow localnet
+http_access deny all
--- a/images/privoxy/start-proxy.sh
+++ b/images/privoxy/start-proxy.sh
@ -10,4 +10,4 @@ test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
 socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
 sudo chmod 777 /tmp/proxy/bots.sock

-privoxy --no-daemon privoxy.conf
+squid -N
--- a/images/privoxy/user.action
+++ b/images/privoxy/user.action
@ -1,7 +1,3 @@
-{ +block{blocked} } 
-/ # Block all URLs
-
-{ -block }
 .github.com
 .docker.io
 .docker.com
@ -9,7 +5,7 @@
 .ubuntu.com

 # for buildeps
-chromium.googlesource.com
+#chromium.googlesource.com

 # for chr-source
 chrome-infra-packages.appspot.com
@ -17,4 +13,4 @@ chrome-infra-packages.appspot.com
 .googlesource.com

 # for goma client
-chrome-infra-packages.appspot.com
+#chrome-infra-packages.appspot.com