add proxy support
This commit is contained in:
uazo
parent
5f239bfb4c
commit
532a0475bf
@ -23,7 +23,7 @@ RUN mkdir -p /run/systemd && echo 'docker' > /run/systemd/container
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
systemd systemd-sysv libsystemd0 ca-certificates dbus \
|
||||
iptables iproute2 kmod locales sudo udev && \
|
||||
iptables iproute2 kmod locales sudo udev socat && \
|
||||
echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \
|
||||
apt-get clean -y && \
|
||||
rm -rf /var/cache/debconf/* /var/lib/apt/lists/* /var/log/* /tmp/* /var/tmp/* \
|
||||
@ -50,7 +50,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y openssh-server
|
||||
mkdir /home/admin/.ssh && \
|
||||
chown admin:admin /home/admin/.ssh
|
||||
|
||||
EXPOSE 22
|
||||
#EXPOSE 22
|
||||
|
||||
# Extra deps for GHA Runner
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
@ -63,7 +63,7 @@ RUN apt-get update \
|
||||
wget \
|
||||
zip \
|
||||
git \
|
||||
pigz \
|
||||
pigz nano \
|
||||
&& rm -rf /var/lib/apt/list/*
|
||||
|
||||
# Add and config runner user as sudo
|
||||
@ -77,7 +77,7 @@ RUN useradd -m runner \
|
||||
|
||||
# Build args
|
||||
ARG TARGETPLATFORM=amd64
|
||||
ARG RUNNER_VERSION=2.302.1
|
||||
ARG RUNNER_VERSION=2.302.4
|
||||
WORKDIR /runner
|
||||
|
||||
# Runner download supports amd64 as x64
|
||||
@ -109,5 +109,12 @@ RUN chmod +x ./patched/runsvc.sh /usr/local/bin/startup.sh
|
||||
|
||||
USER runner
|
||||
|
||||
ENV HTTP_PROXY="http://127.0.0.1:8118"
|
||||
ENV HTTPS_PROXY="http://127.0.0.1:8118"
|
||||
ENV http_proxy="http://127.0.0.1:8118"
|
||||
ENV https_proxy="http://127.0.0.1:8118"
|
||||
COPY docker.default /etc/default/docker
|
||||
COPY proxy.conf /etc/apt/apt.conf.d/proxy.conf
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
|
||||
CMD ["startup.sh"]
|
||||
|
||||
2
images/github-runner/docker.default
Normal file
2
images/github-runner/docker.default
Normal file
@ -0,0 +1,2 @@
|
||||
export http_proxy="http://127.0.0.1:8118"
|
||||
export https_proxy="http://127.0.0.1:8118"
|
||||
1
images/github-runner/proxy.conf
Normal file
1
images/github-runner/proxy.conf
Normal file
@ -0,0 +1 @@
|
||||
Acquire::http::Proxy "http://127.0.0.1:8118";
|
||||
@ -1,8 +1,15 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "Starting Proxy Support"
|
||||
socat TCP-LISTEN:8118,reuseaddr,fork UNIX-CLIENT:/tmp/forward-proxy/proxy.sock &
|
||||
sudo iptables -A INPUT -p tcp -s localhost --dport 8118 -j ACCEPT
|
||||
sudo iptables -A INPUT -p tcp --dport 8118 -j DROP
|
||||
|
||||
echo "Starting supervisor (Docker)"
|
||||
sudo service docker start
|
||||
|
||||
#bash
|
||||
|
||||
if [ -n "${GITHUB_REPOSITORY}" ]
|
||||
then
|
||||
auth_url="https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPOSITORY}/actions/runners/registration-token"
|
||||
|
||||
@ -7,9 +7,6 @@ NC='\033[0m' # No Color
|
||||
|
||||
echo -e ${RED} -------- start goma-server ${NC}
|
||||
|
||||
#test -f /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
|
||||
#socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
|
||||
|
||||
socat TCP-LISTEN:50051,reuseaddr,fork UNIX-CLIENT:/tmp/proxy/bots.sock &
|
||||
|
||||
cd ./goma-server/
|
||||
|
||||
13
images/privoxy/Dockerfile
Normal file
13
images/privoxy/Dockerfile
Normal file
@ -0,0 +1,13 @@
|
||||
FROM alpine:3.14
|
||||
|
||||
ARG REMOTEEXEC_ADDR
|
||||
|
||||
COPY user.action .
|
||||
COPY privoxy.conf .
|
||||
COPY start-proxy.sh .
|
||||
|
||||
RUN apk update && apk add privoxy bash sudo socat
|
||||
|
||||
CMD sudo chmod +x ./start-proxy.sh &&\
|
||||
REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\
|
||||
./start-proxy.sh
|
||||
18
images/privoxy/privoxy.conf
Normal file
18
images/privoxy/privoxy.conf
Normal file
@ -0,0 +1,18 @@
|
||||
#confdir /etc/privoxy
|
||||
logdir /var/log/privoxy
|
||||
|
||||
#listen-address 127.0.0.1:8118
|
||||
listen-address 0.0.0.0:8118
|
||||
|
||||
debug 1024
|
||||
#debug 32768 # log all data read from the network
|
||||
#debug 65536 # Log the applying actions
|
||||
|
||||
toggle 1
|
||||
enable-remote-toggle 0
|
||||
enable-edit-actions 1
|
||||
enable-remote-http-toggle 0
|
||||
enforce-blocks 1
|
||||
|
||||
actionsfile user.action
|
||||
|
||||
12
images/privoxy/start-proxy.sh
Normal file
12
images/privoxy/start-proxy.sh
Normal file
@ -0,0 +1,12 @@
|
||||
#!/bin/bash
|
||||
|
||||
test -e /tmp/forward-proxy/proxy.sock && sudo rm /tmp/forward-proxy/proxy.sock
|
||||
test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
|
||||
|
||||
socat UNIX-LISTEN:/tmp/forward-proxy/proxy.sock,reuseaddr,fork TCP:127.0.0.1:8118 &
|
||||
socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
|
||||
|
||||
sudo chmod 777 /tmp/forward-proxy/proxy.sock
|
||||
sudo chmod 777 /tmp/proxy/bots.sock
|
||||
|
||||
privoxy --no-daemon privoxy.conf
|
||||
20
images/privoxy/user.action
Normal file
20
images/privoxy/user.action
Normal file
@ -0,0 +1,20 @@
|
||||
{ +block{blocked} }
|
||||
/ # Block all URLs
|
||||
|
||||
{ -block }
|
||||
.github.com
|
||||
.docker.io
|
||||
.docker.com
|
||||
.githubusercontent.com
|
||||
.ubuntu.com
|
||||
|
||||
# for buildeps
|
||||
chromium.googlesource.com
|
||||
|
||||
# for chr-source
|
||||
chrome-infra-packages.appspot.com
|
||||
.googleapis.com
|
||||
.googlesource.com
|
||||
|
||||
# for goma client
|
||||
chrome-infra-packages.appspot.com
|
||||
Loading…
Reference in New Issue
Block a user