#!/bin/bash # Setup the ssl_cert directory if [ ! -d /etc/squid4/ssl_cert ]; then mkdir /etc/squid4/ssl_cert fi chown -R proxy:proxy /etc/squid4 chmod 700 /etc/squid4/ssl_cert # Setup the squid cache directory if [ ! -d /var/cache/squid4 ]; then mkdir -p /var/cache/squid4 fi chown -R proxy: /var/cache/squid4 chmod -R 750 /var/cache/squid4 if [ ! -z $MITM_PROXY ]; then if [ ! -z $MITM_KEY ]; then echo "Copying $MITM_KEY as MITM key..." cp $MITM_KEY /etc/squid4/ssl_cert/mitm.pem chown root:proxy /etc/squid4/ssl_cert/mitm.pem fi if [ ! -z $MITM_CERT ]; then echo "Copying $MITM_CERT as MITM CA..." cp $MITM_CERT /etc/squid4/ssl_cert/mitm.crt chown root:proxy /etc/squid4/ssl_cert/mitm.crt fi if [ -z $MITM_CERT ] || [ -z $MITM_KEY ]; then echo "Must specify $MITM_CERT AND $MITM_KEY." 1>&2 exit 1 fi fi chown proxy: /dev/stdout chown proxy: /dev/stderr # Initialize the certificates database /usr/libexec/security_file_certgen -c -s /var/spool/squid4/ssl_db chown -R proxy: /var/spool/squid4/ssl_db #ssl_crtd -c -s #ssl_db # Set the configuration if [ "$CONFIG_DISABLE" != "yes" ]; then p2 -t /squid.conf.p2 > /etc/squid4/squid.conf # Parse the cache peer lines from the environment and add them to the # configuration echo '# CACHE PEERS FROM DOCKER' >> /etc/squid4/squid.conf env | grep 'CACHE_PEER' | sort | while read cacheline; do echo "# $cacheline " >> /etc/squid4/squid.conf line=$(echo $cacheline | cut -d'=' -f2-) echo "cache_peer $line" >> /etc/squid4/squid.conf done # Parse the extra config lines and append them to the configuration echo '# EXTRA CONFIG FROM DOCKER' >> /etc/squid4/squid.conf env | grep 'EXTRA_CONFIG' | sort | while read extraline; do echo "# $extraline " >> /etc/squid4/squid.conf line=$(echo $extraline | cut -d'=' -f2-) echo "$line" >> /etc/squid4/squid.conf done else echo "/etc/squid4/squid.conf: CONFIGURATION TEMPLATING IS DISABLED." fi if [ "$DNS_OVER_HTTPS" = "yes" ]; then echo "Starting DNS-over-HTTPS proxy..." # TODO: find a way to tie this to the proxychains config dns-over-https-proxy -default "$DNS_OVER_HTTPS_SERVER" \ -address "$DNS_OVER_HTTPS_LISTEN_ADDR" \ -primary-dns "$DNS_OVER_HTTPS_PREFIX_SERVER" \ -fallback-dns "$DNS_OVER_HTTPS_SUFFIX_SERVER" \ -no-fallthrough "$(echo $DNS_OVER_HTTPS_NO_FALLTHROUGH | tr -s ' ' ',')" \ -fallthrough-statuses "$DNS_OVER_HTTPS_FALLTHROUGH_STATUSES" & echo "Adding dns_nameservers line to squid.conf..." echo "dns_nameservers $(echo $DNS_OVER_HTTPS_LISTEN_ADDR | cut -d':' -f1)" >> /etc/squid4/squid.conf fi if [ ! -e /etc/squid4/squid.conf ]; then echo "ERROR: /etc/squid4/squid.conf does not exist. Squid will not work." exit 1 fi # If proxychains is requested and config templating is active if [ "$PROXYCHAIN" = "yes" ] && [ "$CONFIG_DISABLE" != "yes" ]; then echo "# PROXYCHAIN CONFIG FROM DOCKER" > /etc/proxychains.conf # Enable remote DNS proxy if [ ! -z "$PROXYCHAIN_DNS" ]; then echo "proxy_dns" >> /etc/proxychains.conf fi # Configure proxy type if [ ! -z "$PROXYCHAIN_TYPE" ]; then echo "$PROXYCHAIN_TYPE" >> /etc/proxychains.conf else echo "strict_chain" >> /etc/proxychains.conf fi echo "[ProxyList]" >> /etc/proxychains.conf env | grep 'PROXYCHAIN_PROXY' | sort | while read proxyline; do echo "# $proxyline " >> /etc/squid4/squid.conf line=$(echo $proxyline | cut -d'=' -f2-) echo "$line" >> /etc/proxychains.conf done else echo "/etc/proxychains.conf : CONFIGURATION TEMPLATING IS DISABLED" fi # Build the configuration directories if needed squid -z -N if [ "$PROXYCHAIN" = "yes" ]; then if [ ! -e /etc/proxychains.conf ]; then echo "ERROR: /etc/proxychains.conf does not exist. Squid with proxychains will not work." exit 1 fi # Start squid with proxychains proxychains4 -f /etc/proxychains.conf squid -N 2>&1 & PID=$! else # Start squid normally squid -N 2>&1 & PID=$! fi # This construct allows signals to kill the container successfully. trap "kill -TERM $(jobs -p)" INT TERM wait $PID wait $PID exit $?