working

2018-10-05 18:59:02 -06:00 · 2018-10-05 18:59:02 -06:00 · 53812eeda3
commit 53812eeda3
10 changed files with 230 additions and 0 deletions
--- a/18
+++ b/18
@ -0,0 +1,18 @@
+FROM alpine:3.6
+
+LABEL description="Docker image for caddy+forwardproxy plugin."
+LABEL maintainer="SergeyFrolov@colorado.edu"
+
+RUN apk add --no-cache ca-certificates bash curl stunnel
+
+RUN curl --fail https://getcaddy.com > /get-caddy.sh
+RUN bash /get-caddy.sh personal http.forwardproxy
+
+COPY gen_caddyfile_and_start.sh /bin/
+COPY stunnel.sh /stunnel.sh
+
+VOLUME /root/.caddy
+
+EXPOSE 80 443 2015
+
+ENTRYPOINT /bin/gen_caddyfile_and_start.sh
--- a/README.md
+++ b/README.md
@ -0,0 +1,7 @@
+# caddy-forwardproxy
+A docker image for Caddy web server + forwardproxy plugin.
+Allows to easily set up private web server with proxying.
+### Build
+```docker build -t caddy-forwardproxy .```
+### Usage
+Please find latest usage instructions in [run.sh](./run.sh).
--- a/build.sh
+++ b/build.sh
@ -0,0 +1,12 @@
+#! /bin/bash
+
+set -e
+
+docker build -t caddsies .
+
+docker run --rm -it \
+   -p 2018:2018 \
+   -v $(pwd)/caddyfile:/etc/caddy/Caddyfile \
+   -v $(pwd)/caddsiesserver.crt:/etc/server.crt \
+   -v $(pwd)/caddsiesserver.key:/etc/server.key \
+   caddsies:latest
--- a/caddsiesserver.crt
+++ b/caddsiesserver.crt
@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFJDCCAwygAwIBAgIJANHKGxC2/tm1MA0GCSqGSIb3DQEBCwUAMD4xCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJVVDEOMAwGA1UECgwFYnJlZWwxEjAQBgNVBAMMCWxv
+Y2FsaG9zdDAeFw0xODEwMDYwMDQyMzZaFw0xOTEwMDYwMDQyMzZaMD4xCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJVVDEOMAwGA1UECgwFYnJlZWwxEjAQBgNVBAMMCWxv
+Y2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ+VuXBzQ8gQ
+HUFQd5N515zCpX31537gDofncJ/RtDCwYyL1e+P6iPyWVM5q6XZshUijB0snCiGg
+D4Mu6FhqBLd3UiuFk73UlGR4N3K2iBmr8yUW1/M4vP+PpPhnwFQRUG0Su4Zk3DeC
+A0NRHqB1scfzAkpiIsMTGB9FDfW9TUS2vq9uaCJyU4U7qn8HuLBpmA4iZtiT4Uqe
+1JaWZK43r51J6rMTJ+nQ1gsus4+t25zMPwUxgy2YB5Lk8lJps/Gbk6bWgiu+OyOc
+IML6emgdRjvxt26zjp3JoJX0tEaIxHD0m5X7HYkf7OVzXEOm7EXGIdslkpDWnrsU
+b1XcdN0JtH7rzsWUPgl9/6CTRjQb1cqfNcvEeV7TBvogb+JkPg5AUpK+Cg60uBUA
+9kjrd+aJqUMp3EcUa4viKKzFd8c7fARC7ZiVzUwXYAkMQj440y4F4ULiOOLB/TS5
+HBMNgu3lgiXOJvd0Yu0qY0x2QX3BekGX3/AtLUdlpsa2LXdSsK0nI/XE9eGlzVys
+m8cCU5lfZ3ABO/5qTatMvtMmn9fHOrRBeayuWbKM4eFheAFMuAAXTgD37xeoX0Di
+hQaa3FbQUNzXR+FcKUIpeA9h6d7tar8ij4v5E4rgo3HMQjUChKFETbHx0V21Lxdu
+tF0ZUAocifoNHO2LnzXZjahbou2ZYat5AgMBAAGjJTAjMCEGA1UdEQQaMBiCCWxv
+Y2FsaG9zdIILKi5sb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggIBAF8LJCBo691x
+CM4o7XXWACWj3mlkQTsDRSQ+7ryyedoEAUylJi5musK2Iq+H0ZFmrm3qwT9yOreW
+6JvCLhQMZic8xAiLtaqbjSQD0+XJTa9g+q0sY3mpgy/gBqMz8o8Qi36a8TFGFuD0
+PvRGbqbX/rgT/PRkhW1i/AAxJOjOWwqBR2XLUha79XBhOgJErPB92sq9g764ODS8
+LIfxMsXMIseGHRsXVyBDCvvv6ymPc1HLCkF5h+mPxh36Xr12psptp7C5WehOJZzG
+UvOMM4A9ZfL5ReWI/fddVsyUVWgeI9cQPNzlt6M0ShqUw+exwlx3B/0kyrQrVgXz
+jfEfLkHzqbM9OGGQPLyfeK7m6VmW36Z3VyUVWdgwLzzbtYugBYxYS045Dk7u5FHq
+aTfxuwJ9Nk5WlJejr3r+zFjOID5p7Qg3TSOQGZeUDJqU7nYMBvstCdNX1QrtPgVM
+QItARCe/ausmR2PcQnYyy7wvNiipeZBeUnbsJIzQuA5EVv/iqexyNzHNPWk7bmX0
+zFdsOfsicqHT9zhGPi24WqsLfCpwSa2X//GhvpvEgg2RdG7JjWG/GN/75hd1kuiY
+HA3n98lTdSdnwdo/Yd8qui+3Chz0n5WsQx23ZRBbk8T2VgfqCy5enKtT8PrQdzb0
+2qUEpEesfS6D5mh639hLkgtnZ8Aw2BK3
+-----END CERTIFICATE-----
--- a/caddsiesserver.key
+++ b/caddsiesserver.key
@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAn5W5cHNDyBAdQVB3k3nXnMKlffXnfuAOh+dwn9G0MLBjIvV7
+4/qI/JZUzmrpdmyFSKMHSycKIaAPgy7oWGoEt3dSK4WTvdSUZHg3craIGavzJRbX
+8zi8/4+k+GfAVBFQbRK7hmTcN4IDQ1EeoHWxx/MCSmIiwxMYH0UN9b1NRLa+r25o
+InJThTuqfwe4sGmYDiJm2JPhSp7UlpZkrjevnUnqsxMn6dDWCy6zj63bnMw/BTGD
+LZgHkuTyUmmz8ZuTptaCK747I5wgwvp6aB1GO/G3brOOncmglfS0RojEcPSblfsd
+iR/s5XNcQ6bsRcYh2yWSkNaeuxRvVdx03Qm0fuvOxZQ+CX3/oJNGNBvVyp81y8R5
+XtMG+iBv4mQ+DkBSkr4KDrS4FQD2SOt35ompQyncRxRri+IorMV3xzt8BELtmJXN
+TBdgCQxCPjjTLgXhQuI44sH9NLkcEw2C7eWCJc4m93Ri7SpjTHZBfcF6QZff8C0t
+R2WmxrYtd1KwrScj9cT14aXNXKybxwJTmV9ncAE7/mpNq0y+0yaf18c6tEF5rK5Z
+sozh4WF4AUy4ABdOAPfvF6hfQOKFBprcVtBQ3NdH4VwpQil4D2Hp3u1qvyKPi/kT
+iuCjccxCNQKEoURNsfHRXbUvF260XRlQChyJ+g0c7YufNdmNqFui7Zlhq3kCAwEA
+AQKCAgAJe2X3ToH6gyqZ1OQl+RlckRwwLcpBeaKjZJcGh/lC41ggnaFs3FgDWhNT
+6HpStQP+WuF2D63EbbQ+QS1BA5ugIxDY0SkEIHtotNPmlv3jOJpL292c8AQa0zgk
+IlYFKLo0oOZPh/Klwa3b9BfzxMp5bPD35njWSm4mfX3k2gibSpht6At78HsR8Yeh
+4J2SrdOBE3405CSAwIs1H16AE4L1v4yYc0zt0aDGLVIx+UyRNnmQH28B6ISar8vO
+JcWxV2MgiKJXYwg0h3RS4XsgcIzZxvT1OOoCahaGknGbt0ikxYPxF2ib2y/COmaD
+BooHY0xjrwnUXUw1JXOwEFdJQuhcgjUzYaJC21PDwoMPRUhXXEKPD1phtizVysxj
+aEi2PUK1bf5onc7ZQL6ErQ/bEeaPImjTtw0Tm1WWKiWPeXZgLH4jrlyaVjoVq3Xs
+7SW0cGm1Tl+K+1lMfQ/I88jh6plFMsGUm/bAhXIUjmo/1mxqbdpvJToLGl1PxFp6
+zO4/0uZPSXc1oAaI2Ye/1jflcibw56TfQEkkWIiGfl27Ywy7+17zs9izFGtby+AG
+WhtAAmUFQdudNCzelX3y5edf4iAnqOnbPZaWEE2++F0f1nMlByI56Y7z0jIUdFkf
+27hOcZhXz/7+N8tlk7b/nBZA4dzJmtIgVhMw6lcTty6zC78q4QKCAQEAy7JikpJ+
+Lok3hDTmXhYSjyEt1cw2We9J1M8GYa0yATX6l6m1tHmcvqUNL2GhF6prcb34qcMt
+VhJ0+WHzAqJmlj4KmI5YMcTy0V6GaEYywqmBSqVKoNl8ayIPoNTv+DXuhdvZokSk
+NKLumwFmomoBE+9Pp5xgVRAdBQDBX+pZATOXEWiBaqDW1TKb6u9jv7eNpZmf4jWU
+pjhBheBtdEfpYvD4gX9Y44vYP76fVWqAcgPjKJvxLhQD11wigT0ntIGm/tXRJf0U
+DCWMz2bwgKie7Nqv64hS4jTUuCKzACOdXHDTg1aRgO44Yhjg3mlpq85/dnLaHHn3
+pXRJtH7EFaTSLQKCAQEAyI+5uzfOQ1M7jA4pj33vPyhAtzoKEEN5nz2TQUarNGYu
+IJoHd2dsUhxIhCvTduKBZt0U90s8M+nw0C3qYCx5lzu0nNlmoM/RoAcP1rBgwr93
+bfi/hCD4LqpVPG+Odluc6wUTufeYwgndwhV5CG54YOiKdGUYvTNAhtIKy2RSwgCH
+vT/cI8Jbf82IUN4eFbwK8rlzn93uTl+2pdxbrYh8PBbmN98F1RdvWG7ylxUVj6iL
+iqH4moCz4bUHFajL3u395PfnfOwrjs5I1+3QmxuRy0DSVlRMj7qRnIAA97fIvoZk
+IPuBu3HTJH/rAAFBG0oK++zLPGxxQBCOfwLhsd/p/QKCAQEAsyVR+CKKgxb/EnEL
+4dd7vxGpJA0UCAihYF4q+KDAB7yXhecl/XGvXyP98pvkd9HT6RbwqS0UpExbQDDa
+7ogxvRUXcJBQFIVoIKcHgpGqdvVo1mOEvO5JtFcic4qS+jNEccmnIEVKPVjGjOCw
+iUq9Y/Dmlzy6pFUlkI7Xgymx2ZKr3A2TNFn8V0jJQ9gCXExscSYpLWN+NqnnRnzZ
+BplwMypHBG0hmg4VxAo8S3z9Nkkg8Ugk1yeXMULAvfUxBFm6qwkVhlmL1hr4OjgI
+cL7b9udmLLmaW4OnScKKtyabcP9xpmLuWPwp7mx+6FzBKO7VvzDHjp/eI0+guvN6
+NKbeiQKCAQBuYAKkEOM30/+KZWTj7jeTd3CeJZfSOYAebcGzg9PGo5ExKfN/9+/6
+BEy4SHI5FBCI7pSSP9pi65U2zH4W7YMBAr+0LkS3rYc83YYO7cRiiQKOB/5GFerf
+q6f6+Z3abzKdeI7Ronx0FP/wxuZ0CG/BTVidE+IYhbM2PzPnmU+eKrKJKTLajyTR
+4efqMUM3TORtjjgevAFhKnWXM/1UNC/C1gtepiNMkXgan/xrvxO9mtEou1jYlono
+Zjr+5YVFK461yuSfsE2MauRVyTArnHGQ/RyEnCICW3e1PBDMQ1171PQX3rIX2V2M
+0cUfnJEbFpWS7U8v8rIkwrfZGFnjDUp1AoIBAD7jX9JlSG7C+u7Itjm+BsSGdKeM
+u2P6z7b7jvMs762O4XY9QBXetYFveOfAK/Q7G/9aiM2BHZZB8TJ41Fwr4nu9su1M
+k6Sc4QLOXHgm1YWonT6sFXOvlscUcMwIEPJHlOgSn6GblkHMc2FlEwl5LbRxD81/
+UbDNf3Fz/PYTALUW8H2uvju5h1Af11IEbKbi2/qChRL3+FW7y70YB8mxhZVgYqvV
+9P8wqr8wEnM9oizVPQSipeHBEWg8ept0n4mK3hqVE9WalLJxiSONYqWw4v6TSS/k
+1M9rhV5qh0QrEMdG5m0PoGkRrNmtKHJjnOhi8ZC3IcVj155XZIyAdD14a4Q=
+-----END RSA PRIVATE KEY-----
--- a/16
+++ b/16
@ -0,0 +1,16 @@
+localhost {
+   forwardproxy {
+      basicauth breel ok
+      probe_resistance secretlink.localhost
+      hide_ip
+      hide_via
+      response_timeout 30
+      dial_timeout 10
+      acl {
+         allow blapointe.me
+         allow 192.168.0.0/16
+         deny all
+      }
+   }
+   log /caddy-access.log
+}
--- a/gen_caddyfile_and_start.sh
+++ b/gen_caddyfile_and_start.sh
@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+CADDYFILE="${CADDYFILE:-/etc/caddy/Caddyfile}"
+ROOTDIR="${ROOTDIR:-/srv/index}"
+SITE_ADDRESS="${SITE_ADDRESS:-localhost}"
+
+generate_caddyfile() {
+    mkdir -p "$(dirname "${CADDYFILE}")"
+
+    echo "${SITE_ADDRESS} {" > ${CADDYFILE}
+    echo "  root $ROOTDIR" >> ${CADDYFILE}
+
+    echo "  forwardproxy {" >> ${CADDYFILE}
+    if [[ ! -z ${PROXY_USERNAME} ]]; then
+        echo "    basicauth ${PROXY_USERNAME} ${PROXY_PASSWORD}" >> ${CADDYFILE}
+    fi
+    if [[ "${PROBE_RESISTANT}" = true ]]; then
+        echo "    probe_resistance ${SECRET_LINK}" >> ${CADDYFILE}
+    fi
+    echo "  }" >> ${CADDYFILE}
+
+    echo "}" >> ${CADDYFILE}
+}
+
+if [ -f "${CADDYFILE}" ]; then
+    echo "Using provided Caddyfile"
+else
+    echo "Caddyfile is not provided: generating new one"
+    generate_caddyfile
+fi
+
+bash /stunnel.sh &
+
+$(which caddy) ${CADDY_OPTS} -conf ${CADDYFILE} &
+pid=$! 
+tail -F -n 100 /caddy-access.log
+kill $pid
--- a/run.sh
+++ b/run.sh
@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+print_help() {
+  cat <<EOF
+  All arguments to this script are passed to docker.
+  One can configure docker image by setting variables and mounting folders.
+
+  To set address of served website:
+    -e SITE_ADDRESS=(string)
+
+  To set up credentials for your forwardproxy:
+    -e PROXY_USERNAME=(string) -e PROXY_PASSWORD=(string)
+
+  To enable probing resistance, and specify (optional) secret link:
+    -e PROBE_RESISTANT=true -e SECRET_LINK=(string)
+
+  To manually provide Caddyfile(and ignore all of above):
+    -v (path to Caddyfile):/etc/caddy/Caddyfile
+
+  To set served files:
+    -v (path to files):/srv/index
+
+  To persistently save certificates and avoid LE issuance limit:
+    -v (path to some storage folder):/root/.caddy
+
+  One can pass options to caddy using CADDY_OPTS e.g.:
+    -e CADDY_OPTS="-ca https://acme-staging.api.letsencrypt.org/directory"
+
+  One can also directly pass here other useful docker commands, e.g.:
+    --restart always
+EOF
+}
+
+if [[ $1 == "help" || $1 == "--help" || $1 == "-h" ]]; then
+    print_help
+    exit 0
+fi
+
+docker run -p 2015:2015 -p 443:443 -p 80:80 "$@" caddy-forwardproxy
--- a/stunnel.sh
+++ b/stunnel.sh
@ -0,0 +1,19 @@
+#! /bin/bash
+
+#  requireCert = yes
+#  verifyChain = yes | no
+#  CAfile = path
+#  cert = path
+#client=no
+
+config='
+foreground=yes
+cert=/etc/server.crt
+key=/etc/server.key
+[default]
+accept=2018
+connect=2015
+'
+echo "$config" > /stunnel.conf
+
+stunnel /stunnel.conf -p $(find / -name "*.pem" | tr '\n' ',')
--- a/test.sh
+++ b/test.sh
@ -0,0 +1 @@
+curl -v -U breel:ok -x localhost:2015 http://google.com  | head -n 2
				`@ -0,0 +1 @@`
				`curl -v -U breel:ok -x localhost:2015 http://google.com \| head -n 2`