Merge branch 'main' of https://github.com/kuefmz/ontology-time-machine

dbpedia · Oct 29, 2024 · e33e7a5 · e33e7a5
2 parents 9f9282d + b8f1c28
commit e33e7a5
Show file tree

Hide file tree

Showing 5 changed files with 272 additions and 78 deletions.
diff --git a/tests/transparent-setup/3proxy-Dockerfile-full b/tests/transparent-setup/3proxy-Dockerfile-full
@@ -1,26 +1,6 @@
-# 3proxy.full is fully functional 3proxy build based on busibox:glibc
-#
-#to  build:
-# docker build -f Dockerfile.full -t 3proxy.full .
-#to run:
-# by default 3proxy uses safe chroot environment with chroot to /usr/local/3proxy with uid/gid 65535/65535 and expects
-# configuration file to be placed in /usr/local/etc/3proxy.
-# Paths in configuration file must be relative to /usr/local/3proxy, that is use /logs instead of 
-# /usr/local/3proxy/logs. nserver in chroot is required for DNS resolution. An example:
-#
-# echo nserver 8.8.8.8 >/path/to/local/config/directory/3proxy.cfg
-# echo proxy -p3129 >>/path/to/local/config/directory/3proxy.cfg
-# docker run -p 3129:3129 -v /path/to/local/config/directory:/usr/local/3proxy/conf -name 3proxy.full 3proxy.full
-#
-# /path/to/local/config/directory in this example must conrain 3proxy.cfg
-# if you need 3proxy to be executed without chroot with root permissions, replace /etc/3proxy/3proxy.cfg by e.g. mounting config
-# dir to /etc/3proxy ot by providing config file /etc/3proxy/3proxy.cfg
-# docker run -p 3129:3129 -v /path/to/local/config/directory:/etc/3proxy -name 3proxy.full 3proxy.full
-#
-# use "log" without pathname in config to log to stdout.
-# plugins are located in /usr/local/3proxy/libexec (/libexec for chroot config).
+# modified version of dockerfile from github.com/3proxy/3proxy that works with ubuntu 20.04 docker hosts and installs iptables and ipset
 
-# switched to ubuntu:20.04 to not have problems with apt install on ubuntu 20.04 hosts
+# switched to ubuntu:20.04 to not have problems with apt install on docker hosts with ubuntu 20.04 
 FROM ubuntu:20.04 AS buildenv 
 # COPY . 3proxyt
 RUN apt-get update && apt-get install -y git gcc build-essential libssl-dev tree
@@ -45,6 +25,7 @@ FROM ubuntu:20.04
 #                                                               /lib/x86_64-linux-gnu/libdl.so.2 -> libdl-2.31.so
 COPY --from=buildenv /lib/x86_64-linux-gnu/libdl-2.31.so /lib/
 RUN ln -s /lib/libdl-2.31.so /lib/libdl.so.2
+RUN apt-get update && apt-get install -y iptables ipset curl # openssl socat
 
 COPY --from=buildenv 3proxy/bin/* /bin/
 # COPY --from=buildenv 3proxy/bin/3proxy /bin/

diff --git a/tests/transparent-setup/3proxy-HTTP.cfg b/tests/transparent-setup/3proxy-HTTP.cfg
@@ -4,7 +4,7 @@
 
 plugin /usr/local/3proxy/libexec/TransparentPlugin.ld.so transparent_plugin
 log
-logformat "L[%Y-%m-%dT%H:%M:%S.%.]_HTTP/PLAIN-proxy    || %U@%N:%p src: %C:%c dst: %R:%r orig_dst: %Q:%q ext_iface: %e hops: %h host: %n bytes-I/0: %I/%O byte/sec-I/O: %B/%b duration: %D text: %T error: %E"
+logformat "L[%Y-%m-%dT%H:%M:%S.%.]_HTTP/PLAIN-proxy____|| %U@%N:%p src: %C:%c dst: %R:%r orig_dst: %Q:%q ext_iface: %e hops: %h host: %n bytes-I/0: %I/%O byte/sec-I/O: %B/%b duration: %D text: %T error: %E"
 auth iponly
 #fakeresolve
 

diff --git a/tests/transparent-setup/3proxy-TLS.cfg b/tests/transparent-setup/3proxy-TLS.cfg
@@ -1,7 +1,7 @@
 # this config forwards transparently redirected (to port 8012) TLS connections via parent upstream HTTPS-CONNECT proxy based on SNI in TLS client hello
 plugin /usr/local/3proxy/libexec/TransparentPlugin.ld.so transparent_plugin
 log
-logformat "L[%Y-%m-%dT%H:%M:%S.%.]_TLS-proxy    || %U@%N:%p src: %C:%c dst: %R:%r orig_dst: %Q:%q ext_iface: %e hops: %h host: %n bytes-I/0: %I/%O byte/sec-I/O: %B/%b duration: %D text: %T error: %E"
+logformat "L[%Y-%m-%dT%H:%M:%S.%.]_TLS-proxy___________|| %U@%N:%p src: %C:%c dst: %R:%r orig_dst: %Q:%q ext_iface: %e hops: %h host: %n bytes-I/0: %I/%O byte/sec-I/O: %B/%b duration: %D text: %T error: %E"
 auth iponly
 #fakeresolve
 

diff --git a/tests/transparent-setup/add-cert-pre-entrypoint.sh b/tests/transparent-setup/add-cert-pre-entrypoint.sh
@@ -0,0 +1,166 @@
+#!/bin/sh
+set -e
+
+# Path to the custom root certificate (assumed to be mounted into the container)
+CUSTOM_CERT_PATH="/certs/custom_root.crt"
+
+# Function to check if a command exists
+command_exists() {
+    command -v "$1" >/dev/null 2>&1
+}
+
+# Install certificate utilities if not present
+install_cert_utilities() {
+    echo "Checking for certificate utilities and package manager..."
+
+    if command_exists apk; then
+        PM="apk"
+        INSTALL_CMD="apk add --no-cache"
+        CERT_PACKAGE="ca-certificates ca-certificates-bundle openssl"
+
+        echo "Using apk package manager."
+        # Install ca-certificates package if not already installed
+        $INSTALL_CMD $CERT_PACKAGE
+
+    elif command_exists apt-get; then
+        PM="apt-get"
+        CERT_PACKAGE="ca-certificates openssl"
+
+        echo "Using apt-get package manager."
+        # Update package lists
+        apt-get update
+        # Install ca-certificates
+        apt-get install -y $CERT_PACKAGE
+
+    elif command_exists yum; then
+        PM="yum"
+        INSTALL_CMD="yum install -y"
+        CERT_PACKAGE="ca-certificates openssl"
+
+        echo "Using yum package manager."
+        # Install ca-certificates
+        $INSTALL_CMD $CERT_PACKAGE
+
+    elif command_exists dnf; then
+        PM="dnf"
+        INSTALL_CMD="dnf install -y"
+        CERT_PACKAGE="ca-certificates openssl"
+
+        echo "Using dnf package manager."
+        $INSTALL_CMD $CERT_PACKAGE
+
+    elif command_exists zypper; then
+        PM="zypper"
+        INSTALL_CMD="zypper install -y"
+        CERT_PACKAGE="ca-certificates openssl"
+
+        echo "Using zypper package manager."
+        $INSTALL_CMD $CERT_PACKAGE
+
+    else
+        echo "No supported package manager found. Cannot install certificate utilities."
+        exit 1
+    fi
+}
+
+# Install certificate utilities if not already installed
+if ! command_exists update-ca-certificates && ! command_exists update-ca-trust; then
+    install_cert_utilities
+else
+    echo "Certificate utilities already installed."
+fi
+
+# Copy the custom certificate into the appropriate directory and update trust store
+update_trust_store() {
+    echo "Updating trust store with custom certificate..."
+
+    if [ -f /etc/alpine-release ]; then
+        # Alpine Linux
+        echo "Detected Alpine Linux."
+        cp "$CUSTOM_CERT_PATH" /usr/local/share/ca-certificates/custom_root.crt
+        update-ca-certificates
+
+    elif [ -f /etc/debian_version ]; then
+        # Debian/Ubuntu
+        echo "Detected Debian/Ubuntu."
+        cp "$CUSTOM_CERT_PATH" /usr/local/share/ca-certificates/custom_root.crt
+        update-ca-certificates
+
+    elif [ -f /etc/redhat-release ] || [ -f /etc/centos-release ]; then
+        # RedHat/CentOS/Fedora
+        echo "Detected RedHat/CentOS/Fedora."
+        cp "$CUSTOM_CERT_PATH" /etc/pki/ca-trust/source/anchors/custom_root.crt
+        update-ca-trust extract
+
+    elif [ -f /etc/os-release ]; then
+        OS_ID=$(grep '^ID=' /etc/os-release | cut -d'=' -f2 | tr -d '"')
+        case "$OS_ID" in
+            sles|opensuse*)
+                echo "Detected SUSE Linux."
+                cp "$CUSTOM_CERT_PATH" /etc/pki/trust/anchors/custom_root.crt
+                update-ca-certificates
+                ;;
+            *)
+                echo "Unsupported OS detected."
+                exit 1
+                ;;
+        esac
+    else
+        echo "Cannot detect OS type. Exiting."
+        exit 1
+    fi
+}
+
+# Update the trust store
+update_trust_store
+
+# Check for common runtimes and configure them if needed
+
+configure_java() {
+    if command_exists java; then
+        echo "Java runtime detected. Importing custom certificate into Java truststore."
+
+        JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java))))
+        JAVA_CACERTS_PATH="$JAVA_HOME/lib/security/cacerts"
+        if [ ! -f "$JAVA_CACERTS_PATH" ]; then
+            echo "Java cacerts file not found at $JAVA_CACERTS_PATH. Skipping Java truststore update."
+            return
+        fi
+
+        echo "Importing custom certificate into Java cacerts at $JAVA_CACERTS_PATH."
+        yes | keytool -importcert -trustcacerts -alias custom_root -file "$CUSTOM_CERT_PATH" -keystore "$JAVA_CACERTS_PATH" -storepass changeit || true
+    fi
+}
+
+configure_nodejs() {
+    if command_exists node; then
+        echo "Node.js runtime detected. Setting NODE_EXTRA_CA_CERTS environment variable."
+        export NODE_EXTRA_CA_CERTS="$CUSTOM_CERT_PATH"
+    fi
+}
+
+configure_python() {
+    if command_exists python || command_exists python3; then
+        echo "Python runtime detected. Setting SSL_CERT_FILE and REQUESTS_CA_BUNDLE environment variables."
+        export SSL_CERT_FILE="$CUSTOM_CERT_PATH"
+        export REQUESTS_CA_BUNDLE="$CUSTOM_CERT_PATH"
+    fi
+}
+
+# Configure runtimes
+configure_java
+configure_nodejs
+configure_python
+
+# Ensure all environment variables are exported
+export NODE_EXTRA_CA_CERTS
+export SSL_CERT_FILE
+export REQUESTS_CA_BUNDLE
+
+# Log environment variables for debugging (optional)
+echo "Environment variables set:"
+#env | grep -E 'NODE_EXTRA_CA_CERTS|SSL_CERT_FILE|REQUESTS_CA_BUNDLE'
+
+# Execute the original command
+echo "Executing original command: $@"
+exec "$@"