-
Notifications
You must be signed in to change notification settings - Fork 67
/
start_squid.sh
executable file
·43 lines (38 loc) · 1.46 KB
/
start_squid.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/bin/bash
function gen-cert() {
pushd /etc/squid3/ssl_cert > /dev/null
if [ ! -f ca.pem ]; then
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes \
-x509 -keyout privkey.pem -out ca.pem \
-subj '/CN=docker-proxy/O=NULL/C=AU'
chown proxy.proxy privkey.pem
chmod 600 privkey.pem
openssl x509 -in ca.pem -outform DER -out ca.der
else
echo "Reusing existing certificate"
fi
openssl x509 -sha1 -in ca.pem -noout -fingerprint
# Make CA certificate available for download via HTTP Forwarding port
# e.g. GET http://docker-proxy:3128/squid-internal-static/icons/ca.pem
cp `pwd`/ca.* /usr/share/squid3/icons/
popd > /dev/null
return $?
}
function start-routing() {
# Setup the NAT rule that enables transparent proxying
IPADDR=$(/sbin/ip -o -f inet addr show eth0 | awk '{ sub(/\/.+/,"",$4); print $4 }')
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination ${IPADDR}:3129
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination ${IPADDR}:3130
return $?
}
function init-cache() {
# Make sure our cache is setup
touch /var/log/squid3/access.log /var/log/squid3/cache.log
chown proxy.proxy -R /var/spool/squid3 /var/log/squid3
[ -e /var/spool/squid3/swap.state ] || squid3 -z 2>/dev/null
}
gen-cert || exit 1
start-routing || exit 1
init-cache
squid3
tail -f /var/log/squid3/access.log /var/log/squid3/cache.log