forked from silarsis/docker-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrun.sh
More file actions
executable file
·100 lines (90 loc) · 3.54 KB
/
run.sh
File metadata and controls
executable file
·100 lines (90 loc) · 3.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#!/bin/sh
#
# Script to maintain ip rules on the host when starting up a transparent
# proxy server for docker.
CACHEDIR="/tmp/squid3" # Change this to place the cache somewhere else
set -e
# Guard for my own scripts
# Note, if you're running this script direct, it will rebuild if it can't see
# the image.
[ -z ${RUNNING_DRUN} ] && {
RUN_DOCKER="docker run"
CONTAINER_NAME='docker-proxy'
docker images | grep "^${CONTAINER_NAME} " >/dev/null || docker build -q --rm -t ${CONTAINER_NAME} "$(dirname $0)"
}
start_routing () {
# Add a new route table that routes everything marked through the new container
# workaround boot2docker issue #367
# https://github.com/boot2docker/boot2docker/issues/367
[ -d /etc/iproute2 ] || sudo mkdir -p /etc/iproute2
if [ ! -e /etc/iproute2/rt_tables ]; then
if [ -f /usr/local/etc/rt_tables ]; then
sudo ln -s /usr/local/etc/rt_tables /etc/iproute2/rt_tables
fi
fi
([ -e /etc/iproute2/rt_tables ] && grep TRANSPROXY /etc/iproute2/rt_tables >/dev/null) || \
sudo sh -c "echo '1 TRANSPROXY' >> /etc/iproute2/rt_tables"
ip rule show | grep TRANSPROXY >/dev/null || \
sudo ip rule add from all fwmark 0x1 lookup TRANSPROXY
sudo ip route add default via "${IPADDR}" dev docker0 table TRANSPROXY
# Mark packets to port 80 external, so they route through the new route table
sudo iptables -t mangle -I PREROUTING -p tcp --dport 80 \! -s "${IPADDR}" -i docker0 -j MARK --set-mark 1
# Exemption rule to stop docker from masquerading traffic routed to the
# transparent proxy
sudo iptables -t nat -I POSTROUTING -o docker0 -s 172.17.0.0/16 -j ACCEPT
}
stop_routing () {
# Remove the appropriate rules - that is, those that mention the IP Address.
set +e
[ "x$IPADDR" != "x" ] && {
ip route show table TRANSPROXY | grep default >/dev/null && \
sudo ip route del default table TRANSPROXY
sudo iptables -t mangle -L PREROUTING -n | grep 'tcp dpt:80 MARK set 0x1' >/dev/null && \
sudo iptables -t mangle -D PREROUTING -p tcp --dport 80 \! -s "${IPADDR}" -i docker0 -j MARK --set-mark 1
sudo iptables -t nat -D POSTROUTING -o docker0 -s 172.17.0.0/16 -j ACCEPT 2>/dev/null
}
set -e
}
stop () {
# Ideally we'd leave the container around and re-use it, but I really
# need a nice way to query for a named container first. Doesn't cost much
# to create a new container anyway, especially given the cache volume is mapped.
set +e
docker kill ${CONTAINER_NAME} >/dev/null 2>&1
docker rm ${CONTAINER_NAME} >/dev/null 2>&1
set -e
stop_routing
}
interrupted () {
echo 'Interrupted, cleaning up...'
trap - INT
stop
kill -INT $$
}
terminated () {
echo 'Terminated, cleaning up...'
trap - TERM
stop
kill -TERM $$
}
run () {
# Make sure we have a cache dir - if you're running in vbox you should
# probably map this through to the host machine for persistence
mkdir -p "${CACHEDIR}"
# Because we're named, make sure the container doesn't already exist
stop
# Run and find the IP for the running container
CID=$(${RUN_DOCKER} --privileged -d -v "${CACHEDIR}":/var/spool/squid3 --name ${CONTAINER_NAME} ${CONTAINER_NAME})
IPADDR=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${CID})
start_routing
# Run at console, kill cleanly if ctrl-c is hit
trap interrupted INT
trap terminated TERM
echo 'Now entering wait, please hit "ctrl-c" to kill proxy and undo routing'
docker logs -f "${CID}"
echo 'Squid exited unexpectedly, cleaning up...'
stop
}
# Guard so I can include this script into my own scripts
[ -z ${RUNNING_DRUN} ] && run
echo