vagrant-proxyconf 1.5.2 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/.travis.yml +15 -14
  4. data/CHANGELOG.md +19 -0
  5. data/Gemfile +25 -7
  6. data/LICENSE.txt +1 -1
  7. data/README.md +117 -18
  8. data/Rakefile +1 -27
  9. data/development/Dockerfile +40 -0
  10. data/development/README.md +2 -0
  11. data/development/Vagrantfile.example +156 -9
  12. data/development/install-c7.sh +46 -0
  13. data/development/install-debian.sh +55 -0
  14. data/development/tinyproxy.conf +333 -0
  15. data/lib/vagrant-proxyconf/action.rb +15 -7
  16. data/lib/vagrant-proxyconf/action/base.rb +47 -5
  17. data/lib/vagrant-proxyconf/action/configure_apt_proxy.rb +17 -0
  18. data/lib/vagrant-proxyconf/action/configure_chef_proxy.rb +32 -27
  19. data/lib/vagrant-proxyconf/action/configure_docker_proxy.rb +113 -12
  20. data/lib/vagrant-proxyconf/action/configure_env_proxy.rb +58 -11
  21. data/lib/vagrant-proxyconf/action/configure_git_proxy.rb +25 -9
  22. data/lib/vagrant-proxyconf/action/configure_npm_proxy.rb +14 -6
  23. data/lib/vagrant-proxyconf/action/configure_pear_proxy.rb +15 -8
  24. data/lib/vagrant-proxyconf/action/configure_svn_proxy.rb +15 -8
  25. data/lib/vagrant-proxyconf/action/configure_yum_proxy.rb +16 -0
  26. data/lib/vagrant-proxyconf/cap/linux/chef_proxy_conf.rb +17 -0
  27. data/lib/vagrant-proxyconf/cap/linux/docker_proxy_conf.rb +2 -1
  28. data/lib/vagrant-proxyconf/cap/linux/yum_proxy_conf.rb +19 -0
  29. data/lib/vagrant-proxyconf/cap/util.rb +4 -5
  30. data/lib/vagrant-proxyconf/capability.rb +10 -0
  31. data/lib/vagrant-proxyconf/config.rb +20 -0
  32. data/lib/vagrant-proxyconf/config/chef_proxy.rb +25 -0
  33. data/lib/vagrant-proxyconf/config/docker_proxy.rb +25 -0
  34. data/lib/vagrant-proxyconf/config/git_proxy.rb +3 -0
  35. data/lib/vagrant-proxyconf/config/npm_proxy.rb +25 -0
  36. data/lib/vagrant-proxyconf/config/pear_proxy.rb +19 -0
  37. data/lib/vagrant-proxyconf/version.rb +1 -1
  38. data/locales/en.yml +38 -0
  39. data/resources/yum_config.awk +1 -0
  40. data/spec/spec_helper.rb +27 -9
  41. data/spec/unit/fixtures/docker_client_config_json_enabled_proxy +9 -0
  42. data/spec/unit/fixtures/docker_client_config_json_no_proxy +5 -0
  43. data/spec/unit/fixtures/etc_environment_only_http_proxy.conf +9 -0
  44. data/spec/unit/fixtures/yum_with_repository_and_proxy_containing_special_chars.conf +10 -0
  45. data/spec/unit/vagrant-proxyconf/action/base_spec.rb +191 -0
  46. data/spec/unit/vagrant-proxyconf/action/configure_apt_proxy_spec.rb +162 -0
  47. data/spec/unit/vagrant-proxyconf/action/configure_chef_proxy_spec.rb +32 -0
  48. data/spec/unit/vagrant-proxyconf/action/configure_docker_proxy_spec.rb +489 -0
  49. data/spec/unit/vagrant-proxyconf/action/configure_env_proxy_spec.rb +105 -4
  50. data/spec/unit/vagrant-proxyconf/action/configure_git_proxy_spec.rb +116 -0
  51. data/spec/unit/vagrant-proxyconf/action/configure_npm_proxy_spec.rb +67 -0
  52. data/spec/unit/vagrant-proxyconf/action/configure_pear_proxy_spec.rb +116 -0
  53. data/spec/unit/vagrant-proxyconf/action/configure_svn_proxy_spec.rb +85 -0
  54. data/spec/unit/vagrant-proxyconf/action/configure_yum_proxy_spec.rb +100 -0
  55. data/spec/unit/vagrant-proxyconf/cap/linux/docker_proxy_conf_spec.rb +1 -1
  56. data/spec/unit/vagrant-proxyconf/cap/util_spec.rb +2 -2
  57. data/spec/unit/vagrant-proxyconf/config/key_mixin_spec.rb +1 -1
  58. data/spec/unit/vagrant-proxyconf/resources/yum_config_spec.rb +14 -0
  59. data/travis/before_install +26 -0
  60. metadata +24 -4
@@ -0,0 +1,46 @@
1
+ #!/bin/bash
2
+
3
+ SESTATUS=$(command -v sestatus)
4
+ [ -n "${SESTATUS}" ] && setenforce 0 || true
5
+
6
+ INSTALL_YUM_PKGS=
7
+ YUM_PKGS="curl
8
+ git
9
+ gnupg2
10
+ php-pear
11
+ npm
12
+ subversion
13
+ "
14
+
15
+ is_yum_pkg_installed() {
16
+ rpm -q ${1} >>/dev/null 2>&1
17
+ }
18
+
19
+ is_yum_pkg_installed "epel-release" || yum -y install epel-release
20
+
21
+ for PKG in $YUM_PKGS
22
+ do
23
+ is_yum_pkg_installed ${PKG}
24
+ if [ $? -ne 0 ]; then
25
+ [ -z "${INSTALL_YUM_PKGS}" ] && INSTALL_YUM_PKGS="${PKG}" || INSTALL_YUM_PKGS="${INSTALL_YUM_PKGS} ${PKG}"
26
+ fi
27
+ done
28
+
29
+ if [ -n "${INSTALL_YUM_PKGS}" ]; then
30
+ yum clean expire-cache
31
+ yum install -y ${INSTALL_YUM_PKGS}
32
+ fi
33
+
34
+ command -v docker >>/dev/null
35
+ if [ $? -ne 0 ]; then
36
+ cd /etc/yum.repos.d/
37
+ curl -LO https://download.docker.com/linux/centos/docker-ce.repo
38
+ cd - >>/dev/null
39
+
40
+ yum clean expire-cache
41
+ yum -y install docker-ce
42
+
43
+ fi
44
+
45
+ [ "$(systemctl is-enabled docker)" == "enabled" ] || systemctl enable docker
46
+ [ "$(systemctl is-active docker)" == "active" ] || systemctl start docker
@@ -0,0 +1,55 @@
1
+ #!/bin/bash
2
+
3
+ INSTALL_APT_PKGS=
4
+ APT_PKGS="tinyproxy
5
+ apt-transport-https
6
+ ca-certificates
7
+ curl
8
+ git
9
+ gnupg2
10
+ php-pear
11
+ npm
12
+ software-properties-common
13
+ subversion
14
+ yum
15
+ "
16
+
17
+ is_apt_pkg_installed() {
18
+ dpkg -l ${1} >>/dev/null 2>&1
19
+ }
20
+
21
+ for PKG in $APT_PKGS
22
+ do
23
+ is_apt_pkg_installed ${PKG}
24
+ if [ $? -ne 0 ]; then
25
+ [ -z "${INSTALL_APT_PKGS}" ] && INSTALL_APT_PKGS="${PKG}" || INSTALL_APT_PKGS="${INSTALL_APT_PKGS} ${PKG}"
26
+ fi
27
+ done
28
+
29
+ if [ -n "${INSTALL_APT_PKGS}" ]; then
30
+ apt-get update
31
+ apt-get install -y ${INSTALL_APT_PKGS}
32
+ fi
33
+
34
+ command -v docker >>/dev/null
35
+ if [ $? -ne 0 ]; then
36
+ curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
37
+
38
+ add-apt-repository \
39
+ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
40
+ $(lsb_release -cs) \
41
+ stable"
42
+
43
+ apt-get update
44
+ apt-get -y install docker-ce
45
+ fi
46
+
47
+ if [ -f /tmp/tinyproxy.conf ]; then
48
+ cp /tmp/tinyproxy.conf /etc/tinyproxy/tinyproxy.conf
49
+ chown root:root /etc/tinyproxy/tinyproxy.conf
50
+ chmod 0644 /etc/tinyproxy/tinyproxy.conf
51
+ systemctl restart tinyproxy
52
+ fi
53
+
54
+ [ "$(systemctl is-enabled tinyproxy)" == "enabled" ] || systemctl enable tinyproxy
55
+ [ "$(systemctl is-active tinyproxy)" == "active" ] || systemctl start tinyproxy
@@ -0,0 +1,333 @@
1
+ # /etc/tinyproxy/tinyproxy.conf
2
+
3
+ ##
4
+ ## tinyproxy.conf -- tinyproxy daemon configuration file
5
+ ##
6
+ ## This example tinyproxy.conf file contains example settings
7
+ ## with explanations in comments. For decriptions of all
8
+ ## parameters, see the tinproxy.conf(5) manual page.
9
+ ##
10
+
11
+ #
12
+ # User/Group: This allows you to set the user and group that will be
13
+ # used for tinyproxy after the initial binding to the port has been done
14
+ # as the root user. Either the user or group name or the UID or GID
15
+ # number may be used.
16
+ #
17
+ User tinyproxy
18
+ Group tinyproxy
19
+
20
+ #
21
+ # Port: Specify the port which tinyproxy will listen on. Please note
22
+ # that should you choose to run on a port lower than 1024 you will need
23
+ # to start tinyproxy using root.
24
+ #
25
+ Port 8888
26
+
27
+ #
28
+ # Listen: If you have multiple interfaces this allows you to bind to
29
+ # only one. If this is commented out, tinyproxy will bind to all
30
+ # interfaces present.
31
+ #
32
+ #Listen 192.168.0.1
33
+
34
+ #
35
+ # Bind: This allows you to specify which interface will be used for
36
+ # outgoing connections. This is useful for multi-home'd machines where
37
+ # you want all traffic to appear outgoing from one particular interface.
38
+ #
39
+ #Bind 192.168.0.1
40
+
41
+ #
42
+ # BindSame: If enabled, tinyproxy will bind the outgoing connection to the
43
+ # ip address of the incoming connection.
44
+ #
45
+ #BindSame yes
46
+
47
+ #
48
+ # Timeout: The maximum number of seconds of inactivity a connection is
49
+ # allowed to have before it is closed by tinyproxy.
50
+ #
51
+ Timeout 600
52
+
53
+ #
54
+ # ErrorFile: Defines the HTML file to send when a given HTTP error
55
+ # occurs. You will probably need to customize the location to your
56
+ # particular install. The usual locations to check are:
57
+ # /usr/local/share/tinyproxy
58
+ # /usr/share/tinyproxy
59
+ # /etc/tinyproxy
60
+ #
61
+ #ErrorFile 404 "/usr/share/tinyproxy/404.html"
62
+ #ErrorFile 400 "/usr/share/tinyproxy/400.html"
63
+ #ErrorFile 503 "/usr/share/tinyproxy/503.html"
64
+ #ErrorFile 403 "/usr/share/tinyproxy/403.html"
65
+ #ErrorFile 408 "/usr/share/tinyproxy/408.html"
66
+
67
+ #
68
+ # DefaultErrorFile: The HTML file that gets sent if there is no
69
+ # HTML file defined with an ErrorFile keyword for the HTTP error
70
+ # that has occured.
71
+ #
72
+ DefaultErrorFile "/usr/share/tinyproxy/default.html"
73
+
74
+ #
75
+ # StatHost: This configures the host name or IP address that is treated
76
+ # as the stat host: Whenever a request for this host is received,
77
+ # Tinyproxy will return an internal statistics page instead of
78
+ # forwarding the request to that host. The default value of StatHost is
79
+ # tinyproxy.stats.
80
+ #
81
+ #StatHost "tinyproxy.stats"
82
+ #
83
+
84
+ #
85
+ # StatFile: The HTML file that gets sent when a request is made
86
+ # for the stathost. If this file doesn't exist a basic page is
87
+ # hardcoded in tinyproxy.
88
+ #
89
+ StatFile "/usr/share/tinyproxy/stats.html"
90
+
91
+ #
92
+ # Logfile: Allows you to specify the location where information should
93
+ # be logged to. If you would prefer to log to syslog, then disable this
94
+ # and enable the Syslog directive. These directives are mutually
95
+ # exclusive.
96
+ #
97
+ Logfile "/var/log/tinyproxy/tinyproxy.log"
98
+
99
+ #
100
+ # Syslog: Tell tinyproxy to use syslog instead of a logfile. This
101
+ # option must not be enabled if the Logfile directive is being used.
102
+ # These two directives are mutually exclusive.
103
+ #
104
+ #Syslog On
105
+
106
+ #
107
+ # LogLevel:
108
+ #
109
+ # Set the logging level. Allowed settings are:
110
+ # Critical (least verbose)
111
+ # Error
112
+ # Warning
113
+ # Notice
114
+ # Connect (to log connections without Info's noise)
115
+ # Info (most verbose)
116
+ #
117
+ # The LogLevel logs from the set level and above. For example, if the
118
+ # LogLevel was set to Warning, then all log messages from Warning to
119
+ # Critical would be output, but Notice and below would be suppressed.
120
+ #
121
+ LogLevel Info
122
+
123
+ #
124
+ # PidFile: Write the PID of the main tinyproxy thread to this file so it
125
+ # can be used for signalling purposes.
126
+ #
127
+ PidFile "/run/tinyproxy/tinyproxy.pid"
128
+
129
+ #
130
+ # XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
131
+ # contains the client's IP address.
132
+ #
133
+ #XTinyproxy Yes
134
+
135
+ #
136
+ # Upstream:
137
+ #
138
+ # Turns on upstream proxy support.
139
+ #
140
+ # The upstream rules allow you to selectively route upstream connections
141
+ # based on the host/domain of the site being accessed.
142
+ #
143
+ # For example:
144
+ # # connection to test domain goes through testproxy
145
+ # upstream testproxy:8008 ".test.domain.invalid"
146
+ # upstream testproxy:8008 ".our_testbed.example.com"
147
+ # upstream testproxy:8008 "192.168.128.0/255.255.254.0"
148
+ #
149
+ # # no upstream proxy for internal websites and unqualified hosts
150
+ # no upstream ".internal.example.com"
151
+ # no upstream "www.example.com"
152
+ # no upstream "10.0.0.0/8"
153
+ # no upstream "192.168.0.0/255.255.254.0"
154
+ # no upstream "."
155
+ #
156
+ # # connection to these boxes go through their DMZ firewalls
157
+ # upstream cust1_firewall:8008 "testbed_for_cust1"
158
+ # upstream cust2_firewall:8008 "testbed_for_cust2"
159
+ #
160
+ # # default upstream is internet firewall
161
+ # upstream firewall.internal.example.com:80
162
+ #
163
+ # The LAST matching rule wins the route decision. As you can see, you
164
+ # can use a host, or a domain:
165
+ # name matches host exactly
166
+ # .name matches any host in domain "name"
167
+ # . matches any host with no domain (in 'empty' domain)
168
+ # IP/bits matches network/mask
169
+ # IP/mask matches network/mask
170
+ #
171
+ #Upstream some.remote.proxy:port
172
+
173
+ #
174
+ # MaxClients: This is the absolute highest number of threads which will
175
+ # be created. In other words, only MaxClients number of clients can be
176
+ # connected at the same time.
177
+ #
178
+ MaxClients 100
179
+
180
+ #
181
+ # MinSpareServers/MaxSpareServers: These settings set the upper and
182
+ # lower limit for the number of spare servers which should be available.
183
+ #
184
+ # If the number of spare servers falls below MinSpareServers then new
185
+ # server processes will be spawned. If the number of servers exceeds
186
+ # MaxSpareServers then the extras will be killed off.
187
+ #
188
+ MinSpareServers 10
189
+ MaxSpareServers 20
190
+
191
+ #
192
+ # StartServers: The number of servers to start initially.
193
+ #
194
+ StartServers 10
195
+
196
+ #
197
+ # MaxRequestsPerChild: The number of connections a thread will handle
198
+ # before it is killed. In practise this should be set to 0, which
199
+ # disables thread reaping. If you do notice problems with memory
200
+ # leakage, then set this to something like 10000.
201
+ #
202
+ MaxRequestsPerChild 0
203
+
204
+ #
205
+ # Allow: Customization of authorization controls. If there are any
206
+ # access control keywords then the default action is to DENY. Otherwise,
207
+ # the default action is ALLOW.
208
+ #
209
+ # The order of the controls are important. All incoming connections are
210
+ # tested against the controls based on order.
211
+ #
212
+ Allow 127.0.0.1
213
+ Allow 70.70.70.0/24
214
+ #Allow 192.168.0.0/16
215
+ #Allow 172.16.0.0/12
216
+ #Allow 10.0.0.0/8
217
+
218
+ #
219
+ # AddHeader: Adds the specified headers to outgoing HTTP requests that
220
+ # Tinyproxy makes. Note that this option will not work for HTTPS
221
+ # traffic, as Tinyproxy has no control over what headers are exchanged.
222
+ #
223
+ #AddHeader "X-My-Header" "Powered by Tinyproxy"
224
+
225
+ #
226
+ # ViaProxyName: The "Via" header is required by the HTTP RFC, but using
227
+ # the real host name is a security concern. If the following directive
228
+ # is enabled, the string supplied will be used as the host name in the
229
+ # Via header; otherwise, the server's host name will be used.
230
+ #
231
+ ViaProxyName "tinyproxy"
232
+
233
+ #
234
+ # DisableViaHeader: When this is set to yes, Tinyproxy does NOT add
235
+ # the Via header to the requests. This virtually puts Tinyproxy into
236
+ # stealth mode. Note that RFC 2616 requires proxies to set the Via
237
+ # header, so by enabling this option, you break compliance.
238
+ # Don't disable the Via header unless you know what you are doing...
239
+ #
240
+ #DisableViaHeader Yes
241
+
242
+ #
243
+ # Filter: This allows you to specify the location of the filter file.
244
+ #
245
+ #Filter "/etc/tinyproxy/filter"
246
+
247
+ #
248
+ # FilterURLs: Filter based on URLs rather than domains.
249
+ #
250
+ #FilterURLs On
251
+
252
+ #
253
+ # FilterExtended: Use POSIX Extended regular expressions rather than
254
+ # basic.
255
+ #
256
+ #FilterExtended On
257
+
258
+ #
259
+ # FilterCaseSensitive: Use case sensitive regular expressions.
260
+ #
261
+ #FilterCaseSensitive On
262
+
263
+ #
264
+ # FilterDefaultDeny: Change the default policy of the filtering system.
265
+ # If this directive is commented out, or is set to "No" then the default
266
+ # policy is to allow everything which is not specifically denied by the
267
+ # filter file.
268
+ #
269
+ # However, by setting this directive to "Yes" the default policy becomes
270
+ # to deny everything which is _not_ specifically allowed by the filter
271
+ # file.
272
+ #
273
+ #FilterDefaultDeny Yes
274
+
275
+ #
276
+ # Anonymous: If an Anonymous keyword is present, then anonymous proxying
277
+ # is enabled. The headers listed are allowed through, while all others
278
+ # are denied. If no Anonymous keyword is present, then all headers are
279
+ # allowed through. You must include quotes around the headers.
280
+ #
281
+ # Most sites require cookies to be enabled for them to work correctly, so
282
+ # you will need to allow Cookies through if you access those sites.
283
+ #
284
+ #Anonymous "Host"
285
+ #Anonymous "Authorization"
286
+ #Anonymous "Cookie"
287
+
288
+ #
289
+ # ConnectPort: This is a list of ports allowed by tinyproxy when the
290
+ # CONNECT method is used. To disable the CONNECT method altogether, set
291
+ # the value to 0. If no ConnectPort line is found, all ports are
292
+ # allowed (which is not very secure.)
293
+ #
294
+ # The following two ports are used by SSL.
295
+ #
296
+ ConnectPort 443
297
+ ConnectPort 563
298
+
299
+ #
300
+ # Configure one or more ReversePath directives to enable reverse proxy
301
+ # support. With reverse proxying it's possible to make a number of
302
+ # sites appear as if they were part of a single site.
303
+ #
304
+ # If you uncomment the following two directives and run tinyproxy
305
+ # on your own computer at port 8888, you can access Google using
306
+ # http://localhost:8888/google/ and Wired News using
307
+ # http://localhost:8888/wired/news/. Neither will actually work
308
+ # until you uncomment ReverseMagic as they use absolute linking.
309
+ #
310
+ #ReversePath "/google/" "http://www.google.com/"
311
+ #ReversePath "/wired/" "http://www.wired.com/"
312
+
313
+ #
314
+ # When using tinyproxy as a reverse proxy, it is STRONGLY recommended
315
+ # that the normal proxy is turned off by uncommenting the next directive.
316
+ #
317
+ #ReverseOnly Yes
318
+
319
+ #
320
+ # Use a cookie to track reverse proxy mappings. If you need to reverse
321
+ # proxy sites which have absolute links you must uncomment this.
322
+ #
323
+ #ReverseMagic Yes
324
+
325
+ #
326
+ # The URL that's used to access this reverse proxy. The URL is used to
327
+ # rewrite HTTP redirects so that they won't escape the proxy. If you
328
+ # have a chain of reverse proxies, you'll need to put the outermost
329
+ # URL here (the address which the end user types into his/her browser).
330
+ #
331
+ # If not set then no rewriting occurs.
332
+ #
333
+ #ReverseBaseURL "http://localhost:8888/"
@@ -31,13 +31,16 @@ module VagrantPlugins
31
31
  def self.configure_after_provisoner
32
32
  Vagrant::Action::Builder.new.tap do |b|
33
33
  b.use Builtin::Call, IsEnabled do |env, b2|
34
- next if !env[:result]
34
+ # next if !env[:result]
35
35
 
36
- b2.use ConfigureDockerProxy
37
- b2.use ConfigureGitProxy
38
- b2.use ConfigureNpmProxy
39
- b2.use ConfigurePearProxy
40
- b2.use ConfigureSvnProxy
36
+ # TODO: Do we really need to configure only specific proxies after the provisioner runs?
37
+ # Shouldn't they already be configured by this point?
38
+ # Cody Lane - Dec 2018
39
+ # b2.use ConfigureDockerProxy
40
+ # b2.use ConfigureGitProxy
41
+ # b2.use ConfigureNpmProxy
42
+ # b2.use ConfigurePearProxy
43
+ # b2.use ConfigureSvnProxy
41
44
  end
42
45
  end
43
46
  end
@@ -49,8 +52,13 @@ module VagrantPlugins
49
52
  def self.config_actions
50
53
  @config_actions ||= Proc.new do |b|
51
54
  b.use Builtin::Call, IsEnabled do |env, b2|
52
- next if !env[:result]
55
+ # next if !env[:result]
53
56
 
57
+ # IsEnabled doesn't seem to be quiet right becuse it only seems to check if the proxy has been disabled
58
+ # globally which isn't always what we want. We don't want to skip configuring a service or services
59
+ # because of a disable toggle. Instead we defer to each action class because the implementation for
60
+ # skipping over a service or checking if it is disabled is implmeneted there. To be more clear the real
61
+ # implementation is actually in action/base.rb#call
54
62
  b2.use ConfigureAptProxy
55
63
  b2.use ConfigureChefProxy
56
64
  b2.use ConfigureDockerProxy