dockerfiles/privoxy/Dockerfile

#
# Dockerfile for privoxy
#

FROM alpine
MAINTAINER kev <noreply@easypi.info>

ADD https://github.com/tianon/gosu/releases/download/1.4/gosu-amd64 /usr/sbin/gosu

RUN apk add -U iptables privoxy \
    && chmod +x /usr/sbin/gosu \
    && rm -rf /var/cache/apk/*

RUN sed -i -e '/^listen-address/s/127.0.0.1/0.0.0.0/' \
           -e '/^accept-intercepted-requests/s/0/1/' \
           -e '/^enforce-blocks/s/0/1/' \
           -e '/^#debug/s/#//' /etc/privoxy/config

VOLUME /etc/privoxy
EXPOSE 8118

CMD echo "{+block{self}}" >> /etc/privoxy/user.action \
    && ip a s eth0 | grep -w inet | awk '{print $2}' | cut -d/ -f1 >> /etc/privoxy/user.action \
    && ip r s | grep default | awk '{print $3}' >> /etc/privoxy/user.action \
    && iptables -t filter -P OUTPUT DROP \
    && iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT \
    && iptables -t filter -A OUTPUT -p tcp \
                -m multiport --dports 53,80,443,8118 \
                -j ACCEPT \
    && iptables -t filter -A OUTPUT -p tcp \
                -m state --state ESTABLISHED,RELATED \
                -j ACCEPT \
    && iptables -t filter -A OUTPUT -p udp \
                -m state --state ESTABLISHED,RELATED \
                -j ACCEPT \
    && iptables -t filter -A OUTPUT -p tcp \
                -m owner --uid-owner privoxy \
                -j ACCEPT \
    && iptables -t nat -A OUTPUT -p tcp --dport 80 \
                -m owner ! --uid-owner privoxy \
                -j REDIRECT --to-ports 8118 \
    && gosu privoxy privoxy --no-daemon /etc/privoxy/config
add privoxy 2015-06-29 00:58:36 +08:00			`#`
			`# Dockerfile for privoxy`
			`#`

			`FROM alpine`
switch to new domain: easypi.info 2016-05-01 09:06:20 +08:00			`MAINTAINER kev <noreply@easypi.info>`
add privoxy 2015-06-29 00:58:36 +08:00
update 2015-06-29 01:18:53 +08:00			`ADD https://github.com/tianon/gosu/releases/download/1.4/gosu-amd64 /usr/sbin/gosu`

			`RUN apk add -U iptables privoxy \`
			`&& chmod +x /usr/sbin/gosu \`
add privoxy 2015-06-29 00:58:36 +08:00			`&& rm -rf /var/cache/apk/*`

update 2015-06-29 01:18:53 +08:00			`RUN sed -i -e '/^listen-address/s/127.0.0.1/0.0.0.0/' \`
			`-e '/^accept-intercepted-requests/s/0/1/' \`
update 2015-06-30 19:00:43 +08:00			`-e '/^enforce-blocks/s/0/1/' \`
update 2015-06-29 01:52:38 +08:00			`-e '/^#debug/s/#//' /etc/privoxy/config`
update 2015-06-29 01:18:53 +08:00
add privoxy 2015-06-29 00:58:36 +08:00			`VOLUME /etc/privoxy`
			`EXPOSE 8118`

update 2015-07-03 13:00:22 +08:00			`CMD echo "{+block{self}}" >> /etc/privoxy/user.action \`
update 2015-06-29 10:43:41 +08:00			`&& ip a s eth0 \| grep -w inet \| awk '{print $2}' \| cut -d/ -f1 >> /etc/privoxy/user.action \`
			`&& ip r s \| grep default \| awk '{print $3}' >> /etc/privoxy/user.action \`
udpate 2015-06-29 09:18:40 +08:00			`&& iptables -t filter -P OUTPUT DROP \`
update 2015-06-29 03:57:52 +08:00			`&& iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT \`
			`&& iptables -t filter -A OUTPUT -p tcp \`
			`-m multiport --dports 53,80,443,8118 \`
			`-j ACCEPT \`
			`&& iptables -t filter -A OUTPUT -p tcp \`
			`-m state --state ESTABLISHED,RELATED \`
			`-j ACCEPT \`
			`&& iptables -t filter -A OUTPUT -p udp \`
			`-m state --state ESTABLISHED,RELATED \`
			`-j ACCEPT \`
			`&& iptables -t filter -A OUTPUT -p tcp \`
			`-m owner --uid-owner privoxy \`
			`-j ACCEPT \`
update 2015-06-29 11:38:35 +08:00			`&& iptables -t nat -A OUTPUT -p tcp --dport 80 \`
update 2015-06-29 03:57:52 +08:00			`-m owner ! --uid-owner privoxy \`
			`-j REDIRECT --to-ports 8118 \`
update 2015-06-29 01:18:53 +08:00			`&& gosu privoxy privoxy --no-daemon /etc/privoxy/config`