mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-11-28 09:08:50 +02:00
43 lines
1.5 KiB
Docker
43 lines
1.5 KiB
Docker
#
|
|
# Dockerfile for privoxy
|
|
#
|
|
|
|
FROM alpine
|
|
MAINTAINER kev <noreply@easypi.info>
|
|
|
|
ADD https://github.com/tianon/gosu/releases/download/1.4/gosu-amd64 /usr/sbin/gosu
|
|
|
|
RUN apk add -U iptables privoxy \
|
|
&& chmod +x /usr/sbin/gosu \
|
|
&& rm -rf /var/cache/apk/*
|
|
|
|
RUN sed -i -e '/^listen-address/s/127.0.0.1/0.0.0.0/' \
|
|
-e '/^accept-intercepted-requests/s/0/1/' \
|
|
-e '/^enforce-blocks/s/0/1/' \
|
|
-e '/^#debug/s/#//' /etc/privoxy/config
|
|
|
|
VOLUME /etc/privoxy
|
|
EXPOSE 8118
|
|
|
|
CMD echo "{+block{self}}" >> /etc/privoxy/user.action \
|
|
&& ip a s eth0 | grep -w inet | awk '{print $2}' | cut -d/ -f1 >> /etc/privoxy/user.action \
|
|
&& ip r s | grep default | awk '{print $3}' >> /etc/privoxy/user.action \
|
|
&& iptables -t filter -P OUTPUT DROP \
|
|
&& iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT \
|
|
&& iptables -t filter -A OUTPUT -p tcp \
|
|
-m multiport --dports 53,80,443,8118 \
|
|
-j ACCEPT \
|
|
&& iptables -t filter -A OUTPUT -p tcp \
|
|
-m state --state ESTABLISHED,RELATED \
|
|
-j ACCEPT \
|
|
&& iptables -t filter -A OUTPUT -p udp \
|
|
-m state --state ESTABLISHED,RELATED \
|
|
-j ACCEPT \
|
|
&& iptables -t filter -A OUTPUT -p tcp \
|
|
-m owner --uid-owner privoxy \
|
|
-j ACCEPT \
|
|
&& iptables -t nat -A OUTPUT -p tcp --dport 80 \
|
|
-m owner ! --uid-owner privoxy \
|
|
-j REDIRECT --to-ports 8118 \
|
|
&& gosu privoxy privoxy --no-daemon /etc/privoxy/config
|