diff options
| author | yyamashita <yyamashita@hetzner.yyamashita.com> | 2026-07-02 23:08:58 +0900 |
|---|---|---|
| committer | yyamashita <yyamashita@hetzner.yyamashita.com> | 2026-07-02 23:08:58 +0900 |
| commit | 1a7b5adf8484ec0f2b6feb350b578142e186ab26 (patch) | |
| tree | e8c670ac5554d2b17b491ee96e9717f4432d64a9 /caddy/entrypoint.sh | |
| parent | 88be3b3f503d4674d764a7265edb2d4e380ae738 (diff) | |
Move forward proxy from Squid to Caddy (port 80/443)
Replace standalone Squid container with caddy-forwardproxy plugin so the
proxy shares Caddy's existing ports and TLS. HTTP on :80 and HTTPS on :443.
Auth is read from the same vpn/users.conf at Caddy startup via entrypoint.sh.
DNS: add proxy to setup-route53.py WEB_SUBDOMAINS.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Diffstat (limited to 'caddy/entrypoint.sh')
| -rw-r--r-- | caddy/entrypoint.sh | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/caddy/entrypoint.sh b/caddy/entrypoint.sh new file mode 100644 index 0000000..cf123ce --- /dev/null +++ b/caddy/entrypoint.sh @@ -0,0 +1,35 @@ +#!/bin/sh +set -e + +PROXY_CONF=/tmp/proxy_forward.caddy + +# Build basicauth lines from shared users.conf +AUTH_LINES="" +if [ -f /etc/proxy/users.conf ]; then + while IFS=' ' read -r user pass || [ -n "$user" ]; do + [ -z "$user" ] && continue + case "$user" in \#*) continue ;; esac + AUTH_LINES="${AUTH_LINES} basicauth ${user} ${pass}\n" + done < /etc/proxy/users.conf +fi +AUTH_BLOCK=$(printf '%b' "$AUTH_LINES") + +cat > "$PROXY_CONF" <<EOF +http://proxy.yyamashita.com { + forward_proxy { +${AUTH_BLOCK} hide_ip + hide_via + } +} +https://proxy.yyamashita.com { + tls { + key_type rsa4096 + } + forward_proxy { +${AUTH_BLOCK} hide_ip + hide_via + } +} +EOF + +exec "$@" |
