#!/bin/sh set -e PROXY_CONF=/tmp/proxy_forward.caddy # Build basicauth lines from shared users.conf (skip if PROXY_NO_AUTH=1) AUTH_LINES="" if [ "${PROXY_NO_AUTH:-0}" != "1" ] && [ -f /etc/proxy/users.conf ]; then while IFS=' ' read -r user pass || [ -n "$user" ]; do [ -z "$user" ] && continue case "$user" in \#*) continue ;; esac AUTH_LINES="${AUTH_LINES} basicauth ${user} ${pass}\n" done < /etc/proxy/users.conf fi AUTH_BLOCK=$(printf '%b' "$AUTH_LINES") # JP-only filter: download CIDR list from ipdeny.com (no account required) JP_FILTER="" JP_ZONE=/tmp/jp.zone if wget -q -O "$JP_ZONE" --timeout=15 "https://www.ipdeny.com/ipblocks/data/aggregated/jp-aggregated.zone" 2>/dev/null && [ -s "$JP_ZONE" ]; then JP_IPS=$(tr '\n' ' ' < "$JP_ZONE") JP_FILTER=" @not_japan { not remote_ip 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.1/32 ${JP_IPS} } respond @not_japan 403" fi cat > "$PROXY_CONF" <