blob: 3e1ab8ad498ebfd0d701d5968e047c2d520d38e6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
#!/bin/sh
set -e
PROXY_CONF=/tmp/proxy_forward.caddy
# Build basicauth lines from shared users.conf (skip if PROXY_NO_AUTH=1)
AUTH_LINES=""
if [ "${PROXY_NO_AUTH:-0}" != "1" ] && [ -f /etc/proxy/users.conf ]; then
while IFS=' ' read -r user pass || [ -n "$user" ]; do
[ -z "$user" ] && continue
case "$user" in \#*) continue ;; esac
AUTH_LINES="${AUTH_LINES} basicauth ${user} ${pass}\n"
done < /etc/proxy/users.conf
fi
AUTH_BLOCK=$(printf '%b' "$AUTH_LINES")
# GeoIP Japan-only filter (active only if DB file is present)
GEOIP_BLOCK=""
if [ -f "/etc/caddy/GeoLite2-Country.mmdb" ]; then
GEOIP_BLOCK=' geoip /etc/caddy/GeoLite2-Country.mmdb
@not_japan {
not remote_ip 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.1/32
not expression `{http.vars.geoip_country_code} == "JP"`
}
respond @not_japan 403'
fi
cat > "$PROXY_CONF" <<EOF
http:// {
route {
${GEOIP_BLOCK}
forward_proxy {
${AUTH_BLOCK} }
redir https://{host}{uri} 308
}
}
https://proxy.yyamashita.com {
tls {
key_type rsa4096
}
route {
${GEOIP_BLOCK}
forward_proxy {
${AUTH_BLOCK} }
}
}
EOF
exec "$@"
|