aws-ecs-netflix-proxy

build.sh

#!/bin/bash

# Note, this script assumes Ubuntu Linux and it will most likely fail on any other distribution.

# bomb on any error
set -e

# change to working directory
root="/opt/netflix-proxy"

# obtain the interface with the default gateway
int=$(ip route | grep default | awk '{print $5}')

# obtain IP address of the Internet facing interface
ipaddr=$(ip addr show dev $int | grep inet | grep -v inet6 | awk '{print $2}' | grep -Po '[0-9]{1,3}+\.[0-9]{1,3}+\.[0-9]{1,3}+\.[0-9]{1,3}+(?=\/)')
extip=$($(which dig) +short myip.opendns.com @resolver1.opendns.com)

# obtain client (home) ip address
clientip=$(echo $SSH_CONNECTION | awk '{print $1}')

# get the current date
date=$(/bin/date +'%Y%m%d')

# display usage
usage() {
	echo "Usage: $0 [-r 0|1] [-b 0|1] [-c <ip>]" 1>&2; \
	printf "\t-r\tenable (1) or disable (0) DNS recursion (default: 1)\n"; \
	printf "\t-b\tgrab docker images from repository (0) or build locally (1) (default: 0)\n"; \
	printf "\t-c\tspecify client-ip instead of being taken from ssh_connection\n"; \
	exit 1;
}

# process options
while getopts ":r:b:c:" o; do
	case "${o}" in
		r)
			r=${OPTARG}
			((r == 0|| r == 1)) || usage
			;;
		b)
			b=${OPTARG}
			((b == 0|| b == 1)) || usage
			;;
		c)
			c=${OPTARG}
			;;
		*)
			usage
			;;
	esac
done
shift $((OPTIND-1))

if [[ -z "${r}" ]]; then
	r=1
fi

if [[ -z "${b}" ]]; then
	b=0
fi

if [[ -n "${c}" ]]; then
	clientip="${c}"
fi

# diagnostics info
echo "clientip="$clientip "ipaddr="$ipaddr "extip"=$extip

# prepare BIND config
if [[ ${r} == 0 ]]; then
        printf "disabling DNS recursion...\n"
        printf "\t\tallow-recursion { none; };\n\t\trecursion no;\n\t\tadditional-from-auth no;\n\t\tadditional-from-cache no;\n" | sudo tee ${root}/docker-bind/named.recursion.conf
else
        printf "WARNING: enabling DNS recursion...\n"
        printf "\t\tallow-recursion { trusted; };\n\t\trecursion yes;\n\t\tadditional-from-auth yes;\n\t\tadditional-from-cache yes;\n" | sudo tee ${root}/docker-bind/named.recursion.conf
fi

# switch to working directory
pushd ${root}

# configure iptables
#sudo iptables -N FRIENDS
#sudo iptables -A FRIENDS -s $clientip/32 -j ACCEPT
#sudo iptables -A FRIENDS -j DROP
#sudo iptables -N ALLOW
#sudo iptables -A INPUT -j ALLOW
#sudo iptables -A FORWARD -j ALLOW
#sudo iptables -A DOCKER -j ALLOW
#sudo iptables -A ALLOW -p icmp -j ACCEPT
#sudo iptables -A ALLOW -i lo -j ACCEPT
#sudo iptables -A ALLOW -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
#sudo iptables -A ALLOW -m state --state RELATED,ESTABLISHED -j ACCEPT
#sudo iptables -A ALLOW -p tcp -m tcp --dport 80 -j FRIENDS
#sudo iptables -A ALLOW -p tcp -m tcp --dport 443 -j FRIENDS
#sudo iptables -A ALLOW -p udp -m udp --dport 53 -j FRIENDS
#sudo iptables -A ALLOW -j REJECT --reject-with icmp-host-prohibited
#echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
#echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
#sudo apt-get -y install iptables-persistent

echo "Updating db.override with ipaddr"=$extip "and date="$date
sudo $(which sed) -i "s/IN  A   [0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/IN  A   ${extip}/g" data/db.override
sudo $(which sed) -i "s/[YMD0-9]\+  ; serial/${date}01  ; serial/g" data/db.override

if [[ "${b}" == "1" ]]; then
	echo "Building docker containers"
	sudo $(which docker) build -t bind docker-bind
	sudo $(which docker) build -t sniproxy docker-sniproxy

	echo "Starting Docker containers (local)"
	sudo $(which docker) run --name bind -d -v ${root}/data:/data -p 53:53/udp -t bind
	sudo $(which docker) run --name sniproxy -d -v ${root}/data:/data --net=host -t sniproxy
else
#	echo "Starting Docker containers (from repository)"
#	sudo $(which docker) run --name bind -d -v ${root}/data:/data -p 53:53/udp -t ab77/bind
#	sudo $(which docker) run --name sniproxy -d -v ${root}/data:/data --net=host -t ab77/sniproxy
	echo "Restarting Docker containers (from AWS ECS)"
	sudo $(which docker) ps | grep 'ab77/bind' | awk '{print $1}' | xargs --no-run-if-empty sudo $(which docker) restart
	sudo $(which docker) ps | grep 'ab77/sniproxy' | awk '{print $1}' | xargs --no-run-if-empty sudo $(which docker) restart
fi

echo "Testing DNS"
$(which dig) netflix.com @$ipaddr

echo "Testing proxy"
echo "GET /" | $(which openssl) s_client -servername netflix.com -connect $ipaddr:443

# configure upstart
#sudo cp init/* /etc/init

# change back to original directory
popd

echo "Change your DNS to" $extip "and start watching Netflix out of region."
echo "Done!"

ECS-LaunchConfig-User-Data

#!/bin/bash
echo ECS_CLUSTER=default >> /etc/ecs/ecs.config

yum update -y curl tar
rm -rf /opt/netflix-proxy/
curl -L https://github.com/ab77/netflix-proxy/archive/master.tar.gz | tar xz --directory /opt/ && mv /opt/netflix-proxy-master /opt/netflix-proxy
curl -Lo /opt/netflix-proxy/build.sh https://gist.github.com/heri16/e68357298869618e7871/raw/build.sh
curl -Lo /var/lib/cloud/scripts/per-boot/netflix-proxy-data.sh https://gist.github.com/heri16/e68357298869618e7871/raw/netflix-proxy-data.sh
chmod +x /var/lib/cloud/scripts/per-boot/netflix-proxy-data.sh

yum update -y
yum install -y bind-utils && source /var/lib/cloud/scripts/per-boot/netflix-proxy-data.sh || true

netflix-proxy-data.sh

#!/bin/sh
echo "Rebuild netflix-proxy-data..."
grep -qe 'Defaults.\+requiretty' /etc/sudoers || echo -e '\nDefaults   !requiretty' >> /etc/sudoers
grep -qe 'Defaults[^!]\+requiretty' /etc/sudoers && sed -i 's/Defaults\([^!]\+\)requiretty/Defaults\1!requiretty/' /etc/sudoers
/bin/bash /opt/netflix-proxy/build.sh && echo "Rebuilt netflix-proxy-data."