Last active
October 1, 2015 11:16
-
-
Save heri16/e68357298869618e7871 to your computer and use it in GitHub Desktop.
aws-ecs-netflix-proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Note, this script assumes Ubuntu Linux and it will most likely fail on any other distribution. | |
# bomb on any error | |
set -e | |
# change to working directory | |
root="/opt/netflix-proxy" | |
# obtain the interface with the default gateway | |
int=$(ip route | grep default | awk '{print $5}') | |
# obtain IP address of the Internet facing interface | |
ipaddr=$(ip addr show dev $int | grep inet | grep -v inet6 | awk '{print $2}' | grep -Po '[0-9]{1,3}+\.[0-9]{1,3}+\.[0-9]{1,3}+\.[0-9]{1,3}+(?=\/)') | |
extip=$($(which dig) +short myip.opendns.com @resolver1.opendns.com) | |
# obtain client (home) ip address | |
clientip=$(echo $SSH_CONNECTION | awk '{print $1}') | |
# get the current date | |
date=$(/bin/date +'%Y%m%d') | |
# display usage | |
usage() { | |
echo "Usage: $0 [-r 0|1] [-b 0|1] [-c <ip>]" 1>&2; \ | |
printf "\t-r\tenable (1) or disable (0) DNS recursion (default: 1)\n"; \ | |
printf "\t-b\tgrab docker images from repository (0) or build locally (1) (default: 0)\n"; \ | |
printf "\t-c\tspecify client-ip instead of being taken from ssh_connection\n"; \ | |
exit 1; | |
} | |
# process options | |
while getopts ":r:b:c:" o; do | |
case "${o}" in | |
r) | |
r=${OPTARG} | |
((r == 0|| r == 1)) || usage | |
;; | |
b) | |
b=${OPTARG} | |
((b == 0|| b == 1)) || usage | |
;; | |
c) | |
c=${OPTARG} | |
;; | |
*) | |
usage | |
;; | |
esac | |
done | |
shift $((OPTIND-1)) | |
if [[ -z "${r}" ]]; then | |
r=1 | |
fi | |
if [[ -z "${b}" ]]; then | |
b=0 | |
fi | |
if [[ -n "${c}" ]]; then | |
clientip="${c}" | |
fi | |
# diagnostics info | |
echo "clientip="$clientip "ipaddr="$ipaddr "extip"=$extip | |
# prepare BIND config | |
if [[ ${r} == 0 ]]; then | |
printf "disabling DNS recursion...\n" | |
printf "\t\tallow-recursion { none; };\n\t\trecursion no;\n\t\tadditional-from-auth no;\n\t\tadditional-from-cache no;\n" | sudo tee ${root}/docker-bind/named.recursion.conf | |
else | |
printf "WARNING: enabling DNS recursion...\n" | |
printf "\t\tallow-recursion { trusted; };\n\t\trecursion yes;\n\t\tadditional-from-auth yes;\n\t\tadditional-from-cache yes;\n" | sudo tee ${root}/docker-bind/named.recursion.conf | |
fi | |
# switch to working directory | |
pushd ${root} | |
# configure iptables | |
#sudo iptables -N FRIENDS | |
#sudo iptables -A FRIENDS -s $clientip/32 -j ACCEPT | |
#sudo iptables -A FRIENDS -j DROP | |
#sudo iptables -N ALLOW | |
#sudo iptables -A INPUT -j ALLOW | |
#sudo iptables -A FORWARD -j ALLOW | |
#sudo iptables -A DOCKER -j ALLOW | |
#sudo iptables -A ALLOW -p icmp -j ACCEPT | |
#sudo iptables -A ALLOW -i lo -j ACCEPT | |
#sudo iptables -A ALLOW -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT | |
#sudo iptables -A ALLOW -m state --state RELATED,ESTABLISHED -j ACCEPT | |
#sudo iptables -A ALLOW -p tcp -m tcp --dport 80 -j FRIENDS | |
#sudo iptables -A ALLOW -p tcp -m tcp --dport 443 -j FRIENDS | |
#sudo iptables -A ALLOW -p udp -m udp --dport 53 -j FRIENDS | |
#sudo iptables -A ALLOW -j REJECT --reject-with icmp-host-prohibited | |
#echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections | |
#echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections | |
#sudo apt-get -y install iptables-persistent | |
echo "Updating db.override with ipaddr"=$extip "and date="$date | |
sudo $(which sed) -i "s/IN A [0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/IN A ${extip}/g" data/db.override | |
sudo $(which sed) -i "s/[YMD0-9]\+ ; serial/${date}01 ; serial/g" data/db.override | |
if [[ "${b}" == "1" ]]; then | |
echo "Building docker containers" | |
sudo $(which docker) build -t bind docker-bind | |
sudo $(which docker) build -t sniproxy docker-sniproxy | |
echo "Starting Docker containers (local)" | |
sudo $(which docker) run --name bind -d -v ${root}/data:/data -p 53:53/udp -t bind | |
sudo $(which docker) run --name sniproxy -d -v ${root}/data:/data --net=host -t sniproxy | |
else | |
# echo "Starting Docker containers (from repository)" | |
# sudo $(which docker) run --name bind -d -v ${root}/data:/data -p 53:53/udp -t ab77/bind | |
# sudo $(which docker) run --name sniproxy -d -v ${root}/data:/data --net=host -t ab77/sniproxy | |
echo "Restarting Docker containers (from AWS ECS)" | |
sudo $(which docker) ps | grep 'ab77/bind' | awk '{print $1}' | xargs --no-run-if-empty sudo $(which docker) restart | |
sudo $(which docker) ps | grep 'ab77/sniproxy' | awk '{print $1}' | xargs --no-run-if-empty sudo $(which docker) restart | |
fi | |
echo "Testing DNS" | |
$(which dig) netflix.com @$ipaddr | |
echo "Testing proxy" | |
echo "GET /" | $(which openssl) s_client -servername netflix.com -connect $ipaddr:443 | |
# configure upstart | |
#sudo cp init/* /etc/init | |
# change back to original directory | |
popd | |
echo "Change your DNS to" $extip "and start watching Netflix out of region." | |
echo "Done!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo ECS_CLUSTER=default >> /etc/ecs/ecs.config | |
yum update -y curl tar | |
rm -rf /opt/netflix-proxy/ | |
curl -L https://github.com/ab77/netflix-proxy/archive/master.tar.gz | tar xz --directory /opt/ && mv /opt/netflix-proxy-master /opt/netflix-proxy | |
curl -Lo /opt/netflix-proxy/build.sh https://gist.github.com/heri16/e68357298869618e7871/raw/build.sh | |
curl -Lo /var/lib/cloud/scripts/per-boot/netflix-proxy-data.sh https://gist.github.com/heri16/e68357298869618e7871/raw/netflix-proxy-data.sh | |
chmod +x /var/lib/cloud/scripts/per-boot/netflix-proxy-data.sh | |
yum update -y | |
yum install -y bind-utils && source /var/lib/cloud/scripts/per-boot/netflix-proxy-data.sh || true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
echo "Rebuild netflix-proxy-data..." | |
grep -qe 'Defaults.\+requiretty' /etc/sudoers || echo -e '\nDefaults !requiretty' >> /etc/sudoers | |
grep -qe 'Defaults[^!]\+requiretty' /etc/sudoers && sed -i 's/Defaults\([^!]\+\)requiretty/Defaults\1!requiretty/' /etc/sudoers | |
/bin/bash /opt/netflix-proxy/build.sh && echo "Rebuilt netflix-proxy-data." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment