Skip to content

Instantly share code, notes, and snippets.

@stickystyle
Last active January 13, 2021 03:52
Show Gist options
  • Save stickystyle/ca2e64a4f7d247648b0c to your computer and use it in GitHub Desktop.
Save stickystyle/ca2e64a4f7d247648b0c to your computer and use it in GitHub Desktop.
Simple script to configure apt to use a squid-deb-proxy server configured at the _apt-proxy._tcp SRV record for the configured search domain
#just put this in your Dockerfile prior to doing any apt-get operations and your build will use the proxy
FROM ubuntu:14.04
RUN apt-get install -y --no-install-recommends dnsutils
ADD squid-deb-proxy-discover-setup.sh /root/
RUN /root/squid-deb-proxy-discover-setup.sh
#!/bin/bash
if [ -f /etc/apt/apt.conf.d/31autoproxy ]; then
>&2 echo "NOTICE: squid-deb-proxy-discover already installed"
exit 0
fi
mkdir -p /usr/share/squid-deb-proxy-discover/
#we grab the search domain directly from resolv.conf because host, dig, and nslookup will
#not expand the search domain for SRV lookups.
cat > /usr/share/squid-deb-proxy-discover/squid-deb-proxy-discover << 'EOL'
#!/bin/sh
SEARCH_DOMAIN=$(grep -oP "search \K[\w\.]+" /etc/resolv.conf)
if [ ! -f /usr/bin/dig ]; then
>&2 echo "ERROR: dig is not installed, will not set Acquire::http::ProxyAutoDetect"
exit 1
fi
dig +short _apt_proxy._tcp.$SEARCH_DOMAIN SRV | head -n 1 | awk '{ print "http://", $4, ":", $3};' | sed 's/ //g'
EOL
chmod +x /usr/share/squid-deb-proxy-discover/squid-deb-proxy-discover
#30autoproxy is used by squid-deb-proxy-client, which I've used for inspration here
echo 'Acquire::http::ProxyAutoDetect "/usr/share/squid-deb-proxy-discover/squid-deb-proxy-discover";' > /etc/apt/apt.conf.d/31autoproxy
@stickystyle
Copy link
Author

The idea here is squid-deb-proxy-client uses avahi to find a configured squid-deb-proxy server, however that is only going to work on the local subnet and if you're like me you have your different departments and server on their own subnets; or you're using this from docker containers (which is why I began writing this) where zeroconf discovery just isn't practical.

All you need to do is...

  • set a SRV record for _apt-proxy._tcp to point to your squid-deb-proxy server
  • make sure the search domain is configured on the box/container running the script
  • make sure dig ('dnsutils' package in ubuntu) is installed on the box/container running the script (the docker ubuntu image doesn't include dig, host, or nslookup)

For systems such as boot2docker, the search domain doesn't get set correctly in the containers so you need to add it to /var/lib/boot2docker/profile on the VM host, like so...
EXTRA_ARGS="--dns-search=corp.example.com --dns 10.2.5.2 --dns 10.2.5.3"
(this seems to be related to boot2docker/boot2docker#357)

@stickystyle
Copy link
Author

I should add the reason I wanted it done like this is I wanted a single Dockerfile for an application that can move from my dev environment, to a remote dev environment, to production; where the squid-deb-proxy server is obviously different in each location.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment