Merge pull request #1 from erikmagkekse/feature/http-proxy

Adding HTTP Proxy support
erikmagkekse · Nov 15, 2024 · 3050412 · 3050412
2 parents 712dc8a + ac456d9
commit 3050412
Show file tree

Hide file tree

Showing 9 changed files with 271 additions and 83 deletions.
diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml
@@ -6,30 +6,52 @@ on:
       - '**'
     paths:
       - 'src/**'
-      - '.github/**'
+      - '.github/workflows/**'
       - 'requirements.txt'
       - 'entrypoint.sh'
       - 'Dockerfile'
+      - 'VERSION.txt'
 
 jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Set up QEMU
+      - name: Replace slashes in branch name
+        run: |
+          SAFE_BRANCH_NAME="${GITHUB_REF_NAME//\//-}"
+          echo "SAFE_BRANCH_NAME=$SAFE_BRANCH_NAME" >> $GITHUB_ENV
+        env:
+          GITHUB_REF_NAME: ${{ github.ref_name }}
+
+      - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
-      -
-        name: Set up Docker Buildx
+
+      - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      -
-        name: Login to Docker Hub
+
+      - name: Set Docker tags and read version from VERSION.txt (only on main branch)
+        run: |
+          TAGS="erikmagkekse/ziti-edge-proxy:${{ env.SAFE_BRANCH_NAME }}"
+          
+          if [ "${GITHUB_REF_NAME}" == "main" ]; then
+            if [ -f VERSION.txt ]; then
+              VERSION=$(cat VERSION.txt)
+              TAGS="${TAGS},erikmagkekse/ziti-edge-proxy:${VERSION},erikmagkekse/ziti-edge-proxy:latest"
+            else
+              TAGS="${TAGS},erikmagkekse/ziti-edge-proxy:latest"
+            fi
+          fi
+          
+          echo "TAGS=$TAGS" >> $GITHUB_ENV
+
+      - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
+
+      - name: Build and push
         uses: docker/build-push-action@v6
         with:
           push: true
-          tags: erikmagkekse/ziti-edge-proxy:${{ github.ref_name }} 
+          tags: ${{ env.TAGS }}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+identity.json
diff --git a/Dockerfile b/Dockerfile
@@ -8,8 +8,12 @@ ENV GID=23456
 ENV USER_HOME=/app
 ENV VIRTUAL_ENV=$USER_HOME/.venv
 
+ENV SOCKS_ENABLED=TRUE
+ENV HTTP_ENABLED=TRUE
+
 ENV PROXY_HOST=127.0.0.1
-ENV PROXY_PORT=1080
+ENV SOCKS_PORT=1080
+ENV HTTP_PORT=1080
 ENV PROXY_USERNAME=user
 ENV PROXY_PASSWORD=password
 
@@ -52,5 +56,6 @@ RUN pip3 install --no-cache -r requirements.txt
 
 # Start Python script, entrypoint and configure port
 EXPOSE 1080
+EXPOSE 8080
 ENTRYPOINT ["/app/entrypoint.sh"]
 CMD [ "python", "main.py" ]
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # What is ziti-edge-proxy?
-This project uses OpenZiti to provide a SOCKS5 Proxy with simple authentication that tunnels intercepted traffic through OpenZiti.
+This project uses OpenZiti to provides a SOCKS5 & HTTP Proxy with simple authentication that tunnels intercepted traffic through OpenZiti.
 The goal for this project was to make it fully functional in UserSpace, so that it can also be used in pipelines without privileges, for example in GitOps processes.
 
 ## Who is it for?
@@ -24,7 +24,10 @@ docker pull docker.io/erikmagkekse/ziti-edge-proxy:main
 | Variable         | Default Value     | Usage                                                       |
 | ---------------- | ----------------- | ----------------------------------------------------------- |
 | PROXY_HOST       | 127.0.0.1         | Where the SOCKS5 server should be attached                  |
-| PROXY_PORT       | 1080              | Default port of the SOCKS5 server                           |
+| SOCKS_ENABLED    | true              | Enables SOCKS5 Server                                       |
+| HTTP_ENABLED     | true              | Enables HTTP Server                                         |
+| SOCKS_PORT       | 1080              | Default port of the SOCKS5 server                           |
+| HTTP_PORT        | 8080              | Default port of the HTTP proxy server                       |
 | PROXY_USERNAME   | user              | Username for the SOCKS5 server                              |
 | PROXY_PASSWORD   | password          | Password for the SOCKS5 Server                              |
 | *ZITI_IDENTITIES | *empty*           | List of used Ziti identities, separated by semicolon        |
@@ -34,10 +37,10 @@ docker pull docker.io/erikmagkekse/ziti-edge-proxy:main
 
 ## Future roadmap
 - Add Codesinging
-- Improving logging
+- Improving logging ✅
 - Add ghcr.io repository for image
 - Switch from Python image to Alpine or RedHat UBI
-- Add HTTP Proxy support
+- Add HTTP Proxy support ✅
 - Rewrite in Go
 - CI Tests
 

diff --git a/VERSION.txt b/VERSION.txt
@@ -0,0 +1 @@
+v0.2-alpha
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,17 @@
+services:
+  ziti-edge-proxy:
+    build: .
+    ports:
+      - "1080:1080"
+      - "8080:8080"
+    environment:
+      PROXY_HOST: 0.0.0.0
+      SOCKS_PORT: 1080
+      HTTP_PORT: 8080
+      HTTP_ENABLED: true
+      SOCKS_ENABLED: true
+      PROXY_USERNAME: user
+      PROXY_PASSWORD: 1234
+      ZITI_IDENTITIES: /app/identity.json
+    volumes:
+      - "../identity.json:/app/identity.json"
diff --git a/examples/docker-compose/README.md b/examples/docker-compose/README.md
@@ -4,6 +4,11 @@ Use Netcat with the SSH ProxyProtocol feature.
 ssh -o "ProxyCommand=ncat --proxy-auth user:1234 --proxy-type socks5 --proxy 127.0.0.1:1080 %h %p" [email protected]
 ```
 
+Simple curl to use the HTTP Proxy as example.
+```
+curl -X http://127.0.0.1:8080 https://your.intercept.hostname.com
+```
+
 
 # Docker Compose example
 ```
@@ -14,7 +19,8 @@ services:
       - "1080:1080"
     environment:
       PROXY_HOST: 0.0.0.0
-      PROXY_PORT: 1080
+      SOCKS_PORT: 1080
+      HTTP_PORT: 8080
       PROXY_USERNAME: user
       PROXY_PASSWORD: 1234
       ZITI_IDENTITIES: /app/identity.json
@@ -31,7 +37,8 @@ services:
       - "1080:1080"
     environment:
       PROXY_HOST: 0.0.0.0
-      PROXY_PORT: 1080
+      SOCKS_PORT: 1080
+      HTTP_PORT: 8080
       PROXY_USERNAME: user
       PROXY_PASSWORD: 1234
       ZITI_IDENTITY: "eyXXXXX" # Your identity.json just Base64 encoded, no JWT Token!

diff --git a/examples/gitlab/.gitlab-ci.yml b/examples/gitlab/.gitlab-ci.yml
@@ -5,7 +5,8 @@ variables:
   CI_DEBUG_SERVICES: true
   PROXY_ADDRESS: ziti-edge-proxy
   PROXY_HOST: 127.0.0.1
-  PROXY_PORT: 1080
+  SOCKS_PORT: 1080
+  HTTP_PORT: 8080
   PROXY_USERNAME: user
   PROXY_PASSWORD: password
   ZITI_IDENTITY: $ZITI_IDENTITY_BASE64 # Variable from Gitlab CI/CD secrets
@@ -17,7 +18,7 @@ default:
 
 deploy:
   stage: build
-  image: "YOUR-ANSIBLE-IMAGE"
+  image: YOUR-IMAGE
   variables:
     ANSIBLE_REMOTE_USER: deployer
     ANSIBLE_INVENTORY: hosts.ini
@@ -28,4 +29,10 @@ deploy:
   script:
     - ansible-playbook main.yml -v
 
+curl-example:
+  stage: build
+  image: YOUR-IMAGE
+  script:
+    - curl -x http://${PROXY_USERNAME}:${PROXY_PASSWORD}@${PROXY_ADDRESS}:${PROXY_PORT} https://your.intercept.hostname.com
+