Github Actions (release) fixed

.dockerignore

@@ -0,0 +1,8 @@
+.editorconfig
+.git
+.github
+.idea
+.vscode
+temp
+tmp
+LICENSE

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# @link <https://help.github.com/en/articles/about-code-owners>
+
+* @tarampampam

.github/dependabot.yml

@@ -0,0 +1,21 @@
+# Docs: <https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/customizing-dependency-updates>
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    reviewers:
+      - "tarampampam"
+    assignees:
+      - "tarampampam"
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    reviewers:
+      - "tarampampam"
+    assignees:
+      - "tarampampam"

.github/labeler.yml

@@ -0,0 +1,21 @@
+docs:
+  - '**/*.md'
+  - '**/*.MD'
+
+.github:
+  - '.github/**/*'
+
+CI:
+  - '.github/workflows/**/*'
+  - '.github/actions/**/*'
+
+docker:
+  - 'Dockerfile'
+  - 'docker/**/*'
+  - '.dockerignore'
+  - 'docker-entrypoint.sh'
+  - '3proxy.cfg'
+
+dev:
+  - '.gitignore'
+  - '.editorconfig'

.github/workflows/labeler.yml

@@ -0,0 +1,12 @@
+name: labeler
+
+on: [pull_request_target]
+
+jobs:
+  triage:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/labeler@v3 # Action page: <https://github.com/actions/labeler>
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          sync-labels: true

.github/workflows/release.yml

@@ -7,22 +7,32 @@ on:
 jobs:
   docker-image:
     name: Build docker image
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Check out code
         uses: actions/checkout@v2
 
-      - name: Generate image tag value
+      - name: Docker login in default registry
-        run: echo "::set-env name=IMAGE_TAG::${GITHUB_REF##*/[vV]}" # `/refs/tags/v1.2.3` -> `1.2.3`
-
-      - name: Make docker login
         run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_LOGIN }}" --password-stdin &> /dev/null
 
+      - name: Docker login in ghcr.io # Auth docs: <https://git.io/JLDaw>
+        run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login ghcr.io -u tarampampam --password-stdin
+
+      - name: Generate image tag value
+        id: tag
+        run: echo "::set-output name=value::`echo ${GITHUB_REF##*/} | sed -e 's/^[vV ]*//'`" # `/refs/tags/v1.2.3` -> `1.2.3`
+
       - name: Build image
-        run: docker build --tag "tarampampam/3proxy:${IMAGE_TAG}" --tag "tarampampam/3proxy:latest" -f ./Dockerfile .
+        run: |
+          docker build \
+            --tag "tarampampam/3proxy:${{ steps.tag.outputs.value }}" \
+            --tag "tarampampam/3proxy:latest" \
+            --tag "ghcr.io/tarampampam/3proxy:${{ steps.tag.outputs.value }}" \
+            --tag "ghcr.io/tarampampam/3proxy:latest" \
+            -f ./Dockerfile .
 
-      - name: Push version image
+      - name: Push into default registry
-        run: docker push "tarampampam/3proxy:${IMAGE_TAG}"
+        run: docker push "tarampampam/3proxy:${{ steps.tag.outputs.value }}" && docker push "tarampampam/3proxy:latest"
 
-      - name: Push latest image
+      - name: Push into ghcr.io
-        run: docker push "tarampampam/3proxy:latest"
+        run: docker push "ghcr.io/tarampampam/3proxy:${{ steps.tag.outputs.value }}" && docker push "ghcr.io/tarampampam/3proxy:latest"

.github/workflows/tests.yml

@@ -11,75 +11,99 @@ on:
     - cron: '0 0 * * 0' # once in a week, docs: <https://git.io/JvxXE#onschedule>
 
 jobs: # Docs: <https://git.io/JvxXE>
-  docker-image:
+  build-image:
-    name: Build and use docker image
+    name: Build docker image
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Check out code
         uses: actions/checkout@v2
 
       - name: Build docker image
-        run: docker build -f ./Dockerfile --tag image:local .
+        run: docker build -f ./Dockerfile --tag 3proxy:local .
 
-      - name: Run docker image with default settings
+      - name: Scan image
-        run: |
+        uses: anchore/scan-action@v2 # action page: <https://github.com/anchore/scan-action>
-          docker run --rm -d \
+        with:
-            -p "3128:3128/tcp" \
+          image: 3proxy:local
-            -p "1080:1080/tcp" \
+          fail-build: true
-            image:local
+          severity-cutoff: low # negligible, low, medium, high or critical
+
+      - name: Save docker image
+        run: docker save 3proxy:local > ./docker-image.tar
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: docker-image
+          path: ./docker-image.tar
+
+  try-to-use:
+    name: Build and use docker image (auth ${{ matrix.auth }})
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        auth: [yes, no]
+    needs: [build-image]
+    steps:
+      - name: Download builded docker image
+        uses: actions/download-artifact@v2
+        with:
+          name: docker-image
+          path: .artifact
+
+      - name: Prepare image to run
+        working-directory: .artifact
+        run: docker load < docker-image.tar
+
+      - name: Start server without auth setup
+        if: matrix.auth != 'yes'
+        run: docker run --rm -d -p "3128:3128/tcp" -p "1080:1080/tcp" 3proxy:local
+
+      - name: Start server with auth setup
+        if: matrix.auth == 'yes'
+        run: docker run --rm -d -p "3128:3128/tcp" -p "1080:1080/tcp" -e "PROXY_LOGIN=evil" -e "PROXY_PASSWORD=live" 3proxy:local
 
       - name: Pause
-        run: sleep 2
+        run: sleep 3
 
       - name: Try to use HTTP proxy
+        if: matrix.auth != 'yes'
         run: |
           curl -v --fail \
             --proxy http://127.0.0.1:3128 \
             --connect-timeout 3 \
             --max-time 3 \
-            https://github.com/robots.txt
+            https://www.cloudflare.com/robots.txt
 
       - name: Try to use SOCKS proxy
+        if: matrix.auth != 'yes'
         run: |
           curl -v --fail \
             --proxy socks5://127.0.0.1:1080 \
             --connect-timeout 3 \
             --max-time 3 \
-            https://github.com/robots.txt
+            https://www.cloudflare.com/robots.txt
 
-      - name: Stop container
+      - name: Try to use HTTP proxy (with auth)
-        run: docker stop $(docker ps -a --filter ancestor=image:local -q)
+        if: matrix.auth == 'yes'
-
-      - name: Run docker image with auth settings
-        run: |
-          docker run --rm -d \
-            -p "3128:3128/tcp" \
-            -p "1080:1080/tcp" \
-            -e "AUTH_REQUIRED=true" \
-            -e "PROXY_LOGIN=evil" \
-            -e "PROXY_PASSWORD=live" \
-            image:local
-
-      - name: Pause
-        run: sleep 2
-
-      - name: Try to use HTTP proxy
         run: |
           curl -v --fail \
             --proxy http://127.0.0.1:3128 \
             --proxy-user evil:live \
             --connect-timeout 3 \
             --max-time 3 \
-            https://github.com/robots.txt
+            https://www.cloudflare.com/robots.txt
 
-      - name: Try to use SOCKS proxy
+      - name: Try to use SOCKS proxy (with auth)
+        if: matrix.auth == 'yes'
         run: |
           curl -v --fail \
             --proxy socks5://127.0.0.1:1080 \
             --proxy-user evil:live \
             --connect-timeout 3 \
             --max-time 3 \
-            https://github.com/robots.txt
+            https://www.cloudflare.com/robots.txt
 
       - name: Stop container
-        run: docker stop $(docker ps -a --filter ancestor=image:local -q)
+        run: docker stop $(docker ps -a --filter ancestor=3proxy:local -q)

3proxy.cfg

@@ -0,0 +1,29 @@
+#!/bin/3proxy
+config /etc/3proxy/3proxy.cfg
+
+# you may use system to execute some external command if proxy starts
+system "echo `which 3proxy`': Starting 3proxy'"
+
+# We can configure nservers to avoid unsafe gethostbyname() usage
+nserver 1.0.0.1
+nserver 1.1.1.1
+nserver 8.8.4.4
+nserver 8.8.8.8
+
+# nscache is good to save speed, traffic and bandwidth
+nscache 65536
+
+# Here we can change timeout values
+timeouts 1 5 30 60 180 1800 15 60
+
+log /dev/stdout
+logformat "- +_L%t.%.  %N.%p %E %U %C:%c %R:%r %O %I %h %T"
+
+maxconn 1024
+
+#AUTH_SETTINGS
+
+proxy -a -p3128
+socks -a -p1080
+
+flush

CHANGELOG.md

@@ -4,6 +4,28 @@ All notable changes to this package will be documented in this file.
 
 The format is based on [Keep a Changelog][keepachangelog] and this project adheres to [Semantic Versioning][semver].
 
+## v1.2.0
+
+### Changed
+
+- 3proxy updated from `0.8.13` up to `0.9.3`
+
+## v1.1.0
+
+### Removed
+
+- Environment variable `AUTH_REQUIRED` support
+
+### Changed
+
+- Proxy error pages a little bit styled
+
+## v1.0.0
+
+### Fixed
+
+- Dockerfile and docker entry-point script cleanup
+
 ## v0.1.1
 
 ### Fixed

Dockerfile

@@ -1,40 +1,48 @@
 # Image page: <https://hub.docker.com/_/alpine>
-FROM alpine:latest as builder
+FROM gcc:9.3 as builder
 
-# e.g.: `docker build --build-arg "VERSION=0.8.13" .`
+# e.g.: `docker build --build-arg "VERSION=0.9.3" .`
-ARG VERSION="0.8.13"
+ARG VERSION="0.9.3"
 
+# Fetch 3proxy sources
 RUN set -x \
-    && apk add --no-cache \
+    && git clone --branch "${VERSION}" https://github.com/z3APA3A/3proxy.git /tmp/3proxy
-        ca-certificates \
-        linux-headers \
-        build-base \
-        git \
-    && update-ca-certificates \
-    && git clone --branch ${VERSION} https://github.com/z3APA3A/3proxy.git /tmp/3proxy \
-    && cd /tmp/3proxy \
-    && echo '#define ANONYMOUS 1' >> /tmp/3proxy/src/3proxy.h \
-    && make -f Makefile.Linux
 
-FROM alpine:latest
+WORKDIR /tmp/3proxy
-
-LABEL \
-    org.label-schema.name="3proxy" \
-    org.label-schema.description="Tiny free proxy server" \
-    org.label-schema.url="https://github.com/tarampampam/3proxy-docker" \
-    org.label-schema.vcs-url="https://github.com/tarampampam/3proxy-docker" \
-    org.label-schema.docker.cmd="docker run --rm -d -p \"3128:3128/tcp\" -p \"1080:1080/tcp\" this_image" \
-    org.label-schema.vendor="tarampampam" \
-    org.label-schema.license="WTFPL" \
-    org.label-schema.schema-version="1.0"
-
-COPY docker-entrypoint.sh /docker-entrypoint.sh
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /tmp/3proxy/src/3proxy /usr/bin/3proxy
-COPY --from=builder /tmp/3proxy/cfg/3proxy.cfg.sample /etc/3proxy/3proxy.cfg
 
+# Patch sources
+RUN set -x \
+    && echo '#define ANONYMOUS 1' >> ./src/3proxy.h \
+    # proxy.c source: <https://github.com/z3APA3A/3proxy/blob/0.9.3/src/proxy.c>
+    && sed -i 's~\(<\/head>\)~<style>html,body{background-color:#222526;color:#fff;font-family:sans-serif;\
+text-align:center;display:flex;flex-direction:column;justify-content:center}h1,h2{margin-bottom:0;font-size:2.5em}\
+h2::before{content:'"'"'Proxy error'"'"';display:block;font-size:0.4em;color:#bbb;font-weight:100}\
+h3,p{color:#bbb}</style>\1~' ./src/proxy.c \
+    && cat ./src/proxy.c | grep '</head>'
+
+# And compile
+RUN set -x \
+    && echo "" >> ./Makefile.Linux \
+    && echo "PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin SSLPlugin" >> ./Makefile.Linux \
+    && echo "LIBS = -l:libcrypto.a -l:libssl.a -ldl" >> ./Makefile.Linux \
+    && make -f Makefile.Linux \
+    && strip ./bin/3proxy \
+    && strip ./bin/StringsPlugin.ld.so \
+    && strip ./bin/TrafficPlugin.ld.so \
+    && strip ./bin/PCREPlugin.ld.so \
+    && strip ./bin/TransparentPlugin.ld.so \
+    && strip ./bin/SSLPlugin.ld.so
+
+# Prepare filesystem for 3proxy running
+FROM busybox:1.32-glibc as buffer
+
+# Copy binaries
+COPY --from=builder /lib/x86_64-linux-gnu/libdl.so.* /lib/
+COPY --from=builder /tmp/3proxy/bin/3proxy /bin/
+COPY --from=builder /tmp/3proxy/bin/*.ld.so /usr/local/3proxy/libexec/
+
+# Create unprivileged user
 RUN set -x \
-    # Unprivileged user creation <https://stackoverflow.com/a/55757473/12429735RUN>
     && adduser \
         --disabled-password \
         --gecos "" \
@@ -42,13 +50,38 @@ RUN set -x \
         --shell /sbin/nologin \
         --no-create-home \
         --uid 10001 \
-        3proxy \
+        3proxy
-    && touch /etc/3proxy/passwd \
+
-    && chown 3proxy:3proxy -R /etc/3proxy
+# Prepare files and directories
+RUN set -x \
+    && chown -R 10001:10001 /usr/local/3proxy \
+    && chmod -R 550 /usr/local/3proxy \
+    && chmod -R 555 /usr/local/3proxy/libexec \
+    && chown -R root /usr/local/3proxy/libexec \
+    && mkdir /etc/3proxy \
+    && chown -R 10001:10001 /etc/3proxy
+
+# Copy our config and entrypoint script
+COPY 3proxy.cfg /etc/3proxy/3proxy.cfg
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Split all buffered layers into one
+FROM scratch
+
+LABEL \
+    org.opencontainers.image.title="3proxy" \
+    org.opencontainers.image.description="Tiny free proxy server" \
+    org.opencontainers.image.url="https://github.com/tarampampam/3proxy-docker" \
+    org.opencontainers.image.source="https://github.com/tarampampam/3proxy-docker" \
+    org.opencontainers.image.vendor="Tarampampam" \
+    org.opencontainers.image.licenses="WTFPL"
+
+# Import from builder
+COPY --from=buffer / /
 
 # Use an unprivileged user
 USER 3proxy:3proxy
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD ["/usr/bin/3proxy", "/etc/3proxy/3proxy.cfg"]
+CMD ["/bin/3proxy", "/etc/3proxy/3proxy.cfg"]

README.md

@@ -12,7 +12,7 @@
 
 ## Why this image created?
 
-3proxy is awesome and lightweight proxy-server. This image contains stable version with it and can be configured using environment variables.
+3proxy is awesome and lightweight proxy-server. This image contains stable version with it and can be configured using environment variables. By default, it uses anonymous (information about client hiding) proxy settings.
 
 > Page on `hub.docker.com` can be [found here][link_docker_hub].
 
@@ -33,7 +33,6 @@ All supported image tags [can be found here][link_docker_tags].
 
 Variable name    | Description                               | Example
 ---------------- | ----------------------------------------- | ---------------
-`AUTH_REQUIRED`  | Require authorization? (default: `false`) | `true`, `false`
 `PROXY_LOGIN`    | Authorization login                       | `username`
 `PROXY_PASSWORD` | Authorization password                    | `password`
 
@@ -54,12 +53,19 @@ Or with auth settings:
 $ docker run --rm -d \
     -p "3128:3128/tcp" \
     -p "1080:1080/tcp" \
-    -e "AUTH_REQUIRED=true" \
     -e "PROXY_LOGIN=evil" \
     -e "PROXY_PASSWORD=live" \
     tarampampam/3proxy:latest
 ```
 
+## Releasing
+
+New versions publishing is very simple - just make required changes in this repository, update [changelog file](CHANGELOG.md) and "publish" new release using repo releases page.
+
+Docker images will be build and published automatically.
+
+> New release will overwrite the `latest` docker image tag in both registers.
+
 ## Changes log
 
 [![Release date][badge_release_date]][link_releases]
@@ -79,7 +85,7 @@ If you will find any package errors, please, [make an issue][link_create_issue]
 WTFPL. Use anywhere for your pleasure.
 
 [badge_build_status]:https://img.shields.io/github/workflow/status/tarampampam/3proxy-docker/tests/master?logo=github&label=build
-[badge_release_status]:https://img.shields.io/github/workflow/status/tarampampam/3proxy-docker/release/master?logo=github&label=release
+[badge_release_status]:https://img.shields.io/github/workflow/status/tarampampam/3proxy-docker/release?logo=github&label=release
 [badge_release_date]:https://img.shields.io/github/release-date/tarampampam/3proxy-docker.svg?style=flat-square&maxAge=180
 [badge_commits_since_release]:https://img.shields.io/github/commits-since/tarampampam/3proxy-docker/latest.svg?style=flat-square&maxAge=180
 [badge_issues]:https://img.shields.io/github/issues/tarampampam/3proxy-docker.svg?style=flat-square&maxAge=180
@@ -92,7 +98,7 @@ WTFPL. Use anywhere for your pleasure.
 [link_changes_log]:https://github.com/tarampampam/3proxy-docker/blob/master/CHANGELOG.md
 [link_issues]:https://github.com/tarampampam/3proxy-docker/issues
 [link_pulls]:https://github.com/tarampampam/3proxy-docker/pulls
-[link_build_status]:https://travis-ci.org/tarampampam/3proxy-docker
+[link_build_status]:https://github.com/tarampampam/3proxy-docker/actions
 [link_create_issue]:https://github.com/tarampampam/3proxy-docker/issues/new
 [link_license]:https://github.com/tarampampam/3proxy-docker/blob/master/LICENSE
 [link_docker_tags]:https://hub.docker.com/r/tarampampam/3proxy/tags

docker-entrypoint.sh

@@ -1,60 +1,12 @@
-#!/usr/bin/env sh
+#!/bin/sh
 set -e
 
-AUTH_REQUIRED=${AUTH_REQUIRED:-false} # true|false
 PROXY_LOGIN=${PROXY_LOGIN:-} # string
 PROXY_PASSWORD=${PROXY_PASSWORD:-} # string
 
-if [ "$AUTH_REQUIRED" = "true" ]; then
+if [ -n "$PROXY_LOGIN" ] && [ -n "$PROXY_PASSWORD" ]; then
-  if [ -z "$PROXY_LOGIN" ]; then
-    (>&2 echo "$0: environment variable 'PROXY_LOGIN' is not specified!"); exit 1;
-  fi;
-
-  if [ -z "$PROXY_PASSWORD" ]; then
-    (>&2 echo "$0: environment variable 'PROXY_PASSWORD' is not specified!"); exit 1;
-  fi;
-
   echo "$0: setup '${PROXY_LOGIN}:${PROXY_PASSWORD}' as proxy user";
-  echo "${PROXY_LOGIN}:CL:${PROXY_PASSWORD}" > /etc/3proxy/passwd
+  sed -i "s~#AUTH_SETTINGS~users ${PROXY_LOGIN}:CL:${PROXY_PASSWORD}\nauth strong\nallow ${PROXY_LOGIN}~" /etc/3proxy/3proxy.cfg
-fi;
-
-echo "$0: rewrite configuration file";
-cat << \EOF > /etc/3proxy/3proxy.cfg
-#!/usr/bin/3proxy
-config /etc/3proxy/3proxy.cfg
-
-# you may use system to execute some external command if proxy starts
-system "echo `which 3proxy`': Starting 3proxy'"
-
-# We can configure nservers to avoid unsafe gethostbyname() usage
-nserver 1.0.0.1
-nserver 1.1.1.1
-nserver 8.8.4.4
-nserver 8.8.8.8
-
-# nscache is good to save speed, traffic and bandwidth
-nscache 65536
-
-# Here we can change timeout values
-timeouts 1 5 30 60 180 1800 15 60
-
-log /dev/stdout
-logformat "- +_L%t.%.  %N.%p %E %U %C:%c %R:%r %O %I %h %T"
-
-maxconn 1024
-
-#AUTH_SETTINGS
-
-proxy -a -p3128
-socks -a -p1080
-
-flush
-EOF
-
-if [ "$AUTH_REQUIRED" = "true" ]; then
-  echo "$0: setup auth settings in configuration file";
-
-  sed -i "s~#AUTH_SETTINGS~users \$/etc/3proxy/passwd\nauth strong\nallow ${PROXY_LOGIN}~" /etc/3proxy/3proxy.cfg
 fi;
 
 exec "$@"