rename variables

Co-authored-by: Renovate Bot <bot@renovateapp.com>

.editorconfig

@@ -8,5 +8,5 @@ indent_style = space
 indent_size = 4
 trim_trailing_whitespace = true
 
-[*.{yml, yaml, sh, conf}]
+[*.{yml, yaml, sh, conf, json}]
 indent_size = 2

.github/dependabot.yml

@@ -1,21 +1,16 @@
 # Docs: <https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/customizing-dependency-updates>
 
 version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    reviewers:
-      - "tarampampam"
-    assignees:
-      - "tarampampam"
 
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    reviewers:
-      - "tarampampam"
-    assignees:
-      - "tarampampam"
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule: {interval: monthly}
+    reviewers: [tarampampam]
+    assignees: [tarampampam]
+
+  - package-ecosystem: docker
+    directory: /
+    schedule: {interval: monthly}
+    reviewers: [tarampampam]
+    assignees: [tarampampam]

.github/labeler.yml

@@ -1,21 +0,0 @@
-docs:
-  - '**/*.md'
-  - '**/*.MD'
-
-.github:
-  - '.github/**/*'
-
-CI:
-  - '.github/workflows/**/*'
-  - '.github/actions/**/*'
-
-docker:
-  - 'Dockerfile'
-  - 'docker/**/*'
-  - '.dockerignore'
-  - 'docker-entrypoint.sh'
-  - '3proxy.cfg'
-
-dev:
-  - '.gitignore'
-  - '.editorconfig'

.github/renovate.json

@@ -0,0 +1,7 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "github>tarampampam/.github//renovate/default",
+    ":rebaseStalePrs"
+  ]
+}

.github/workflows/labeler.yml

@@ -1,12 +0,0 @@
-name: labeler
-
-on: [pull_request_target]
-
-jobs:
-  triage:
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/labeler@v3 # Action page: <https://github.com/actions/labeler>
-        with:
-          repo-token: "${{ secrets.GITHUB_TOKEN }}"
-          sync-labels: true

.github/workflows/release.yml

@@ -10,29 +10,33 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
-      - name: Docker login in default registry
-        run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_LOGIN }}" --password-stdin &> /dev/null
+      - uses: gacts/github-slug@v1
+        id: slug
 
-      - name: Docker login in ghcr.io # Auth docs: <https://git.io/JLDaw>
-        run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login ghcr.io -u tarampampam --password-stdin
+      - uses: docker/setup-buildx-action@v2
 
-      - name: Generate image tag value
-        id: tag
-        run: echo "::set-output name=value::`echo ${GITHUB_REF##*/} | sed -e 's/^[vV ]*//'`" # `/refs/tags/v1.2.3` -> `1.2.3`
+      - name: Login to default Container Registry
+        uses: docker/login-action@v2 # Action page: <https://github.com/docker/login-action>
+        with:
+          username: ${{ secrets.DOCKER_LOGIN }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
-      - name: Build image
-        run: |
-          docker build \
-            --tag "tarampampam/3proxy:${{ steps.tag.outputs.value }}" \
-            --tag "tarampampam/3proxy:latest" \
-            --tag "ghcr.io/tarampampam/3proxy:${{ steps.tag.outputs.value }}" \
-            --tag "ghcr.io/tarampampam/3proxy:latest" \
-            -f ./Dockerfile .
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2 # Action page: <https://github.com/docker/login-action>
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Push into default registry
-        run: docker push "tarampampam/3proxy:${{ steps.tag.outputs.value }}" && docker push "tarampampam/3proxy:latest"
-
-      - name: Push into ghcr.io
-        run: docker push "ghcr.io/tarampampam/3proxy:${{ steps.tag.outputs.value }}" && docker push "ghcr.io/tarampampam/3proxy:latest"
+      - uses: docker/build-push-action@v3 # Action page: <https://github.com/docker/build-push-action>
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: |
+            tarampampam/3proxy:${{ steps.slug.outputs.version-semantic }}
+            tarampampam/3proxy:latest
+            ghcr.io/${{ github.actor }}/3proxy:${{ steps.slug.outputs.version-semantic }}
+            ghcr.io/${{ github.actor }}/3proxy:latest

.github/workflows/tests.yml

@@ -2,25 +2,37 @@ name: tests
 
 on:
   push:
-    branches:
-      - master
-    tags-ignore:
-      - '**'
-  pull_request:
+    branches: [master, main]
+    tags-ignore: ['**']
+  pull_request: {}
+
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true
 
 jobs: # Docs: <https://git.io/JvxXE>
+  gitleaks:
+    name: Gitleaks
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+        with: {fetch-depth: 0}
+
+      - name: Check for GitLeaks
+        uses: gacts/gitleaks@v1 # Action page: <https://github.com/gacts/gitleaks>
+
   build-image:
     name: Build docker image
     runs-on: ubuntu-20.04
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Build docker image
         run: docker build -f ./Dockerfile --tag 3proxy:local .
 
       - name: Scan image
-        uses: anchore/scan-action@v2 # action page: <https://github.com/anchore/scan-action>
+        uses: anchore/scan-action@v3 # action page: <https://github.com/anchore/scan-action>
         with:
           image: 3proxy:local
           fail-build: true
@@ -30,10 +42,33 @@ jobs: # Docs: <https://git.io/JvxXE>
         run: docker save 3proxy:local > ./docker-image.tar
 
       - name: Upload artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: docker-image
           path: ./docker-image.tar
+          retention-days: 1
+
+  scan-image:
+    name: Scan docker image
+    runs-on: ubuntu-20.04
+    needs: [build-image]
+    steps:
+      - name: Download built docker image
+        uses: actions/download-artifact@v3
+        with:
+          name: docker-image
+          path: .artifact
+
+      - name: Prepare image to run
+        working-directory: .artifact
+        run: docker load < docker-image.tar
+
+      - name: Scan image
+        uses: anchore/scan-action@v3 # action page: <https://github.com/anchore/scan-action>
+        with:
+          image: 3proxy:local
+          fail-build: true
+          severity-cutoff: low # negligible, low, medium, high or critical
 
   try-to-use:
     name: Build and use docker image (auth ${{ matrix.auth }})
@@ -45,7 +80,7 @@ jobs: # Docs: <https://git.io/JvxXE>
     needs: [build-image]
     steps:
       - name: Download builded docker image
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
         with:
           name: docker-image
           path: .artifact

3proxy.cfg

@@ -4,11 +4,12 @@ config /etc/3proxy/3proxy.cfg
 # you may use system to execute some external command if proxy starts
 system "echo `which 3proxy`': Starting 3proxy'"
 
-# We can configure nservers to avoid unsafe gethostbyname() usage
+# We can configure nservers to avoid unsafe gethostbyname() usage (max 5 servers)
+#NSERVER1
+#NSERVER2
 nserver 1.0.0.1
 nserver 1.1.1.1
 nserver 8.8.4.4
-nserver 8.8.8.8
 
 # nscache is good to save speed, traffic and bandwidth
 nscache 65536

CHANGELOG.md

@@ -4,6 +4,22 @@ All notable changes to this package will be documented in this file.
 
 The format is based on [Keep a Changelog][keepachangelog] and this project adheres to [Semantic Versioning][semver].
 
+## v1.6.0
+
+### Added
+
+- Possibility of changing DNS resolvers using environment variables `PRIMARY_RESOLVER` (primary) and `SECONDARY_RESOLVER` (secondary)
+
+## v1.5.0
+
+### Fixed
+
+- Docker image building optimized
+
+### Added
+
+- Healthcheck in the dockerfile
+
 ## v1.4.0
 
 ### Changed

Dockerfile

@@ -1,12 +1,12 @@
 # Image page: <https://hub.docker.com/_/gcc>
-FROM gcc:11.1.0 as builder
+FROM gcc:12.1.0 as builder
 
-# e.g.: `docker build --build-arg "VERSION=0.9.4" .`
-ARG VERSION="0.9.4"
+# renovate: source=github-tags name=z3APA3A/3proxy
+ARG Z3PROXY_VERSION=0.9.4
 
 # Fetch 3proxy sources
 RUN set -x \
-    && git clone --branch "${VERSION}" https://github.com/z3APA3A/3proxy.git /tmp/3proxy
+    && git -c advice.detachedHead=false clone --depth 1 --branch "${Z3PROXY_VERSION}" https://github.com/z3APA3A/3proxy.git /tmp/3proxy
 
 WORKDIR /tmp/3proxy
 
@@ -34,39 +34,29 @@ RUN set -x \
     && strip ./bin/SSLPlugin.ld.so
 
 # Prepare filesystem for 3proxy running
-FROM busybox:1.33.1-glibc as buffer
+FROM busybox:1.34.1-glibc as buffer
+
+# create a directory for the future root filesystem
+WORKDIR /tmp/rootfs
+
+# prepare the root filesystem
+RUN set -x \
+    && mkdir -p ./etc ./bin ./usr/local/3proxy/libexec ./etc/3proxy \
+    && echo '3proxy:x:10001:10001::/nonexistent:/sbin/nologin' > ./etc/passwd \
+    && echo '3proxy:x:10001:' > ./etc/group \
+    && wget -O ./bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64" \
+    && chmod +x ./bin/dumb-init
 
 # Copy binaries
-COPY --from=builder /lib/x86_64-linux-gnu/libdl.so.* /lib/
-COPY --from=builder /tmp/3proxy/bin/3proxy /bin/
-COPY --from=builder /tmp/3proxy/bin/*.ld.so /usr/local/3proxy/libexec/
+COPY --from=builder /lib/x86_64-linux-gnu/libdl.so.* ./lib/
+COPY --from=builder /tmp/3proxy/bin/3proxy ./bin/3proxy
+COPY --from=builder /tmp/3proxy/bin/*.ld.so ./usr/local/3proxy/libexec/
+COPY 3proxy.cfg ./etc/3proxy/3proxy.cfg
+COPY docker-entrypoint.sh ./docker-entrypoint.sh
 
-# Create unprivileged user
-RUN set -x \
-    && adduser \
-        --disabled-password \
-        --gecos "" \
-        --home /nonexistent \
-        --shell /sbin/nologin \
-        --no-create-home \
-        --uid 10001 \
-        3proxy
+RUN chown -R 10001:10001 ./etc/3proxy
 
-# Prepare files and directories
-RUN set -x \
-    && chown -R 10001:10001 /usr/local/3proxy \
-    && chmod -R 550 /usr/local/3proxy \
-    && chmod -R 555 /usr/local/3proxy/libexec \
-    && chown -R root /usr/local/3proxy/libexec \
-    && mkdir /etc/3proxy \
-    && chown -R 10001:10001 /etc/3proxy
-
-# Copy our config and entrypoint script
-COPY 3proxy.cfg /etc/3proxy/3proxy.cfg
-COPY docker-entrypoint.sh /docker-entrypoint.sh
-
-# Split all buffered layers into one
-FROM scratch
+FROM busybox:1.34.1-glibc
 
 LABEL \
     org.opencontainers.image.title="3proxy" \
@@ -77,11 +67,15 @@ LABEL \
     org.opencontainers.image.licenses="WTFPL"
 
 # Import from builder
-COPY --from=buffer / /
+COPY --from=buffer /tmp/rootfs /
 
 # Use an unprivileged user
 USER 3proxy:3proxy
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+# Docs: <https://docs.docker.com/engine/reference/builder/#healthcheck>
+HEALTHCHECK --interval=5s --timeout=2s --retries=2 --start-period=2s CMD \
+    netstat -ltn | grep 3128 && netstat -ltn | grep 1080
 
-CMD ["/bin/3proxy", "/etc/3proxy/3proxy.cfg"]
+ENTRYPOINT ["/bin/dumb-init", "--"]
+
+CMD ["/docker-entrypoint.sh", "/bin/3proxy", "/etc/3proxy/3proxy.cfg"]

README.md

@@ -18,10 +18,10 @@
 
 TCP ports:
 
-Port number | Description
------------ | -----------
-`3128`      | [HTTP proxy](https://3proxy.org/doc/man8/proxy.8.html)
-`1080`      | [SOCKS proxy](https://3proxy.org/doc/man8/socks.8.html)
+| Port number | Description                                             |
+|-------------|---------------------------------------------------------|
+| `3128`      | [HTTP proxy](https://3proxy.org/doc/man8/proxy.8.html)  |
+| `1080`      | [SOCKS proxy](https://3proxy.org/doc/man8/socks.8.html) |
 
 ## Supported tags
 
@@ -31,10 +31,12 @@ All supported image tags [can be found here][link_docker_tags].
 
 ## Supported environment variables
 
-Variable name    | Description                               | Example
----------------- | ----------------------------------------- | ---------------
-`PROXY_LOGIN`    | Authorization login                       | `username`
-`PROXY_PASSWORD` | Authorization password                    | `password`
+| Variable name        | Description                         | Example                |
+|----------------------|-------------------------------------|------------------------|
+| `PROXY_LOGIN`        | Authorization login                 | `username`             |
+| `PROXY_PASSWORD`     | Authorization password              | `password`             |
+| `PRIMARY_RESOLVER`   | Primary nameserver (dns resolver)   | `8.8.8.8`              |
+| `SECONDARY_RESOLVER` | Secondary nameserver (dns resolver) | `2001:4860:4860::8844` |
 
 ## How can I use this?
 
@@ -47,7 +49,7 @@ $ docker run --rm -d \
     tarampampam/3proxy:latest
 ```
 
-Or with auth settings:
+Or with auth & resolver settings:
 
 ```bash
 $ docker run --rm -d \
@@ -55,6 +57,7 @@ $ docker run --rm -d \
     -p "1080:1080/tcp" \
     -e "PROXY_LOGIN=evil" \
     -e "PROXY_PASSWORD=live" \
+    -e "PRIMARY_RESOLVER=2001:4860:4860::8888" \
     tarampampam/3proxy:latest
 ```
 

docker-entrypoint.sh

@@ -3,10 +3,22 @@ set -e
 
 PROXY_LOGIN=${PROXY_LOGIN:-} # string
 PROXY_PASSWORD=${PROXY_PASSWORD:-} # string
+PRIMARY_RESOLVER=${PRIMARY_RESOLVER:-} # string
+SECONDARY_RESOLVER=${SECONDARY_RESOLVER:-} # string
 
 if [ -n "$PROXY_LOGIN" ] && [ -n "$PROXY_PASSWORD" ]; then
   echo "$0: setup '${PROXY_LOGIN}:${PROXY_PASSWORD}' as proxy user";
   sed -i "s~#AUTH_SETTINGS~users ${PROXY_LOGIN}:CL:${PROXY_PASSWORD}\nauth strong\nallow ${PROXY_LOGIN}~" /etc/3proxy/3proxy.cfg
 fi;
 
+if [ -n "$PRIMARY_RESOLVER" ]; then
+  echo "$0: setup '${PRIMARY_RESOLVER}' as the first nameserver";
+  sed -i "s~#NSERVER1~nserver ${PRIMARY_RESOLVER}~" /etc/3proxy/3proxy.cfg
+fi;
+
+if [ -n "$SECONDARY_RESOLVER" ]; then
+  echo "$0: setup '${SECONDARY_RESOLVER}' as the second nameserver";
+  sed -i "s~#NSERVER2~nserver ${SECONDARY_RESOLVER}~" /etc/3proxy/3proxy.cfg
+fi;
+
 exec "$@"