feat(proxy): secure refactor and system-wide integration
- Removed hardcoded corporate proxy URL from all scripts. - Updated bridge.js to load configuration from /opt/proxy-bridge/config.json. - Updated setup.js to interactively configure upstream proxy and credentials. - Enhanced install_proxy.sh to automatically configure APT, Bash, and system services. - Purged sensitive URL from git history and verified zero leakage.
This commit is contained in:
tke
@@ -1,48 +1,68 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Ensure the script is NOT run as root, so the user-level systemd service configures correctly
|
||||
# --- HELPER FUNCTIONS ---
|
||||
function info() { echo -e "\e[34mINFO:\e[0m $1"; }
|
||||
function warn() { echo -e "\e[33mWARN:\e[0m $1"; }
|
||||
function error() { echo -e "\e[31mERROR:\e[0m $1"; exit 1; }
|
||||
function success() { echo -e "\e[32mSUCCESS:\e[0m $1"; }
|
||||
|
||||
# 1. PREREQUISITE CHECKS
|
||||
info "Verifying prerequisites..."
|
||||
|
||||
if [ "$EUID" -eq 0 ]; then
|
||||
echo "❌ Please run this script as your standard user, not as root."
|
||||
echo "The script will prompt for sudo access automatically when needed."
|
||||
exit 1
|
||||
error "Please run this script as your standard user, not as root.\nThe script will prompt for sudo access automatically when needed."
|
||||
fi
|
||||
|
||||
echo "=== Proxy Bridge Installer ==="
|
||||
|
||||
# 1. Verify files exist
|
||||
if [ ! -f "bridge.js" ] || [ ! -f "setup.js" ]; then
|
||||
echo "❌ Error: bridge.js and/or setup.js not found in the current directory."
|
||||
echo "Please place this script in the same folder as your Node.js scripts."
|
||||
exit 1
|
||||
if ! command -v node >/dev/null 2>&1; then
|
||||
error "Node.js is not installed. Please install Node.js first."
|
||||
fi
|
||||
|
||||
# 2. Install dependencies (requires sudo)
|
||||
echo "--> Installing required system packages (libsecret-tools)..."
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y libsecret-tools
|
||||
# Check for files
|
||||
[ -f "bridge.js" ] || error "bridge.js not found."
|
||||
[ -f "setup.js" ] || error "setup.js not found."
|
||||
[ -f "proxyctl.js" ] || error "proxyctl.js not found."
|
||||
|
||||
# 3. Setup application directory (requires sudo)
|
||||
echo "--> Creating /opt/proxy-bridge directory..."
|
||||
sudo mkdir -p /opt/proxy-bridge
|
||||
sudo chown -R $USER:$USER /opt/proxy-bridge
|
||||
# 2. SYSTEM PACKAGES
|
||||
info "Installing required system packages (libsecret-tools)..."
|
||||
sudo apt-get update -qq
|
||||
sudo apt-get install -y libsecret-tools -qq
|
||||
|
||||
# 4. Copy files
|
||||
echo "--> Copying scripts to /opt/proxy-bridge..."
|
||||
cp bridge.js /opt/proxy-bridge/
|
||||
cp setup.js /opt/proxy-bridge/
|
||||
# 3. DIRECTORY SETUP
|
||||
BRIDGE_DIR="/opt/proxy-bridge"
|
||||
BIN_DIR="${HOME}/.local/bin"
|
||||
info "Setting up $BRIDGE_DIR..."
|
||||
sudo mkdir -p "$BRIDGE_DIR"
|
||||
sudo chown -R $USER:$USER "$BRIDGE_DIR"
|
||||
|
||||
# 5. Setup User-Level systemd Service
|
||||
echo "--> Configuring user-level systemd service..."
|
||||
# 4. DEPLOY FILES
|
||||
info "Deploying bridge scripts..."
|
||||
cp bridge.js "$BRIDGE_DIR/"
|
||||
cp setup.js "$BRIDGE_DIR/"
|
||||
cp proxyctl.js "$BRIDGE_DIR/"
|
||||
chmod +x "$BRIDGE_DIR/proxyctl.js"
|
||||
|
||||
info "Installing management CLI to $BIN_DIR/proxy-bridge..."
|
||||
mkdir -p "$BIN_DIR"
|
||||
ln -sf "$BRIDGE_DIR/proxyctl.js" "$BIN_DIR/proxy-bridge"
|
||||
|
||||
# 5. CONFIGURATION & CREDENTIALS
|
||||
if [ ! -f "$BRIDGE_DIR/user.json" ]; then
|
||||
info "Launching interactive setup..."
|
||||
node "$BRIDGE_DIR/setup.js"
|
||||
fi
|
||||
|
||||
# 6. SYSTEMD SERVICE SETUP
|
||||
info "Configuring user-level systemd service..."
|
||||
mkdir -p ~/.config/systemd/user/
|
||||
|
||||
cat <<EOF > ~/.config/systemd/user/proxy-bridge.service
|
||||
[Unit]
|
||||
Description=Dumb Pipe Proxy Bridge (Keyring Auth)
|
||||
Description=Local Proxy Bridge (Keyring Auth)
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/node /opt/proxy-bridge/bridge.js
|
||||
ExecStart=$(command -v node) $BRIDGE_DIR/bridge.js
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
|
||||
@@ -50,21 +70,58 @@ RestartSec=5
|
||||
WantedBy=default.target
|
||||
EOF
|
||||
|
||||
# 6. Enable the service
|
||||
echo "--> Reloading systemd and enabling service..."
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user enable proxy-bridge.service
|
||||
systemctl --user restart proxy-bridge.service
|
||||
|
||||
echo ""
|
||||
echo "✅ Installation Complete!"
|
||||
echo "=================================================="
|
||||
echo "Next Steps:"
|
||||
echo "1. Run the interactive setup to store your proxy credentials:"
|
||||
echo " node /opt/proxy-bridge/setup.js"
|
||||
echo ""
|
||||
echo "2. Start the background service:"
|
||||
echo " systemctl --user start proxy-bridge.service"
|
||||
echo ""
|
||||
echo "3. Check the logs to ensure it's running smoothly:"
|
||||
echo " journalctl --user -u proxy-bridge.service -f"
|
||||
echo "=================================================="
|
||||
# 7. SYSTEM-WIDE PROXY CONFIGURATION (Point to local bridge)
|
||||
BRIDGE_URL="http://127.0.0.1:8888/"
|
||||
|
||||
# 7a. APT Configuration
|
||||
info "Updating APT proxy configuration..."
|
||||
APT_CONF="/etc/apt/apt.conf.d/80proxy-bridge"
|
||||
echo "Acquire::http::Proxy \"$BRIDGE_URL\";" | sudo tee "$APT_CONF" > /dev/null
|
||||
echo "Acquire::https::Proxy \"$BRIDGE_URL\";" | sudo tee -a "$APT_CONF" > /dev/null
|
||||
|
||||
# 7b. Bashrc Configuration
|
||||
info "Updating .bashrc proxy settings..."
|
||||
BASHRC="$HOME/.bashrc"
|
||||
MARKER="#PROXY_BRIDGE_CONFIG"
|
||||
|
||||
if ! grep -q "$MARKER" "$BASHRC"; then
|
||||
cat <<EOF >> "$BASHRC"
|
||||
|
||||
# Local Proxy Bridge Configuration $MARKER
|
||||
export http_proxy="$BRIDGE_URL"
|
||||
export https_proxy="$BRIDGE_URL"
|
||||
export HTTP_PROXY="$BRIDGE_URL"
|
||||
export HTTPS_PROXY="$BRIDGE_URL"
|
||||
export NO_PROXY="localhost,127.0.0.1,::1"
|
||||
export no_proxy="localhost,127.0.0.1,::1"
|
||||
EOF
|
||||
fi
|
||||
|
||||
# 7c. System Services (Docker, Snap, etc.)
|
||||
SERVICES=(docker snapd ollama)
|
||||
info "Updating system services proxy configuration..."
|
||||
|
||||
for service in "${SERVICES[@]}"; do
|
||||
if systemctl list-unit-files | grep -q "^${service}.service"; then
|
||||
info "Configuring $service..."
|
||||
SERVICE_DIR="/etc/systemd/system/${service}.service.d"
|
||||
sudo mkdir -p "$SERVICE_DIR"
|
||||
cat <<EOF | sudo tee "$SERVICE_DIR/http-proxy.conf" > /dev/null
|
||||
[Service]
|
||||
Environment="HTTP_PROXY=$BRIDGE_URL"
|
||||
Environment="HTTPS_PROXY=$BRIDGE_URL"
|
||||
Environment="NO_PROXY=localhost,127.0.0.1,::1"
|
||||
EOF
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl restart "$service" 2>/dev/null || warn "Failed to restart $service (maybe not running?)"
|
||||
fi
|
||||
done
|
||||
|
||||
success "Installation and system-wide configuration complete!"
|
||||
info "Management command: proxy-bridge status|toggle|profile"
|
||||
info "The Proxy Bridge is running and configured for APT, Bash, and core services."
|
||||
info "Logs: journalctl --user -u proxy-bridge.service -f"
|
||||
|
||||
Reference in New Issue
Block a user