KAZ/kaz-vagrant
12
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

plus de caches

Browse Source
This commit is contained in:
Francois Lesueur
2023-03-02 12:38:30 +01:00
parent 3974c20a84
commit 4c1e7bde33
5 changed files with 60 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
files/vm-provision.sh
View File

@ -45,7 +45,7 @@ http_port 3142" >> /etc/squid/squid.conf
# MAJ et Install
DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends
DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs docker-registry # could be with --no-install-recommends
DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 lightdm xfce4-terminal xserver-xorg gitk # needs to install recommends
ssh-keygen -t rsa -b 4096 -N '' <<<$'\ny'
@ -155,6 +155,14 @@ EOF
ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
fi
# Cache docker registry
echo "proxy:
remoteurl: https://registry-1.docker.io
auth:
none:
" >> /etc/docker/registry/config.yml
# clear apt cache
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
DEBIAN_FRONTEND=noninteractive apt-get clean
@ -212,3 +220,11 @@ reboot
# KAZPROD="snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x"
# ${KAZPROD} "docker cp /etc/letsencrypt/local/rootCA.pem sympaServ:/usr/local/share/ca-certificates/rootCA.crt"
# ${KAZPROD} "docker exec -it sympaServ update-ca-certificates"
# Interception https avec squid-openssl (nok pour dockerhub) :
# http_port 3142 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/letsencrypt/local/rootCA.pem tls-key=/etc/letsencrypt/local/rootCA-key.pem tls-dh=prime256v1:/etc/letsencrypt/local/dhparam.pem
# sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
# sslcrtd_children 5
# ssl_bump server-first all
# ssl_bump stare all
# sslproxy_cert_error deny all