diff --git a/.dive-ci.yaml b/.dive-ci.yaml new file mode 100644 index 0000000..f0a1e80 --- /dev/null +++ b/.dive-ci.yaml @@ -0,0 +1,13 @@ +rules: + # If the efficiency is measured below X%, mark as failed. + # Expressed as a ratio between 0-1. + lowestEfficiency: 0.95 + + # If the amount of wasted space is at least X or larger than X, mark as failed. + # Expressed in B, KB, MB, and GB. + #highestWastedBytes: 100MB + + # If the amount of wasted space makes up for X% or more of the image, mark as failed. + # Note: the base image layer is NOT included in the total image size. + # Expressed as a ratio between 0-1; fails if the threshold is met or crossed. + highestUserWastedPercent: 0.20 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..66744e5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + groups: + GH actions: + dependency-type: production diff --git a/.github/workflows/addon-ci.yaml b/.github/workflows/addon-ci.yaml new file mode 100644 index 0000000..4066806 --- /dev/null +++ b/.github/workflows/addon-ci.yaml @@ -0,0 +1,17 @@ +name: Addon CI + +# yamllint disable-line rule:truthy +on: + push: + branches: + - main + pull_request: + types: + - opened + - reopened + - synchronize + workflow_dispatch: + +jobs: + workflows: + uses: Poeschl-HomeAssistant-Addons/workflows/.github/workflows/addon-ci.yaml@main diff --git a/.github/workflows/addon-deploy.yaml b/.github/workflows/addon-deploy.yaml new file mode 100644 index 0000000..2462181 --- /dev/null +++ b/.github/workflows/addon-deploy.yaml @@ -0,0 +1,23 @@ +name: Deploy + +# yamllint disable-line rule:truthy +on: + release: + types: + - published + workflow_run: + workflows: ["Addon CI"] + branches: [main] + types: + - completed + +jobs: + workflows: + uses: Poeschl-HomeAssistant-Addons/workflows/.github/workflows/addon-deploy.yaml@main + permissions: + contents: read + packages: write + secrets: + dispatch_token: ${{ secrets.DISPATCH_TOKEN }} + with: + version: "${{ github.event.release.tag_name }}" diff --git a/.github/workflows/addon-main-push.yaml b/.github/workflows/addon-main-push.yaml new file mode 100644 index 0000000..9a0b75f --- /dev/null +++ b/.github/workflows/addon-main-push.yaml @@ -0,0 +1,14 @@ +name: Draft release from new main push + +# yamllint disable-line rule:truthy +on: + push: + branches: + - main + +jobs: + workflows: + uses: Poeschl-HomeAssistant-Addons/workflows/.github/workflows/release-drafter.yaml@main + permissions: + contents: write + pull-requests: read diff --git a/.github/workflows/labels.yaml b/.github/workflows/labels.yaml new file mode 100644 index 0000000..f6b27fb --- /dev/null +++ b/.github/workflows/labels.yaml @@ -0,0 +1,14 @@ +name: Sync labels + +# yamllint disable-line rule:truthy +on: + schedule: + - cron: "0 0 * * SUN" + workflow_dispatch: + +jobs: + workflows: + uses: Poeschl-HomeAssistant-Addons/workflows/.github/workflows/labels.yaml@main + permissions: + contents: write + issues: write diff --git a/.github/workflows/pr-labels.yaml b/.github/workflows/pr-labels.yaml new file mode 100644 index 0000000..d0de971 --- /dev/null +++ b/.github/workflows/pr-labels.yaml @@ -0,0 +1,17 @@ +name: PR label + +# yamllint disable-line rule:truthy +on: + pull_request_target: + types: + - opened + - labeled + - unlabeled + - synchronize + +jobs: + workflows: + uses: Poeschl-HomeAssistant-Addons/workflows/.github/workflows/pr-labels.yaml@main + permissions: + contents: read + pull-requests: write diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml new file mode 100644 index 0000000..f321383 --- /dev/null +++ b/.github/workflows/pr-title.yaml @@ -0,0 +1,15 @@ +name: PR title + +# yamllint disable-line rule:truthy +on: + pull_request: + types: + - opened + - edited + +jobs: + workflows: + uses: Poeschl-HomeAssistant-Addons/workflows/.github/workflows/pr-title.yaml@main + permissions: + contents: read + pull-requests: write diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5a4addb --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +**/data/options.json \ No newline at end of file diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..db03439 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,2 @@ +ignored: + - DL3006 diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..550a934 --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,10 @@ +default: true + +MD001: false # Heading levels should only increment by one level at a time +MD002: false # First header should be a h1 header +MD007: # Unordered list indentation + indent: 2 +MD012: false # Multiple consecutive blank lines +MD013: false # Line length +MD025: false # Multiple top level headings in the same document +MD041: false # First line in file should be a top level header diff --git a/.shellcheckrc b/.shellcheckrc new file mode 100644 index 0000000..6eccb2a --- /dev/null +++ b/.shellcheckrc @@ -0,0 +1 @@ +disable=SC2002 diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..a8fbcf1 --- /dev/null +++ b/.yamllint @@ -0,0 +1,36 @@ +rules: + document-end: + level: error + present: false + document-start: + level: error + present: false + empty-lines: + level: error + max: 1 + max-start: 0 + max-end: 1 + hyphens: + level: error + max-spaces-after: 1 + indentation: + level: error + spaces: 2 + indent-sequences: true + check-multi-line-strings: false + key-duplicates: + level: error + line-length: + level: warning + max: 180 + allow-non-breakable-words: true + allow-non-breakable-inline-mappings: true + new-line-at-end-of-file: + level: error + new-lines: + level: error + type: unix + trailing-spaces: + level: error + truthy: + level: error diff --git a/LICENCE b/LICENCE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENCE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..9beefc5 --- /dev/null +++ b/README.md @@ -0,0 +1,32 @@ +# mitmproxy (Depreciated) + +[mitmproxy](https://mitmproxy.org/) is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on-the-fly, modify them before they reach their destination, and replay them to a client or server later on. + +![Addon Stage][stage-badge] +![Supports aarch64 Architecture][aarch64-badge] +![Supports amd64 Architecture][amd64-badge] +![Supports armhf Architecture][armhf-badge] +![Supports armv7 Architecture][armv7-badge] +![Supports i386 Architecture][i386-badge] + +[![Add repository on my Home Assistant][repository-badge]][repository-url] +[![Install on my Home Assistant][install-badge]][install-url] +[![Donate][donation-badge]][donation-url] + +![Screenshot Webinterface](https://mitmproxy.org/mitmweb.png) + +[stage-badge]: https://img.shields.io/badge/Addon%20stage-deprecated-lightgrey.svg +[aarch64-badge]: https://img.shields.io/badge/aarch64-yes-green.svg +[amd64-badge]: https://img.shields.io/badge/amd64-yes-green.svg +[armhf-badge]: https://img.shields.io/badge/armhf-yes-green.svg +[armv7-badge]: https://img.shields.io/badge/armv7-yes-green.svg +[i386-badge]: https://img.shields.io/badge/i386-yes-green.svg + +[repository-badge]: https://img.shields.io/badge/Add-repository-41BDF5?logo=home-assistant&style=for-the-badge +[repository-url]: https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A//github.com/Poeschl-HomeAssistant-Addons/repository + +[install-badge]: https://img.shields.io/badge/Install%20on-Home%20Assistant-41BDF5?logo=home-assistant&style=for-the-badge +[install-url]: https://my.home-assistant.io/redirect/supervisor_addon?addon=68413af6_mitmproxy + +[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee-%23d32f2f?logo=buy-me-a-coffee&style=for-the-badge&logoColor=white +[donation-url]: https://www.buymeacoffee.com/Poeschl diff --git a/mitmproxy/.README.j2 b/mitmproxy/.README.j2 new file mode 100644 index 0000000..c31227d --- /dev/null +++ b/mitmproxy/.README.j2 @@ -0,0 +1,38 @@ +# mitmproxy + +[mitmproxy](https://mitmproxy.org/) is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on-the-fly, modify them before they reach their destination, and replay them to a client or server later on. + +[![Release][release-badge]][release] +![Addon Stage][stage-badge] + +[![Donate][donation-badge]][donation-url] + +![Screenshot Webinterface](https://mitmproxy.org/mitmweb.png) + +{% if channel == "edge" %} +## ⚠ WARNING! THIS IS AN EDGE VERSION! + +This Home Assistant Add-on is and bloody edge build. +Edge builds add-ons are based upon the latest development version. + +- They may not work at all. +- They might stop working at any time. +- They could have a negative impact on your system. + +If you are more interested in stable releases of our add-ons: + +For the stable version of the add-ons: [Stable-Repository] +{% endif %} + +[stage-badge]: https://img.shields.io/badge/Addon%20stage-deprecated-lightgrey.svg + +[release-badge]: https://img.shields.io/badge/version-{{ version }}-blue.svg +[release]: {{ repo }}/tree/{{ version }} + +[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee-%23d32f2f?logo=buy-me-a-coffee&style=for-the-badge&logoColor=white +[donation-url]: https://www.buymeacoffee.com/Poeschl + +{% if channel == "edge" %} +[Stable-Repository]: https://github.com/Poeschl-HomeAssistant-Addons/repository +{% endif %} + diff --git a/mitmproxy/DOCS.md b/mitmproxy/DOCS.md new file mode 100644 index 0000000..94b4804 --- /dev/null +++ b/mitmproxy/DOCS.md @@ -0,0 +1,62 @@ +# Web UI + +To access the web ui of mitmproxy, visit `http://:8081` (or the port you configured). +Currently there is no other method. Will change when [#3234](https://github.com/mitmproxy/mitmproxy/issues/3234) is fixed completly. + + +# Configuration + +The configuration for the mitmproxy can be done via the key-value pairs in the addon configuration. +Just add an new pair to the `options` array. _Please add all settings as strings!_ + +Example: + +```yaml +options: + - name: "anticache" + value: "true" + - name: "certs" + value: "/ssl/mycert.pem" +``` + +The list with all possible settings can be found [here](https://docs.mitmproxy.org/stable/concepts-options/#available-options). +If you need to write into a file, the `/share` folder is mapped into the addon. + + +## Certificates + +To access also the certificates of Home Assistant the `/ssl` folder is mapped in read-only. +Notice that mitmproxy requests the certificates as pem files. + + +### Own ca certificate + +If you want your own ca signing the traffic the `custom_ca` option can be used. +For more about the ca certificate requirements see [here](https://docs.mitmproxy.org/stable/concepts-certificates/#ca-and-cert-files) + +Example: + +```yaml +options: + - name: "anticache" + value: "true" +custom_ca: /ssl/ca-cert.pem +``` + + +## Fixed Settings + +There are also a few settings which are fixed to their values. Those are: + +* `web_host` +* `web_port` +* `listen_port` +* `confdir` +* `onboarding_host` +* `onboarding_port` + + +# Onboarding + +To install the mitmproxy ca as an trusted certificate authority the onboarding page can be accessed on `http://:8082`. +Notice that your trafic must be routed over mitmproxy to access the page. diff --git a/mitmproxy/Dockerfile b/mitmproxy/Dockerfile new file mode 100644 index 0000000..c170665 --- /dev/null +++ b/mitmproxy/Dockerfile @@ -0,0 +1,43 @@ +ARG BUILD_FROM +FROM $BUILD_FROM AS BUILD + +RUN apk add --no-cache \ + python3=3.8.10-r0 \ + python3-dev=3.8.10-r0 \ + py3-pip=20.1.1-r0 \ + py3-wheel=0.34.2-r1 \ + py3-six=1.15.0-r0 \ + py3-parsing=2.4.7-r0 \ + py3-certifi=2020.4.5.1-r0 \ + py3-setuptools=47.0.0-r0 \ + py3-cryptography=2.9.2-r0 \ + py3-brotli=1.0.9-r1 \ + py3-sortedcontainers=2.1.0-r3 \ + py3-tornado=6.0.4-r0 \ + py3-urwid=2.1.0-r0 \ + py3-ruamel.yaml.clib=0.2.0-r0 \ + build-base=0.5-r2 \ + libffi=3.3-r2 \ + libffi-dev=3.3-r2 \ + libstdc++=9.3.0-r2 \ + openssl=1.1.1n-r0 \ + openssl-dev=1.1.1n-r0 &&\ + pip3 install --no-cache-dir --user --upgrade mitmproxy==5.1.1 + + +FROM $BUILD_FROM AS RUNNING + +RUN apk add --no-cache \ + python3=3.8.10-r0 \ + ca-certificates=20211220-r0 \ + haproxy=2.2.22-r0 \ + && rm -rf /var/cache/apk/* /tmp/* + +COPY --from=BUILD /root/.local /root/.local +COPY --from=BUILD /usr/lib/python3.8/site-packages /usr/lib/python3.8/site-packages + +ENV PATH /root/.local/bin:$PATH + +ENTRYPOINT [ "/init" ] +CMD [] +COPY root / diff --git a/mitmproxy/build.json b/mitmproxy/build.json new file mode 100644 index 0000000..cc7e5cf --- /dev/null +++ b/mitmproxy/build.json @@ -0,0 +1,9 @@ +{ + "build_from": { + "armhf": "ghcr.io/home-assistant/armhf-base:3.12", + "armv7": "ghcr.io/home-assistant/armv7-base:3.12", + "aarch64": "ghcr.io/home-assistant/aarch64-base:3.12", + "amd64": "ghcr.io/home-assistant/amd64-base:3.12", + "i386": "ghcr.io/home-assistant/i386-base:3.12" + } +} diff --git a/mitmproxy/config.json b/mitmproxy/config.json new file mode 100644 index 0000000..4d3c292 --- /dev/null +++ b/mitmproxy/config.json @@ -0,0 +1,33 @@ +{ + "name": "mitmproxy", + "version": "dev", + "slug": "mitmproxy", + "panel_icon": "mdi:lan-connect", + "description": "(Deprecated) A free and open source interactive HTTPS proxy for intercepting and inspecting network traffic", + "url": "https://github.com/Poeschl-HomeAssistant-Addons/mitmproxy", + "arch": [ + "armv7", + "armhf", + "aarch64", + "amd64", + "i386" + ], + "hassio_api": true, + "image": "ghcr.io/poeschl-homeassistant-addons/mitmproxy-{arch}", + "map": ["ssl", "share:rw"], + "ports": { + "8081/tcp": 8081, + "8080/tcp": 8080 + }, + "ports_description": { + "8081/tcp": "Web Frontend", + "8080/tcp": "Proxy listening port" + }, + "options": { + "options": [{ "name": "anticache", "value": "true" }] + }, + "schema": { + "options": [{ "name": "str", "value": "str" }], + "custom_ca": "match(^/ssl/.*)?" + } +} diff --git a/mitmproxy/icon.png b/mitmproxy/icon.png new file mode 100644 index 0000000..712407d Binary files /dev/null and b/mitmproxy/icon.png differ diff --git a/mitmproxy/logo.png b/mitmproxy/logo.png new file mode 100644 index 0000000..c7779cf Binary files /dev/null and b/mitmproxy/logo.png differ diff --git a/mitmproxy/root/etc/cont-init.d/01-setup-own-ca b/mitmproxy/root/etc/cont-init.d/01-setup-own-ca new file mode 100644 index 0000000..f879695 --- /dev/null +++ b/mitmproxy/root/etc/cont-init.d/01-setup-own-ca @@ -0,0 +1,9 @@ +#!/usr/bin/with-contenv bashio +set -e +CUSTOM_CA=$(bashio::config custom_ca) + +if [ "$CUSTOM_CA" != 'null' ] && [ ! -z "$CUSTOM_CA" ]; then + bashio::log.info "Use custom ca certificate $CUSTOM_CA" + rm /data/mitmproxy/mitmproxy-ca.pem /data/mitmproxy/mitmproxy-ca-cert.pem /data/mitmproxy/mitmproxy-ca-cert.p12 /data/mitmproxy/mitmproxy-ca-cert.cer + ln -s "$CUSTOM_CA" /data/mitmproxy/mitmproxy-ca.pem +fi diff --git a/mitmproxy/root/etc/haproxy/haproxy.cfg b/mitmproxy/root/etc/haproxy/haproxy.cfg new file mode 100644 index 0000000..4d0bcbb --- /dev/null +++ b/mitmproxy/root/etc/haproxy/haproxy.cfg @@ -0,0 +1,62 @@ + +#--------------------------------------------------------------------- +# Example configuration for a possible web application. See the +# full configuration options online. +# +# http://haproxy.1wt.eu/download/1.5/doc/configuration.txt +# +#--------------------------------------------------------------------- + +#--------------------------------------------------------------------- +# Global settings +#--------------------------------------------------------------------- +global + # to have these messages end up in /var/log/haproxy.log you will + # need to: + # + # 1) configure syslog to accept network log events. This is done + # by adding the '-r' option to the SYSLOGD_OPTIONS in + # /etc/sysconfig/syslog + # + # 2) configure local2 events to go to the /var/log/haproxy.log + # file. A line like the following can be added to + # /etc/sysconfig/syslog + # + # local2.* /var/log/haproxy.log + # + log 127.0.0.1 local2 + + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user haproxy + group haproxy + daemon + + # turn on stats unix sockets + stats socket /var/lib/haproxy/stats + +#--------------------------------------------------------------------- +# common defaults that all the 'listen' and 'backend' sections will +# use if not designated in their block +#--------------------------------------------------------------------- +defaults + mode http + log global + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + timeout connect 10s + timeout client 1m + timeout server 1m + timeout tunnel 5m + +frontend main + bind *:8081 + + http-response del-header x-frame-options + default_backend mitmweb + +backend mitmweb + balance roundrobin + server mitm 127.0.0.1:9090 check diff --git a/mitmproxy/root/etc/services.d/haproxy/run b/mitmproxy/root/etc/services.d/haproxy/run new file mode 100644 index 0000000..40d1c97 --- /dev/null +++ b/mitmproxy/root/etc/services.d/haproxy/run @@ -0,0 +1,5 @@ +#!/usr/bin/with-contenv bashio +bashio::net.wait_for 9090 + +bashio::log.info "Start Reverse proxy for frontend" +haproxy -p /tmp/haproxy.pid -f /etc/haproxy/haproxy.cfg -db diff --git a/mitmproxy/root/etc/services.d/mitmproxy/run b/mitmproxy/root/etc/services.d/mitmproxy/run new file mode 100644 index 0000000..48582ea --- /dev/null +++ b/mitmproxy/root/etc/services.d/mitmproxy/run @@ -0,0 +1,17 @@ +#!/usr/bin/with-contenv bashio +set -e +OPTIONS=$(bashio::jq "${__BASHIO_ADDON_CONFIG}" '.options | map("\(.name)=\(.value|tostring)") | [.[] | "--set " + .] | join(" ")') +HOST=$(bashio::host.hostname) + +bashio::log.info "Start mitmproxy with options: $OPTIONS" +bashio::log.info "For the onboarding page visit http://${HOST}:8082" +# shellcheck disable=SC2086 +mitmweb $OPTIONS \ + --set 'web_host=0.0.0.0' \ + --set 'web_port=9090' \ + --set 'listen_port=8080' \ + --set 'confdir=/data/mitmproxy' \ + --set 'onboarding_port=8082' \ + --set "onboarding_host=$HOST" \ + --set 'web_open_browser=false' + --no-web-open-browser