diff --git a/release/cibuild.py b/release/cibuild.py index 33730724d..0353da5e9 100755 --- a/release/cibuild.py +++ b/release/cibuild.py @@ -272,18 +272,20 @@ def build_wheel(be: BuildEnviron) -> None: # pragma: no cover def build_docker_image(be: BuildEnviron) -> None: # pragma: no cover - whl, = be.dist_dir.glob('mitmproxy-*-py3-none-any.whl') - whl = whl.relative_to(Path(".").absolute()) click.echo("Building Docker images...") + + whl, = be.dist_dir.glob('mitmproxy-*-py3-none-any.whl') + docker_build_dir = be.release_dir / "docker" + shutil.copy(whl, docker_build_dir / whl.name) subprocess.check_call([ "docker", "build", "--tag", be.docker_tag, - "--build-arg", f"WHEEL_MITMPROXY={whl}", - "--build-arg", f"WHEEL_BASENAME_MITMPROXY={whl.name}", - "--file", "release/docker/Dockerfile", + "--build-arg", f"MITMPROXY_WHEEL={whl.name}", "." - ]) + ], + cwd=docker_build_dir + ) # smoke-test the newly built docker image r = subprocess.run([ "docker", diff --git a/release/docker/DockerHub-README.md b/release/docker/DockerHub-README.md new file mode 100644 index 000000000..df9834b80 --- /dev/null +++ b/release/docker/DockerHub-README.md @@ -0,0 +1,50 @@ +# mitmproxy + +Containerized version of [mitmproxy](https://mitmproxy.org/): an interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets. + +# Usage + +```sh +$ docker run --rm -it [-v ~/.mitmproxy:/home/mitmproxy/.mitmproxy] -p 8080:8080 mitmproxy/mitmproxy +``` +The *volume mount* is optional: It's to store the generated CA certificates. + +Once started, mitmproxy listens as a HTTP proxy on `localhost:8080`: +```sh +$ http_proxy=http://localhost:8080/ curl http://example.com/ +$ https_proxy=http://localhost:8080/ curl -k https://example.com/ +``` + +You can also start `mitmdump` by just adding that to the end of the command-line: +```sh +$ docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump +``` + +For `mitmweb`, you also need to expose port 8081: +```sh +# this makes :8081 accessible to the local machine only +$ docker run --rm -it -p 8080:8080 -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0 +``` + +You can also pass options directly via the CLI: +```sh +$ docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump --set ssl_insecure=true +``` + +For further details, please consult the mitmproxy [documentation](http://docs.mitmproxy.org/en/stable/). + +# Tags + +The available release tags can be seen +[here](https://hub.docker.com/r/mitmproxy/mitmproxy/tags/). + +* `master` always tracks the git-master branch and represents the unstable development tree. +* `latest` always points to the same image as the most recent stable release, including bugfix releases (e.g., `4.0.0` and `4.0.1`). +* `X.Y.Z` tags contain the mitmproxy release with this version number. + +# Security Notice + +Dependencies in the Docker images are frozen on release, and can’t be updated in +situ. This means that we necessarily capture any bugs or security issues that +may be present. We don’t generally release new Docker images simply to update +dependencies (though we may do so if we become aware of a really serious issue). diff --git a/release/docker/Dockerfile b/release/docker/Dockerfile index 3916cabd0..38062da1d 100644 --- a/release/docker/Dockerfile +++ b/release/docker/Dockerfile @@ -1,20 +1,19 @@ FROM python:3.9-slim-buster -ARG WHEEL_MITMPROXY -ARG WHEEL_BASENAME_MITMPROXY +ARG MITMPROXY_WHEEL RUN useradd -mU mitmproxy RUN apt-get update \ && apt-get install -y gosu \ && rm -rf /var/lib/apt/lists/* -COPY $WHEEL_MITMPROXY /home/mitmproxy/ -RUN pip3 install --no-cache-dir -U /home/mitmproxy/${WHEEL_BASENAME_MITMPROXY} \ - && rm -rf /home/mitmproxy/${WHEEL_BASENAME_MITMPROXY} +COPY $MITMPROXY_WHEEL /home/mitmproxy/ +RUN pip3 install --no-cache-dir -U /home/mitmproxy/${MITMPROXY_WHEEL} \ + && rm -rf /home/mitmproxy/${MITMPROXY_WHEEL} VOLUME /home/mitmproxy/.mitmproxy -COPY release/docker/docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] EXPOSE 8080 8081 diff --git a/release/docker/README.md b/release/docker/README.md index a5883006b..d84382557 100644 --- a/release/docker/README.md +++ b/release/docker/README.md @@ -1,55 +1,6 @@ -# mitmproxy +# Build Instructions -Containerized version of [mitmproxy](https://mitmproxy.org/): an interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets. - -# Usage - -```sh -$ docker run --rm -it [-v ~/.mitmproxy:/home/mitmproxy/.mitmproxy] -p 8080:8080 mitmproxy/mitmproxy -``` - -The *volume mount* is optional: It's to store the generated CA certificates. - -Once started, mitmproxy listens as a HTTP proxy on `localhost:8080`: - -```sh -$ http_proxy=http://localhost:8080/ curl http://example.com/ -$ https_proxy=http://localhost:8080/ curl -k https://example.com/ -``` - -You can also start `mitmdump` by just adding that to the end of the command-line: - -```sh -$ docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump -``` - -For `mitmweb`, you also need to expose port 8081: - -```sh -# this makes :8081 accessible to the local machine only -$ docker run --rm -it -p 8080:8080 -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0 -``` - -You can also pass options directly via the CLI: - -```sh -$ docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump --set ssl_insecure=true -``` - -For further details, please consult the mitmproxy [documentation](http://docs.mitmproxy.org/en/stable/). - -# Tags - -The available release tags can be seen -[here](https://hub.docker.com/r/mitmproxy/mitmproxy/tags/). - -* `master` always tracks the git-master branch and represents the unstable development tree. -* `latest` always points to the same image as the most recent stable release, including bugfix releases (e.g., `4.0.0` and `4.0.1`). -* `X.Y.Z` tags contain the mitmproxy release with this version number. - -# Security Notice - -Dependencies in the Docker images are frozen on release, and can’t be updated in -situ. This means that we necessarily capture any bugs or security issues that -may be present. We don’t generally release new Docker images simply to update -dependencies (though we may do so if we become aware of a really serious issue). + 1. Copy `mitmproxy-$VERSION-py3-none-any.whl` into this directory. + You can get the latest public release at https://mitmproxy.org/downloads/. + 2. Replace $VERSION with your mitmproxy version and + run `docker build --build-arg MITMPROXY_WHEEL=mitmproxy-$VERSION-py3-none-any.whl .`. diff --git a/release/docker/docker-entrypoint.sh b/release/docker/docker-entrypoint.sh index 1f267d2f3..3aaefe72f 100755 --- a/release/docker/docker-entrypoint.sh +++ b/release/docker/docker-entrypoint.sh @@ -1,5 +1,4 @@ #!/bin/bash -# WARNING: do not change the shebang - the Docker base image might not have what you want! set -o errexit set -o pipefail