🐥
とりあえず proxy をサクッと立てる (cloud-init 使って自動化済み)
以下の cloud-init
でサクッと完成します。
#cloud-config
packages_update: true
packages_upgrade: true
packages:
- squid
runcmd:
- sudo sed -i.org 's/#http_access allow localnet/http_access allow localnet/' /etc/squid/squid.conf
- systemctl restart squid
Bicep 側では、Base64 で読み込む loadFileAsBase64
という関数があるのでこれを利用することで、Azure VM の起動時に自動的に適用されます。
var vm00Name = 'vm-hub00'
module vm_hub00 '../lib/ubuntu2004.bicep' = {
name: vm00Name
params: {
location: location01
keyData: public_key.properties.publicKey
subnetId: filter(vnet_hub00.properties.subnets, subnet => subnet.name == 'default')[0].id
vmName: vm00Name
customData: loadFileAsBase64('./cloud-init.yml')
}
}
以下の shellscript を流し込む。
# update package info
sudo apt update
# install squid
sudo apt install squid
# replace config to allow access to this proxy from localnet
cd /etc/squid/
sudo sed -i.org 's/#http_access allow localnet/http_access allow localnet/' squid.conf
# restart squid
sudo systemctl restart squid
localnet はその前の部分で以下のとおり定義されているため、Private IP アドレス空間からのアクセスを許可する形になる。
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
Discussion