imp: use adblock2privoxy instead of privoxy-blocklist

Author: Tardo

Dockerfile

@@ -1,28 +1,14 @@
-FROM alpine:latest
+FROM alpine:latest AS build-privoxy
 
 ARG PRIVOXY_VERSION=4.0.0
 ARG PRIVOXY_SRC_SHA1SUM=d302cb0bf23536e67a1b5505d01486a335d9c4c0
 ARG PRIVOXY_CONFIG_OPTIONS="--disable-toggle --disable-editor --disable-force --with-openssl --with-brotli"
 ARG PRIVOXY_BUILD_EXTRA="openssl-dev brotli-dev"
-ARG SYSTEM_EXTRA_PKGS="openssl brotli net-tools"
 
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 
-# Create Privoxy User
-RUN set -ex; \
-    addgroup --gid 7777 --system privoxy; \
-    adduser \
-        --disabled-password \
-        --home /var/lib/privoxy/ \
-        --ingroup privoxy \
-        --no-create-home \
-        --system \
-        --uid 7777 \
-        privoxy; \
-    mkdir /var/lib/privoxy/; \
-    chown privoxy:privoxy /var/lib/privoxy/;
+WORKDIR /build
 
-# Build Privoxy
 RUN set -eux; \
     apk add --no-cache --virtual build-tools \
         gcc \
@@ -33,72 +19,138 @@ RUN set -eux; \
         libc-dev \
         zlib-dev \
         pcre2-dev \
-        $PRIVOXY_BUILD_EXTRA; \
-    wget -qO /var/lib/privoxy/privoxy-src.tar.gz https://sourceforge.net/projects/ijbswa/files/Sources/${PRIVOXY_VERSION}%20%28stable%29/privoxy-${PRIVOXY_VERSION}-stable-src.tar.gz/download; \
-    echo "${PRIVOXY_SRC_SHA1SUM} /var/lib/privoxy/privoxy-src.tar.gz" | sha1sum -c; \
-    tar -zxvf /var/lib/privoxy/privoxy-src.tar.gz -C /var/lib/privoxy/; \
-    cd /var/lib/privoxy/privoxy-${PRIVOXY_VERSION}-stable; \
+        $PRIVOXY_BUILD_EXTRA;
+
+RUN set -eux; \
+    wget -qO privoxy-src.tar.gz https://sourceforge.net/projects/ijbswa/files/Sources/${PRIVOXY_VERSION}%20%28stable%29/privoxy-${PRIVOXY_VERSION}-stable-src.tar.gz/download; \
+    echo "${PRIVOXY_SRC_SHA1SUM} privoxy-src.tar.gz" | sha1sum -c; \
+    tar -zxvf privoxy-src.tar.gz; \
+    cd privoxy-${PRIVOXY_VERSION}-stable; \
     autoheader; \
     autoconf; \
-    ./configure $PRIVOXY_CONFIG_OPTIONS; \
+    ./configure --prefix=/usr/local $PRIVOXY_CONFIG_OPTIONS; \
     make; \
-    make -s install USER=privoxy GROUP=privoxy; \
-    chown -R privoxy:privoxy /usr/local/etc/privoxy/; \
-    rm -rf /var/lib/privoxy/privoxy-src.tar.gz /var/lib/privoxy/privoxy-${PRIVOXY_VERSION}-stable; \
-    apk del build-tools build-deps;
+    make install; \
+    privoxy --version;
+
+
+FROM alpine:latest AS build-adblock2privoxy
+
+ARG ADBLOCK2PRIVOXY_RESOLVER=lts-21.25
+
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+
+WORKDIR /build
+
+RUN set -eux; \
+    apk add --no-cache --virtual build-tools \
+        gcc \
+        g++ \
+        make \
+        curl \
+        gmp \
+        git; \
+    apk add --no-cache --virtual build-deps \
+        musl-dev \
+        zlib-dev \
+        gmp-dev \
+        ncurses-libs \
+        ncurses-dev; \
+    curl -sSL https://get.haskellstack.org/ | sh;
+
+RUN set -eux; \
+    git clone https://github.com/essandess/adblock2privoxy.git . --depth=1; \
+    export STACK_ROOT=/usr/local/etc/.stack; \
+    cd adblock2privoxy; \
+    stack setup --allow-different-user --resolver $ADBLOCK2PRIVOXY_RESOLVER; \
+    stack build --allow-different-user --resolver $ADBLOCK2PRIVOXY_RESOLVER --allow-newer; \
+    stack install --allow-different-user --local-bin-path /usr/local/bin --resolver $ADBLOCK2PRIVOXY_RESOLVER --allow-newer; \
+    adblock2privoxy --version;
+
+
+FROM alpine:latest AS runtime
+
+ARG SYSTEM_EXTRA_PKGS="brotli net-tools"
+
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+
+# Create Privoxy User
+RUN set -ex; \
+    addgroup --gid 7777 --system privoxy; \
+    adduser \
+        --disabled-password \
+        --home /var/lib/privoxy/ \
+        --ingroup privoxy \
+        --no-create-home \
+        --system \
+        --uid 7777 \
+        privoxy; \
+    mkdir /var/lib/privoxy/; \
+    chown privoxy:privoxy /var/lib/privoxy/;
 
 # Add system tools
 RUN set -eux; \
     apk add --no-cache --virtual runtime-deps \
-            python3 \
-            pcre2 \
-            bash \
-            sed \
-            $SYSTEM_EXTRA_PKGS;
+        python3 \
+        pcre2 \
+        openssl \
+        nginx \
+        gmp \
+        ncurses \
+        $SYSTEM_EXTRA_PKGS;
 
-# Enable Privoxy HTTPS inspection
-# hadolint ignore=SC1003
-RUN set -ex; \
-    mv /usr/local/etc/privoxy/config /usr/local/etc/privoxy/config.orig; \
-    sed -i '/^+set-image-blocker{pattern}/a +https-inspection \\' /usr/local/etc/privoxy/match-all.action;
+# Docker Entry Point
+COPY docker-entrypoint.sh /usr/local/sbin/
+RUN sed -i 's/\r$//' /usr/local/sbin/docker-entrypoint.sh && \
+        chmod +x /usr/local/sbin/docker-entrypoint.sh;
 
-# Copy project scripts/configs
+# Privman
 COPY data/rules/ /usr/local/etc/privoxy/privman-rules/
-COPY data/config /usr/local/etc/privoxy/
-COPY data/privoxy-blocklist.conf /var/lib/privoxy/
-RUN set -eux; \
-    # Remove CRLF (dos2unix) and ensure LF-only
-    sed -i 's/\r$//' /var/lib/privoxy/privoxy-blocklist.conf
 COPY bin/privman.py /var/lib/privoxy/privman.py
 RUN set -ex; \
     sed -i 's/\r$//' /var/lib/privoxy/privman.py; \
     head -1 /var/lib/privoxy/privman.py | grep -q '^#!' || \
         sed -i '1i #!/usr/bin/env python3' /var/lib/privoxy/privman.py; \
     chmod +x /var/lib/privoxy/privman.py; \
     ln -sf /var/lib/privoxy/privman.py /usr/local/sbin/privman;
-COPY bin/privoxy-blocklist.sh /var/lib/privoxy/privoxy-blocklist.sh
-RUN set -eux; \
-    sed -i 's/\r$//' /var/lib/privoxy/privoxy-blocklist.sh; \
-    chmod +x /var/lib/privoxy/privoxy-blocklist.sh; \
-    ln -sf /var/lib/privoxy/privoxy-blocklist.sh /usr/local/sbin/privoxy-blocklist;
-COPY docker-entrypoint.sh /usr/local/sbin/
-RUN sed -i 's/\r$//' /usr/local/sbin/docker-entrypoint.sh && \
-        chmod +x /usr/local/sbin/docker-entrypoint.sh;
 
-# Set the correct permissions
+# Privoxy
+COPY --from=build-privoxy /usr/local /usr/local
+COPY data/config /usr/local/etc/privoxy/
+# hadolint ignore=SC1003
 RUN set -ex; \
+    #mv /usr/local/etc/privoxy/config /usr/local/etc/privoxy/config.orig; \
     mkdir -p /var/log/privoxy /usr/local/etc/privoxy/CA /usr/local/etc/privoxy/certs /usr/local/etc/privoxy/privman-rules; \
-    chown -R privoxy:privoxy /var/log/privoxy/ /usr/local/etc/privoxy/config /usr/local/etc/privoxy/CA /usr/local/etc/privoxy/certs /usr/local/etc/privoxy/privman-rules /var/lib/privoxy/privoxy-blocklist.conf;
+    chown -R privoxy:privoxy /var/log/privoxy /usr/local/etc/privoxy; \
+    sed -i '/^+set-image-blocker{pattern}/a +https-inspection \\' /usr/local/etc/privoxy/match-all.action; \
+    cp -a /usr/local/etc/privoxy /opt/privoxy-default;
+
+# adblock2privoxy
+COPY --from=build-adblock2privoxy /usr/local/bin/adblock2privoxy /usr/local/bin/adblock2privoxy
+COPY --from=build-adblock2privoxy /build/adblock2privoxy/templates /opt/local/share/adblock2privoxy/templates
+COPY data/nginx.conf /etc/nginx/nginx.conf
+RUN set -ex; \
+    mkdir -p /usr/local/etc/adblock2privoxy/css; \
+    echo "# Dummy file" | tee -a /usr/local/etc/privoxy/ab2p.system.action /usr/local/etc/privoxy/ab2p.action /usr/local/etc/privoxy/ab2p.system.filter /usr/local/etc/privoxy/ab2p.filter; \
+    chown -R privoxy:privoxy /usr/local/etc/privoxy/ab2p.system.action /usr/local/etc/privoxy/ab2p.action /usr/local/etc/privoxy/ab2p.system.filter /usr/local/etc/privoxy/ab2p.filter; \
+    chown -R privoxy:privoxy /usr/local/etc/adblock2privoxy /etc/nginx /var/log/nginx /var/lib/nginx; \
+    chmod 755 /usr/local/bin/adblock2privoxy; \
+    chmod -R u+rw /etc/nginx /var/log/nginx /var/lib/nginx;
+
+# Verifications
+RUN set -ex; \
+    privoxy --version; \
+    adblock2privoxy --version;
 
-ENV ADBLOCK_URLS="" \
-    ADBLOCK_FILTERS=""
+# Common
+ENV ADBLOCK_URLS=""
+ENV ADBLOCK_CSS_DOMAIN="172.17.0.2:8119"
 
 ENTRYPOINT ["/usr/local/sbin/docker-entrypoint.sh"]
 
-RUN cp -a /usr/local/etc/privoxy /opt/privoxy-default
-
 VOLUME /usr/local/etc/privoxy
 EXPOSE 8118/tcp
+EXPOSE 8119/tcp
 
 USER privoxy
 

README.md

@@ -4,7 +4,7 @@
 
 Alpine docker with [privoxy](https://www.privoxy.org) enabled and configured to work with HTTPS.
 
-It also includes the script made by '[Andrwe Lord Weber](https://github.com/Andrwe/privoxy-blocklist)' to translate adblock rules to privoxy.
+It also includes '[adblock2privoxy](https://github.com/essandess/adblock2privoxy)' to translate adblock rules to privoxy with CSS hidden elements & blackhole.
 
 **The default configuration is intended for personal use only (ex. raspberry)**
 
@@ -20,7 +20,7 @@ Privoxy Status Page: https://config.privoxy.org/show-status
 | Name | Description | Default |
 |----------------|-------------|-------------|
 | ADBLOCK_URLS | String of urls separated by spaces | "" |
-| ADBLOCK_FILTERS | String of filters separated by spaces | "" |
+| ADBLOCK_CSS_DOMAIN | A domain/IP that points to the container (IP:PORT) | 172.17.0.2:8119 |
 
 - Can get urls from: https://easylist.to/
 - Can know the available filters with ```docker exec privoxy privoxy-blocklist --help```
@@ -39,9 +39,11 @@ services:
     container_name: privoxy
     ports:
       - 8118:8118
+      - 8119:8119
     environment:
-      - TZ=Europe/Madrid
-      - ADBLOCK_URLS=https://easylist.to/easylist/easylist.txt
+      TZ: Europe/Madrid
+      ADBLOCK_URLS: https://easylist.to/easylist/easylist.txt
+      ADBLOCK_CSS_DOMAIN: privoxy.local:8119
     volumes:
       - privoxy-ca:/usr/local/etc/privoxy/CA
     restart: unless-stopped
@@ -51,6 +53,8 @@ volumes:
     privoxy-ca:
 ```
 
+** privoxy.local must point to the container
+
 ### Get ca-bundle
 ```sh
 docker cp privoxy:/usr/local/etc/privoxy/CA/privoxy-ca-bundle.crt .
@@ -61,7 +65,7 @@ docker cp privoxy:/usr/local/etc/privoxy/CA/privoxy-ca-bundle.crt .
 - Update the Trusted CA file: `docker exec privoxy privman --update-trusted-ca`
 - Regenerate the .crt bundle: `docker exec privoxy privman --regenerate-crt-bundle`
 - Update 'adblock' filters: `docker exec privoxy privman --update-adblock-filters`
-- Block a domain to the blocklist: `docker exec privoxy privman --add-blocklist .google. .facebook.`
+- Add a domain to the blocklist: `docker exec privoxy privman --add-blocklist .google. .facebook.`
 - Remove a domain from the blocklist: `docker exec privoxy privman --remove-blocklist .facebook.`
 
 ## :page_facing_up: Configuration highlight changes

bin/privman.py

@@ -6,6 +6,8 @@
 import argparse
 import subprocess
 import urllib.request
+import signal
+
 
 BASE_LIB_DIR = "/var/lib/privoxy"
 BASE_DIR = "/usr/local/etc/privoxy"
@@ -52,22 +54,58 @@ def generate_crt_bundle(subj, forced=False):
         print_log("CRT Bundle", "Nothing to do. The file already exists.")
 
 
-def update_adblock_filters():
-    adblock_filters = " ".join(
-        map(lambda x: f'"{x}"', os.environ.get("ADBLOCK_FILTERS", "").split(" "))
-    )
-    adblock_urls = " ".join(
-        map(lambda x: f'"{x}"', os.environ.get("ADBLOCK_URLS", "").split(" "))
+def init_adblock_filters():
+    subprocess.run(
+        [
+            "adblock2privoxy",
+            "-p",
+            "/usr/local/etc/privoxy",
+            "-w",
+            "/usr/local/etc/adblock2privoxy/css",
+            "-d",
+            os.environ.get("ADBLOCK_CSS_DOMAIN", ""),
+            "-t",
+            "/usr/local/etc/privoxy/ab2p.task",
+            os.environ.get("ADBLOCK_URLS", ""),
+        ]
     )
-    lines = [f"URLS=({adblock_urls})", f"\nFILTERS=({adblock_filters})"]
-    with open(ADBLOCK_DYN_FILE, "w") as f:
-        f.writelines(lines)
+    return True
+
+
+def update_adblock_filters():
     subprocess.run(
-        ["privoxy-blocklist", "-c", "/var/lib/privoxy/privoxy-blocklist.conf"]
+        [
+            "adblock2privoxy",
+            "-t",
+            "/usr/local/etc/privoxy/ab2p.task",
+        ]
     )
     return True
 
 
+def _get_privoxy_pid():
+    for pid in os.listdir("/proc"):
+        if not pid.isdigit():
+            continue
+        try:
+            with open(f"/proc/{pid}/comm", "r") as f:
+                proc_name = f.read().strip()
+                if proc_name.lower() == "privoxy":
+                    return int(pid)
+        except (IOError, FileNotFoundError):
+            continue
+    return None
+
+
+def restart_privoxy():
+    privoxy_pid = _get_privoxy_pid()
+    if privoxy_pid:
+        os.kill(privoxy_pid, signal.SIGHUP)
+        print_log("Privoxy", "Restarted successfully")
+    else:
+        print_log("Privoxy", "Can't found the PID of privoxy")
+
+
 def _get_section_index(rules, section):
     for index, rule in enumerate(rules):
         if rule.strip() == section:
@@ -125,11 +163,6 @@ def _remove_from(filename, section_name, url):
     return need_write
 
 
-def restart_privoxy():
-    os.system("kill -HUP `cat /tmp/supervisord_privoxy.pid`")
-    print_log("Privoxy", "Restarted successfully")
-
-
 def add_whitelist(urls, soft_mode=False):
     user_action_file = os.path.join(BASEDIR_RULES, "user.action")
     has_changes = False
@@ -270,8 +303,8 @@ def remove_blocklist(urls):
 
     if args.init:
         update_trusted_ca()
-        update_adblock_filters()
         generate_crt_bundle(args.crt_bundle_subj)
+        init_adblock_filters()
     if args.update_trusted_ca:
         need_restart = update_trusted_ca(forced=True)
     if args.regenerate_crt_bundle: