container-openvpn/Containerfile

FROM ghcr.io/allanger/dumb-downloader as dudo
ENV OPENVPN_VERSION=2.6.5
ENV TUNNELBLICK_VERSION=4.0.0beta08
ENV EASYRSA_VERSION=3.1.5
RUN apt update && apt install gnupg tar -y
RUN mkdir /output
# ------------------------------------------------------
# -- Downlaod OpenVPN
# ------------------------------------------------------
RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY
RUN gpg --import security-openvpn-net.asc
RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p $OPENVPN_VERSION
# ------------------------------------------------------
# -- I should fix it later
# ------------------------------------------------------
# RUN gpg  --no-tty --verify /tmp/openvpn.asc
RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p $OPENVPN_VERSION
RUN tar -xf /tmp/openvpn.tar.gz  -C /tmp && rm -f /tmp/openvpn.tar.gz
RUN mv /tmp/openvpn-$OPENVPN_VERSION /output/openvpn
# ------------------------------------------------------
# -- Download Tunnelblick
# ------------------------------------------------------
RUN dudo -l "https://github.com/Tunnelblick/Tunnelblick/archive/refs/tags/v{{ version }}.tar.gz" -d /tmp/tunnelblick.tar.gz -p $TUNNELBLICK_VERSION
RUN tar -xf /tmp/tunnelblick.tar.gz  -C /tmp && rm -f /tmp/tunnelblick.tar.gz
RUN mv /tmp/Tunnelblick-$TUNNELBLICK_VERSION /output/tunnelblick

FROM ubuntu as builder
# ------------------------------------------------------
# -- TODO: Define it only once
# ------------------------------------------------------
ENV OPENVPN_VERSION=2.6.5
ENV TUNNELBLICK_VERSION=v4.0.0beta08
COPY --from=dudo /output /src
RUN apt-get update &&\
      apt-get install -y wget tar unzip build-essential \
      libssl-dev iproute2 liblz4-dev liblzo2-dev \
      libpam0g-dev libpkcs11-helper1-dev libsystemd-dev \
      easy-rsa iptables pkg-config libcap-ng-dev
RUN cp /src/tunnelblick/third_party/sources/openvpn/openvpn-$OPENVPN_VERSION/patches/*.diff /src/openvpn
WORKDIR /src/openvpn
RUN for patch in $(find -type f | grep diff); do\
        patch -p1 < $patch;\
    done
RUN ./configure --disable-systemd --enable-async-push --enable-iproute2
RUN make && make install
RUN mkdir /output
RUN cp $(which openvpn) /output/

# ------------------------------------------------------
# -- Final container
# ------------------------------------------------------
FROM ubuntu:22.04
LABEL maintainer="allanger <allanger@zohomail.com>"
COPY --from=builder /output /src
# -------------------------------------------------------
# -- Prepare system deps
# -------------------------------------------------------
RUN apt update && apt install openvpn easy-rsa iptables -y && \
  mv /src/openvpn $(which openvpn)

# Needed by scripts
ENV OPENVPN /etc/openvpn

# Prevents refused client connection because of an expired CRL
ENV EASYRSA_CRL_DAYS 3650

VOLUME ["/etc/openvpn"]

# Internally uses port 1194, remap if needed using `docker run -p 443:1194/tcp`
EXPOSE 1194

CMD ["ovpn_run"]

COPY --chmod='755' ./bin /usr/local/bin
# -----------------------------------------------------------
# -- Add support for OTP authentication using a PAM module
# -- I have no idea how it works yet
# -----------------------------------------------------------
COPY ./otp/openvpn /etc/pam.d/
Take over the project I've decided to maintain the project myself now, so I've forked it and create a drone pipeline to push image to my registry 2023-08-09 17:49:38 +00:00			`FROM ghcr.io/allanger/dumb-downloader as dudo`
			`ENV OPENVPN_VERSION=2.6.5`
			`ENV TUNNELBLICK_VERSION=4.0.0beta08`
			`ENV EASYRSA_VERSION=3.1.5`
			`RUN apt update && apt install gnupg tar -y`
			`RUN mkdir /output`
			`# ------------------------------------------------------`
			`# -- Downlaod OpenVPN`
			`# ------------------------------------------------------`
			`RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY`
			`RUN gpg --import security-openvpn-net.asc`
			`RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p $OPENVPN_VERSION`
			`# ------------------------------------------------------`
			`# -- I should fix it later`
			`# ------------------------------------------------------`
			`# RUN gpg --no-tty --verify /tmp/openvpn.asc`
			`RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p $OPENVPN_VERSION`
			`RUN tar -xf /tmp/openvpn.tar.gz -C /tmp && rm -f /tmp/openvpn.tar.gz`
			`RUN mv /tmp/openvpn-$OPENVPN_VERSION /output/openvpn`
			`# ------------------------------------------------------`
			`# -- Download Tunnelblick`
			`# ------------------------------------------------------`
			`RUN dudo -l "https://github.com/Tunnelblick/Tunnelblick/archive/refs/tags/v{{ version }}.tar.gz" -d /tmp/tunnelblick.tar.gz -p $TUNNELBLICK_VERSION`
			`RUN tar -xf /tmp/tunnelblick.tar.gz -C /tmp && rm -f /tmp/tunnelblick.tar.gz`
			`RUN mv /tmp/Tunnelblick-$TUNNELBLICK_VERSION /output/tunnelblick`

			`FROM ubuntu as builder`
			`# ------------------------------------------------------`
			`# -- TODO: Define it only once`
			`# ------------------------------------------------------`
			`ENV OPENVPN_VERSION=2.6.5`
			`ENV TUNNELBLICK_VERSION=v4.0.0beta08`
			`COPY --from=dudo /output /src`
			`RUN apt-get update &&\`
			`apt-get install -y wget tar unzip build-essential \`
			`libssl-dev iproute2 liblz4-dev liblzo2-dev \`
			`libpam0g-dev libpkcs11-helper1-dev libsystemd-dev \`
			`easy-rsa iptables pkg-config libcap-ng-dev`
			`RUN cp /src/tunnelblick/third_party/sources/openvpn/openvpn-$OPENVPN_VERSION/patches/*.diff /src/openvpn`
			`WORKDIR /src/openvpn`
			`RUN for patch in $(find -type f \| grep diff); do\`
			`patch -p1 < $patch;\`
			`done`
			`RUN ./configure --disable-systemd --enable-async-push --enable-iproute2`
			`RUN make && make install`
			`RUN mkdir /output`
			`RUN cp $(which openvpn) /output/`

			`# ------------------------------------------------------`
			`# -- Final container`
			`# ------------------------------------------------------`
			`FROM ubuntu:22.04`
			`LABEL maintainer="allanger <allanger@zohomail.com>"`
			`COPY --from=builder /output /src`
			`# -------------------------------------------------------`
			`# -- Prepare system deps`
			`# -------------------------------------------------------`
			`RUN apt update && apt install openvpn easy-rsa iptables -y && \`
			`mv /src/openvpn $(which openvpn)`

			`# Needed by scripts`
			`ENV OPENVPN /etc/openvpn`

			`# Prevents refused client connection because of an expired CRL`
			`ENV EASYRSA_CRL_DAYS 3650`

			`VOLUME ["/etc/openvpn"]`

			# Internally uses port 1194, remap if needed using `docker run -p 443:1194/tcp`
			`EXPOSE 1194`

			`CMD ["ovpn_run"]`

			`COPY --chmod='755' ./bin /usr/local/bin`
			`# -----------------------------------------------------------`
			`# -- Add support for OTP authentication using a PAM module`
			`# -- I have no idea how it works yet`
			`# -----------------------------------------------------------`
			`COPY ./otp/openvpn /etc/pam.d/`