Compare commits
	
		
			1 Commits
		
	
	
		
			main
			...
			refactor-t
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| cb6e867483 | 
							
								
								
									
										20
									
								
								bin/start_openvpn
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										20
									
								
								bin/start_openvpn
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| #!/usr/bin/env bash | ||||
| if [ -z "$( ls -A '/opt/data/openvpn' )" ] || [ "${EASY_RSA_REGEN}" == "true" ]; then | ||||
|     rm -rf /opt/data/openvpn/* | ||||
|     # -- It should prepare certs with easy-rsa | ||||
|     /usr/share/easy-rsa/easyrsa init-pki | ||||
|     # -- Currently only no password | ||||
|     /usr/share/easy-rsa/easyrsa build-ca nopass | ||||
|     /usr/share/easy-rsa/easyrsa gen-dh | ||||
|     `unset EASYRSA_REQ_CN && /usr/share/easy-rsa/easyrsa build-server-full server nopass` | ||||
|     # -- Generate the CRL for client/server certificates revocation. | ||||
|     /usr/share/easy-rsa/easyrsa gen-crl | ||||
|     openvpn --genkey tls-crypt-v2-server "pki/private/${EASYRSA_REQ_CN}.pem" | ||||
|     openvpn --genkey secret > "ta.key" | ||||
|  | ||||
| else | ||||
|    echo "Easy RSA config is already prepared, skipping" | ||||
| fi | ||||
|  | ||||
| cp /opt/data/openvpn/ta.key /etc/openvpn/server | ||||
| openvpn --config /opt/config/server.conf | ||||
| @@ -16,7 +16,7 @@ RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version | ||||
| RUN tar -xf /tmp/openvpn.tar.gz  -C /tmp && rm -f /tmp/openvpn.tar.gz | ||||
| RUN mv /tmp/openvpn-${OPENVPN_VERSION} /output/openvpn | ||||
|  | ||||
| FROM ubuntu as builder | ||||
| FROM ubuntu:24.04 as builder | ||||
| # ------------------------------------------------------ | ||||
| # -- TODO: Define it only once | ||||
| # ------------------------------------------------------ | ||||
| @@ -31,36 +31,34 @@ WORKDIR /src/openvpn | ||||
| RUN ./configure --disable-systemd --enable-async-push --enable-iproute2 | ||||
| RUN make && make install | ||||
| RUN mkdir /output | ||||
| RUN cp $(which openvpn) /output/ | ||||
| RUN cp $(which openvpn) /output | ||||
| RUN cp /src/openvpn/sample/sample-config-files/server.conf /output | ||||
|  | ||||
| # ------------------------------------------------------ | ||||
| # -- Final container | ||||
| # ------------------------------------------------------ | ||||
| FROM ubuntu:24.04 | ||||
| LABEL maintainer="allanger <allanger@zohomail.com>" | ||||
| COPY --from=builder /output /src | ||||
| LABEL maintainer="allanger <allanger@badhouseplants.net>" | ||||
| VOLUME /opt/data/openvpn | ||||
| WORKDIR /opt/data/openvpn | ||||
|  | ||||
| ENV EASYRSA_BATCH=yes | ||||
| ENV EASYRSA_REQ_CN=openvpn-server | ||||
|  | ||||
| COPY --from=builder /output/openvpn /src/openvpn | ||||
| COPY --from=builder /output/server.conf /opt/config/server.conf | ||||
|  | ||||
| # ------------------------------------------------------- | ||||
| # -- Prepare system deps | ||||
| # -- It's also installing the openvpn package but  | ||||
| # -- it's required for getting dependencies, later | ||||
| # -- it's rewritten by the binary that from the builder | ||||
| # ------------------------------------------------------- | ||||
| RUN apt update && apt install openvpn easy-rsa iptables -y && \ | ||||
| RUN apt update &&\ | ||||
|       apt upgrade -y && \ | ||||
|       apt install openvpn easy-rsa -y && \ | ||||
|       mv /src/openvpn $(which openvpn) | ||||
|  | ||||
| # Needed by scripts | ||||
| ENV OPENVPN /etc/openvpn | ||||
|  | ||||
| # Prevents refused client connection because of an expired CRL | ||||
| ENV EASYRSA_CRL_DAYS 3650 | ||||
|  | ||||
| VOLUME ["/etc/openvpn"] | ||||
|  | ||||
| # Internally uses port 1194, remap if needed using `docker run -p 443:1194/tcp` | ||||
| EXPOSE 1194 | ||||
|  | ||||
| CMD ["ovpn_run"] | ||||
|  | ||||
| COPY --chmod='755' ./bin /usr/local/bin | ||||
| # ----------------------------------------------------------- | ||||
| # -- Add support for OTP authentication using a PAM module | ||||
| # -- I have no idea how it works yet | ||||
| # ----------------------------------------------------------- | ||||
| WORKDIR /etc/openvpn | ||||
|   | ||||
		Reference in New Issue
	
	Block a user