FROM ghcr.io/allanger/dumb-downloader as dudo ENV OPENVPN_VERSION=2.6.6 RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ # -- Downlaod OpenVPN # ------------------------------------------------------ RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY RUN gpg --import security-openvpn-net.asc RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p $OPENVPN_VERSION # ------------------------------------------------------ # -- I should fix it later # ------------------------------------------------------ # RUN gpg --no-tty --verify /tmp/openvpn.asc RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p $OPENVPN_VERSION RUN tar -xf /tmp/openvpn.tar.gz -C /tmp && rm -f /tmp/openvpn.tar.gz RUN mv /tmp/openvpn-$OPENVPN_VERSION /output/openvpn FROM ubuntu as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ ENV OPENVPN_VERSION=2.6.6 COPY --from=dudo /output /src RUN apt-get update &&\ apt-get install -y wget tar unzip build-essential \ libssl-dev iproute2 liblz4-dev liblzo2-dev \ libpam0g-dev libpkcs11-helper1-dev libsystemd-dev \ easy-rsa iptables pkg-config libcap-ng-dev WORKDIR /src/openvpn RUN ./configure --disable-systemd --enable-async-push --enable-iproute2 RUN make && make install RUN mkdir /output RUN cp $(which openvpn) /output/ # ------------------------------------------------------ # -- Final container # ------------------------------------------------------ FROM ubuntu:22.04 LABEL maintainer="allanger " COPY --from=builder /output /src # ------------------------------------------------------- # -- Prepare system deps # ------------------------------------------------------- RUN apt update && apt install openvpn easy-rsa iptables -y && \ mv /src/openvpn $(which openvpn) # Needed by scripts ENV OPENVPN /etc/openvpn # Prevents refused client connection because of an expired CRL ENV EASYRSA_CRL_DAYS 3650 VOLUME ["/etc/openvpn"] # Internally uses port 1194, remap if needed using `docker run -p 443:1194/tcp` EXPOSE 1194 CMD ["ovpn_run"] COPY --chmod='755' ./bin /usr/local/bin # ----------------------------------------------------------- # -- Add support for OTP authentication using a PAM module # -- I have no idea how it works yet # ----------------------------------------------------------- WORKDIR /etc/openvpn COPY ./otp/openvpn /etc/pam.d/