68 lines
2.7 KiB
Docker
68 lines
2.7 KiB
Docker
FROM ghcr.io/allanger/dumb-downloader as dudo
|
|
ENV OPENVPN_VERSION=2.6.7
|
|
RUN apt update && apt install gnupg tar -y
|
|
RUN mkdir /output
|
|
# ------------------------------------------------------
|
|
# -- Downlaod OpenVPN
|
|
# ------------------------------------------------------
|
|
RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY
|
|
RUN gpg --import security-openvpn-net.asc
|
|
RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p $OPENVPN_VERSION
|
|
# ------------------------------------------------------
|
|
# -- I should fix it later
|
|
# ------------------------------------------------------
|
|
# RUN gpg --no-tty --verify /tmp/openvpn.asc
|
|
RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p $OPENVPN_VERSION
|
|
RUN tar -xf /tmp/openvpn.tar.gz -C /tmp && rm -f /tmp/openvpn.tar.gz
|
|
RUN mv /tmp/openvpn-$OPENVPN_VERSION /output/openvpn
|
|
|
|
FROM ubuntu as builder
|
|
# ------------------------------------------------------
|
|
# -- TODO: Define it only once
|
|
# ------------------------------------------------------
|
|
ENV OPENVPN_VERSION=2.6.7
|
|
COPY --from=dudo /output /src
|
|
RUN apt-get update &&\
|
|
apt-get install -y wget tar unzip build-essential \
|
|
libssl-dev iproute2 liblz4-dev liblzo2-dev \
|
|
libpam0g-dev libpkcs11-helper1-dev libsystemd-dev \
|
|
easy-rsa iptables pkg-config libcap-ng-dev
|
|
WORKDIR /src/openvpn
|
|
RUN ./configure --disable-systemd --enable-async-push --enable-iproute2
|
|
RUN make && make install
|
|
RUN mkdir /output
|
|
RUN cp $(which openvpn) /output/
|
|
|
|
# ------------------------------------------------------
|
|
# -- Final container
|
|
# ------------------------------------------------------
|
|
FROM ubuntu:22.04
|
|
LABEL maintainer="allanger <allanger@zohomail.com>"
|
|
COPY --from=builder /output /src
|
|
# -------------------------------------------------------
|
|
# -- Prepare system deps
|
|
# -------------------------------------------------------
|
|
RUN apt update && apt install openvpn easy-rsa iptables -y && \
|
|
mv /src/openvpn $(which openvpn)
|
|
|
|
# Needed by scripts
|
|
ENV OPENVPN /etc/openvpn
|
|
|
|
# Prevents refused client connection because of an expired CRL
|
|
ENV EASYRSA_CRL_DAYS 3650
|
|
|
|
VOLUME ["/etc/openvpn"]
|
|
|
|
# Internally uses port 1194, remap if needed using `docker run -p 443:1194/tcp`
|
|
EXPOSE 1194
|
|
|
|
CMD ["ovpn_run"]
|
|
|
|
COPY --chmod='755' ./bin /usr/local/bin
|
|
# -----------------------------------------------------------
|
|
# -- Add support for OTP authentication using a PAM module
|
|
# -- I have no idea how it works yet
|
|
# -----------------------------------------------------------
|
|
WORKDIR /etc/openvpn
|
|
COPY ./otp/openvpn /etc/pam.d/
|