container-openvpn/Dockerfile
Adam Monsen b81b2dd472 Derive from alpine 3.4 instead of 3.2
To work around known vulnerabilities in alpine 3.2 such as CVE-2016-2177
and CVE-2016-2178.

See https://github.com/kylemanna/docker-openvpn/issues/140
2016-06-24 13:53:45 -07:00

32 lines
951 B
Docker

# Original credit: https://github.com/jpetazzo/dockvpn
# Smallest base image
FROM alpine:3.4
MAINTAINER Kyle Manna <kyle@kylemanna.com>
RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community/" >> /etc/apk/repositories && \
echo "http://dl-4.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories && \
apk add --update openvpn iptables bash easy-rsa openvpn-auth-pam google-authenticator pamtester && \
ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin && \
rm -rf /tmp/* /var/tmp/* /var/cache/apk/*
# Needed by scripts
ENV OPENVPN /etc/openvpn
ENV EASYRSA /usr/share/easy-rsa
ENV EASYRSA_PKI $OPENVPN/pki
ENV EASYRSA_VARS_FILE $OPENVPN/vars
VOLUME ["/etc/openvpn"]
# Internally uses port 1194/udp, remap using `docker run -p 443:1194/tcp`
EXPOSE 1194/udp
CMD ["ovpn_run"]
ADD ./bin /usr/local/bin
RUN chmod a+x /usr/local/bin/*
# Add support for OTP authentication using a PAM module
ADD ./otp/openvpn /etc/pam.d/