diff --git a/ocserv/Dockerfile b/ocserv/Dockerfile
index 8956141..358614b 100644
--- a/ocserv/Dockerfile
+++ b/ocserv/Dockerfile
@@ -2,96 +2,88 @@
# Dockerfile for ocserv
#
-FROM debian:jessie
+FROM alpine
MAINTAINER kev <noreply@easypi.pro>
ENV OCSERV_VERSION 0.11.8
+ENV OCSERV_URL ftp://ftp.infradead.org/pub/ocserv/ocserv-$OCSERV_VERSION.tar.xz
+
+RUN buildDeps=" \
+ curl \
+ g++ \
+ gnutls-dev \
+ gpgme \
+ libev-dev \
+ libnl3-dev \
+ libseccomp-dev \
+ linux-headers \
+ linux-pam-dev \
+ lz4-dev \
+ make \
+ readline-dev \
+ tar \
+ xz \
+ "; \
+ set -x \
+ && apk add --update --virtual .build-deps $buildDeps \
+ && curl -SL $OCSERV_URL -o ocserv.tar.xz \
+ && curl -SL $OCSERV_URL.sig -o ocserv.tar.xz.sig \
+ && gpg --keyserver pgp.mit.edu --recv-key 7F343FA7 \
+ && gpg --keyserver pgp.mit.edu --recv-key 96865171 \
+ && gpg --verify ocserv.tar.xz.sig \
+ && mkdir -p /usr/src/ocserv \
+ && tar -xf ocserv.tar.xz -C /usr/src/ocserv --strip-components=1 \
+ && rm ocserv.tar.xz* \
+ && cd /usr/src/ocserv \
+ && ./configure \
+ && make \
+ && make install \
+ && mkdir -p /etc/ocserv \
+ && cp /usr/src/ocserv/doc/sample.config /etc/ocserv/ocserv.conf \
+ && cp /usr/src/ocserv/doc/profile.xml /etc/ocserv/profile.xml \
+ && cd / \
+ && rm -rf /usr/src/ocserv \
+ && runDeps="$( \
+ scanelf --needed --nobanner /usr/local/sbin/ocserv \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )" \
+ && apk add --virtual .run-deps $runDeps gnutls-utils iptables \
+ && apk del .build-deps \
+ && rm -rf /var/cache/apk/*
RUN set -xe \
- && apt-get update \
- && apt-get install -y autogen \
- build-essential \
- curl \
- gnutls-bin \
- iptables \
- less \
- libdbus-1-3 \
- libdbus-1-dev \
- libev4 \
- libev-dev \
- libgnutlsxx28 \
- libgnutls28-dev \
- libhttp-parser2.1 \
- libhttp-parser-dev \
- libnl-route-3-200 \
- libnl-route-3-dev \
- libopts25 \
- libopts25-dev \
- libpam0g \
- libpam0g-dev \
- libpcl1 \
- libpcl1-dev \
- libprotobuf-c1 \
- libprotobuf-c-dev \
- libprotobuf9 \
- libprotobuf-dev \
- libprotoc9 \
- libprotoc-dev \
- libreadline6 \
- libreadline-dev \
- libseccomp2 \
- libseccomp-dev \
- libtalloc2 \
- libtalloc-dev \
- libwrap0 \
- libwrap0-dev \
- protobuf-c-compiler \
- protobuf-compiler \
- && curl -sSL ftp://ftp.infradead.org/pub/ocserv/ocserv-$OCSERV_VERSION.tar.xz | tar xJ \
- && cd ocserv-$OCSERV_VERSION \
- && ./configure --prefix=/usr --sysconfdir=/etc --with-local-talloc \
- && make install \
&& mkdir -p /etc/ocserv/certs \
- && cp ./doc/sample.config /etc/ocserv/ocserv.conf \
- && cp ./doc/profile.xml /etc/ocserv/profile.xml \
- && sed -i -e 's@^#user-profile = /path/to/file.xml@#user-profile = /etc/ocserv/profile.xml@' \
- -e 's@../tests/@/etc/ocserv/certs/@' \
- -e 's@certs/ca.pem@certs/ca-cert.pem@' \
- -e 's@./sample.passwd@/etc/ocserv/ocpasswd@' \
+ && mkdir -p /etc/ocserv/config-per-user \
+ && mkdir -p /etc/ocserv/config-per-group \
+ && mkdir -p /etc/ocserv/defaults \
+ && touch /etc/ocserv/defaults/user.conf \
+ && touch /etc/ocserv/defaults/group.conf \
+ && touch /etc/ocserv/ocpasswd \
+ && sed -i -e 's@\./sample.passwd@/etc/ocserv/ocpasswd@' \
+ -e 's@\.\./tests/@/etc/ocserv/@' \
+ -e 's@^#cert-group-oid =@cert-group-oid =@' \
+ -e 's@^#compression =.*@compression = true@' \
+ -e 's@^#config-per-@config-per-@' \
+ -e 's@^#default-@default-@' \
-e 's@^#enable-auth = "certificate"$@enable-auth = "certificate"@' \
- -e 's@^try-mtu-discovery = false$@try-mtu-discovery = true@' \
- -e 's@^dns =.*$@dns = 8.8.8.8@' \
+ -e 's@^#user-profile =.*@user-profile = /etc/ocserv/profile.xml@' \
-e 's@^default-domain@#&@' \
+ -e 's@^dns =.*@dns = 8.8.8.8@' \
+ -e 's@^max-clients =.*@max-clients = 0@' \
+ -e 's@^max-same-clients =.*@max-same-clients = 0@' \
-e 's@^route@#&@' \
- /etc/ocserv/ocserv.conf \
- && cd .. \
- && apt-get purge --auto-remove -y autogen \
- build-essential \
- libdbus-1-dev \
- libev-dev \
- libgnutls28-dev \
- libhttp-parser-dev \
- libnl-route-3-dev \
- libopts25-dev \
- libpam0g-dev \
- libpcl1-dev \
- libprotobuf-c-dev \
- libprotobuf-dev \
- libprotoc-dev \
- libreadline-dev \
- libseccomp-dev \
- libtalloc-dev \
- libwrap0-dev \
- protobuf-c-compiler \
- protobuf-compiler \
- && rm -rf ocserv-$OCSERV_VERSION /var/lib/apt/lists/*
+ -e 's@^try-mtu-discovery =.*@try-mtu-discovery = true@' \
+ /etc/ocserv/ocserv.conf
COPY init.sh /init.sh
COPY docker-entrypoint.sh /entrypoint.sh
VOLUME /etc/ocserv
+WORKDIR /etc/ocserv
-ENV VPN_DOMAIN=vpn.easypi.info \
+ENV VPN_DOMAIN=vpn.easypi.pro \
VPN_NETWORK=10.20.30.0 \
VPN_NETMASK=255.255.255.0 \
LAN_NETWORK=192.168.0.0 \
diff --git a/ocserv/docker-compose.yml b/ocserv/docker-compose.yml
index d0ce9f5..b74fadc 100644
--- a/ocserv/docker-compose.yml
+++ b/ocserv/docker-compose.yml
@@ -4,7 +4,7 @@ ocserv:
- "4443:443/tcp"
- "4443:443/udp"
environment:
- - VPN_DOMAIN=vpn.easypi.info
+ - VPN_DOMAIN=vpn.easypi.pro
- VPN_NETWORK=10.20.30.0
- VPN_NETMASK=255.255.255.0
- LAN_NETWORK=192.168.0.0
diff --git a/ocserv/init.sh b/ocserv/init.sh
index 10c4918..096fb8a 100755
--- a/ocserv/init.sh
+++ b/ocserv/init.sh
@@ -37,7 +37,7 @@ _EOF_
cat > client.tmpl <<_EOF_
cn = "client@${VPN_DOMAIN}"
-uid = "client@${VPN_DOMAIN}"
+uid = "client"
unit = "ocserv"
expiration_days = 3650
signing_key
@@ -51,7 +51,7 @@ certtool --generate-privkey \
certtool --generate-self-signed \
--load-privkey /etc/ocserv/certs/ca-key.pem \
--template ca.tmpl \
- --outfile ca-cert.pem
+ --outfile ca.pem
# gen server keys
certtool --generate-privkey \
@@ -59,7 +59,7 @@ certtool --generate-privkey \
certtool --generate-certificate \
--load-privkey server-key.pem \
- --load-ca-certificate ca-cert.pem \
+ --load-ca-certificate ca.pem \
--load-ca-privkey ca-key.pem \
--template server.tmpl \
--outfile server-cert.pem
@@ -70,14 +70,14 @@ certtool --generate-privkey \
certtool --generate-certificate \
--load-privkey client-key.pem \
- --load-ca-certificate ca-cert.pem \
+ --load-ca-certificate ca.pem \
--load-ca-privkey ca-key.pem \
--template client.tmpl \
--outfile client-cert.pem
certtool --to-p12 \
--pkcs-cipher 3des-pkcs12 \
- --load-ca-certificate ca-cert.pem \
+ --load-ca-certificate ca.pem \
--load-certificate client-cert.pem \
--load-privkey client-key.pem \
--outfile client.p12 \