mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-23 01:39:27 +02:00
update ocserv
This commit is contained in:
parent
276484c636
commit
ce3137917d
@ -2,96 +2,88 @@
|
||||
# Dockerfile for ocserv
|
||||
#
|
||||
|
||||
FROM debian:jessie
|
||||
FROM alpine
|
||||
MAINTAINER kev <noreply@easypi.pro>
|
||||
|
||||
ENV OCSERV_VERSION 0.11.8
|
||||
ENV OCSERV_URL ftp://ftp.infradead.org/pub/ocserv/ocserv-$OCSERV_VERSION.tar.xz
|
||||
|
||||
RUN buildDeps=" \
|
||||
curl \
|
||||
g++ \
|
||||
gnutls-dev \
|
||||
gpgme \
|
||||
libev-dev \
|
||||
libnl3-dev \
|
||||
libseccomp-dev \
|
||||
linux-headers \
|
||||
linux-pam-dev \
|
||||
lz4-dev \
|
||||
make \
|
||||
readline-dev \
|
||||
tar \
|
||||
xz \
|
||||
"; \
|
||||
set -x \
|
||||
&& apk add --update --virtual .build-deps $buildDeps \
|
||||
&& curl -SL $OCSERV_URL -o ocserv.tar.xz \
|
||||
&& curl -SL $OCSERV_URL.sig -o ocserv.tar.xz.sig \
|
||||
&& gpg --keyserver pgp.mit.edu --recv-key 7F343FA7 \
|
||||
&& gpg --keyserver pgp.mit.edu --recv-key 96865171 \
|
||||
&& gpg --verify ocserv.tar.xz.sig \
|
||||
&& mkdir -p /usr/src/ocserv \
|
||||
&& tar -xf ocserv.tar.xz -C /usr/src/ocserv --strip-components=1 \
|
||||
&& rm ocserv.tar.xz* \
|
||||
&& cd /usr/src/ocserv \
|
||||
&& ./configure \
|
||||
&& make \
|
||||
&& make install \
|
||||
&& mkdir -p /etc/ocserv \
|
||||
&& cp /usr/src/ocserv/doc/sample.config /etc/ocserv/ocserv.conf \
|
||||
&& cp /usr/src/ocserv/doc/profile.xml /etc/ocserv/profile.xml \
|
||||
&& cd / \
|
||||
&& rm -rf /usr/src/ocserv \
|
||||
&& runDeps="$( \
|
||||
scanelf --needed --nobanner /usr/local/sbin/ocserv \
|
||||
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
|
||||
| xargs -r apk info --installed \
|
||||
| sort -u \
|
||||
)" \
|
||||
&& apk add --virtual .run-deps $runDeps gnutls-utils iptables \
|
||||
&& apk del .build-deps \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
|
||||
RUN set -xe \
|
||||
&& apt-get update \
|
||||
&& apt-get install -y autogen \
|
||||
build-essential \
|
||||
curl \
|
||||
gnutls-bin \
|
||||
iptables \
|
||||
less \
|
||||
libdbus-1-3 \
|
||||
libdbus-1-dev \
|
||||
libev4 \
|
||||
libev-dev \
|
||||
libgnutlsxx28 \
|
||||
libgnutls28-dev \
|
||||
libhttp-parser2.1 \
|
||||
libhttp-parser-dev \
|
||||
libnl-route-3-200 \
|
||||
libnl-route-3-dev \
|
||||
libopts25 \
|
||||
libopts25-dev \
|
||||
libpam0g \
|
||||
libpam0g-dev \
|
||||
libpcl1 \
|
||||
libpcl1-dev \
|
||||
libprotobuf-c1 \
|
||||
libprotobuf-c-dev \
|
||||
libprotobuf9 \
|
||||
libprotobuf-dev \
|
||||
libprotoc9 \
|
||||
libprotoc-dev \
|
||||
libreadline6 \
|
||||
libreadline-dev \
|
||||
libseccomp2 \
|
||||
libseccomp-dev \
|
||||
libtalloc2 \
|
||||
libtalloc-dev \
|
||||
libwrap0 \
|
||||
libwrap0-dev \
|
||||
protobuf-c-compiler \
|
||||
protobuf-compiler \
|
||||
&& curl -sSL ftp://ftp.infradead.org/pub/ocserv/ocserv-$OCSERV_VERSION.tar.xz | tar xJ \
|
||||
&& cd ocserv-$OCSERV_VERSION \
|
||||
&& ./configure --prefix=/usr --sysconfdir=/etc --with-local-talloc \
|
||||
&& make install \
|
||||
&& mkdir -p /etc/ocserv/certs \
|
||||
&& cp ./doc/sample.config /etc/ocserv/ocserv.conf \
|
||||
&& cp ./doc/profile.xml /etc/ocserv/profile.xml \
|
||||
&& sed -i -e 's@^#user-profile = /path/to/file.xml@#user-profile = /etc/ocserv/profile.xml@' \
|
||||
-e 's@../tests/@/etc/ocserv/certs/@' \
|
||||
-e 's@certs/ca.pem@certs/ca-cert.pem@' \
|
||||
-e 's@./sample.passwd@/etc/ocserv/ocpasswd@' \
|
||||
&& mkdir -p /etc/ocserv/config-per-user \
|
||||
&& mkdir -p /etc/ocserv/config-per-group \
|
||||
&& mkdir -p /etc/ocserv/defaults \
|
||||
&& touch /etc/ocserv/defaults/user.conf \
|
||||
&& touch /etc/ocserv/defaults/group.conf \
|
||||
&& touch /etc/ocserv/ocpasswd \
|
||||
&& sed -i -e 's@\./sample.passwd@/etc/ocserv/ocpasswd@' \
|
||||
-e 's@\.\./tests/@/etc/ocserv/@' \
|
||||
-e 's@^#cert-group-oid =@cert-group-oid =@' \
|
||||
-e 's@^#compression =.*@compression = true@' \
|
||||
-e 's@^#config-per-@config-per-@' \
|
||||
-e 's@^#default-@default-@' \
|
||||
-e 's@^#enable-auth = "certificate"$@enable-auth = "certificate"@' \
|
||||
-e 's@^try-mtu-discovery = false$@try-mtu-discovery = true@' \
|
||||
-e 's@^dns =.*$@dns = 8.8.8.8@' \
|
||||
-e 's@^#user-profile =.*@user-profile = /etc/ocserv/profile.xml@' \
|
||||
-e 's@^default-domain@#&@' \
|
||||
-e 's@^dns =.*@dns = 8.8.8.8@' \
|
||||
-e 's@^max-clients =.*@max-clients = 0@' \
|
||||
-e 's@^max-same-clients =.*@max-same-clients = 0@' \
|
||||
-e 's@^route@#&@' \
|
||||
/etc/ocserv/ocserv.conf \
|
||||
&& cd .. \
|
||||
&& apt-get purge --auto-remove -y autogen \
|
||||
build-essential \
|
||||
libdbus-1-dev \
|
||||
libev-dev \
|
||||
libgnutls28-dev \
|
||||
libhttp-parser-dev \
|
||||
libnl-route-3-dev \
|
||||
libopts25-dev \
|
||||
libpam0g-dev \
|
||||
libpcl1-dev \
|
||||
libprotobuf-c-dev \
|
||||
libprotobuf-dev \
|
||||
libprotoc-dev \
|
||||
libreadline-dev \
|
||||
libseccomp-dev \
|
||||
libtalloc-dev \
|
||||
libwrap0-dev \
|
||||
protobuf-c-compiler \
|
||||
protobuf-compiler \
|
||||
&& rm -rf ocserv-$OCSERV_VERSION /var/lib/apt/lists/*
|
||||
-e 's@^try-mtu-discovery =.*@try-mtu-discovery = true@' \
|
||||
/etc/ocserv/ocserv.conf
|
||||
|
||||
COPY init.sh /init.sh
|
||||
COPY docker-entrypoint.sh /entrypoint.sh
|
||||
|
||||
VOLUME /etc/ocserv
|
||||
WORKDIR /etc/ocserv
|
||||
|
||||
ENV VPN_DOMAIN=vpn.easypi.info \
|
||||
ENV VPN_DOMAIN=vpn.easypi.pro \
|
||||
VPN_NETWORK=10.20.30.0 \
|
||||
VPN_NETMASK=255.255.255.0 \
|
||||
LAN_NETWORK=192.168.0.0 \
|
||||
|
@ -4,7 +4,7 @@ ocserv:
|
||||
- "4443:443/tcp"
|
||||
- "4443:443/udp"
|
||||
environment:
|
||||
- VPN_DOMAIN=vpn.easypi.info
|
||||
- VPN_DOMAIN=vpn.easypi.pro
|
||||
- VPN_NETWORK=10.20.30.0
|
||||
- VPN_NETMASK=255.255.255.0
|
||||
- LAN_NETWORK=192.168.0.0
|
||||
|
@ -37,7 +37,7 @@ _EOF_
|
||||
|
||||
cat > client.tmpl <<_EOF_
|
||||
cn = "client@${VPN_DOMAIN}"
|
||||
uid = "client@${VPN_DOMAIN}"
|
||||
uid = "client"
|
||||
unit = "ocserv"
|
||||
expiration_days = 3650
|
||||
signing_key
|
||||
@ -51,7 +51,7 @@ certtool --generate-privkey \
|
||||
certtool --generate-self-signed \
|
||||
--load-privkey /etc/ocserv/certs/ca-key.pem \
|
||||
--template ca.tmpl \
|
||||
--outfile ca-cert.pem
|
||||
--outfile ca.pem
|
||||
|
||||
# gen server keys
|
||||
certtool --generate-privkey \
|
||||
@ -59,7 +59,7 @@ certtool --generate-privkey \
|
||||
|
||||
certtool --generate-certificate \
|
||||
--load-privkey server-key.pem \
|
||||
--load-ca-certificate ca-cert.pem \
|
||||
--load-ca-certificate ca.pem \
|
||||
--load-ca-privkey ca-key.pem \
|
||||
--template server.tmpl \
|
||||
--outfile server-cert.pem
|
||||
@ -70,14 +70,14 @@ certtool --generate-privkey \
|
||||
|
||||
certtool --generate-certificate \
|
||||
--load-privkey client-key.pem \
|
||||
--load-ca-certificate ca-cert.pem \
|
||||
--load-ca-certificate ca.pem \
|
||||
--load-ca-privkey ca-key.pem \
|
||||
--template client.tmpl \
|
||||
--outfile client-cert.pem
|
||||
|
||||
certtool --to-p12 \
|
||||
--pkcs-cipher 3des-pkcs12 \
|
||||
--load-ca-certificate ca-cert.pem \
|
||||
--load-ca-certificate ca.pem \
|
||||
--load-certificate client-cert.pem \
|
||||
--load-privkey client-key.pem \
|
||||
--outfile client.p12 \
|
||||
|
Loading…
Reference in New Issue
Block a user