self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-04-15 11:47:09 +02:00
Code Issues Releases Activity

strongswan uses docker-compose v2

Browse Source
This commit is contained in:
kev 2016-06-30 23:46:01 +08:00
parent ba027d41a3
commit d69b80858a
5 changed files with 58 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
strongswan/Dockerfile
View File

@ -10,17 +10,15 @@ RUN set -xe \
&& ln -sf /etc/ipsec.d/ipsec.conf /etc/ipsec.conf \ && ln -sf /etc/ipsec.d/ipsec.conf /etc/ipsec.conf \
&& ln -sf /etc/ipsec.d/ipsec.secrets /etc/ipsec.secrets && ln -sf /etc/ipsec.d/ipsec.secrets /etc/ipsec.secrets
COPY init.sh / COPY init.sh /init.sh
COPY docker-entrypoint.sh /entrypoint.sh
VOLUME /etc/ipsec.d /etc/strongswan.d VOLUME /etc/ipsec.d /etc/strongswan.d
ENV VPN_SUBNET=10.20.30.0/24 ENV VPN_DEVICE=eth0
ENV VPN_NETWORK=10.20.30.0/24
ENV VPN_DNS=8.8.8.8,8.8.4.4 ENV VPN_DNS=8.8.8.8,8.8.4.4
EXPOSE 500/udp 4500/udp EXPOSE 500/udp 4500/udp
CMD set -xe \ ENTRYPOINT ["/entrypoint.sh"]
&& /init.sh \
&& rm -f /var/run/starter.charon.pid \
&& iptables -t nat -A POSTROUTING -s $VPN_SUBNET -o eth0 -j MASQUERADE \
&& ipsec start --nofork

5
strongswan/README.md
View File

@ -12,6 +12,8 @@ protocols.
### docker-compose.yml ### docker-compose.yml
```yaml ```yaml
version: '2'
services:
strongswan: strongswan:
image: vimagick/strongswan image: vimagick/strongswan
ports: ports:
@ -22,10 +24,11 @@ strongswan:
- /etc/localtime:/etc/localtime - /etc/localtime:/etc/localtime
environment: environment:
- VPN_DOMAIN=vpn.easypi.info - VPN_DOMAIN=vpn.easypi.info
- VPN_SUBNET=10.20.30.0/24 - VPN_NETWORK=10.20.30.0/24
- VPN_P12_PASSWORD=secret - VPN_P12_PASSWORD=secret
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
tmpfs: /run
privileged: yes privileged: yes
restart: always restart: always
``` ```

5
strongswan/docker-compose.yml
View File

@ -1,3 +1,5 @@
version: '2'
services:
strongswan: strongswan:
image: vimagick/strongswan image: vimagick/strongswan
ports: ports:
@ -8,9 +10,10 @@ strongswan:
- /etc/localtime:/etc/localtime - /etc/localtime:/etc/localtime
environment: environment:
- VPN_DOMAIN=vpn.easypi.info - VPN_DOMAIN=vpn.easypi.info
- VPN_SUBNET=10.20.30.0/24 - VPN_NETWORK=10.20.30.0/24
- VPN_P12_PASSWORD=secret - VPN_P12_PASSWORD=secret
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
tmpfs: /run
privileged: yes privileged: yes
restart: always restart: always

11
strongswan/docker-entrypoint.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh -e
#
# entrypoint for strongswan
#
# - VPN_DEVICE
# - VPN_NETWORK
#
/init.sh
iptables -t nat -A POSTROUTING -s ${VPN_NETWORK} -o ${VPN_DEVICE} -j MASQUERADE
exec ipsec start --nofork "$@"

6
strongswan/init.sh
View File

@ -1,11 +1,11 @@
#!/bin/sh #!/bin/sh -e
# #
# gen config files for strongswan # gen config files for strongswan
# #
# - VPN_DNS # - VPN_DNS
# - VPN_DOMAIN # - VPN_DOMAIN
# - VPN_NETWORK
# - VPN_P12_PASSWORD # - VPN_P12_PASSWORD
# - VPN_SUBNET
# #
if [ -e /etc/ipsec.d/ipsec.conf ] if [ -e /etc/ipsec.d/ipsec.conf ]
@ -32,7 +32,7 @@ conn %default
leftsubnet=0.0.0.0/0 leftsubnet=0.0.0.0/0
right=%any right=%any
rightdns=${VPN_DNS} rightdns=${VPN_DNS}
rightsourceip=${VPN_SUBNET} rightsourceip=${VPN_NETWORK}
conn IPSec-IKEv2 conn IPSec-IKEv2
keyexchange=ikev2 keyexchange=ikev2