self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-01-08 04:04:42 +02:00
Code Issues Releases Activity

strongswan uses docker-compose v2

Browse Source
This commit is contained in:
kev 2016-06-30 23:46:01 +08:00
parent ba027d41a3
commit d69b80858a
5 changed files with 58 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
strongswan/Dockerfile
View File

@ -10,17 +10,15 @@ RUN set -xe \
&& ln -sf /etc/ipsec.d/ipsec.conf /etc/ipsec.conf \ && ln -sf /etc/ipsec.d/ipsec.conf /etc/ipsec.conf \
&& ln -sf /etc/ipsec.d/ipsec.secrets /etc/ipsec.secrets && ln -sf /etc/ipsec.d/ipsec.secrets /etc/ipsec.secrets
COPY init.sh / COPY init.sh /init.sh
COPY docker-entrypoint.sh /entrypoint.sh
VOLUME /etc/ipsec.d /etc/strongswan.d VOLUME /etc/ipsec.d /etc/strongswan.d
ENV VPN_SUBNET=10.20.30.0/24 ENV VPN_DEVICE=eth0
ENV VPN_NETWORK=10.20.30.0/24
ENV VPN_DNS=8.8.8.8,8.8.4.4 ENV VPN_DNS=8.8.8.8,8.8.4.4
EXPOSE 500/udp 4500/udp EXPOSE 500/udp 4500/udp
CMD set -xe \ ENTRYPOINT ["/entrypoint.sh"]
&& /init.sh \
&& rm -f /var/run/starter.charon.pid \
&& iptables -t nat -A POSTROUTING -s $VPN_SUBNET -o eth0 -j MASQUERADE \
&& ipsec start --nofork

35
strongswan/README.md
View File

@ -12,22 +12,25 @@ protocols.
### docker-compose.yml ### docker-compose.yml
```yaml ```yaml
strongswan: version: '2'
image: vimagick/strongswan services:
ports: strongswan:
- 500:500/udp image: vimagick/strongswan
- 4500:4500/udp ports:
volumes: - 500:500/udp
- /lib/modules:/lib/modules - 4500:4500/udp
- /etc/localtime:/etc/localtime volumes:
environment: - /lib/modules:/lib/modules
- VPN_DOMAIN=vpn.easypi.info - /etc/localtime:/etc/localtime
- VPN_SUBNET=10.20.30.0/24 environment:
- VPN_P12_PASSWORD=secret - VPN_DOMAIN=vpn.easypi.info
cap_add: - VPN_NETWORK=10.20.30.0/24
- NET_ADMIN - VPN_P12_PASSWORD=secret
privileged: yes cap_add:
restart: always - NET_ADMIN
tmpfs: /run
privileged: yes
restart: always
``` ```
### up and running ### up and running

35
strongswan/docker-compose.yml
View File

@ -1,16 +1,19 @@
strongswan: version: '2'
image: vimagick/strongswan services:
ports: strongswan:
- 500:500/udp image: vimagick/strongswan
- 4500:4500/udp ports:
volumes: - 500:500/udp
- /lib/modules:/lib/modules - 4500:4500/udp
- /etc/localtime:/etc/localtime volumes:
environment: - /lib/modules:/lib/modules
- VPN_DOMAIN=vpn.easypi.info - /etc/localtime:/etc/localtime
- VPN_SUBNET=10.20.30.0/24 environment:
- VPN_P12_PASSWORD=secret - VPN_DOMAIN=vpn.easypi.info
cap_add: - VPN_NETWORK=10.20.30.0/24
- NET_ADMIN - VPN_P12_PASSWORD=secret
privileged: yes cap_add:
restart: always - NET_ADMIN
tmpfs: /run
privileged: yes
restart: always

11
strongswan/docker-entrypoint.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh -e
#
# entrypoint for strongswan
#
# - VPN_DEVICE
# - VPN_NETWORK
#
/init.sh
iptables -t nat -A POSTROUTING -s ${VPN_NETWORK} -o ${VPN_DEVICE} -j MASQUERADE
exec ipsec start --nofork "$@"

8
strongswan/init.sh
View File

@ -1,11 +1,11 @@
#!/bin/sh #!/bin/sh -e
# #
# gen config files for strongswan # gen config files for strongswan
# #
# - VPN_DNS # - VPN_DNS
# - VPN_DOMAIN # - VPN_DOMAIN
# - VPN_NETWORK
# - VPN_P12_PASSWORD # - VPN_P12_PASSWORD
# - VPN_SUBNET
# #
if [ -e /etc/ipsec.d/ipsec.conf ] if [ -e /etc/ipsec.d/ipsec.conf ]
@ -13,7 +13,7 @@ then
echo "Initialized!" echo "Initialized!"
exit 0 exit 0
else else
echo "Initializing ..." echo "Initializing..."
fi fi
cat > /etc/ipsec.d/ipsec.conf <<_EOF_ cat > /etc/ipsec.d/ipsec.conf <<_EOF_
@ -32,7 +32,7 @@ conn %default
leftsubnet=0.0.0.0/0 leftsubnet=0.0.0.0/0
right=%any right=%any
rightdns=${VPN_DNS} rightdns=${VPN_DNS}
rightsourceip=${VPN_SUBNET} rightsourceip=${VPN_NETWORK}
conn IPSec-IKEv2 conn IPSec-IKEv2
keyexchange=ikev2 keyexchange=ikev2