mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-25 02:04:06 +02:00
add ocserv
This commit is contained in:
parent
0ffec08585
commit
f87ad00ae2
@ -83,6 +83,7 @@ A collection of delicious docker recipes.
|
||||
- [x] nullmailer
|
||||
- [x] nullmailer-arm
|
||||
- [x] obfsproxy
|
||||
- [x] ocserv
|
||||
- [x] opencart
|
||||
- [x] openrefine
|
||||
- [x] openvpn :+1:
|
||||
|
98
ocserv/Dockerfile
Normal file
98
ocserv/Dockerfile
Normal file
@ -0,0 +1,98 @@
|
||||
#
|
||||
# Dockerfile for ocserv
|
||||
#
|
||||
|
||||
FROM debian:jessie
|
||||
MAINTAINER kev <noreply@easypi.info>
|
||||
|
||||
ENV OCSERV_VERSION 0.11.3
|
||||
|
||||
RUN set -xe \
|
||||
&& apt-get update \
|
||||
&& apt-get install -y autogen \
|
||||
build-essential \
|
||||
curl \
|
||||
gnutls-bin \
|
||||
iptables \
|
||||
libdbus-1-3 \
|
||||
libdbus-1-dev \
|
||||
libev4 \
|
||||
libev-dev \
|
||||
libgnutlsxx28 \
|
||||
libgnutls28-dev \
|
||||
libhttp-parser2.1 \
|
||||
libhttp-parser-dev \
|
||||
libnl-route-3-200 \
|
||||
libnl-route-3-dev \
|
||||
libopts25 \
|
||||
libopts25-dev \
|
||||
libpam0g \
|
||||
libpam0g-dev \
|
||||
libpcl1 \
|
||||
libpcl1-dev \
|
||||
libprotobuf-c1 \
|
||||
libprotobuf-c-dev \
|
||||
libprotobuf9 \
|
||||
libprotobuf-dev \
|
||||
libprotoc9 \
|
||||
libprotoc-dev \
|
||||
libreadline6 \
|
||||
libreadline-dev \
|
||||
libseccomp2 \
|
||||
libseccomp-dev \
|
||||
libtalloc2 \
|
||||
libtalloc-dev \
|
||||
libwrap0 \
|
||||
libwrap0-dev \
|
||||
protobuf-c-compiler \
|
||||
protobuf-compiler \
|
||||
&& curl -sSL ftp://ftp.infradead.org/pub/ocserv/ocserv-$OCSERV_VERSION.tar.xz | tar xJ \
|
||||
&& cd ocserv-$OCSERV_VERSION \
|
||||
&& ./configure --prefix=/usr --sysconfdir=/etc --with-local-talloc \
|
||||
&& make install \
|
||||
&& mkdir -p /etc/ocserv/certs \
|
||||
&& cp ./doc/sample.config /etc/ocserv/ocserv.conf \
|
||||
&& sed -i -e 's@../tests/@/etc/ocserv/certs/@' \
|
||||
-e 's@certs/ca.pem@certs/ca-cert.pem@' \
|
||||
-e 's@./sample.passwd@/etc/ocserv/ocpasswd@' \
|
||||
-e 's@^try-mtu-discovery = false$@try-mtu-discovery = true@' \
|
||||
-e 's@^dns =.*$@dns = 8.8.8.8@' \
|
||||
-e 's@^route@#&@' \
|
||||
-e 's@^no-route@#&@' \
|
||||
/etc/ocserv/ocserv.conf \
|
||||
&& cd .. \
|
||||
&& apt-get purge --auto-remove -y autogen \
|
||||
build-essential \
|
||||
libdbus-1-dev \
|
||||
libev-dev \
|
||||
libgnutls28-dev \
|
||||
libhttp-parser-dev \
|
||||
libnl-route-3-dev \
|
||||
libopts25-dev \
|
||||
libpam0g-dev \
|
||||
libpcl1-dev \
|
||||
libprotobuf-c-dev \
|
||||
libprotobuf-dev \
|
||||
libprotoc-dev \
|
||||
libreadline-dev \
|
||||
libseccomp-dev \
|
||||
libtalloc-dev \
|
||||
libwrap0-dev \
|
||||
protobuf-c-compiler \
|
||||
protobuf-compiler \
|
||||
&& rm -rf ocserv-$OCSERV_VERSION /var/lib/apt/lists/*
|
||||
|
||||
COPY init.sh /init.sh
|
||||
COPY docker-entrypoint.sh /entrypoint.sh
|
||||
|
||||
VOLUME /etc/ocserv
|
||||
|
||||
ENV VPN_DOMAIN=vpn.easypi.info \
|
||||
VPN_NETWORK=10.20.30.0 \
|
||||
VPN_NETMASK=255.255.255.0 \
|
||||
VPN_USERNAME=username \
|
||||
VPN_PASSWORD=password
|
||||
|
||||
EXPOSE 443/tcp 443/udp
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
26
ocserv/README.md
Normal file
26
ocserv/README.md
Normal file
@ -0,0 +1,26 @@
|
||||
ocserv
|
||||
======
|
||||
|
||||
[OpenConnect server][1] (ocserv) is an SSL VPN server. Its purpose is to be a
|
||||
secure, small, fast and configurable VPN server.
|
||||
|
||||
## docker-compose.yml
|
||||
|
||||
```yaml
|
||||
ocserv:
|
||||
image: vimagick/ocserv
|
||||
ports:
|
||||
- "4443:443/tcp"
|
||||
- "4443:443/udp"
|
||||
environment:
|
||||
- VPN_DOMAIN=vpn.easypi.info
|
||||
- VPN_NETWORK=10.20.30.0
|
||||
- VPN_NETMASK=255.255.255.0
|
||||
- VPN_USERNAME=username
|
||||
- VPN_PASSWORD=password
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
restart: always
|
||||
```
|
||||
|
||||
[1]: http://www.infradead.org/ocserv/
|
14
ocserv/docker-compose.yml
Normal file
14
ocserv/docker-compose.yml
Normal file
@ -0,0 +1,14 @@
|
||||
ocserv:
|
||||
image: vimagick/ocserv
|
||||
ports:
|
||||
- "4443:443/tcp"
|
||||
- "4443:443/udp"
|
||||
environment:
|
||||
- VPN_DOMAIN=vpn.easypi.info
|
||||
- VPN_NETWORK=10.20.30.0
|
||||
- VPN_NETMASK=255.255.255.0
|
||||
- VPN_USERNAME=username
|
||||
- VPN_PASSWORD=password
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
restart: always
|
13
ocserv/docker-entrypoint.sh
Executable file
13
ocserv/docker-entrypoint.sh
Executable file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
|
||||
/init.sh
|
||||
|
||||
if [ ! -e /dev/net/tun ]; then
|
||||
mkdir -p /dev/net
|
||||
mknod /dev/net/tun c 10 200
|
||||
chmod 600 /dev/net/tun
|
||||
fi
|
||||
|
||||
iptables -t nat -A POSTROUTING -s ${VPN_NETWORK}/${VPN_NETMASK} -j MASQUERADE
|
||||
|
||||
exec ocserv -c /etc/ocserv/ocserv.conf -f $@
|
58
ocserv/init.sh
Executable file
58
ocserv/init.sh
Executable file
@ -0,0 +1,58 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
if [ -f /etc/ocserv/certs/server-cert.pem ]
|
||||
then
|
||||
echo "Initialized!"
|
||||
exit 0
|
||||
else
|
||||
echo "Initializing ..."
|
||||
fi
|
||||
|
||||
mkdir -p /etc/ocserv/certs
|
||||
cd /etc/ocserv/certs
|
||||
|
||||
cat > ca.tmpl <<_EOF_
|
||||
cn = "ocserv Root CA"
|
||||
organization = "ocserv"
|
||||
serial = 1
|
||||
expiration_days = 3650
|
||||
ca
|
||||
signing_key
|
||||
cert_signing_key
|
||||
crl_signing_key
|
||||
_EOF_
|
||||
|
||||
cat > server.tmpl <<_EOF_
|
||||
cn = "${VPN_DOMAIN}"
|
||||
organization = "ocserv"
|
||||
serial = 2
|
||||
expiration_days = 3650
|
||||
encryption_key
|
||||
signing_key
|
||||
tls_www_server
|
||||
_EOF_
|
||||
|
||||
certtool --generate-privkey \
|
||||
--outfile ca-key.pem
|
||||
|
||||
certtool --generate-self-signed \
|
||||
--load-privkey /etc/ocserv/certs/ca-key.pem \
|
||||
--template ca.tmpl \
|
||||
--outfile ca-cert.pem
|
||||
|
||||
certtool --generate-privkey \
|
||||
--outfile server-key.pem
|
||||
|
||||
certtool --generate-certificate \
|
||||
--load-privkey server-key.pem \
|
||||
--load-ca-certificate ca-cert.pem \
|
||||
--load-ca-privkey ca-key.pem \
|
||||
--template server.tmpl \
|
||||
--outfile server-cert.pem
|
||||
|
||||
sed -i -e "s@^ipv4-network =.*@ipv4-network = ${VPN_NETWORK}@" \
|
||||
-e "s@^ipv4-netmask =.*@ipv4-netmask = ${VPN_NETMASK}@" /etc/ocserv/ocserv.conf
|
||||
|
||||
echo "${VPN_PASSWORD}" | ocpasswd -c /etc/ocserv/ocpasswd "${VPN_USERNAME}"
|
Loading…
Reference in New Issue
Block a user