1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-25 02:04:06 +02:00

add ocserv

This commit is contained in:
kev 2016-06-29 04:35:26 +08:00
parent 0ffec08585
commit f87ad00ae2
6 changed files with 210 additions and 0 deletions

View File

@ -83,6 +83,7 @@ A collection of delicious docker recipes.
- [x] nullmailer
- [x] nullmailer-arm
- [x] obfsproxy
- [x] ocserv
- [x] opencart
- [x] openrefine
- [x] openvpn :+1:

98
ocserv/Dockerfile Normal file
View File

@ -0,0 +1,98 @@
#
# Dockerfile for ocserv
#
FROM debian:jessie
MAINTAINER kev <noreply@easypi.info>
ENV OCSERV_VERSION 0.11.3
RUN set -xe \
&& apt-get update \
&& apt-get install -y autogen \
build-essential \
curl \
gnutls-bin \
iptables \
libdbus-1-3 \
libdbus-1-dev \
libev4 \
libev-dev \
libgnutlsxx28 \
libgnutls28-dev \
libhttp-parser2.1 \
libhttp-parser-dev \
libnl-route-3-200 \
libnl-route-3-dev \
libopts25 \
libopts25-dev \
libpam0g \
libpam0g-dev \
libpcl1 \
libpcl1-dev \
libprotobuf-c1 \
libprotobuf-c-dev \
libprotobuf9 \
libprotobuf-dev \
libprotoc9 \
libprotoc-dev \
libreadline6 \
libreadline-dev \
libseccomp2 \
libseccomp-dev \
libtalloc2 \
libtalloc-dev \
libwrap0 \
libwrap0-dev \
protobuf-c-compiler \
protobuf-compiler \
&& curl -sSL ftp://ftp.infradead.org/pub/ocserv/ocserv-$OCSERV_VERSION.tar.xz | tar xJ \
&& cd ocserv-$OCSERV_VERSION \
&& ./configure --prefix=/usr --sysconfdir=/etc --with-local-talloc \
&& make install \
&& mkdir -p /etc/ocserv/certs \
&& cp ./doc/sample.config /etc/ocserv/ocserv.conf \
&& sed -i -e 's@../tests/@/etc/ocserv/certs/@' \
-e 's@certs/ca.pem@certs/ca-cert.pem@' \
-e 's@./sample.passwd@/etc/ocserv/ocpasswd@' \
-e 's@^try-mtu-discovery = false$@try-mtu-discovery = true@' \
-e 's@^dns =.*$@dns = 8.8.8.8@' \
-e 's@^route@#&@' \
-e 's@^no-route@#&@' \
/etc/ocserv/ocserv.conf \
&& cd .. \
&& apt-get purge --auto-remove -y autogen \
build-essential \
libdbus-1-dev \
libev-dev \
libgnutls28-dev \
libhttp-parser-dev \
libnl-route-3-dev \
libopts25-dev \
libpam0g-dev \
libpcl1-dev \
libprotobuf-c-dev \
libprotobuf-dev \
libprotoc-dev \
libreadline-dev \
libseccomp-dev \
libtalloc-dev \
libwrap0-dev \
protobuf-c-compiler \
protobuf-compiler \
&& rm -rf ocserv-$OCSERV_VERSION /var/lib/apt/lists/*
COPY init.sh /init.sh
COPY docker-entrypoint.sh /entrypoint.sh
VOLUME /etc/ocserv
ENV VPN_DOMAIN=vpn.easypi.info \
VPN_NETWORK=10.20.30.0 \
VPN_NETMASK=255.255.255.0 \
VPN_USERNAME=username \
VPN_PASSWORD=password
EXPOSE 443/tcp 443/udp
ENTRYPOINT ["/entrypoint.sh"]

26
ocserv/README.md Normal file
View File

@ -0,0 +1,26 @@
ocserv
======
[OpenConnect server][1] (ocserv) is an SSL VPN server. Its purpose is to be a
secure, small, fast and configurable VPN server.
## docker-compose.yml
```yaml
ocserv:
image: vimagick/ocserv
ports:
- "4443:443/tcp"
- "4443:443/udp"
environment:
- VPN_DOMAIN=vpn.easypi.info
- VPN_NETWORK=10.20.30.0
- VPN_NETMASK=255.255.255.0
- VPN_USERNAME=username
- VPN_PASSWORD=password
cap_add:
- NET_ADMIN
restart: always
```
[1]: http://www.infradead.org/ocserv/

14
ocserv/docker-compose.yml Normal file
View File

@ -0,0 +1,14 @@
ocserv:
image: vimagick/ocserv
ports:
- "4443:443/tcp"
- "4443:443/udp"
environment:
- VPN_DOMAIN=vpn.easypi.info
- VPN_NETWORK=10.20.30.0
- VPN_NETMASK=255.255.255.0
- VPN_USERNAME=username
- VPN_PASSWORD=password
cap_add:
- NET_ADMIN
restart: always

13
ocserv/docker-entrypoint.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
/init.sh
if [ ! -e /dev/net/tun ]; then
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun
fi
iptables -t nat -A POSTROUTING -s ${VPN_NETWORK}/${VPN_NETMASK} -j MASQUERADE
exec ocserv -c /etc/ocserv/ocserv.conf -f $@

58
ocserv/init.sh Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
set -e
if [ -f /etc/ocserv/certs/server-cert.pem ]
then
echo "Initialized!"
exit 0
else
echo "Initializing ..."
fi
mkdir -p /etc/ocserv/certs
cd /etc/ocserv/certs
cat > ca.tmpl <<_EOF_
cn = "ocserv Root CA"
organization = "ocserv"
serial = 1
expiration_days = 3650
ca
signing_key
cert_signing_key
crl_signing_key
_EOF_
cat > server.tmpl <<_EOF_
cn = "${VPN_DOMAIN}"
organization = "ocserv"
serial = 2
expiration_days = 3650
encryption_key
signing_key
tls_www_server
_EOF_
certtool --generate-privkey \
--outfile ca-key.pem
certtool --generate-self-signed \
--load-privkey /etc/ocserv/certs/ca-key.pem \
--template ca.tmpl \
--outfile ca-cert.pem
certtool --generate-privkey \
--outfile server-key.pem
certtool --generate-certificate \
--load-privkey server-key.pem \
--load-ca-certificate ca-cert.pem \
--load-ca-privkey ca-key.pem \
--template server.tmpl \
--outfile server-cert.pem
sed -i -e "s@^ipv4-network =.*@ipv4-network = ${VPN_NETWORK}@" \
-e "s@^ipv4-netmask =.*@ipv4-netmask = ${VPN_NETMASK}@" /etc/ocserv/ocserv.conf
echo "${VPN_PASSWORD}" | ocpasswd -c /etc/ocserv/ocpasswd "${VPN_USERNAME}"