mirror of
https://github.com/vimagick/dockerfiles.git
synced 2025-01-10 04:19:24 +02:00
96 lines
3.0 KiB
Docker
96 lines
3.0 KiB
Docker
#
|
|
# Dockerfile for ocserv
|
|
#
|
|
|
|
FROM alpine
|
|
MAINTAINER kev <noreply@easypi.pro>
|
|
|
|
ENV OCSERV_VERSION 0.11.8
|
|
ENV OCSERV_URL ftp://ftp.infradead.org/pub/ocserv/ocserv-$OCSERV_VERSION.tar.xz
|
|
|
|
RUN buildDeps=" \
|
|
curl \
|
|
g++ \
|
|
gnutls-dev \
|
|
gpgme \
|
|
libev-dev \
|
|
libnl3-dev \
|
|
libseccomp-dev \
|
|
linux-headers \
|
|
linux-pam-dev \
|
|
lz4-dev \
|
|
make \
|
|
readline-dev \
|
|
tar \
|
|
xz \
|
|
"; \
|
|
set -x \
|
|
&& apk add --update --virtual .build-deps $buildDeps \
|
|
&& curl -SL $OCSERV_URL -o ocserv.tar.xz \
|
|
&& curl -SL $OCSERV_URL.sig -o ocserv.tar.xz.sig \
|
|
&& gpg --keyserver pgp.mit.edu --recv-key 7F343FA7 \
|
|
&& gpg --keyserver pgp.mit.edu --recv-key 96865171 \
|
|
&& gpg --verify ocserv.tar.xz.sig \
|
|
&& mkdir -p /usr/src/ocserv \
|
|
&& tar -xf ocserv.tar.xz -C /usr/src/ocserv --strip-components=1 \
|
|
&& rm ocserv.tar.xz* \
|
|
&& cd /usr/src/ocserv \
|
|
&& ./configure \
|
|
&& make \
|
|
&& make install \
|
|
&& mkdir -p /etc/ocserv \
|
|
&& cp /usr/src/ocserv/doc/sample.config /etc/ocserv/ocserv.conf \
|
|
&& cd / \
|
|
&& rm -rf /usr/src/ocserv \
|
|
&& runDeps="$( \
|
|
scanelf --needed --nobanner /usr/local/sbin/ocserv \
|
|
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
|
|
| xargs -r apk info --installed \
|
|
| sort -u \
|
|
)" \
|
|
&& apk add --virtual .run-deps $runDeps gnutls-utils iptables \
|
|
&& apk del .build-deps \
|
|
&& rm -rf /var/cache/apk/*
|
|
|
|
RUN set -xe \
|
|
&& mkdir -p /etc/ocserv/certs \
|
|
&& mkdir -p /etc/ocserv/config-per-user \
|
|
&& mkdir -p /etc/ocserv/config-per-group \
|
|
&& mkdir -p /etc/ocserv/defaults \
|
|
&& touch /etc/ocserv/defaults/user.conf \
|
|
&& touch /etc/ocserv/defaults/group.conf \
|
|
&& touch /etc/ocserv/ocpasswd \
|
|
&& sed -i -e 's@\./sample.passwd@/etc/ocserv/ocpasswd@' \
|
|
-e 's@\.\./tests/@/etc/ocserv/@' \
|
|
-e 's@^#cert-group-oid =@cert-group-oid =@' \
|
|
-e 's@^#compression =.*@compression = true@' \
|
|
-e 's@^#config-per-@config-per-@' \
|
|
-e 's@^#default-@default-@' \
|
|
-e 's@^#enable-auth = "certificate"$@enable-auth = "certificate"@' \
|
|
-e 's@^default-domain@#&@' \
|
|
-e 's@^dns =.*@dns = 8.8.8.8@' \
|
|
-e 's@^max-clients =.*@max-clients = 0@' \
|
|
-e 's@^max-same-clients =.*@max-same-clients = 0@' \
|
|
-e 's@^route@#&@' \
|
|
-e 's@^try-mtu-discovery =.*@try-mtu-discovery = true@' \
|
|
/etc/ocserv/ocserv.conf
|
|
|
|
COPY init.sh /init.sh
|
|
COPY docker-entrypoint.sh /entrypoint.sh
|
|
|
|
VOLUME /etc/ocserv
|
|
WORKDIR /etc/ocserv
|
|
|
|
ENV VPN_DOMAIN=vpn.easypi.pro \
|
|
VPN_NETWORK=10.20.30.0 \
|
|
VPN_NETMASK=255.255.255.0 \
|
|
LAN_NETWORK=192.168.0.0 \
|
|
LAN_NETMASK=255.255.0.0 \
|
|
VPN_USERNAME=username \
|
|
VPN_PASSWORD=password \
|
|
TERM=xterm
|
|
|
|
EXPOSE 443/tcp 443/udp
|
|
|
|
ENTRYPOINT ["/entrypoint.sh"]
|