2024-05-23 03:14:15 +00:00
|
|
|
ARG ALPINE_VERSION=3.20
|
2022-05-24 14:47:14 +00:00
|
|
|
|
|
|
|
FROM alpine:${ALPINE_VERSION}
|
2022-05-25 19:06:19 +00:00
|
|
|
ARG ALPINE_VERSION
|
2022-05-24 14:47:14 +00:00
|
|
|
|
|
|
|
LABEL zero-downtime.net.image.maintainer="stefan@zero-downtime.net" \
|
|
|
|
zero-downtime.net.image.license="AGPLv3"
|
|
|
|
|
2022-05-25 19:06:19 +00:00
|
|
|
RUN cd /etc/apk/keys && \
|
|
|
|
wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
|
|
|
|
echo "@kubezero https://cdn.zero-downtime.net/alpine/v${ALPINE_VERSION}/kubezero" >> /etc/apk/repositories && \
|
|
|
|
apk upgrade -U --available --no-cache && \
|
2022-05-24 14:47:14 +00:00
|
|
|
apk add --no-cache \
|
2022-05-25 19:06:19 +00:00
|
|
|
openvpn \
|
2022-10-11 12:59:40 +00:00
|
|
|
iptables \
|
2022-05-25 19:06:19 +00:00
|
|
|
bash \
|
|
|
|
easy-rsa \
|
|
|
|
openvpn-auth-pam \
|
|
|
|
google-authenticator \
|
2024-11-18 17:10:30 +00:00
|
|
|
libqrencode-tools \
|
|
|
|
openvpn_exporter@kubezero \
|
|
|
|
openvpn-auth-oauth2@kubezero && \
|
2022-05-25 19:06:19 +00:00
|
|
|
ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin
|
2022-05-24 14:47:14 +00:00
|
|
|
|
|
|
|
# Needed by scripts
|
2024-11-18 17:10:30 +00:00
|
|
|
ENV OPENVPN=/etc/openvpn \
|
|
|
|
EASYRSA=/usr/share/easy-rsa \
|
2022-05-24 14:47:14 +00:00
|
|
|
EASYRSA_CRL_DAYS=3650 \
|
2024-11-18 17:10:30 +00:00
|
|
|
EASYRSA_PKI=/etc/openvpn/pki \
|
2023-04-03 08:54:03 +00:00
|
|
|
EASYRSA_SILENT=1
|
2022-05-24 14:47:14 +00:00
|
|
|
|
2024-11-18 17:10:30 +00:00
|
|
|
# /etc RO config, /var/run to share status
|
|
|
|
VOLUME ["/etc/openvpn", "/var/run"]
|
2022-05-24 14:47:14 +00:00
|
|
|
|
|
|
|
EXPOSE 1194/udp
|
|
|
|
|
|
|
|
ADD ./bin /usr/local/bin
|
2024-11-18 17:10:30 +00:00
|
|
|
RUN chmod a+x /usr/local/bin/* && \
|
|
|
|
mkdir -p /etc/openvpn-oauth
|
2022-05-24 14:47:14 +00:00
|
|
|
|
|
|
|
# Add support for OTP authentication using a PAM module
|
|
|
|
ADD ./otp/openvpn /etc/pam.d/
|
2024-11-18 17:10:30 +00:00
|
|
|
|
|
|
|
# Breaks all easyrsa commands locally due to UID mappings
|
|
|
|
# would require podman as plain docker doesnt support keep-id
|
|
|
|
# USER openvpn
|