zdt-openvpn/Dockerfile

47 lines
1.3 KiB
Docker
Raw Normal View History

ARG ALPINE_VERSION=3.20
2022-05-24 14:47:14 +00:00
FROM alpine:${ALPINE_VERSION}
ARG ALPINE_VERSION
2022-05-24 14:47:14 +00:00
LABEL zero-downtime.net.image.maintainer="stefan@zero-downtime.net" \
zero-downtime.net.image.license="AGPLv3"
RUN cd /etc/apk/keys && \
wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
echo "@kubezero https://cdn.zero-downtime.net/alpine/v${ALPINE_VERSION}/kubezero" >> /etc/apk/repositories && \
apk upgrade -U --available --no-cache && \
2022-05-24 14:47:14 +00:00
apk add --no-cache \
openvpn \
iptables \
bash \
easy-rsa \
openvpn-auth-pam \
google-authenticator \
libqrencode-tools \
openvpn_exporter@kubezero \
openvpn-auth-oauth2@kubezero && \
ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin
2022-05-24 14:47:14 +00:00
# Needed by scripts
ENV OPENVPN=/etc/openvpn \
EASYRSA=/usr/share/easy-rsa \
2022-05-24 14:47:14 +00:00
EASYRSA_CRL_DAYS=3650 \
EASYRSA_PKI=/etc/openvpn/pki \
EASYRSA_SILENT=1
2022-05-24 14:47:14 +00:00
# /etc RO config, /var/run to share status
VOLUME ["/etc/openvpn", "/var/run"]
2022-05-24 14:47:14 +00:00
EXPOSE 1194/udp
ADD ./bin /usr/local/bin
RUN chmod a+x /usr/local/bin/* && \
mkdir -p /etc/openvpn-oauth
2022-05-24 14:47:14 +00:00
# Add support for OTP authentication using a PAM module
ADD ./otp/openvpn /etc/pam.d/
# Breaks all easyrsa commands locally due to UID mappings
# would require podman as plain docker doesnt support keep-id
# USER openvpn