ARG ALPINE_VERSION=3.21 FROM alpine:${ALPINE_VERSION} ARG ALPINE_VERSION LABEL zero-downtime.net.image.maintainer="stefan@zero-downtime.net" \ zero-downtime.net.image.license="AGPLv3" RUN cd /etc/apk/keys && \ wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \ echo "@kubezero https://cdn.zero-downtime.net/alpine/v${ALPINE_VERSION}/kubezero" >> /etc/apk/repositories && \ apk upgrade -U --available --no-cache && \ apk add --no-cache \ openvpn \ iptables \ bash \ easy-rsa \ openvpn-auth-pam \ google-authenticator \ libqrencode-tools \ openvpn_exporter@kubezero \ openvpn-auth-oauth2@kubezero && \ ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin # Needed by scripts ENV OPENVPN=/etc/openvpn \ EASYRSA=/usr/share/easy-rsa \ EASYRSA_CRL_DAYS=3650 \ EASYRSA_PKI=/etc/openvpn/pki \ EASYRSA_SILENT=1 # /etc RO config, /var/run to share status VOLUME ["/etc/openvpn", "/var/run"] EXPOSE 1194/udp ADD ./bin /usr/local/bin RUN chmod a+x /usr/local/bin/* && \ mkdir -p /etc/openvpn-oauth # Add support for OTP authentication using a PAM module ADD ./otp/openvpn /etc/pam.d/ # Breaks all easyrsa commands locally due to UID mappings # would require podman as plain docker doesnt support keep-id # USER openvpn