Merge branch 'develop'

Author: SloCompTech

.gitignore

@@ -1,4 +1,4 @@
 # Data folder for docker data
-/data
+/data*
 /tmp.txt
-/tmp
+/tmp

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+### 3.0.0 - New major release
+
+- Changed fs structure
+- Rewritten helper scripts
+- Reorganized examples
+- Added Site-to-site example
+- Removed `compression` from examples
+- Switched to bash wizards
+- Added auth-pass-verify example script
+
 ### 2.0.6 - Fixed bugs, added additonal parameters
 
 - Fixed bug in `ovpn` util.

CONTRIBUTING.md

@@ -6,10 +6,9 @@ Feel free to contribute to this project.
 
 Sections:
 
-- [Example configs & hooks](root/defaults/example/README.md)
+- [Example configs & hooks](root/usr/local/share/docker-openvpn/README.md)
 - [Guides](docs/README.md)
 - [Helper Scripts](root/app/README.md)  
-- [Modules](root/defaults/module/README.md)
 
 ## Syntax
 
@@ -18,34 +17,41 @@ Sections:
 
 ## Directory structure of project
 
-```
+``` text
 /config # Configuration dir (all config is here, generated on container start)
-  backup # Folder where backups are generated
-  example # Example configs (see root/defaults/example/README.md)
-  module # Modules for openvpn
-  openvpn # Openvpn configuration
-    ccd # OpenVPN client-specific configuration directory (applied when client connects)
-    client # Client configuration directory (for generation of .ovpn files)
-      <clientconffile>.conf # Base for building client config (all files merged)
-    config # Running config (server/client)
-      <name>.conf # Config files (all files merged)
+  backup # Generated backups
+  client-configs # Generated client configs
+  hooks
+    finish # Deinit container
+    init # Init container
+  openvpn # OpenVPN directory
+    ca.crt (*) # CA public key (when pki is setup)
+    ccd # client-specific configuration directory (applied when client connects)
+    crl.pem (**) # Certificate revocation list
+    dh.pem (*) # Server crypto
+    hook.sh # Hook script runner
     hooks # Put your custom scripts in one of subfolders
-      auth # On authentication (needs to be enabled in config)
-      client-connect # Client connected
-      client-disconnect # Client disconnected
+      auth # Server: On authentication (needs to be enabled in config)
+      client-connect # Server: Client connected
+      client-disconnect # Server: Client disconnected
       down # After interface is down
-      finish # Deinit container
-      init # Init container
-      learn-address
+      ipchange # Client: our remote IP initially authenticated or changes
+      learn-address # Server: when IP, route, MAC added to OpenVPN internal routing table
       route-up # After routes are added
       route-pre-down # Before routes are removed
+      start # Before service start
+      stop # After service stop
       up # After interface is up  
       tls-verify # Check certificate
-    system.conf # System OpenVPN config file (do not edit, unless instructed)
-    system-server.conf # System OpenCPN server specific file (do not edit, unless instructed)
-    system-client.conf # System OpenCPN client specific file (do not edit, unless instructed)
-    dynamic.conf # File that links all config files together (automatically generated)
-  pki
+    include.conf # Container specific settings (must be included)
+    openvpn.conf or *.ovpn file # Main configuration file
+    openvpn-template.conf # Template configuration for creating .ovpn and .pkg
+    pid # OpenVPN PID (automatically written)
+    server.crt (*) # Server public key
+    server.key (*) # Server private key
+    tmp # Temporary directory
+  persistent-interface # Make used interface persistent
+  pki (**) # Public key infrastructure directory (KEEP IT SAFE, specialy ca.key)
     ca.crt # CA certificate
     certs by serial # Certs by Serial ID
       <serial-id-cert>.pem
@@ -61,10 +67,10 @@ Sections:
     secret.key # Static key (if not using real PKI)
     serial # The current serial number
     ta.key # Secret for tls-auth, tls-crypt
-  ssl
-    safessl-easyrsa.cnf
-    vars
-  tmp # Temporary folder
+  tmp # Temporary directory
+  openssl-easyrsa.conf
+  safessl-easyrsa.conf
+  vars
 /defaults # Default configuration, which is copied into config on full setup
   ...
 /etc # System config

Dockerfile

@@ -2,7 +2,8 @@
 # Base image
 # @see https://github.com/SloCompTech/docker-baseimage
 #
-FROM slocomptech/baseimage:alpine
+ARG FROM_SUFFIX
+FROM slocomptech/bi-python:3.8.0${FROM_SUFFIX}
 
 # Build arguments
 ARG BUILD_DATE
@@ -13,57 +14,46 @@ ARG VERSION
 # 
 # Image labels
 # @see https://github.com/opencontainers/image-spec/blob/master/annotations.md
-# @see http://label-schema.org/rc1/
 # @see https://semver.org/
 #
 LABEL org.opencontainers.image.title="OpenVPN Server" \
-      org.label-schema.name="OpenVPN Server" \
       org.opencontainers.image.description="Docker image with OpenVPN server" \
-      org.label-schema.description="Docker image with OpenVPN server" \
       org.opencontainers.image.url="https://github.com/SloCompTech/docker-openvpn" \
-      org.label-schema.url="https://github.com/SloCompTech/docker-openvpn" \
       org.opencontainers.image.authors="Martin Dagarin <[email protected]>" \
       org.opencontainers.image.version=$VERSION \
-      org.label-schema.version=$VERSION \
       org.opencontainers.image.revision=$VCS_REF \
-      org.label-schema.vcs-ref=$VCS_REF \
       org.opencontainers.image.source=$VCS_SRC \
-      org.label-schema.vcs-url=$VCS_SRC \
-      org.opencontainers.image.created=$BUILD_DATE \
-      org.label-schema.build-date=$BUILD_DATE \
-      org.label-schema.schema-version="1.0"
-
+      org.opencontainers.image.created=$BUILD_DATE
 
 #
 # Environment variables
 # @see https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Advanced.md
 #
-ENV EASYRSA=/usr/share/easy-rsa \
+ENV BACKUP_DIR=/config/backup \
+    EASYRSA=/usr/share/easy-rsa \
+    EASYRSA_EXT_DIR=/config/x509-types \
     EASYRSA_PKI=/config/pki \
-    EASYRSA_VARS_FILE=/config/ssl/vars \
-    #EASYRSA_SSL_CONF=/config/ssl/openssl-easyrsa.cnf \
-    EASYRSA_SAFE_CONF=/config/ssl/safessl-easyrsa.cnf \
-    EASYRSA_TEMP_FILE=/config/tmp/temp \
-    TUNNEL_INTERFACE="tun0"
+    EASYRSA_SSL_CONF=/config/openssl-easyrsa.cnf \
+    EASYRSA_SAFE_CONF=/config/safessl-easyrsa.cnf \
+    EASYRSA_VARS_FILE=/config/vars \
+    OPENVPN_DIR=/config/openvpn
 
 # Install packages
 RUN apk add --no-cache \
-    # Core packages
-    bash \
-    easy-rsa \
-    iptables \
-    ip6tables \
-    openvpn \
-    python3 \
-    sudo && \
+      # Core packages
+      bash \
+      gettext \
+      easy-rsa \
+      iptables \
+      ip6tables \
+      nano \
+      openvpn \
+      openvpn-doc \
+      sudo && \
     # Link easy-rsa in bin directory
     ln -s ${EASYRSA}/easyrsa /usr/local/bin && \
-    # Link python3 also as python
-    ln -s /usr/bin/pip3 /usr/bin/pip && \
-    ln -s /usr/bin/python3 /usr/bin/python && \
-    # Remove any temporary files created by apk
     rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/* && \
-    # Add permission for network management to user abc
+    # Add permission for network management to container user
     echo "${CONTAINER_USER} ALL=(ALL) NOPASSWD: \
       /sbin/ip, \
       /sbin/ip6tables, \
@@ -83,7 +73,11 @@ RUN apk add --no-cache \
       /sbin/iptables-save, \
       /sbin/iptables-translate, \
       /sbin/route" \
-      >> /etc/sudoers.d/${CONTAINER_USER}
+      >> /etc/sudoers.d/${CONTAINER_USER} && \
+    # Default configuration
+    cp $EASYRSA/vars.example /defaults/vars && \
+    cp $EASYRSA/openssl-easyrsa.cnf /defaults && \
+    cp -r $EASYRSA/x509-types /defaults
 
 # Add repo files to image
 COPY root/ /