Merge pull request #10 from SloCompTech/develop

- Fixed bug in `ovpn` util.
- Moved `tmp-dir` to server related config.
- Fixed bug in dockumentation (GUID -> PGID).
- Added `SKIP_APP` parameter (to skip app startup).
- Added `NO_CHOWN` parameter (don't fix config files permissions).

Author: SloCompTech

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+### 2.0.6 - Fixed bugs, added additonal parameters
+
+- Fixed bug in `ovpn` util.
+- Moved `tmp-dir` to server related config.
+- Fixed bug in dockumentation (GUID -> PGID).
+- Added `SKIP_APP` parameter (to skip app startup).
+- Added `NO_CHOWN` parameter (don't fix config files permissions).
+
 ### 2.0.3 - Improved IPv6 support & finalized client mode support
 
 - Added some IPv6 settings to examples

README.md

@@ -24,7 +24,7 @@ docker run \
   --name=ovpn \
   --cap-add NET_ADMIN \
   -e PUID=1000 \
-  -e GUID=1000 \
+  -e PGID=1000 \
   -p 1194:1194/udp \
   -v </path/o/config>:/config \
   --restart=unless-stopped \
@@ -49,7 +49,7 @@ services:
       - ./data:/config
     environment:
       - PUID=1000
-      - PGUID=1000
+      - PGID=1000
     restart: on-failure
     # If you want to build from source add build:
     build:
@@ -68,9 +68,11 @@ services:
 |:-----------:|:----------:|
 |`-e FAIL_MODE=hard`|Restart whole container on error|
 |`-e MODE=client`|Set docker mode (valid values: *empty*,server,client; default: server), set to client in case you use container as client|
+|`-e NO_CHOWN=true`|Disable permission fixing.|
 |`-e PUID=1000`|for UserID - see below for explanation|
 |`-e PGID=1000`|for GroupID - see below for explanation|
 |`-e PERSISTENT_INTERFACE=true`|Enable persistent TUN interface|
+|`-e SKIP_APP=true`|Skip app startup|
 |`-e TUNNEL_INTERFACE="tun0"`|Tunnel interface name (default: tun0)|
 |`-e USE_FIREWALL=false`|Disable any firewall related rules to be created, modified ... (must be implemented in example)|
 |`-v /config`|All the config files including OpenVPNs reside here|

root/defaults/openvpn/system-server.conf

@@ -13,6 +13,9 @@ client-disconnect "/usr/local/bin/run_hooks client-disconnect"
 learn-address "/usr/local/bin/run_hooks learn-address"
 tls-verify "/usr/local/bin/run_hooks tls-verify"
 
+# Temporary dir
+tmp-dir /config/tmp
+
 # Client config directory
 client-config-dir /config/openvpn/ccd
 

root/defaults/openvpn/system.conf

@@ -20,9 +20,6 @@ up "/usr/local/bin/run_hooks up"
 down-pre
 down "/usr/local/bin/run_hooks down"
 
-# Temporary dir
-tmp-dir /config/tmp
-
 # Logging
 verb 1
 mute 100

root/etc/cont-init.d/50-setup.sh

@@ -7,7 +7,7 @@
 # Setup backup
 if [ ! -e "/config/backup" ]; then
 	mkdir /config/backup
-  chown abc:abc /config/backup
+  [ -n "$NO_CHOWN" ] || chown abc:abc /config/backup
 fi
 
 #
@@ -17,7 +17,7 @@ fi
 if [ ! -d "/config/openvpn" ]; then
   echo "Creating /config/openvpn"
   mkdir -p /config/openvpn
-  chown abc:abc /config/openvpn
+  [ -n "$NO_CHOWN" ] || chown abc:abc /config/openvpn
 fi
 
 # Check directories inside openvpn directory
@@ -27,7 +27,7 @@ do
 	if [ ! -d "/config/openvpn/$h" ]; then
 		echo "Creating /config/openvpn/$h"
 		mkdir /config/openvpn/$h
-    chown abc:abc /config/openvpn/$h
+    [ -n "$NO_CHOWN" ] || chown abc:abc /config/openvpn/$h
 	fi
 done
 
@@ -49,7 +49,7 @@ for h in "${HOOKS_DIR[@]}"; do
 	if [ ! -d "/config/openvpn/hooks/$h" ]; then
 		echo "Creating /config/openvpn/hooks/$h"
 		mkdir /config/openvpn/hooks/$h
-    chown abc:abc /config/openvpn/hooks/$h
+    [ -n "$NO_CHOWN" ] || chown abc:abc /config/openvpn/hooks/$h
 	fi
 done
 
@@ -67,17 +67,17 @@ fi
 if [ ! -d "/config/ssl" ]; then
 	echo "Setting up /config/ssl"
 	mkdir -p /config/ssl
-  chown abc:abc /config/ssl
+  [ -n "$NO_CHOWN" ] || chown abc:abc /config/ssl
 fi
 
 if [ ! -e "$EASYRSA_VARS_FILE" ]; then
   #cp -R -u $EASYRSA/openssl-easyrsa.cnf $EASYRSA_SSL_CONF
 	cp -R -u $EASYRSA/vars.example $EASYRSA_VARS_FILE
-  chown abc:abc $EASYRSA_VARS_FILE
+  [ -n "$NO_CHOWN" ] || chown abc:abc $EASYRSA_VARS_FILE
 fi
 
 # Setup tmp
 if [ ! -e "/config/tmp" ]; then
 	mkdir /config/tmp
-  chown abc:abc /config/tmp
+  [ -n "$NO_CHOWN" ] || chown abc:abc /config/tmp
 fi

root/etc/cont-init.d/70-config.sh

@@ -41,4 +41,4 @@ do
 done
 echo "" >> $DYNAMIC_FILE
 
-chown $CONTAINER_USER:$CONTAINER_USER $DYNAMIC_FILE
+[ -n "$NO_CHOWN" ] || chown $CONTAINER_USER:$CONTAINER_USER $DYNAMIC_FILE

root/etc/services.d/openvpn/run

@@ -1,5 +1,9 @@
 #!/usr/bin/with-contenv bash
 
+if [ -n "$SKIP_APP" ]; then
+	exit 0
+fi
+
 if [ ! -d "/config/openvpn" ] || [ ! -f "/config/openvpn/system.conf" ]; then
   echo "System configuration is missing"
   if [ "$FAIL_MODE" != "hard" ]; then
@@ -28,4 +32,4 @@ else
     done
   fi
   exit 1
-fi
+fi

root/usr/local/bin/ovpn

@@ -33,9 +33,9 @@ elif [ "$cmd" == "enconf" ]; then
   ovpn_enconf ${@:2}
 elif [ "$cmd" == "pki" ]; then
   ovpn_pki ${@:2}
-elif [ "$cmd" == "restore"]; then
+elif [ "$cmd" == "restore" ]; then
   ovpn_restore ${@:2}
 else
   usage
   exit 1
-fi
+fi

root/usr/local/bin/ovpn_backup

@@ -11,5 +11,5 @@ ARCHIVE_NAME="/config/backup/ovpn_backup_$(date +%Y%m%d%H%M%S).tar.gz"
 
 cd /config && tar cfvz $ARCHIVE_NAME ${BACKUP_DIRS[@]}
 if [ "$USER" != "abc" ]; then
-  chown abc:abc $ARCHIVE_NAME # Fix backup archive permissions
+  [ -n "$NO_CHOWN" ] || chown abc:abc $ARCHIVE_NAME # Fix backup archive permissions
 fi

root/usr/local/bin/ovpn_client

@@ -93,7 +93,7 @@ function build_ovpn() {
     echo "</secret>" >> $OVPN_FILE
   fi
 
-  chown abc:abc $OVPN_FILE
+  [ -n "$NO_CHOWN" ] || chown abc:abc $OVPN_FILE
 
   if [ $# -gt 1 ] && [ "$2" == "print" ]; then
     cat $OVPN_FILE