|
| 1 | +# |
| 2 | +# Base image |
| 3 | +# @see https://github.com/SloCompTech/docker-baseimage |
| 4 | +# |
| 5 | +FROM slocomptech/baseimage:alpine-armhf |
| 6 | + |
| 7 | +# Build arguments |
| 8 | +ARG BUILD_DATE |
| 9 | +ARG VCS_REF |
| 10 | +ARG VCS_SRC |
| 11 | +ARG VERSION |
| 12 | + |
| 13 | +# |
| 14 | +# Image labels |
| 15 | +# @see https://github.com/opencontainers/image-spec/blob/master/annotations.md |
| 16 | +# @see http://label-schema.org/rc1/ |
| 17 | +# @see https://semver.org/ |
| 18 | +# |
| 19 | +LABEL org.opencontainers.image.title="OpenVPN Server" \ |
| 20 | + org.label-schema.name="OpenVPN Server" \ |
| 21 | + org.opencontainers.image.description="Docker image with OpenVPN server" \ |
| 22 | + org.label-schema.description="Docker image with OpenVPN server" \ |
| 23 | + org.opencontainers.image.url="https://github.com/SloCompTech/docker-openvpn" \ |
| 24 | + org.label-schema.url="https://github.com/SloCompTech/docker-openvpn" \ |
| 25 | + org.opencontainers.image.authors="Martin Dagarin < [email protected]>" \ |
| 26 | + org.opencontainers.image.version=$VERSION \ |
| 27 | + org.label-schema.version=$VERSION \ |
| 28 | + org.opencontainers.image.revision=$VCS_REF \ |
| 29 | + org.label-schema.vcs-ref=$VCS_REF \ |
| 30 | + org.opencontainers.image.source=$VCS_SRC \ |
| 31 | + org.label-schema.vcs-url=$VCS_SRC \ |
| 32 | + org.opencontainers.image.created=$BUILD_DATE \ |
| 33 | + org.label-schema.build-date=$BUILD_DATE \ |
| 34 | + org.label-schema.schema-version="1.0" |
| 35 | + |
| 36 | + |
| 37 | +# |
| 38 | +# Environment variables |
| 39 | +# @see https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Advanced.md |
| 40 | +# |
| 41 | +ENV EASYRSA=/usr/share/easy-rsa \ |
| 42 | + EASYRSA_PKI=/config/pki \ |
| 43 | + EASYRSA_VARS_FILE=/config/ssl/vars \ |
| 44 | + #EASYRSA_SSL_CONF=/config/ssl/openssl-easyrsa.cnf \ |
| 45 | + EASYRSA_SAFE_CONF=/config/ssl/safessl-easyrsa.cnf \ |
| 46 | + EASYRSA_TEMP_FILE=/config/tmp/temp |
| 47 | + |
| 48 | +# Install packages |
| 49 | +RUN apk add --no-cache \ |
| 50 | + # Core packages |
| 51 | + bash \ |
| 52 | + easy-rsa \ |
| 53 | + iptables \ |
| 54 | + ip6tables \ |
| 55 | + openvpn \ |
| 56 | + python3 \ |
| 57 | + sudo && \ |
| 58 | + # Link easy-rsa in bin directory |
| 59 | + ln -s ${EASYRSA}/easyrsa /usr/local/bin && \ |
| 60 | + # Link python3 also as python |
| 61 | + ln -s /usr/bin/pip3 /usr/bin/pip && \ |
| 62 | + ln -s /usr/bin/python3 /usr/bin/python && \ |
| 63 | + # Remove any temporary files created by apk |
| 64 | + rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/* && \ |
| 65 | + # Add permission for network management to user abc |
| 66 | + echo "${CONTAINER_USER} ALL=(ALL) NOPASSWD: \ |
| 67 | + /sbin/ip, \ |
| 68 | + /sbin/ip6tables, \ |
| 69 | + /sbin/ip6tables-compat, \ |
| 70 | + /sbin/ip6tables-compat-restore, \ |
| 71 | + /sbin/ip6tables-compat-save, \ |
| 72 | + /sbin/ip6tables-restore, \ |
| 73 | + /sbin/ip6tables-restore-translate, \ |
| 74 | + /sbin/ip6tables-save, \ |
| 75 | + /sbin/ip6tables-translate, \ |
| 76 | + /sbin/iptables, \ |
| 77 | + /sbin/iptables-compat, \ |
| 78 | + /sbin/iptables-compat-restore, \ |
| 79 | + /sbin/iptables-compat-save, \ |
| 80 | + /sbin/iptables-restore, \ |
| 81 | + /sbin/iptables-restore-translate, \ |
| 82 | + /sbin/iptables-save, \ |
| 83 | + /sbin/iptables-translate, \ |
| 84 | + /sbin/route" \ |
| 85 | + >> /etc/sudoers.d/${CONTAINER_USER} |
| 86 | + |
| 87 | +# Add repo files to image |
| 88 | +COPY root/ / |
0 commit comments