Spaces:

Fred808
/

111

Paused

App Files Files Community

111 / Dockerfile

Fred808

Update Dockerfile

64fadec verified 5 months ago

raw

history blame contribute delete

2.11 kB

	FROM buildpack-deps:bullseye

	WORKDIR /app

	# Update package lists and install required packages
	RUN apt-get update && apt-get install -y \
	libgmp-dev \
	iptables \
	xl2tpd \
	kmod \
	supervisor \
	&& rm -rf /var/lib/apt/lists/*

	ENV STRONGSWAN_VERSION 5.5.0
	ENV GPG_KEY 948F158A4E76A27BF3D07532DF42C170B34DBA77

	RUN mkdir -p /usr/src/strongswan \
	&& cd /usr/src \
	&& curl -SOL "https://download.strongswan.org/strongswan-$STRONGSWAN_VERSION.tar.gz.sig" \
	&& curl -SOL "https://download.strongswan.org/strongswan-$STRONGSWAN_VERSION.tar.gz" \
	&& export GNUPGHOME="$(mktemp -d)" \
	&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
	&& gpg --batch --verify strongswan-$STRONGSWAN_VERSION.tar.gz.sig strongswan-$STRONGSWAN_VERSION.tar.gz \
	&& tar -zxf strongswan-$STRONGSWAN_VERSION.tar.gz -C /usr/src/strongswan --strip-components 1 \
	&& cd /usr/src/strongswan \
	&& ./configure --prefix=/usr --sysconfdir=/etc \
	--enable-eap-radius \
	--enable-eap-mschapv2 \
	--enable-eap-identity \
	--enable-eap-md5 \
	--enable-eap-tls \
	--enable-eap-ttls \
	--enable-eap-peap \
	--enable-eap-tnc \
	--enable-eap-dynamic \
	--enable-xauth-eap \
	--enable-openssl \
	&& make -j \
	&& make install \
	&& rm -rf "/usr/src/strongswan*"

	# Strongswan Configuration
	ADD ipsec.conf /etc/ipsec.conf
	ADD strongswan.conf /etc/strongswan.conf

	# XL2TPD Configuration
	ADD xl2tpd.conf /etc/xl2tpd/xl2tpd.conf
	ADD options.xl2tpd /etc/ppp/options.xl2tpd

	# Supervisor config
	ADD supervisord.conf supervisord.conf
	ADD kill_supervisor.py /usr/bin/kill_supervisor.py

	ADD run.sh /run.sh
	ADD vpn_adduser /usr/local/bin/vpn_adduser
	ADD vpn_deluser /usr/local/bin/vpn_deluser
	ADD vpn_setpsk /usr/local/bin/vpn_setpsk
	ADD vpn_unsetpsk /usr/local/bin/vpn_unsetpsk
	ADD vpn_apply /usr/local/bin/vpn_apply

	# The password is later on replaced with a random string
	ENV VPN_USER user
	ENV VPN_PASSWORD password
	ENV VPN_PSK password

	RUN useradd -m -u 1000 user
	USER user
	ENV PATH="/home/user/.local/bin:$PATH"

	RUN chmod -R 777 /app
	VOLUME ["/etc/ipsec.d"]

	EXPOSE 4500/udp 500/udp 1701/udp

	CMD ["/run.sh"]