From 99c4b0dc77e66d016a59effe913ed881762f4dc8 Mon Sep 17 00:00:00 2001 From: Tomohisa Kusano Date: Mon, 20 Aug 2018 17:11:32 -0700 Subject: [PATCH] 9668 (#57) * Create CONTRIBUTORS.txt * Update Dockerfile * Update Dockerfile.alpine * Update Dockerfile.debian * Rename CONTRIBUTORS.txt to CONTRIBUTORS * Update Dockerfile * Update Dockerfile.alpine * Update Dockerfile.debian * CHORE(centos): 4.27-9668-beta * CHORE(alpine): 4.27-9668-beta * CHORE(debian): 4.27-9668-beta * FIX(debian): add libssl to runtime * FEAT(ubuntu): ubuntu:18.04 based * TEST(ubuntu): expand travis ci to :ubuntu * DOCS(all): Configurations section closes #56 * DOCS(all): fix table --- .travis.yml | 17 +++++++++--- CONTRIBUTORS | 5 ++++ Dockerfile | 6 ++--- Dockerfile.alpine | 6 ++--- Dockerfile.debian | 19 ++++++------- Dockerfile.ubuntu | 69 +++++++++++++++++++++++++++++++++++++++++++++++ README.md | 23 ++++++++++++---- 7 files changed, 120 insertions(+), 25 deletions(-) create mode 100644 CONTRIBUTORS create mode 100644 Dockerfile.ubuntu diff --git a/.travis.yml b/.travis.yml index cc2cc39f..cc60d58c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,14 +5,16 @@ jobs: include: - stage: Docker Build script: - - docker build . + - docker build -f Dockerfile . - script: - docker build -f Dockerfile.alpine . - script: - docker build -f Dockerfile.debian . + - script: + - docker build -f Dockerfile.ubuntu . - stage: Test script: - - docker build -t softethervpn . + - docker build -t softethervpn -f Dockerfile . - docker run softethervpn echo "[Travis CI OK]" - script: - docker build -t softethervpn-alpine -f Dockerfile.alpine . @@ -21,7 +23,10 @@ jobs: - docker build -t softethervpn-debian -f Dockerfile.debian . - docker run softethervpn-debian echo "[Travis CI OK]" - script: - - docker build -t softethervpn . + - docker build -t softethervpn-ubuntu -f Dockerfile.ubuntu . + - docker run softethervpn-ubuntu echo "[Travis CI OK]" + - script: + - docker build -t softethervpn -f Dockerfile . - docker network create --subnet 172.18.0.0/16 test-ipsec - docker run -d --cap-add NET_ADMIN -e USERNAME=test -e PASSWORD=test --network test-ipsec --ip 172.18.0.3 softethervpn - sudo bash tests/prepare-ipsec.sh @@ -38,3 +43,9 @@ jobs: - docker run -d --cap-add NET_ADMIN -e USERNAME=test -e PASSWORD=test --network test-ipsec --ip 172.18.0.3 softethervpn-debian - sudo bash tests/prepare-ipsec.sh - sudo bash tests/test-ipsec.sh + - script: + - docker build -t softethervpn-ubuntu -f Dockerfile.ubuntu . + - docker network create --subnet 172.18.0.0/16 test-ipsec + - docker run -d --cap-add NET_ADMIN -e USERNAME=test -e PASSWORD=test --network test-ipsec --ip 172.18.0.3 softethervpn-ubuntu + - sudo bash tests/prepare-ipsec.sh + - sudo bash tests/test-ipsec.sh diff --git a/CONTRIBUTORS b/CONTRIBUTORS new file mode 100644 index 00000000..11f9ed77 --- /dev/null +++ b/CONTRIBUTORS @@ -0,0 +1,5 @@ +Ian Neubert +Ky-Anh Huynh +Max Kuchin +maltalex +Dmitri Gopkalo diff --git a/Dockerfile b/Dockerfile index ccc9acc3..f84d35d5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ FROM alpine:3.7 as prep LABEL maintainer="Tomohisa Kusano " \ - contributors="Ian Neubert ; Ky-Anh Huynh ; Max Kuchin ; maltalex " + contributors="See CONTRIBUTORS file " -ENV BUILD_VERSION=4.25-9656-rtm \ - SHA256_SUM=c5a1791d69dc6d1c53fb574a3ce709707338520be797acbeac0a631c96c68330 +ENV BUILD_VERSION=4.27-9668-beta \ + SHA256_SUM=85cf84202e09b9efb1948929e99a08041152d7cb812a5761db200b7cd560e573 RUN wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/archive/v${BUILD_VERSION}.tar.gz \ && echo "${SHA256_SUM} v${BUILD_VERSION}.tar.gz" | sha256sum -c \ diff --git a/Dockerfile.alpine b/Dockerfile.alpine index e242d133..3aed78b3 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,10 +1,10 @@ FROM alpine:3.7 as prep LABEL maintainer="Tomohisa Kusano " \ - contributors="Ian Neubert ; Ky-Anh Huynh ; Max Kuchin ; maltalex " + contributors="See CONTRIBUTORS file " -ENV BUILD_VERSION=4.25-9656-rtm \ - SHA256_SUM=c5a1791d69dc6d1c53fb574a3ce709707338520be797acbeac0a631c96c68330 +ENV BUILD_VERSION=4.27-9668-beta \ + SHA256_SUM=85cf84202e09b9efb1948929e99a08041152d7cb812a5761db200b7cd560e573 RUN wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/archive/v${BUILD_VERSION}.tar.gz \ && echo "${SHA256_SUM} v${BUILD_VERSION}.tar.gz" | sha256sum -c \ diff --git a/Dockerfile.debian b/Dockerfile.debian index 9dded505..c2a41ef0 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -1,10 +1,10 @@ FROM alpine:3.7 as prep LABEL maintainer="Tomohisa Kusano " \ - contributors="Ian Neubert ; Ky-Anh Huynh ; Max Kuchin ; maltalex " + contributors="See CONTRIBUTORS file " -ENV BUILD_VERSION=4.25-9656-rtm \ - SHA256_SUM=c5a1791d69dc6d1c53fb574a3ce709707338520be797acbeac0a631c96c68330 +ENV BUILD_VERSION=4.27-9668-beta \ + SHA256_SUM=85cf84202e09b9efb1948929e99a08041152d7cb812a5761db200b7cd560e573 RUN wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/archive/v${BUILD_VERSION}.tar.gz \ && echo "${SHA256_SUM} v${BUILD_VERSION}.tar.gz" | sha256sum -c \ @@ -23,19 +23,17 @@ RUN apt-get update \ libncurses5-dev \ libreadline7 \ libreadline-dev \ + libssl1.1 \ + libssl-dev \ wget \ zlib1g \ zlib1g-dev \ zip \ - && wget http://http.us.debian.org/debian/pool/main/o/openssl/libssl1.1_1.1.0h-2_amd64.deb \ - && wget http://http.us.debian.org/debian/pool/main/o/openssl/libssl-dev_1.1.0h-2_amd64.deb \ - && dpkg -i /libssl1.1_1.1.0h-2_amd64.deb /libssl-dev_1.1.0h-2_amd64.deb \ - && apt-get install -f \ && cd /usr/local/src/SoftEtherVPN_Stable-* \ && ./configure \ && make \ && make install \ - && zip -r9 /artifacts.zip /usr/vpn* /usr/bin/vpn* /libssl1.1_1.1.0h-2_amd64.deb + && zip -r9 /artifacts.zip /usr/vpn* /usr/bin/vpn* FROM debian:9-slim @@ -47,15 +45,14 @@ RUN apt-get update \ && apt-get install -y --no-install-recommends \ libncurses5 \ libreadline7 \ + libssl1.1 \ iptables \ unzip \ zlib1g \ && unzip -o /artifacts.zip -d / \ - && dpkg -i /libssl1.1_1.1.0h-2_amd64.deb \ - && apt-get install -f \ && rm -rf /var/lib/apt/lists/* \ && chmod +x /entrypoint.sh /gencert.sh \ - && rm /artifacts.zip /libssl1.1_1.1.0h-2_amd64.deb \ + && rm /artifacts.zip \ && rm -rf /opt \ && ln -s /usr/vpnserver /opt \ && find /usr/bin/vpn* -type f ! -name vpnserver \ diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu new file mode 100644 index 00000000..f1d5ef3d --- /dev/null +++ b/Dockerfile.ubuntu @@ -0,0 +1,69 @@ +FROM alpine:3.7 as prep + +LABEL maintainer="Tomohisa Kusano " \ + contributors="See CONTRIBUTORS file " + +ENV BUILD_VERSION=4.27-9668-beta \ + SHA256_SUM=85cf84202e09b9efb1948929e99a08041152d7cb812a5761db200b7cd560e573 + +RUN wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/archive/v${BUILD_VERSION}.tar.gz \ + && echo "${SHA256_SUM} v${BUILD_VERSION}.tar.gz" | sha256sum -c \ + && mkdir -p /usr/local/src \ + && tar -x -C /usr/local/src/ -f v${BUILD_VERSION}.tar.gz \ + && rm v${BUILD_VERSION}.tar.gz + +FROM ubuntu:18.04 as build + +COPY --from=prep /usr/local/src /usr/local/src + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + build-essential \ + libncurses5 \ + libncurses5-dev \ + libreadline7 \ + libreadline-dev \ + libssl1.1 \ + libssl-dev \ + wget \ + zlib1g \ + zlib1g-dev \ + zip \ + && cd /usr/local/src/SoftEtherVPN_Stable-* \ + && ./configure \ + && make \ + && make install \ + && zip -r9 /artifacts.zip /usr/vpn* /usr/bin/vpn* + +FROM ubuntu:18.04 + +COPY --from=build /artifacts.zip / + +COPY copyables / + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + libncurses5 \ + libreadline7 \ + libssl1.1 \ + iptables \ + unzip \ + zlib1g \ + && unzip -o /artifacts.zip -d / \ + && rm -rf /var/lib/apt/lists/* \ + && chmod +x /entrypoint.sh /gencert.sh \ + && rm /artifacts.zip \ + && rm -rf /opt \ + && ln -s /usr/vpnserver /opt \ + && find /usr/bin/vpn* -type f ! -name vpnserver \ + -exec bash -c 'ln -s {} /opt/$(basename {})' \; + +WORKDIR /usr/vpnserver/ + +VOLUME ["/usr/vpnserver/server_log/"] + +ENTRYPOINT ["/entrypoint.sh"] + +EXPOSE 500/udp 4500/udp 1701/tcp 1194/udp 5555/tcp 443/tcp + +CMD ["/usr/bin/vpnserver", "execsvc"] diff --git a/README.md b/README.md index 8b7a0006..661d8f76 100644 --- a/README.md +++ b/README.md @@ -5,11 +5,12 @@ * "Simple" as in no configuration parameter is needed for a single-user SecureNAT setup. ## Image Tags -Base OS Image | Latest Stable ([v4.25-9656-rtm](https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/tree/v4.25-9656-rtm)) -------------- | -- -`centos:7` | **`:latest`**, `:9656`, `:4.25`, `:centos`, `:9656-centos`, `4.25-centos` -`debian:9-slim` | `:debian`, `:9656-debian`, `:4.25-debian` -`alpine:3.7` | `:alpine`, `:9656-alpine`, `:4.25-alpine` +Base OS Image | Latest Stable ([v4.27-9668-beta](https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/tree/v4.27-9668-beta)) | [v4.25-9656-rtm](https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/tree/v4.25-9656-rtm) +------------- | -- | -- +`centos:7` | **`:latest`**, `:centos`, `:9668`, `:4.27`, `:9668-centos`, `:4.27-centos` | `:9656`, `:4.25`, `:9656-centos`, `4.25-centos` +`debian:9-slim` | `:debian`, `:9668-debian`, `:4.27-debian` | `:9656-debian`, `:4.25-debian` +`alpine:3.7` | `:alpine`, `:9668-alpine`, `:4.27-alpine` | `:9656-alpine`, `:4.25-alpine` +`ubuntu:18.04` | `:ubuntu`, `:9668-ubuntu`, `:4.27-ubuntu` | - ## Setup - L2TP/IPSec PSK + OpenVPN @@ -57,6 +58,18 @@ Dots (.) are part of the password. Password will not be logged if specified via If you specify credentials using environment variables (`-e`), they may be revealed via the process list on host (ex. `ps(1)` command) or `docker inspect` command. It is recommended to mount an already-configured SoftEther VPN config file at `/opt/vpn_server.config`, which contains hashed passwords rather than raw ones. The initial setup will be skipped if this file exists at runtime (in entrypoint script). You can obtain this file from a running container using [`docker cp` command](https://docs.docker.com/engine/reference/commandline/cp/). +## Configurations ## + +To make the server configurations persistent beyond the container lifecycle (i.e. to make the config survive a restart), mount a complete config file at `/usr/vpnserver/vpn_server.config`. If this file is mounted the initial setup will be skipped. +To obtain a config file template, `docker run` the initial setup with Server & Hub passwords, then `docker cp` out the config file: + + $ docker run --name vpnconf -e SPW= -e HPW= siomiz/softethervpn echo + $ docker cp vpnconf:/usr/vpnserver/vpn_server.config /path/to/vpn_server.config + $ docker rm vpnconf + $ docker run ... -v /path/to/vpn_server.config:/usr/vpnserver/vpn_server.config siomiz/softethervpn + +Refer to [SoftEther VPN Server Administration manual](https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.3_VPN_Server_Administration) for more information. + ## Server & Hub Management Commands ## Management commands can be executed just before the server & hub admin passwords are set via: