Commit 369db0e5 authored by Girish Ramakrishnan's avatar Girish Ramakrishnan

Make the script a conf template

parent a0dbbf97
......@@ -21,7 +21,7 @@ ADD package.json package-lock.json /app/code/
ADD src /app/code/src
ADD frontend /app/code/frontend
ADD hooks /app/code/hooks
ADD start.sh server.js openvpn-conf.sh regen-crl.sh /app/code/
ADD start.sh server.js openvpn.conf.template regen-crl.sh /app/code/
# Somehow postinstall is not run automatically when building docker image
RUN npm install --production && npm run postinstall
......
#!/bin/bash
echo "# Server TCP/${VPN_TCP_PORT:?}
# Server TCP
mode server
tls-server
proto tcp
port ${VPN_TCP_PORT:?}
port ##VPN_TCP_PORT
dev tun
dev-node /app/code/net-tun
# Keys and certificates
ca /app/data/keys/ca.crt
cert /app/data/keys/cloudron.crt
......@@ -16,25 +15,29 @@ tls-auth /app/data/keys/ta.key 0
crl-verify /app/data/keys/crl.pem
cipher AES-256-CBC
auth SHA256
# Network
server 10.8.0.0 255.255.255.0
push \"redirect-gateway def1 bypass-dhcp\"
push \"dhcp-option DNS 10.8.0.1\"
push \"dhcp-option DOMAIN ${CLOUDRON_APP_DOMAIN}\"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DOMAIN ##CLOUDRON_APP_DOMAIN"
client-to-client
keepalive 10 120
# Security
user cloudron
group cloudron
persist-key
persist-tun
# Log
verb 3
mute 20
status /run/openvpn-status.log
# Hooks to update server status
script-security 2
client-connect /app/code/hooks/openvpn-on-client-connect.sh
client-disconnect /app/code/hooks/openvpn-on-client-disconnect.sh
learn-address /app/code/hooks/openvpn-on-learn-address.sh
"
......@@ -27,7 +27,9 @@ fi
./regen-crl.sh
# Writing OpenVPN config
./openvpn-conf.sh > /run/openvpn.conf
sed -e "s/##VPN_TCP_PORT/${VPN_TCP_PORT:-}/" \
-e "s/##CLOUDRON_APP_DOMAIN/${CLOUDRON_APP_DOMAIN}/" \
/app/code/openvpn.conf.template > /run/openvpn.conf
# Add iptables rules for NATing VPN traffic
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment