Commit 369db0e5 authored by Girish Ramakrishnan's avatar Girish Ramakrishnan

Make the script a conf template

parent a0dbbf97
...@@ -21,7 +21,7 @@ ADD package.json package-lock.json /app/code/ ...@@ -21,7 +21,7 @@ ADD package.json package-lock.json /app/code/
ADD src /app/code/src ADD src /app/code/src
ADD frontend /app/code/frontend ADD frontend /app/code/frontend
ADD hooks /app/code/hooks ADD hooks /app/code/hooks
ADD start.sh server.js openvpn-conf.sh regen-crl.sh /app/code/ ADD start.sh server.js openvpn.conf.template regen-crl.sh /app/code/
# Somehow postinstall is not run automatically when building docker image # Somehow postinstall is not run automatically when building docker image
RUN npm install --production && npm run postinstall RUN npm install --production && npm run postinstall
......
#!/bin/bash # Server TCP
echo "# Server TCP/${VPN_TCP_PORT:?}
mode server mode server
tls-server tls-server
proto tcp proto tcp
port ${VPN_TCP_PORT:?} port ##VPN_TCP_PORT
dev tun dev tun
dev-node /app/code/net-tun dev-node /app/code/net-tun
# Keys and certificates # Keys and certificates
ca /app/data/keys/ca.crt ca /app/data/keys/ca.crt
cert /app/data/keys/cloudron.crt cert /app/data/keys/cloudron.crt
...@@ -16,25 +15,29 @@ tls-auth /app/data/keys/ta.key 0 ...@@ -16,25 +15,29 @@ tls-auth /app/data/keys/ta.key 0
crl-verify /app/data/keys/crl.pem crl-verify /app/data/keys/crl.pem
cipher AES-256-CBC cipher AES-256-CBC
auth SHA256 auth SHA256
# Network # Network
server 10.8.0.0 255.255.255.0 server 10.8.0.0 255.255.255.0
push \"redirect-gateway def1 bypass-dhcp\" push "redirect-gateway def1 bypass-dhcp"
push \"dhcp-option DNS 10.8.0.1\" push "dhcp-option DNS 10.8.0.1"
push \"dhcp-option DOMAIN ${CLOUDRON_APP_DOMAIN}\" push "dhcp-option DOMAIN ##CLOUDRON_APP_DOMAIN"
client-to-client client-to-client
keepalive 10 120 keepalive 10 120
# Security # Security
user cloudron user cloudron
group cloudron group cloudron
persist-key persist-key
persist-tun persist-tun
# Log # Log
verb 3 verb 3
mute 20 mute 20
status /run/openvpn-status.log status /run/openvpn-status.log
# Hooks to update server status # Hooks to update server status
script-security 2 script-security 2
client-connect /app/code/hooks/openvpn-on-client-connect.sh client-connect /app/code/hooks/openvpn-on-client-connect.sh
client-disconnect /app/code/hooks/openvpn-on-client-disconnect.sh client-disconnect /app/code/hooks/openvpn-on-client-disconnect.sh
learn-address /app/code/hooks/openvpn-on-learn-address.sh learn-address /app/code/hooks/openvpn-on-learn-address.sh
"
...@@ -27,7 +27,9 @@ fi ...@@ -27,7 +27,9 @@ fi
./regen-crl.sh ./regen-crl.sh
# Writing OpenVPN config # Writing OpenVPN config
./openvpn-conf.sh > /run/openvpn.conf sed -e "s/##VPN_TCP_PORT/${VPN_TCP_PORT:-}/" \
-e "s/##CLOUDRON_APP_DOMAIN/${CLOUDRON_APP_DOMAIN}/" \
/app/code/openvpn.conf.template > /run/openvpn.conf
# Add iptables rules for NATing VPN traffic # Add iptables rules for NATing VPN traffic
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment