bea/docker-deluge-openvpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix openvpn problems, remove tinyproxy, move dockerfile to ubuntu 18.04 as alpine crashes

Browse Source
This commit is contained in:
Eldwan Brianne
2021-02-15 18:44:10 +01:00
parent 88d05f44e0
commit b71fa6764c
10 changed files with 85 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
.vscode .vscode
docker-compose.yml

47
Dockerfile
View File

@@ -1,14 +1,24 @@
FROM alpine:edge FROM ubuntu:18.04
RUN echo "@edgecommunity http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ ARG DEBIAN_FRONTEND="noninteractive"
&& echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& apk update \ RUN set -ex; \
&& apk add --upgrade apk-tools \ apt-get update && \
&& apk add bash dumb-init openvpn shadow curl jq tzdata openrc tinyproxy tinyproxy-openrc openssh unrar deluge@testing ufw@edgecommunity \ apt-get -y install gnupg apt-utils && \
&& rm -rf /tmp/* /var/tmp/* \ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C5E6A5ED249AD24C && \
&& groupadd -g 911 abc \ echo "deb http://ppa.launchpad.net/deluge-team/stable/ubuntu bionic main" >> \
&& useradd -u 911 -g 911 -s /bin/false -m abc \ /etc/apt/sources.list.d/deluge.list && \
&& usermod -G users abc echo "deb-src http://ppa.launchpad.net/deluge-team/stable/ubuntu bionic main" >> \
/etc/apt/sources.list.d/deluge.list && \
echo "**** install packages ****" && \
apt-get update && \
apt-get -y install dumb-init iputils-ping dnsutils bash jq net-tools openvpn curl ufw deluged deluge-console deluge-web python3-future python3-requests p7zip-full unrar unzip && \
echo "Cleanup"; \
rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/* && \
echo "Adding user"; \
groupadd -g 911 abc && \
useradd -u 911 -g 911 -s /bin/false -m abc && \
usermod -G users abc
# Add configuration and scripts # Add configuration and scripts
COPY root/ / COPY root/ /
@@ -23,10 +33,6 @@ ENV OPENVPN_USERNAME=**None** \
PUID= \ PUID= \
PGID= \ PGID= \
DROP_DEFAULT_ROUTE= \ DROP_DEFAULT_ROUTE= \
WEBPROXY_ENABLED=false \
WEBPROXY_PORT=8888 \
WEBPROXY_USERNAME= \
WEBPROXY_PASSWORD= \
HEALTH_CHECK_HOST=google.com \ HEALTH_CHECK_HOST=google.com \
LANG='en_US.UTF-8' \ LANG='en_US.UTF-8' \
LANGUAGE='en_US.UTF-8' \ LANGUAGE='en_US.UTF-8' \
@@ -35,20 +41,9 @@ ENV OPENVPN_USERNAME=**None** \
HEALTHCHECK --interval=1m CMD /etc/scripts/healthcheck.sh HEALTHCHECK --interval=1m CMD /etc/scripts/healthcheck.sh
# Compatability with https://hub.docker.com/r/willfarrell/autoheal/
LABEL autoheal=true
VOLUME /downloads VOLUME /downloads
VOLUME /config VOLUME /config
# Expose web ui port EXPOSE 8112 58846 58946 58946/udp
EXPOSE 8112
# expose port for deluge daemon
EXPOSE 58846
# expose port for incoming torrent data (tcp and udp)
EXPOSE 58946
EXPOSE 58946/udp
CMD ["dumb-init", "/etc/openvpn/start.sh"] CMD ["dumb-init", "/etc/openvpn/start.sh"]

13
root/etc/deluge/start.sh
View File

@@ -49,14 +49,15 @@ if [[ "${ENABLE_UFW,,}" == "true" ]] || [[ -n "${LOCAL_NETWORK-}" ]]; then
eval $(/sbin/ip r l | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') eval $(/sbin/ip r l | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')
## IF we use UFW_ALLOW_GW_NET along with ENABLE_UFW we need to know what our netmask CIDR is ## IF we use UFW_ALLOW_GW_NET along with ENABLE_UFW we need to know what our netmask CIDR is
if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
eval $(ip r l dev ${INT} | awk '{if($5=="link"){print "GW_CIDR="$1; exit}}') eval $(ip r l dev ${INT} | awk '{if($3=="link"){print "GW_CIDR="$1; exit}}')
fi fi
fi fi
if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then echo "Got local network ${GW} and CIDR ${GW_CIDR} on interface ${INT}"
log "Allow in and out from ${GW_CIDR}"
ufw allow in from ${GW_CIDR} if [[ "${ENABLE_UFW,,}" == "true" && "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
ufw allow out from ${GW_CIDR} log "Allow from ${GW_CIDR}"
ufw allow from ${GW_CIDR}
fi fi
if [[ -n "${LOCAL_NETWORK-}" ]]; then if [[ -n "${LOCAL_NETWORK-}" ]]; then
@@ -68,6 +69,8 @@ if [[ -n "${LOCAL_NETWORK-}" ]]; then
fi fi
fi fi
ufw status
log "Starting Deluge" log "Starting Deluge"
exec su --preserve-environment abc -s /bin/bash -c "/usr/bin/deluged -d -c /config -L info -l /config/deluged.log" & exec su --preserve-environment abc -s /bin/bash -c "/usr/bin/deluged -d -c /config -L info -l /config/deluged.log" &

4
root/etc/openvpn/persistEnvironment.py
View File

@@ -28,9 +28,7 @@ wanted_variables = {
variables_to_persist = {} variables_to_persist = {}
for env_var in os.environ: for env_var in os.environ:
if env_var.startswith('WEBPROXY_'): if env_var in wanted_variables:
variables_to_persist[env_var] = os.environ.get(env_var)
elif env_var in wanted_variables:
variables_to_persist[env_var] = os.environ.get(env_var) variables_to_persist[env_var] = os.environ.get(env_var)

7
root/etc/openvpn/start.sh
View File

@@ -106,7 +106,7 @@ fi
if [[ "${CREATE_TUN_DEVICE,,}" == "true" ]]; then if [[ "${CREATE_TUN_DEVICE,,}" == "true" ]]; then
mkdir -p /dev/net mkdir -p /dev/net
mknod /dev/net/tun c 10 200 mknod /dev/net/tun c 10 200
chmod 0666 /dev/net/tun chmod 600 /dev/net/tun
fi fi
## ##
@@ -118,7 +118,10 @@ fi
VPN_PROVIDER="${OPENVPN_PROVIDER:-custom}" VPN_PROVIDER="${OPENVPN_PROVIDER:-custom}"
VPN_PROVIDER="${VPN_PROVIDER,,}" # to lowercase VPN_PROVIDER="${VPN_PROVIDER,,}" # to lowercase
VPN_PROVIDER_HOME="/etc/openvpn/${VPN_PROVIDER}" VPN_PROVIDER_HOME="/etc/openvpn/${VPN_PROVIDER}"
mkdir -p "$VPN_PROVIDER_HOME" if [[ ! -d $VPN_PROVIDER_HOME ]]; then
echo "Creating $VPN_PROVIDER_HOME"
mkdir -p "$VPN_PROVIDER_HOME"
fi
# Make sure that we have enough information to start OpenVPN # Make sure that we have enough information to start OpenVPN
if [[ -z $OPENVPN_CONFIG_URL ]] && [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then if [[ -z $OPENVPN_CONFIG_URL ]] && [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then

1
root/etc/openvpn/tunnelDown.sh
View File

@@ -1,4 +1,3 @@
#!/bin/bash #!/bin/bash
/etc/deluge/stop.sh /etc/deluge/stop.sh
[[ ! -f /opt/tinyproxy/stop.sh ]] || /opt/tinyproxy/stop.sh

42
root/etc/openvpn/tunnelUp.sh
View File

@@ -1,4 +1,44 @@
#!/bin/bash #!/bin/bash
if [ "${PEER_DNS}" != "no" ]; then
NS=
DOMAIN=
SEARCH=
i=1
while true ; do
eval opt=\$foreign_option_${i}
[ -z "${opt}" ] && break
if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then
if [ -z "${DOMAIN}" ] ; then
DOMAIN="${opt#dhcp-option DOMAIN *}"
else
SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}"
fi
elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then
NS="${NS}nameserver ${opt#dhcp-option DNS *}\n"
fi
i=$((${i} + 1))
done
if [ -n "${NS}" ] ; then
DNS="# Generated by openvpn for interface ${dev}\n"
if [ -n "${SEARCH}" ] ; then
DNS="${DNS}search ${DOMAIN} ${SEARCH}\n"
elif [ -n "${DOMAIN}" ]; then
DNS="${DNS}domain ${DOMAIN}\n"
fi
DNS="${DNS}${NS}"
if [ -x /sbin/resolvconf ] ; then
printf "${DNS}" | /sbin/resolvconf -a "${dev}"
else
# Preserve the existing resolv.conf
if [ -e /etc/resolv.conf ] ; then
cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
fi
printf "${DNS}" > /etc/resolv.conf
chmod 644 /etc/resolv.conf
fi
fi
fi
/etc/deluge/start.sh "$@" /etc/deluge/start.sh "$@"
[[ ! -f /opt/tinyproxy/start.sh ]] || /opt/tinyproxy/start.sh

75
root/etc/tinyproxy/start.sh
View File

@@ -1,75 +0,0 @@
#!/bin/bash
find_proxy_conf()
{
if [[ -f /etc/tinyproxy.conf ]]; then
PROXY_CONF='/etc/tinyproxy.conf'
elif [[ -f /etc/tinyproxy/tinyproxy.conf ]]; then
PROXY_CONF='/etc/tinyproxy/tinyproxy.conf'
else
echo "ERROR: Could not find tinyproxy config file. Exiting..."
exit 1
fi
}
set_port()
{
expr $1 + 0 1>/dev/null 2>&1
status=$?
if test ${status} -gt 1
then
echo "Port [$1]: Not a number" >&2; exit 1
fi
# Port: Specify the port which tinyproxy will listen on. Please note
# that should you choose to run on a port lower than 1024 you will need
# to start tinyproxy using root.
if test $1 -lt 1024
then
echo "tinyproxy: $1 is lower than 1024. Ports below 1024 are not permitted.";
exit 1
fi
echo "Setting tinyproxy port to $1";
sed -i -e"s,^Port .*,Port $1," $2
}
set_authentication()
{
echo "Setting tinyproxy basic auth";
echo "BasicAuth $1 $2" >> $3
}
if [[ "${WEBPROXY_ENABLED}" = "true" ]]; then
echo "STARTING TINYPROXY"
find_proxy_conf
echo "Found config file $PROXY_CONF, updating settings."
set_port ${WEBPROXY_PORT} ${PROXY_CONF}
if [[ ! -z "${WEBPROXY_USERNAME}" ]] && [[ ! -z "${WEBPROXY_PASSWORD}" ]]; then
set_authentication ${WEBPROXY_USERNAME} ${WEBPROXY_PASSWORD} ${PROXY_CONF}
fi
# Allow all clients
sed -i -e"s/^Allow /#Allow /" ${PROXY_CONF}
# Disable Via Header for privacy (leaks that you're using a proxy)
sed -i -e "s/#DisableViaHeader/DisableViaHeader/" ${PROXY_CONF}
# Lower log level for privacy (writes dns names by default)
sed -i -e "s/LogLevel Info/LogLevel Critical/" ${PROXY_CONF}
if command -v tinyproxy &> /dev/null; then
echo "tinyproxy is on the PATH, run it"
tinyproxy -c ${PROXY_CONF}
else
/etc/init.d/tinyproxy start
fi
echo "Tinyproxy startup script complete."
fi

7
root/etc/tinyproxy/stop.sh
View File

@@ -1,7 +0,0 @@
#!/bin/bash
if [[ "${WEBPROXY_ENABLED}" = "true" ]]; then
/etc/init.d/tinyproxy stop
fi

7
root/etc/ufw/enable.sh
View File

@@ -19,8 +19,11 @@ sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw
log "Deny all outgoing traffic" log "Deny all outgoing traffic"
ufw default deny outgoing ufw default deny outgoing
# Block all incoming # Block all incoming
log "Deny all incoming traffic" # log "Deny all incoming traffic"
ufw default deny incoming # ufw default deny incoming
# Allow all incoming
log "Allow all incoming traffic"
ufw default allow incoming
# Allow LOCAL_NETWORK # Allow LOCAL_NETWORK
if [[ -n "${LOCAL_NETWORK-}" ]]; then if [[ -n "${LOCAL_NETWORK-}" ]]; then