Fix openvpn problems, remove tinyproxy, move dockerfile to ubuntu 18.04 as alpine crashes

.gitignore

@@ -1 +1,2 @@
 .vscode
+docker-compose.yml

Dockerfile

@@ -1,14 +1,24 @@
-FROM alpine:edge
+FROM ubuntu:18.04
 
-RUN echo "@edgecommunity http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
-    && echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
-    && apk update \
-    && apk add --upgrade apk-tools \
-    && apk add bash dumb-init openvpn shadow curl jq tzdata openrc tinyproxy tinyproxy-openrc openssh unrar deluge@testing ufw@edgecommunity \
-    && rm -rf /tmp/* /var/tmp/* \
-    && groupadd -g 911 abc \
-	&& useradd -u 911 -g 911 -s /bin/false -m abc \
-    && usermod -G users abc
+ARG DEBIAN_FRONTEND="noninteractive"
+
+RUN set -ex; \
+    apt-get update && \
+    apt-get -y install gnupg apt-utils && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C5E6A5ED249AD24C && \
+    echo "deb http://ppa.launchpad.net/deluge-team/stable/ubuntu bionic main" >> \
+	/etc/apt/sources.list.d/deluge.list && \
+    echo "deb-src http://ppa.launchpad.net/deluge-team/stable/ubuntu bionic main" >> \
+	/etc/apt/sources.list.d/deluge.list && \
+    echo "**** install packages ****" && \
+    apt-get update && \
+    apt-get -y install dumb-init iputils-ping dnsutils bash jq net-tools openvpn curl ufw deluged deluge-console deluge-web python3-future python3-requests p7zip-full unrar unzip && \
+    echo "Cleanup"; \
+    rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/* && \
+    echo "Adding user"; \
+    groupadd -g 911 abc && \
+	useradd -u 911 -g 911 -s /bin/false -m abc && \
+    usermod -G users abc
 
 # Add configuration and scripts
 COPY root/ /
@@ -23,10 +33,6 @@ ENV OPENVPN_USERNAME=**None** \
     PUID= \
     PGID= \
     DROP_DEFAULT_ROUTE= \
-    WEBPROXY_ENABLED=false \
-    WEBPROXY_PORT=8888 \
-    WEBPROXY_USERNAME= \
-    WEBPROXY_PASSWORD= \
     HEALTH_CHECK_HOST=google.com \
     LANG='en_US.UTF-8' \
     LANGUAGE='en_US.UTF-8' \ 
@@ -35,20 +41,9 @@ ENV OPENVPN_USERNAME=**None** \
 
 HEALTHCHECK --interval=1m CMD /etc/scripts/healthcheck.sh
 
-# Compatability with https://hub.docker.com/r/willfarrell/autoheal/
-LABEL autoheal=true
-
 VOLUME /downloads
 VOLUME /config
 
-# Expose web ui port
-EXPOSE 8112 
-
-# expose port for deluge daemon
-EXPOSE 58846
-
-# expose port for incoming torrent data (tcp and udp)
-EXPOSE 58946 
-EXPOSE 58946/udp
+EXPOSE 8112 58846 58946 58946/udp
 
 CMD ["dumb-init", "/etc/openvpn/start.sh"]

root/etc/deluge/start.sh

@@ -49,14 +49,15 @@ if [[ "${ENABLE_UFW,,}" == "true" ]] || [[ -n "${LOCAL_NETWORK-}" ]]; then
   eval $(/sbin/ip r l | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')
   ## IF we use UFW_ALLOW_GW_NET along with ENABLE_UFW we need to know what our netmask CIDR is
   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
-    eval $(ip r l dev ${INT} | awk '{if($5=="link"){print "GW_CIDR="$1; exit}}')
+    eval $(ip r l dev ${INT} | awk '{if($3=="link"){print "GW_CIDR="$1; exit}}')
   fi
 fi
 
-if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
-  log "Allow in and out from ${GW_CIDR}"
-  ufw allow in from ${GW_CIDR}
-  ufw allow out from ${GW_CIDR}
+echo "Got local network ${GW} and CIDR ${GW_CIDR} on interface ${INT}"
+
+if [[ "${ENABLE_UFW,,}" == "true" && "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
+  log "Allow from ${GW_CIDR}"
+  ufw allow from ${GW_CIDR}
 fi
 
 if [[ -n "${LOCAL_NETWORK-}" ]]; then
@@ -68,6 +69,8 @@ if [[ -n "${LOCAL_NETWORK-}" ]]; then
   fi
 fi
 
+ufw status
+
 log "Starting Deluge"
 exec su --preserve-environment abc -s /bin/bash -c "/usr/bin/deluged -d -c /config -L info -l /config/deluged.log" &
 

root/etc/openvpn/persistEnvironment.py

@@ -28,9 +28,7 @@ wanted_variables = {
 variables_to_persist = {}
 
 for env_var in os.environ:
-    if env_var.startswith('WEBPROXY_'):
-        variables_to_persist[env_var] = os.environ.get(env_var)
-    elif env_var in wanted_variables:
+    if env_var in wanted_variables:
         variables_to_persist[env_var] = os.environ.get(env_var)
 
 

root/etc/openvpn/start.sh

@@ -106,7 +106,7 @@ fi
 if [[ "${CREATE_TUN_DEVICE,,}" == "true" ]]; then
   mkdir -p /dev/net
   mknod /dev/net/tun c 10 200
-  chmod 0666 /dev/net/tun
+  chmod 600 /dev/net/tun
 fi
 
 ##
@@ -118,7 +118,10 @@ fi
 VPN_PROVIDER="${OPENVPN_PROVIDER:-custom}"
 VPN_PROVIDER="${VPN_PROVIDER,,}" # to lowercase
 VPN_PROVIDER_HOME="/etc/openvpn/${VPN_PROVIDER}"
-mkdir -p "$VPN_PROVIDER_HOME"
+if [[ ! -d $VPN_PROVIDER_HOME ]]; then
+  echo "Creating $VPN_PROVIDER_HOME"
+  mkdir -p "$VPN_PROVIDER_HOME"
+fi
 
 # Make sure that we have enough information to start OpenVPN
 if [[ -z $OPENVPN_CONFIG_URL ]] && [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then

root/etc/openvpn/tunnelDown.sh

@@ -1,4 +1,3 @@
 #!/bin/bash
 
 /etc/deluge/stop.sh
-[[ ! -f /opt/tinyproxy/stop.sh ]] || /opt/tinyproxy/stop.sh

root/etc/openvpn/tunnelUp.sh

@@ -1,4 +1,44 @@
 #!/bin/bash
 
+if [ "${PEER_DNS}" != "no" ]; then
+	NS=
+	DOMAIN=
+	SEARCH=
+	i=1
+	while true ; do
+		eval opt=\$foreign_option_${i}
+		[ -z "${opt}" ] && break
+		if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then
+			if [ -z "${DOMAIN}" ] ; then
+				DOMAIN="${opt#dhcp-option DOMAIN *}"
+			else
+				SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}"
+			fi
+		elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then
+			NS="${NS}nameserver ${opt#dhcp-option DNS *}\n"
+		fi
+		i=$((${i} + 1))
+	done
+
+	if [ -n "${NS}" ] ; then
+		DNS="# Generated by openvpn for interface ${dev}\n"
+		if [ -n "${SEARCH}" ] ; then
+			DNS="${DNS}search ${DOMAIN} ${SEARCH}\n"
+		elif [ -n "${DOMAIN}" ]; then
+			DNS="${DNS}domain ${DOMAIN}\n"
+		fi
+		DNS="${DNS}${NS}"
+		if [ -x /sbin/resolvconf ] ; then
+			printf "${DNS}" | /sbin/resolvconf -a "${dev}"
+		else
+			# Preserve the existing resolv.conf
+			if [ -e /etc/resolv.conf ] ; then
+				cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
+			fi
+			printf "${DNS}" > /etc/resolv.conf
+			chmod 644 /etc/resolv.conf
+		fi
+	fi
+fi
+
 /etc/deluge/start.sh "$@"
-[[ ! -f /opt/tinyproxy/start.sh ]] || /opt/tinyproxy/start.sh

root/etc/tinyproxy/start.sh

@@ -1,75 +0,0 @@
-#!/bin/bash
-
-find_proxy_conf()
-{
-    if [[ -f /etc/tinyproxy.conf ]]; then
-      PROXY_CONF='/etc/tinyproxy.conf'
-    elif [[ -f /etc/tinyproxy/tinyproxy.conf ]]; then
-      PROXY_CONF='/etc/tinyproxy/tinyproxy.conf'
-    else
-     echo "ERROR: Could not find tinyproxy config file. Exiting..."
-     exit 1
-    fi
-}
-
-set_port()
-{
-  expr $1 + 0 1>/dev/null 2>&1
-  status=$?
-  if test ${status} -gt 1
-  then
-    echo "Port [$1]: Not a number" >&2; exit 1
-  fi
-
-  # Port: Specify the port which tinyproxy will listen on.  Please note
-  # that should you choose to run on a port lower than 1024 you will need
-  # to start tinyproxy using root.
-
-  if test $1 -lt 1024
-  then
-    echo "tinyproxy: $1 is lower than 1024. Ports below 1024 are not permitted.";
-    exit 1
-  fi
-
-  echo "Setting tinyproxy port to $1";
-  sed -i -e"s,^Port .*,Port $1," $2
-}
-
-set_authentication()
-{
-  echo "Setting tinyproxy basic auth";
-  echo "BasicAuth $1 $2" >> $3
-}
-
-if [[ "${WEBPROXY_ENABLED}" = "true" ]]; then
-
-  echo "STARTING TINYPROXY"
-
-  find_proxy_conf
-  echo "Found config file $PROXY_CONF, updating settings."
-
-  set_port ${WEBPROXY_PORT} ${PROXY_CONF}
-
-  if [[ ! -z "${WEBPROXY_USERNAME}" ]] && [[ ! -z "${WEBPROXY_PASSWORD}" ]]; then
-    set_authentication ${WEBPROXY_USERNAME} ${WEBPROXY_PASSWORD} ${PROXY_CONF}
-  fi
-
-  # Allow all clients
-  sed -i -e"s/^Allow /#Allow /" ${PROXY_CONF}
-
-  # Disable Via Header for privacy (leaks that you're using a proxy)
-  sed -i -e "s/#DisableViaHeader/DisableViaHeader/" ${PROXY_CONF}
-
-  # Lower log level for privacy (writes dns names by default)
-  sed -i -e "s/LogLevel Info/LogLevel Critical/" ${PROXY_CONF}
-
-  if command -v tinyproxy &> /dev/null; then
-    echo "tinyproxy is on the PATH, run it"
-    tinyproxy -c ${PROXY_CONF}
-  else
-    /etc/init.d/tinyproxy start
-  fi
-
-  echo "Tinyproxy startup script complete."
-
-fi

root/etc/tinyproxy/stop.sh

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-if [[ "${WEBPROXY_ENABLED}" = "true" ]]; then
-
-  /etc/init.d/tinyproxy stop
-
-fi

root/etc/ufw/enable.sh

@@ -19,8 +19,11 @@ sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw
 log "Deny all outgoing traffic"
 ufw default deny outgoing
 # Block all incoming
-log "Deny all incoming traffic"
-ufw default deny incoming
+# log "Deny all incoming traffic"
+# ufw default deny incoming
+# Allow all incoming
+log "Allow all incoming traffic"
+ufw default allow incoming
 
 # Allow LOCAL_NETWORK
 if [[ -n "${LOCAL_NETWORK-}" ]]; then