From ab297c8db919b972a162dd7d1ad44bd3bbd04eb7 Mon Sep 17 00:00:00 2001 From: Kevin Date: Mon, 25 Oct 2021 11:47:08 +0800 Subject: [PATCH 01/10] Create docker-publish.yml --- .github/workflows/docker-publish.yml | 63 ++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..1bb3799 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,63 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + schedule: + - cron: '35 21 * * *' + push: + branches: [ master ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ master ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} From 9a0949e388b5bab50e75c071c96fc4b6f0cdba15 Mon Sep 17 00:00:00 2001 From: cielpy Date: Mon, 25 Oct 2021 22:01:31 +0800 Subject: [PATCH 02/10] add docker-compose --- Dockerfile | 7 ++----- docker-compose.yml | 14 ++++++++++++++ entrypoint.sh | 8 ++++++++ start | 11 ----------- 4 files changed, 24 insertions(+), 16 deletions(-) create mode 100644 docker-compose.yml create mode 100755 entrypoint.sh delete mode 100755 start diff --git a/Dockerfile b/Dockerfile index 05f4d72..36a1f99 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,9 +18,6 @@ RUN true \ && true ADD sockd.conf /etc/ +COPY entrypoint.sh / -ENTRYPOINT [ \ - "openvpn", \ - "--up", "/usr/local/bin/sockd.sh", \ - "--script-security", "2", \ - "--config", "/ovpn.conf"] +ENTRYPOINT ["/entrypoint.sh"] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..bc9e8a6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,14 @@ +version: '3.3' +services: + openvpn-client-socks: + build: . + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun + ports: + - '1081:1080' + env_file: + - .env + volumes: + - ./vpn.ovpn:/vpn/ovpn.conf \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..062a3bb --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,8 @@ +#!/bin/sh +echo $USER > /tmp.txt +echo $PASSWORD >> /tmp.txt +openvpn \ +--config /vpn/ovpn.conf \ +--auth-user-pass /tmp.txt \ +--up /usr/local/bin/sockd.sh \ +--script-security 2 \ No newline at end of file diff --git a/start b/start deleted file mode 100755 index 12bd711..0000000 --- a/start +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -exec docker run \ - --rm \ - --tty \ - --interactive \ - --device=/dev/net/tun \ - --cap-add=NET_ADMIN \ - --publish 127.0.0.1:1081:1080 \ - --volume "$(realpath "$1"):/ovpn.conf:ro" \ - mook/openvpn-client-socks:${TAG:-latest} From b3cb5b9630e2e4c54ac0c906ae85579bf0d8e667 Mon Sep 17 00:00:00 2001 From: cielpy Date: Mon, 25 Oct 2021 22:18:44 +0800 Subject: [PATCH 03/10] update README --- README.md | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ecb23c0..5b683df 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,22 @@ routing). ## Usage -Preferably, using `start` in this repository: -```bash -start client_config.ovpn +Preferably, use docker-compose +```yaml +version: '3.3' +services: + openvpn-client-socks: + build: . + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun + ports: + - '1081:1080' + env_file: + - .env + volumes: + - ./vpn.ovpn:/vpn/ovpn.conf ``` Alternatively, using `docker run` directly: @@ -16,7 +29,9 @@ Alternatively, using `docker run` directly: ```bash docker run -t -i --device=/dev/net/tun --cap-add=NET_ADMIN \ --publish 127.0.0.1:1080:1080 \ - --volume client_config.ovpn:/ovpn.conf:ro \ + --volume client_config.ovpn:/vpn/ovpn.conf:ro \ + -e USER=ahh \ + -e PASSWORD=ahh \ mook/openvpn-client-socks ``` From 26418c93ee3f79f07027b25fe42aea558f0f51ed Mon Sep 17 00:00:00 2001 From: Kevin Date: Tue, 26 Oct 2021 09:51:51 +0800 Subject: [PATCH 04/10] Update docker-compose.yml --- docker-compose.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index bc9e8a6..bfd6f75 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,8 @@ version: '3.3' services: openvpn-client-socks: - build: . + image: ghcr.io/cielpy/docker-openvpn-client-socks:master + restart: always cap_add: - NET_ADMIN devices: @@ -11,4 +12,4 @@ services: env_file: - .env volumes: - - ./vpn.ovpn:/vpn/ovpn.conf \ No newline at end of file + - ./vpn.ovpn:/vpn/ovpn.conf From fad217867e1f663cf39f7eb9f2b050a573c396c0 Mon Sep 17 00:00:00 2001 From: Kevin Date: Tue, 26 Oct 2021 17:44:31 +0800 Subject: [PATCH 05/10] Update entrypoint.sh --- entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 062a3bb..61bc7cb 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -5,4 +5,6 @@ openvpn \ --config /vpn/ovpn.conf \ --auth-user-pass /tmp.txt \ --up /usr/local/bin/sockd.sh \ ---script-security 2 \ No newline at end of file +--connect-retry 2 2 \ +--connect-retry-max 2 \ +--script-security 2 From ea2c3fde275e9df4ab35230c00b7eedc9526eed1 Mon Sep 17 00:00:00 2001 From: cielpy Date: Sun, 27 Feb 2022 21:50:13 +0800 Subject: [PATCH 06/10] fix bug that cause time out when container run on linux --- sockd.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sockd.sh b/sockd.sh index 59237f9..0499370 100644 --- a/sockd.sh +++ b/sockd.sh @@ -1,5 +1,11 @@ #!/bin/sh set -e +# Ensure external connections via docker network find their way back +docker_ip=$(ip addr show eth0 | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}') +docker_gw=$(ip route | awk '/default/ {print $3}') +ip rule add from "$docker_ip" table 10 +ip route add table 10 default via "$docker_gw" table 10 + /etc/openvpn/up.sh "$@" pidof sockd | xargs --no-run-if-empty kill -TERM exec /usr/sbin/sockd -D From 6edaf8cc8afec78905245ecbda22517dd57b01af Mon Sep 17 00:00:00 2001 From: cielpy Date: Sun, 27 Feb 2022 21:54:05 +0800 Subject: [PATCH 07/10] fix bug that cause time out when container run on linux --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5b683df..c4d694f 100644 --- a/README.md +++ b/README.md @@ -40,3 +40,4 @@ docker run -t -i --device=/dev/net/tun --cap-add=NET_ADMIN \ - The configuration file must have embedded certificates; references to other files are not allowed. - The configuration file must use `dev tun0`. + From 1772b0cca26d420a96e3151a7a5aac7168156dc5 Mon Sep 17 00:00:00 2001 From: Ekko Date: Tue, 28 Jun 2022 18:59:33 +0800 Subject: [PATCH 08/10] fix permission warming --- entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/entrypoint.sh b/entrypoint.sh index 61bc7cb..06e6ee5 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,6 +1,7 @@ #!/bin/sh echo $USER > /tmp.txt echo $PASSWORD >> /tmp.txt +chmod 600 /tmp.txt openvpn \ --config /vpn/ovpn.conf \ --auth-user-pass /tmp.txt \ From 926ce2853644a889b87aa5799674e574a485b8d7 Mon Sep 17 00:00:00 2001 From: Ekko Date: Tue, 23 Aug 2022 11:41:56 +0800 Subject: [PATCH 09/10] Update entrypoint.sh --- entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 06e6ee5..8975eb9 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/sh -echo $USER > /tmp.txt -echo $PASSWORD >> /tmp.txt +echo $OPENVPN_USER > /tmp.txt +echo $OPENVPN_PASSWORD >> /tmp.txt chmod 600 /tmp.txt openvpn \ --config /vpn/ovpn.conf \ From 74a47a71df06a1ee38261d2b6068815be348c42e Mon Sep 17 00:00:00 2001 From: Ekko Date: Fri, 17 Mar 2023 11:41:20 +0800 Subject: [PATCH 10/10] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c4d694f..4ed7664 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ docker run -t -i --device=/dev/net/tun --cap-add=NET_ADMIN \ --volume client_config.ovpn:/vpn/ovpn.conf:ro \ -e USER=ahh \ -e PASSWORD=ahh \ - mook/openvpn-client-socks + ghcr.io/ekkog/docker-openvpn-client-socks:master ``` ### OpenVPN Configuration Constraints