Merge pull request #60 from theohbrothers/change/remove-v-prefix-from…

…-docker-tags

Change: Remove `v` prefix from docker tags

README.md

@@ -12,18 +12,18 @@ Dockerized `openvpn`.
 
 | Tag | Dockerfile Build Context |
 |:-------:|:---------:|
-| `:v2.6.5-alpine-3.18`, `:latest` | [View](variants/v2.6.5-alpine-3.18) |
-| `:v2.5.8-alpine-3.17` | [View](variants/v2.5.8-alpine-3.17) |
-| `:v2.4.12-alpine-3.12` | [View](variants/v2.4.12-alpine-3.12) |
-| `:v2.4.11-alpine-3.11` | [View](variants/v2.4.11-alpine-3.11) |
-| `:v2.4.11-alpine-3.10` | [View](variants/v2.4.11-alpine-3.10) |
-| `:v2.4.6-alpine-3.9` | [View](variants/v2.4.6-alpine-3.9) |
-| `:v2.4.6-alpine-3.8` | [View](variants/v2.4.6-alpine-3.8) |
-| `:v2.4.4-alpine-3.7` | [View](variants/v2.4.4-alpine-3.7) |
-| `:v2.4.4-alpine-3.6` | [View](variants/v2.4.4-alpine-3.6) |
-| `:v2.3.18-alpine-3.5` | [View](variants/v2.3.18-alpine-3.5) |
-| `:v2.3.18-alpine-3.4` | [View](variants/v2.3.18-alpine-3.4) |
-| `:v2.3.18-alpine-3.3` | [View](variants/v2.3.18-alpine-3.3) |
+| `:2.6.5-alpine-3.18`, `:latest` | [View](variants/2.6.5-alpine-3.18) |
+| `:2.5.8-alpine-3.17` | [View](variants/2.5.8-alpine-3.17) |
+| `:2.4.12-alpine-3.12` | [View](variants/2.4.12-alpine-3.12) |
+| `:2.4.11-alpine-3.11` | [View](variants/2.4.11-alpine-3.11) |
+| `:2.4.11-alpine-3.10` | [View](variants/2.4.11-alpine-3.10) |
+| `:2.4.6-alpine-3.9` | [View](variants/2.4.6-alpine-3.9) |
+| `:2.4.6-alpine-3.8` | [View](variants/2.4.6-alpine-3.8) |
+| `:2.4.4-alpine-3.7` | [View](variants/2.4.4-alpine-3.7) |
+| `:2.4.4-alpine-3.6` | [View](variants/2.4.4-alpine-3.6) |
+| `:2.3.18-alpine-3.5` | [View](variants/2.3.18-alpine-3.5) |
+| `:2.3.18-alpine-3.4` | [View](variants/2.3.18-alpine-3.4) |
+| `:2.3.18-alpine-3.3` | [View](variants/2.3.18-alpine-3.3) |
 
 ## Usage
 
@@ -37,7 +37,7 @@ It is assumed that you have knowledge of configuring `openvpn`. If needed, refer
 To run the image, at the least you should mount a `/etc/openvpn/server.conf`, which may be a unified openvpn profile (see INLINE FILE SUPPORT section in the [openvpn manual](https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage)).
 
 ```sh
-docker run --rm -it --cap-add NET_ADMIN -v /path/to/server.conf:/etc/openvpn/server.conf theohbrothers/docker-openvpn:v2.6.5-alpine-3.18
+docker run --rm -it --cap-add NET_ADMIN -v /path/to/server.conf:/etc/openvpn/server.conf theohbrothers/docker-openvpn:2.6.5-alpine-3.18
 ```
 
 ## Environment variables

generate/definitions/VARIANTS.ps1

@@ -132,9 +132,9 @@ $VARIANTS = @(
                     components = $subVariant['components']
                     job_group_key = $variant['package_version']
                 }
-                # Docker image tag. E.g. 'v2.3.0-alpine-3.6'
+                # Docker image tag. E.g. 'v2.6.5-alpine-3.18'
                 tag = @(
-                        "v$( $variant['package_version'] )" -replace '-r\d+', ''    # E.g. Strip out the '-r' in '2.3.0.0-r1'
+                        $variant['package_version']
                         $subVariant['components'] | ? { $_ }
                         $variant['distro']
                         $variant['distro_version']

variants/2.3.18-alpine-3.3/Dockerfile

@@ -0,0 +1,8 @@
+FROM alpine:3.3
+
+RUN apk add --no-cache openvpn>=2.3.18 iptables
+
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+RUN chmod +x /docker-entrypoint.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]

variants/2.3.18-alpine-3.3/docker-compose.yml

@@ -0,0 +1,45 @@
+version: '2.1'
+services:
+  openvpn-server:
+    build:
+      dockerfile: Dockerfile
+      context: .
+    environment:
+      - OPENVPN_CONFIG_FILE=/etc/openvpn/server.conf
+      - NAT_MASQUERADE=1
+      # - CUSTOM_FIREWALL_SCRIPT=/etc/openvpn/firewall.sh
+    volumes:
+      - ./openvpn/server.conf:/etc/openvpn/server.conf
+      # - ./openvpn/firewall.sh:/etc/openvpn/firewall.sh
+    ports:
+      - 1194:1194/udp
+    cap_add:
+      - NET_ADMIN
+    # sysctls for the container if it is not set on the host. See: https://docs.docker.com/compose/compose-file/compose-file-v2/#sysctls
+    sysctls:
+      - net.ipv4.conf.all.forwarding=1
+      # - net.ipv6.conf.all.disable_ipv6=0
+      # - net.ipv6.conf.default.forwarding=1
+      # - net.ipv6.conf.all.forwarding=1
+    restart: unless-stopped
+
+  openvpn-client:
+    build:
+      dockerfile: Dockerfile
+      context: .
+    environment:
+      - OPENVPN_CONFIG_FILE=/etc/openvpn/client.conf
+      - NAT_MASQUERADE=0
+      # - CUSTOM_FIREWALL_SCRIPT=/etc/openvpn/firewall.sh
+    volumes:
+      - ./openvpn/client.conf:/etc/openvpn/client.conf
+      # - ./openvpn/firewall.sh:/etc/openvpn/firewall.sh
+    cap_add:
+      - NET_ADMIN
+    # sysctls for the container if it is not set on the host. See: https://docs.docker.com/compose/compose-file/compose-file-v2/#sysctls
+    sysctls:
+      - net.ipv4.conf.all.forwarding=1
+      # - net.ipv6.conf.all.disable_ipv6=0
+      # - net.ipv6.conf.default.forwarding=1
+      # - net.ipv6.conf.all.forwarding=1
+    restart: unless-stopped

variants/2.3.18-alpine-3.3/docker-entrypoint.sh

@@ -0,0 +1,70 @@
+#!/bin/sh
+set -eu
+
+# Env vars
+OPENVPN_CONFIG_FILE=${OPENVPN_CONFIG_FILE:-/etc/openvpn/server.conf}
+OPENVPN_SERVER_CONFIG_FILE=${OPENVPN_SERVER_CONFIG_FILE:-} # Deprecated. For backward compatibility
+OPENVPN_ROUTES=${OPENVPN_ROUTES:-}
+NAT=${NAT:-1}
+NAT_INTERFACE=${NAT_INTERFACE:-eth0}
+NAT_MASQUERADE=${NAT_MASQUERADE:-1}
+CUSTOM_FIREWALL_SCRIPT=${CUSTOM_FIREWALL_SCRIPT:-/etc/openvpn/firewall.sh}
+
+# Normalization
+if [ -n "$OPENVPN_SERVER_CONFIG_FILE" ]; then
+    echo "Warning: OPENVPN_SERVER_CONFIG_FILE is deprecated. Use OPENVPN_CONFIG_FILE instead."
+    OPENVPN_CONFIG_FILE="$OPENVPN_SERVER_CONFIG_FILE"
+fi
+
+# If no args are passed, run the entrypoint. If a flag is passed, run openvpn directly. Else, run the passed command
+if [ "$#" -eq 0 ]; then
+    # Provision
+    echo "Provisioning tun device"
+    mkdir -p /dev/net
+    if [ ! -c /dev/net/tun ]; then
+        mknod /dev/net/tun c 10 200
+    fi
+    if [ -f "$CUSTOM_FIREWALL_SCRIPT" ]; then
+        echo "Executing custom firewall script: $CUSTOM_FIREWALL_SCRIPT"
+        . "$CUSTOM_FIREWALL_SCRIPT"
+    else
+        echo "Not executing custom firewall script $CUSTOM_FIREWALL_SCRIPT because it does not exist"
+    fi
+    if [ "$NAT" = 1 ]; then
+        echo "NAT is enabled"
+        echo "Provisioning NAT iptables rules"
+        echo "NAT_INTERFACE: $NAT_INTERFACE"
+        if [ "$NAT_MASQUERADE" = 1 ]; then
+            echo "NAT_MASQUERADE is enabled"
+            iptables -t nat -C POSTROUTING -o "$NAT_INTERFACE" -j MASQUERADE > dev/null 2>&1 || iptables -t nat -A POSTROUTING -o "$NAT_INTERFACE" -j MASQUERADE
+            if [ -n "$OPENVPN_ROUTES" ]; then
+                echo "Provisioning NAT iptables rules for OPENVPN_ROUTES=$OPENVPN_ROUTES"
+                for r in $OPENVPN_ROUTES; do
+                    iptables -t nat -C POSTROUTING -s "$r" -o "$NAT_INTERFACE" -j MASQUERADE > dev/null 2>&1 || iptables -t nat -A POSTROUTING -s "$r" -o "$NAT_INTERFACE" -j MASQUERADE
+                done
+            else
+                echo "Not provisioning route iptables rules because OPENVPN_ROUTES is empty"
+            fi
+        else
+            echo "Not provisioning NAT iptables rules because NAT_MASQUERADE is disabled."
+        fi
+    else
+        echo "NAT is disabled."
+        echo "Not adding NAT iptables rules"
+    fi
+
+    echo "Listing iptables rules:"
+    iptables -L -nv
+    echo "Listing iptables NAT rules:"
+    iptables -L -nv -t nat
+
+    # Generate the command line. openvpn man: https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
+    set openvpn --cd /etc/openvpn --config "$OPENVPN_CONFIG_FILE"
+    echo "openvpn command line: $@"
+    exec "$@"
+elif [ "$#" -gt 0 ] && [ "${1#-}" != "$1" ]; then
+    echo "openvpn command line: $@"
+    exec openvpn "$@"
+fi
+
+exec "$@"