Generalization.
This commit is contained in:
parent
e8bd316647
commit
af60578268
14
client.conf
14
client.conf
@ -1,14 +0,0 @@
|
|||||||
client
|
|
||||||
dev tun
|
|
||||||
proto udp
|
|
||||||
remote 92.222.98.176 1194
|
|
||||||
resolv-retry infinite
|
|
||||||
nobind
|
|
||||||
persist-key
|
|
||||||
persist-tun
|
|
||||||
ca /etc/openvpn/client/ca.crt
|
|
||||||
cert /etc/openvpn/client/client-ovh1.crt
|
|
||||||
key /etc/openvpn/client/client-ovh1.key
|
|
||||||
ns-cert-type server
|
|
||||||
comp-lzo
|
|
||||||
verb 3
|
|
||||||
@ -10,21 +10,10 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- ./keys:/etc/openvpn/client:Z
|
- ./keys:/etc/openvpn/client:Z
|
||||||
- ./client.conf:/etc/openvpn/openvpn.conf:Z
|
- ./client.conf:/etc/openvpn/openvpn.conf:Z
|
||||||
|
- ./post-up.sh:/root/post-up.sh:Z
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
sysctls:
|
|
||||||
net.ipv4.ip_forward: 1
|
|
||||||
devices:
|
devices:
|
||||||
- "/dev/net/tun:/dev/net/tun"
|
- "/dev/net/tun:/dev/net/tun"
|
||||||
dns: 80.67.169.12
|
dns: 80.67.169.12
|
||||||
networks:
|
network_mode: "host"
|
||||||
openvpn-network:
|
|
||||||
ipv4_address: 172.31.1.2
|
|
||||||
|
|
||||||
networks:
|
|
||||||
openvpn-network:
|
|
||||||
name: openvpn-network
|
|
||||||
ipam:
|
|
||||||
config:
|
|
||||||
- subnet: 172.31.1.0/24
|
|
||||||
|
|
||||||
|
|||||||
30
docker-compose.yml-subnet
Normal file
30
docker-compose.yml-subnet
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
# needs at least docker-compose 1.18.0 (1.10.0 for sysctls option and 1.18.0 for custom network name)
|
||||||
|
version: "2.1"
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
vpn-client:
|
||||||
|
image: vpn-client:$VERSION_VPN_CLIENT
|
||||||
|
build: "https://git.scimetis.net/yohan/docker-VPN-client.git"
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ./keys:/etc/openvpn/client:Z
|
||||||
|
- ./client.conf:/etc/openvpn/openvpn.conf:Z
|
||||||
|
- ./post-up.sh:/root/post-up.sh:Z
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
sysctls:
|
||||||
|
net.ipv4.ip_forward: 1
|
||||||
|
devices:
|
||||||
|
- "/dev/net/tun:/dev/net/tun"
|
||||||
|
dns: 80.67.169.12
|
||||||
|
networks:
|
||||||
|
openvpn-network:
|
||||||
|
ipv4_address: 172.32.0.2
|
||||||
|
|
||||||
|
networks:
|
||||||
|
openvpn-network:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: 172.32.0.0/24
|
||||||
|
|
||||||
@ -1,28 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
# stop service and clean up here
|
|
||||||
function shut_down() {
|
|
||||||
/etc/init.d/squid stop
|
|
||||||
reset
|
|
||||||
echo "exited $0"
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
|
|
||||||
# USE the trap if you need to also do manual cleanup after the service is stopped,
|
|
||||||
# or need to start multiple services in the one container
|
|
||||||
trap "shut_down" SIGINT SIGTERM SIGKILL
|
|
||||||
|
|
||||||
/bin/ip route change default via ${subnet}.2 dev eth0
|
|
||||||
bash -c '> /etc/resolv.conf'
|
|
||||||
echo "nameserver 80.67.169.12" >> /etc/resolv.conf
|
|
||||||
echo "100 toengine" >> /etc/iproute2/rt_tables
|
|
||||||
iptables -t mangle -A OUTPUT -p tcp --sport 3128 -j MARK --set-mark 01
|
|
||||||
ip rule add fwmark 01 lookup toengine
|
|
||||||
ip route add default via ${subnet}.1 table toengine
|
|
||||||
# start service in background here
|
|
||||||
/etc/init.d/squid start
|
|
||||||
while pidof squid > /dev/null
|
|
||||||
do
|
|
||||||
sleep 3
|
|
||||||
done
|
|
||||||
shut_down
|
|
||||||
|
|
||||||
@ -17,15 +17,25 @@ sudo bash -c "grep -q ipt_MARK $MODULE_FILE \
|
|||||||
|| { echo '# Loading ipt_MARK at boot is needed to use iptables -j MARK in docker containers' >> $MODULE_FILE; \
|
|| { echo '# Loading ipt_MARK at boot is needed to use iptables -j MARK in docker containers' >> $MODULE_FILE; \
|
||||||
echo 'ipt_MARK' >> $MODULE_FILE; }"
|
echo 'ipt_MARK' >> $MODULE_FILE; }"
|
||||||
|
|
||||||
|
source vars
|
||||||
test -z $1 || HOST="_$1"
|
test -z $1 || HOST="_$1"
|
||||||
test -z $2 || INSTANCE="_$2"
|
test -z $2 || INSTANCE="_$2"
|
||||||
test -f ~/secrets.tar.gz.enc || curl -o ~/secrets.tar.gz.enc "https://cloud.scimetis.net/s/${KEY}/download?path=%2F&files=secrets.tar.gz.enc"
|
sudo rm -f keys/*
|
||||||
|
test -f ~/secrets.tar.gz.enc || curl -o ~/secrets.tar.gz.enc "https://${CLOUD_SERVER}/s/${KEY}/download?path=%2F&files=secrets.tar.gz.enc"
|
||||||
openssl enc -aes-256-cbc -d -in ~/secrets.tar.gz.enc | sudo tar -zxv --strip 2 secrets/docker-VPN-client-stack${HOST}${INSTANCE}/keys
|
openssl enc -aes-256-cbc -d -in ~/secrets.tar.gz.enc | sudo tar -zxv --strip 2 secrets/docker-VPN-client-stack${HOST}${INSTANCE}/keys
|
||||||
|
|
||||||
sudo chown -R root. client.conf keys
|
rm -rf ~/config
|
||||||
|
git clone https://${GIT_SERVER}/yohan/config.git ~/config
|
||||||
|
sudo cp -a ~/config/docker-VPN-client-stack${HOST}${INSTANCE}/client.conf ./
|
||||||
|
test -f ~/config/docker-VPN-client-stack${HOST}${INSTANCE}/post-up.sh \
|
||||||
|
&& sudo cp -a ~/config/docker-VPN-client-stack${HOST}${INSTANCE}/post-up.sh ./ \
|
||||||
|
|| sudo bash -c 'echo "#!/bin/bash" > post-up.sh'
|
||||||
|
rm -rf ~/config
|
||||||
|
sudo chown -R root. client.conf keys post-up.sh
|
||||||
|
sudo chmod +x post-up.sh
|
||||||
|
|
||||||
# --force-recreate is used to recreate container when crontab file has changed
|
# --force-recreate is used to recreate container when crontab file has changed
|
||||||
unset VERSION_VPN_CLIENT
|
unset VERSION_VPN_CLIENT
|
||||||
VERSION_VPN_CLIENT=$(git ls-remote https://git.scimetis.net/yohan/docker-VPN-client.git| head -1 | cut -f 1|cut -c -10) \
|
VERSION_VPN_CLIENT=$(git ls-remote https://${GIT_SERVER}/yohan/docker-VPN-client.git| head -1 | cut -f 1|cut -c -10) \
|
||||||
sudo -E bash -c 'docker-compose up -d --force-recreate'
|
sudo -E bash -c 'docker-compose up -d --force-recreate'
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user