dm1sh/ocproxy-container
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial implementation with alpine image for cert auth

Browse Source
This commit is contained in:
Dmitriy Shishkov 2025-03-01 16:24:22 +03:00
commit 4febadd99d
Signed by: dm1sh
GPG Key ID: 027994B0AA357688
3 changed files with 92 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
Dockerfile Normal file
View File

@ -0,0 +1,41 @@
FROM alpine:3.21 AS builder
RUN apk update && apk add --no-cache git libevent-dev autoconf automake build-base linux-headers
RUN mkdir -p /ocproxy-container
WORKDIR /ocproxy-container
RUN git clone --branch v1.60 https://github.com/cernekee/ocproxy.git ocproxy-v1.60 && \
cd /ocproxy-container/ocproxy-v1.60 && \
sh autogen.sh && \
sh configure && \
make
FROM alpine:3.21
RUN apk update && apk add --no-cache openconnect libevent
ARG USER=ocproxy
RUN addgroup -S "$USER" && \
adduser --disabled-password \
--gecos "" \
--ingroup "$USER" \
--no-create-home \
--uid "12345" \
"$USER"
RUN mkdir -p /ocproxy-container
WORKDIR /ocproxy-container
COPY --from=builder /ocproxy-container/ocproxy-v1.60/ocproxy /usr/local/bin/
COPY ./entrypoint.sh .
USER $USER
EXPOSE 11080
ENTRYPOINT ["/ocproxy-container/entrypoint.sh"]

38
README.md Normal file
View File

@ -0,0 +1,38 @@
# ocprocy container
```bash
podman run -d \
-p 11080:11080 \
-e OPENCONNECT_OPTIONS="" \
-e OPENCONNECT_URL="" \
-e OPENCONNECT_CERT_PATH="/ocproxy-container/cert.p12" \
-e OPENCONNECT_CERT_PASSWD="" \
-v ./cert.p12:/ocproxy-container/cert.p12:Z \
--name "ocproxy" \
git.dm1sh.ru/dm1sh/ocproxy-container:latest
```
```bash
podman pod create --name "proxied-pod"
podman container create \
--pod "proxied-pod"
-e OPENCONNECT_OPTIONS="" \
-e OPENCONNECT_URL="" \
-e OPENCONNECT_CERT_PATH="/ocproxy-container/cert.p12" \
-e OPENCONNECT_CERT_PASSWD="" \
-v ./cert.p12:/ocproxy-container/cert.p12:Z \
--name "proxied-pod-ocproxy" \
git.dm1sh.ru/dm1sh/ocproxy-container:latest
podman container create \
--pod "proxied-pod" \
...
```
## Environment variables
- `OPENCONNECT_OPTIONS` - additional options for openconnect command
- `OPENCONNECT_URL` - URL of openconnect server
- `OPENCONNECT_CERT_PATH` - path to user certificate in container
- `OPENCONNECT_CERT_PASSWD` - password for user certificate

13
entrypoint.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/sh
REQUIRED_VARS="OPENCONNECT_URL OPENCONNECT_CERT_PATH OPENCONNECT_CERT_PASSWD"
for VAR in $REQUIRED_VARS; do
eval "VALUE=\${$VAR}"
if [ -z "$VALUE" ]; then
echo "Error: ENV $VAR is not set. Please check your environment."
exit 1
fi
done
openconnect --non-inter --verbose --timestamp --reconnect-timeout=600 --script-tun --script "ocproxy -g -k 60 -D 11080" ${OPENCONNECT_OPTIONS} ${OPENCONNECT_URL} -c ${OPENCONNECT_CERT_PATH} -p ${OPENCONNECT_CERT_PASSWD}