commit 4febadd99df83198caef262fc6d2f90ea607fa33 Author: dm1sh Date: Sat Mar 1 16:24:22 2025 +0300 Initial implementation with alpine image for cert auth diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..1905fdd --- /dev/null +++ b/Dockerfile @@ -0,0 +1,41 @@ +FROM alpine:3.21 AS builder + +RUN apk update && apk add --no-cache git libevent-dev autoconf automake build-base linux-headers + +RUN mkdir -p /ocproxy-container + +WORKDIR /ocproxy-container +RUN git clone --branch v1.60 https://github.com/cernekee/ocproxy.git ocproxy-v1.60 && \ + cd /ocproxy-container/ocproxy-v1.60 && \ + sh autogen.sh && \ + sh configure && \ + make + +FROM alpine:3.21 + +RUN apk update && apk add --no-cache openconnect libevent + +ARG USER=ocproxy + +RUN addgroup -S "$USER" && \ + adduser --disabled-password \ + --gecos "" \ + --ingroup "$USER" \ + --no-create-home \ + --uid "12345" \ + "$USER" + +RUN mkdir -p /ocproxy-container + +WORKDIR /ocproxy-container + +COPY --from=builder /ocproxy-container/ocproxy-v1.60/ocproxy /usr/local/bin/ + +COPY ./entrypoint.sh . + +USER $USER + +EXPOSE 11080 + +ENTRYPOINT ["/ocproxy-container/entrypoint.sh"] + diff --git a/README.md b/README.md new file mode 100644 index 0000000..4ffcaeb --- /dev/null +++ b/README.md @@ -0,0 +1,38 @@ +# ocprocy container + +```bash +podman run -d \ + -p 11080:11080 \ + -e OPENCONNECT_OPTIONS="" \ + -e OPENCONNECT_URL="" \ + -e OPENCONNECT_CERT_PATH="/ocproxy-container/cert.p12" \ + -e OPENCONNECT_CERT_PASSWD="" \ + -v ./cert.p12:/ocproxy-container/cert.p12:Z \ + --name "ocproxy" \ + git.dm1sh.ru/dm1sh/ocproxy-container:latest +``` + +```bash +podman pod create --name "proxied-pod" + +podman container create \ + --pod "proxied-pod" + -e OPENCONNECT_OPTIONS="" \ + -e OPENCONNECT_URL="" \ + -e OPENCONNECT_CERT_PATH="/ocproxy-container/cert.p12" \ + -e OPENCONNECT_CERT_PASSWD="" \ + -v ./cert.p12:/ocproxy-container/cert.p12:Z \ + --name "proxied-pod-ocproxy" \ + git.dm1sh.ru/dm1sh/ocproxy-container:latest + +podman container create \ + --pod "proxied-pod" \ + ... +``` + +## Environment variables + +- `OPENCONNECT_OPTIONS` - additional options for openconnect command +- `OPENCONNECT_URL` - URL of openconnect server +- `OPENCONNECT_CERT_PATH` - path to user certificate in container +- `OPENCONNECT_CERT_PASSWD` - password for user certificate diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..568b3e1 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +REQUIRED_VARS="OPENCONNECT_URL OPENCONNECT_CERT_PATH OPENCONNECT_CERT_PASSWD" + +for VAR in $REQUIRED_VARS; do + eval "VALUE=\${$VAR}" + if [ -z "$VALUE" ]; then + echo "Error: ENV $VAR is not set. Please check your environment." + exit 1 + fi +done + +openconnect --non-inter --verbose --timestamp --reconnect-timeout=600 --script-tun --script "ocproxy -g -k 60 -D 11080" ${OPENCONNECT_OPTIONS} ${OPENCONNECT_URL} -c ${OPENCONNECT_CERT_PATH} -p ${OPENCONNECT_CERT_PASSWD} \ No newline at end of file