Fix openvpn problems, remove tinyproxy, move dockerfile to ubuntu 18.…

…04 as alpine crashes
ebrianne · Feb 15, 2021 · b71fa67 · b71fa67
1 parent 88d05f4
commit b71fa67
Show file tree

Hide file tree

Showing 10 changed files with 86 additions and 126 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
-.vscode
+.vscode
+docker-compose.yml
diff --git a/Dockerfile b/Dockerfile
@@ -1,14 +1,24 @@
-FROM alpine:edge
-
-RUN echo "@edgecommunity http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
-    && echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
-    && apk update \
-    && apk add --upgrade apk-tools \
-    && apk add bash dumb-init openvpn shadow curl jq tzdata openrc tinyproxy tinyproxy-openrc openssh unrar deluge@testing ufw@edgecommunity \
-    && rm -rf /tmp/* /var/tmp/* \
-    && groupadd -g 911 abc \
-	&& useradd -u 911 -g 911 -s /bin/false -m abc \
-    && usermod -G users abc
+FROM ubuntu:18.04
+
+ARG DEBIAN_FRONTEND="noninteractive"
+
+RUN set -ex; \
+    apt-get update && \
+    apt-get -y install gnupg apt-utils && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C5E6A5ED249AD24C && \
+    echo "deb http://ppa.launchpad.net/deluge-team/stable/ubuntu bionic main" >> \
+	/etc/apt/sources.list.d/deluge.list && \
+    echo "deb-src http://ppa.launchpad.net/deluge-team/stable/ubuntu bionic main" >> \
+	/etc/apt/sources.list.d/deluge.list && \
+    echo "**** install packages ****" && \
+    apt-get update && \
+    apt-get -y install dumb-init iputils-ping dnsutils bash jq net-tools openvpn curl ufw deluged deluge-console deluge-web python3-future python3-requests p7zip-full unrar unzip && \
+    echo "Cleanup"; \
+    rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/* && \
+    echo "Adding user"; \
+    groupadd -g 911 abc && \
+	useradd -u 911 -g 911 -s /bin/false -m abc && \
+    usermod -G users abc
 
 # Add configuration and scripts
 COPY root/ /
@@ -23,10 +33,6 @@ ENV OPENVPN_USERNAME=**None** \
     PUID= \
     PGID= \
     DROP_DEFAULT_ROUTE= \
-    WEBPROXY_ENABLED=false \
-    WEBPROXY_PORT=8888 \
-    WEBPROXY_USERNAME= \
-    WEBPROXY_PASSWORD= \
     HEALTH_CHECK_HOST=google.com \
     LANG='en_US.UTF-8' \
     LANGUAGE='en_US.UTF-8' \ 
@@ -35,20 +41,9 @@ ENV OPENVPN_USERNAME=**None** \
 
 HEALTHCHECK --interval=1m CMD /etc/scripts/healthcheck.sh
 
-# Compatability with https://hub.docker.com/r/willfarrell/autoheal/
-LABEL autoheal=true
-
 VOLUME /downloads
 VOLUME /config
 
-# Expose web ui port
-EXPOSE 8112 
-
-# expose port for deluge daemon
-EXPOSE 58846
-
-# expose port for incoming torrent data (tcp and udp)
-EXPOSE 58946 
-EXPOSE 58946/udp
+EXPOSE 8112 58846 58946 58946/udp
 
 CMD ["dumb-init", "/etc/openvpn/start.sh"]
diff --git a/root/etc/deluge/start.sh b/root/etc/deluge/start.sh
@@ -49,14 +49,15 @@ if [[ "${ENABLE_UFW,,}" == "true" ]] || [[ -n "${LOCAL_NETWORK-}" ]]; then
   eval $(/sbin/ip r l | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')
   ## IF we use UFW_ALLOW_GW_NET along with ENABLE_UFW we need to know what our netmask CIDR is
   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
-    eval $(ip r l dev ${INT} | awk '{if($5=="link"){print "GW_CIDR="$1; exit}}')
+    eval $(ip r l dev ${INT} | awk '{if($3=="link"){print "GW_CIDR="$1; exit}}')
   fi
 fi
 
-if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
-  log "Allow in and out from ${GW_CIDR}"
-  ufw allow in from ${GW_CIDR}
-  ufw allow out from ${GW_CIDR}
+echo "Got local network ${GW} and CIDR ${GW_CIDR} on interface ${INT}"
+
+if [[ "${ENABLE_UFW,,}" == "true" && "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
+  log "Allow from ${GW_CIDR}"
+  ufw allow from ${GW_CIDR}
 fi
 
 if [[ -n "${LOCAL_NETWORK-}" ]]; then
@@ -68,6 +69,8 @@ if [[ -n "${LOCAL_NETWORK-}" ]]; then
   fi
 fi
 
+ufw status
+
 log "Starting Deluge"
 exec su --preserve-environment abc -s /bin/bash -c "/usr/bin/deluged -d -c /config -L info -l /config/deluged.log" &
 
@@ -93,4 +96,4 @@ if [[ -x /config/deluge-post-start.sh ]]; then
   log "/config/deluge-post-start.sh returned $?"
 fi
 
-log "Deluge startup script complete."
+log "Deluge startup script complete."
diff --git a/root/etc/openvpn/persistEnvironment.py b/root/etc/openvpn/persistEnvironment.py
@@ -28,9 +28,7 @@
 variables_to_persist = {}
 
 for env_var in os.environ:
-    if env_var.startswith('WEBPROXY_'):
-        variables_to_persist[env_var] = os.environ.get(env_var)
-    elif env_var in wanted_variables:
+    if env_var in wanted_variables:
         variables_to_persist[env_var] = os.environ.get(env_var)
 
 

diff --git a/root/etc/openvpn/start.sh b/root/etc/openvpn/start.sh
@@ -106,7 +106,7 @@ fi
 if [[ "${CREATE_TUN_DEVICE,,}" == "true" ]]; then
   mkdir -p /dev/net
   mknod /dev/net/tun c 10 200
-  chmod 0666 /dev/net/tun
+  chmod 600 /dev/net/tun
 fi
 
 ##
@@ -118,7 +118,10 @@ fi
 VPN_PROVIDER="${OPENVPN_PROVIDER:-custom}"
 VPN_PROVIDER="${VPN_PROVIDER,,}" # to lowercase
 VPN_PROVIDER_HOME="/etc/openvpn/${VPN_PROVIDER}"
-mkdir -p "$VPN_PROVIDER_HOME"
+if [[ ! -d $VPN_PROVIDER_HOME ]]; then
+  echo "Creating $VPN_PROVIDER_HOME"
+  mkdir -p "$VPN_PROVIDER_HOME"
+fi
 
 # Make sure that we have enough information to start OpenVPN
 if [[ -z $OPENVPN_CONFIG_URL ]] && [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then
@@ -201,4 +204,4 @@ DELUGE_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/openvpn/tunnelUp.s
 
 # shellcheck disable=SC2086
 log "Starting openvpn"
-exec openvpn ${DELUGE_CONTROL_OPTS} ${OPENVPN_OPTS} --config "${CHOSEN_OPENVPN_CONFIG}"
+exec openvpn ${DELUGE_CONTROL_OPTS} ${OPENVPN_OPTS} --config "${CHOSEN_OPENVPN_CONFIG}"
diff --git a/root/etc/openvpn/tunnelDown.sh b/root/etc/openvpn/tunnelDown.sh
@@ -1,4 +1,3 @@
 #!/bin/bash
 
 /etc/deluge/stop.sh
-[[ ! -f /opt/tinyproxy/stop.sh ]] || /opt/tinyproxy/stop.sh
diff --git a/root/etc/openvpn/tunnelUp.sh b/root/etc/openvpn/tunnelUp.sh
@@ -1,4 +1,44 @@
 #!/bin/bash
 
+if [ "${PEER_DNS}" != "no" ]; then
+	NS=
+	DOMAIN=
+	SEARCH=
+	i=1
+	while true ; do
+		eval opt=\$foreign_option_${i}
+		[ -z "${opt}" ] && break
+		if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then
+			if [ -z "${DOMAIN}" ] ; then
+				DOMAIN="${opt#dhcp-option DOMAIN *}"
+			else
+				SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}"
+			fi
+		elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then
+			NS="${NS}nameserver ${opt#dhcp-option DNS *}\n"
+		fi
+		i=$((${i} + 1))
+	done
+
+	if [ -n "${NS}" ] ; then
+		DNS="# Generated by openvpn for interface ${dev}\n"
+		if [ -n "${SEARCH}" ] ; then
+			DNS="${DNS}search ${DOMAIN} ${SEARCH}\n"
+		elif [ -n "${DOMAIN}" ]; then
+			DNS="${DNS}domain ${DOMAIN}\n"
+		fi
+		DNS="${DNS}${NS}"
+		if [ -x /sbin/resolvconf ] ; then
+			printf "${DNS}" | /sbin/resolvconf -a "${dev}"
+		else
+			# Preserve the existing resolv.conf
+			if [ -e /etc/resolv.conf ] ; then
+				cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
+			fi
+			printf "${DNS}" > /etc/resolv.conf
+			chmod 644 /etc/resolv.conf
+		fi
+	fi
+fi
+
 /etc/deluge/start.sh "$@"
-[[ ! -f /opt/tinyproxy/start.sh ]] || /opt/tinyproxy/start.sh
diff --git a/root/etc/tinyproxy/start.sh b/root/etc/tinyproxy/start.sh
diff --git a/root/etc/tinyproxy/stop.sh b/root/etc/tinyproxy/stop.sh
diff --git a/root/etc/ufw/enable.sh b/root/etc/ufw/enable.sh
@@ -19,8 +19,11 @@ sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw
 log "Deny all outgoing traffic"
 ufw default deny outgoing
 # Block all incoming
-log "Deny all incoming traffic"
-ufw default deny incoming
+# log "Deny all incoming traffic"
+# ufw default deny incoming
+# Allow all incoming
+log "Allow all incoming traffic"
+ufw default allow incoming
 
 # Allow LOCAL_NETWORK
 if [[ -n "${LOCAL_NETWORK-}" ]]; then