-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enhancement: Install
easyrsa
manually and change base image to `alp…
…ine:3.17` This avoids coupling the app with the distro, and also ensures the distro is not stale.
- Loading branch information
1 parent
9a6d93a
commit facef0a
Showing
32 changed files
with
1,049 additions
and
566 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
FROM alpine:3.17 | ||
ARG TARGETPLATFORM | ||
ARG BUILDPLATFORM | ||
RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" | ||
|
||
RUN apk add --no-cache ca-certificates | ||
|
||
# Install easyrsa dependencies | ||
RUN apk add --no-cache iptables openssl | ||
|
||
# Install easyrsa | ||
# See: https://github.com/OpenVPN/easy-rsa/tree/master/release-keys | ||
RUN set -eux; \ | ||
apk add --no-cache gnupg gpg-agent dirmngr; \ | ||
URL=https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.1/EasyRSA-3.0.1.tgz; \ | ||
FILE=$( basename $URL ); \ | ||
wget -q "$URL"; \ | ||
wget -q "$URL.sig"; \ | ||
gpg --keyserver keys.openpgp.org --recv-keys 6F4056821152F03B6B24F2FCF8489F839D7367F3; \ | ||
gpg --verify "$FILE.sig" "$FILE"; \ | ||
mkdir -p /usr/share/easy-rsa; \ | ||
tar -zxvf "$FILE" --strip-components=1 -C /usr/share/easy-rsa; \ | ||
/usr/share/easy-rsa/easyrsa help; \ | ||
rm -fv "$FILE"; \ | ||
rm -fv "$FILE.sig"; \ | ||
rm -rf /root/.gnupg; \ | ||
apk del gnupg gpg-agent dirmngr; | ||
|
||
ENV EASYRSA=/usr/share/easy-rsa | ||
WORKDIR /usr/share/easy-rsa | ||
|
||
# alpine openssl.cnf location. Use command find / -name 'openssl*.cnf' | ||
# < v3.0.4: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0/easyrsa3/easyrsa#L1032-L1033 | ||
# >= v3.0.4: | ||
RUN echo "Looking for openssl.cnf" \ | ||
&& find /etc /usr -name 'openssl*.cnf' | ||
|
||
COPY docker-entrypoint.sh /docker-entrypoint.sh | ||
RUN chmod +x /docker-entrypoint.sh | ||
|
||
ENTRYPOINT ["/docker-entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
version: '2.1' | ||
services: | ||
easyrsa: | ||
container_name: easyrsa | ||
image: theohbrothers/docker-easyrsa:v3.0.1-alpine-3.17 | ||
|
||
# Uncomment and configure these environment to your needs. The following are the default values, according to: https://github.com/OpenVPN/easy-rsa/blob/v3.0.8/doc/EasyRSA-Advanced.md#configuration-reference | ||
# Using environment variables is preferred to using a vars file | ||
# Double dollar signs '$$' is to escape a dollar sign in the docker-compose yaml parser, see: https://stackoverflow.com/a/40621373 | ||
# environment: | ||
# - EASYRSA_SSL_CONF=/etc/ssl/openssl.cnf | ||
# - EASYRSA=$${0%/*} | ||
# - EASYRSA_OPENSSL=openssl | ||
# - EASYRSA_SSL_CONF=$$EASYRSA/openssl-easyrsa.cnf | ||
# - EASYRSA_PKI=$$PWD/pki | ||
# - EASYRSA_DN=cn_only | ||
# - EASYRSA_REQ_COUNTRY=US | ||
# - EASYRSA_REQ_PROVINCE=California | ||
# - EASYRSA_REQ_CITY=San Francisco | ||
# - EASYRSA_REQ_ORG=Copyleft Certificate Co | ||
# - EASYRSA_REQ_EMAIL=me@example.net | ||
# - EASYRSA_REQ_OU=My Organizational Unit | ||
# - EASYRSA_KEY_SIZE=2048 | ||
# - EASYRSA_ALGO=rsa | ||
# - EASYRSA_CURVE=secp384r1 | ||
# - EASYRSA_CA_EXPIRE=3650 | ||
# - EASYRSA_CERT_EXPIRE=180 | ||
# - EASYRSA_CERT_RENEW=30 | ||
# - EASYRSA_NS_SUPPORT=no | ||
# - EASYRSA_NS_COMMENT=Easy-RSA Generated Certificate | ||
# - EASYRSA_TEMP_FILE=$$EASYRSA_PKI/extensions.temp | ||
# - EASYRSA_EXT_DIR=$$EASYRSA/x509-types | ||
# - EASYRSA_REQ_CN=ChangeMe | ||
# - EASYRSA_DIGEST=sha256 | ||
# - EASYRSA_BATCH= | ||
|
||
# Uncomment this to mount your own openssl.cnf, vars file(s) | ||
# volumes: | ||
# - ./path/to/openssl.conf:/etc/ssl/openssl.cnf | ||
# - ./path/to/vars:/etc/ssl/openssl.cnf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
#!/bin/sh | ||
set -eu | ||
|
||
if [ $# -gt 0 ]; then | ||
# Get all subcommands. 'help' is also a subcommand | ||
SUBCOMMANDS=$( ./easyrsa | awk "/^'help'/,/^DIRECTORY/" | grep -vE "^'help'|^DIRECTORY|^\s*$" | awk '{print $1}'; echo help ) | ||
if echo "$SUBCOMMANDS" | grep "^$1$"; then | ||
# Generate the command line. easy-rsa man: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0/README.quickstart.md | ||
echo "Generating command line" | ||
set "$EASYRSA/easyrsa" "$@" | ||
|
||
# Exec | ||
echo "easyrsa command line: $@" | ||
exec "$@" | ||
fi | ||
else | ||
exec "$EASYRSA/easyrsa" "$@" | ||
fi | ||
|
||
exec "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
FROM alpine:3.17 | ||
ARG TARGETPLATFORM | ||
ARG BUILDPLATFORM | ||
RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" | ||
|
||
RUN apk add --no-cache ca-certificates | ||
|
||
# Install easyrsa dependencies | ||
RUN apk add --no-cache iptables openssl | ||
|
||
# Install easyrsa | ||
# See: https://github.com/OpenVPN/easy-rsa/tree/master/release-keys | ||
RUN set -eux; \ | ||
apk add --no-cache gnupg gpg-agent dirmngr; \ | ||
URL=https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.3/EasyRSA-3.0.3.tgz; \ | ||
FILE=$( basename $URL ); \ | ||
wget -q "$URL"; \ | ||
wget -q "$URL.sig"; \ | ||
gpg --keyserver keys.openpgp.org --recv-keys 6F4056821152F03B6B24F2FCF8489F839D7367F3; \ | ||
gpg --verify "$FILE.sig" "$FILE"; \ | ||
mkdir -p /usr/share/easy-rsa; \ | ||
tar -zxvf "$FILE" --strip-components=1 -C /usr/share/easy-rsa; \ | ||
/usr/share/easy-rsa/easyrsa help; \ | ||
rm -fv "$FILE"; \ | ||
rm -fv "$FILE.sig"; \ | ||
rm -rf /root/.gnupg; \ | ||
apk del gnupg gpg-agent dirmngr; | ||
|
||
ENV EASYRSA=/usr/share/easy-rsa | ||
WORKDIR /usr/share/easy-rsa | ||
|
||
# alpine openssl.cnf location. Use command find / -name 'openssl*.cnf' | ||
# < v3.0.4: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0/easyrsa3/easyrsa#L1032-L1033 | ||
# >= v3.0.4: | ||
RUN echo "Looking for openssl.cnf" \ | ||
&& find /etc /usr -name 'openssl*.cnf' | ||
|
||
COPY docker-entrypoint.sh /docker-entrypoint.sh | ||
RUN chmod +x /docker-entrypoint.sh | ||
|
||
ENTRYPOINT ["/docker-entrypoint.sh"] |
Oops, something went wrong.