Compare commits
5 commits
tmp/ssh-se
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
c1aef6f1aa | ||
|
|
93e6ce3f1c | ||
|
|
46e2544936 | ||
|
|
d7bba950af | ||
|
|
4c6641ab76 |
5 changed files with 82 additions and 46 deletions
33
README.md
33
README.md
|
|
@ -1,6 +1,6 @@
|
|||
# openconnect + tinyproxy + microsocks
|
||||
|
||||
This Docker image contains an [openconnect client](http://www.infradead.org/openconnect/) (version 8.04 with pulse/juniper support) and the [tinyproxy proxy server](https://tinyproxy.github.io/) for http/s connections (default on port 8888) and the [microsocks proxy](https://github.com/rofl0r/microsocks) for socks5 connections (default on port 8889) in a very small [alpine linux](https://www.alpinelinux.org/) image (around 20 MB).
|
||||
This Docker image contains an [openconnect client](http://www.infradead.org/openconnect/) (version 8.04 with pulse/juniper support) and the [tinyproxy proxy server](https://tinyproxy.github.io/) for http/https connections (default on port 8888) and the [microsocks proxy](https://github.com/rofl0r/microsocks) for socks5 connections (default on port 8889) in a very small [alpine linux](https://www.alpinelinux.org/) image (around 20 MB).
|
||||
|
||||
You can find the image on docker hub:
|
||||
https://hub.docker.com/r/wazum/openconnect-proxy
|
||||
|
|
@ -17,7 +17,9 @@ set the environment variables in a `.env` file:
|
|||
--servercert <VPN Server Certificate> --protocol=<Protocol> \
|
||||
--reconnect-timeout 86400
|
||||
|
||||
_(don't use quotes around the values!)_
|
||||
_Don't use quotes around the values!_
|
||||
|
||||
See the [openconnect documentation](https://www.infradead.org/openconnect/manual.html) for available options.
|
||||
|
||||
Either set the password in the `.env` file or leave the variable `OPENCONNECT_PASSWORD` unset, so you get prompted when starting up the container.
|
||||
|
||||
|
|
@ -25,18 +27,14 @@ Optionally set a multi factor authentication code:
|
|||
|
||||
OPENCONNECT_MFA_CODE=<Multi factor authentication code>
|
||||
|
||||
You can also change the ports the proxies are listening on (these are the default values):
|
||||
|
||||
HTTPS_PROXY_PORT=8888
|
||||
SOCKS5_PROXY_PORT=8889
|
||||
|
||||
# Run container in foreground
|
||||
|
||||
To start the container in foreground run:
|
||||
|
||||
docker run -it --rm --privileged --env-file=.env --net host wazum/openconnect-proxy
|
||||
docker run -it --rm --privileged --env-file=.env \
|
||||
-p 8888:8888 -p 8889:8889 wazum/openconnect-proxy:latest
|
||||
|
||||
Either use `--net host` or `-p 8888:8888 -p 8889:8889` to make the proxy ports available on the host.
|
||||
The proxies are listening on ports 8888 (http/https) and 8889 (socks). Either use `--net host` or `-p <local port>:8888 -p <local port>:8889` to make the proxy ports available on the host.
|
||||
|
||||
Without using a `.env` file set the environment variables on the command line with the docker run option `-e`:
|
||||
|
||||
|
|
@ -56,7 +54,6 @@ In daemon mode you can view the stderr log with `docker logs`:
|
|||
|
||||
# Use container with docker-compose
|
||||
|
||||
```
|
||||
vpn:
|
||||
container_name: openconnect_vpn
|
||||
image: wazum/openconnect-proxy:latest
|
||||
|
|
@ -66,19 +63,31 @@ In daemon mode you can view the stderr log with `docker logs`:
|
|||
ports:
|
||||
- 8888:8888
|
||||
- 8889:8889
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
networks:
|
||||
- mynetwork
|
||||
```
|
||||
|
||||
|
||||
Set the environment variables for _openconnect_ in the `.env` file again (or specify another file) and
|
||||
map the configured ports in the container to your local ports if you want to access the VPN
|
||||
on the host too when running your containers. Otherwise only the docker containers in the same
|
||||
network have access to the proxy ports.
|
||||
|
||||
# Route traffic through VPN container
|
||||
|
||||
Let's say you have a `vpn` container defined as above, then add `network_mode` option to your other containers:
|
||||
|
||||
depends_on:
|
||||
- vpn
|
||||
network_mode: "service:vpn"
|
||||
|
||||
Keep in mind that `networks`, `extra_hosts`, etc. and `network_mode` are mutually exclusive!
|
||||
|
||||
# Configure proxy
|
||||
|
||||
The container is connected via _openconnect_ and now you can configure your browser
|
||||
and other software to use one of the proxies (8888 for http/s or 8889 for socks).
|
||||
and other software to use one of the proxies (8888 for http/https or 8889 for socks).
|
||||
|
||||
For example FoxyProxy (available for Firefox, Chrome) is a suitable browser extension.
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,11 @@ RUN apk add --no-cache ca-certificates wget \
|
|||
&& cd microsocks-1.0.1 \
|
||||
&& make \
|
||||
&& make install \
|
||||
# add vpn-slice with dependencies (dig) https://github.com/dlenski/vpn-slice
|
||||
&& apk add --no-cache python3 py3-pip bind-tools && pip3 install --upgrade pip \
|
||||
&& pip3 install https://github.com/dlenski/vpn-slice/archive/master.zip \
|
||||
# always add the docker DNS server
|
||||
&& grep -qxF 'nameserver 127.0.0.11' /etc/resolv.conf || echo 'nameserver 127.0.0.11' >> /etc/resolv.conf \
|
||||
&& apk del .build-deps wget
|
||||
|
||||
# Use an up-to-date version of vpnc-script
|
||||
|
|
@ -29,10 +34,7 @@ COPY tinyproxy.conf /etc/tinyproxy.conf
|
|||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
ENV HTTPS_PROXY_PORT=${HTTPS_PROXY_PORT:-8888}
|
||||
ENV SOCKS5_PROXY_PORT=${SOCKS5_PROXY_PORT:-8889}
|
||||
|
||||
EXPOSE ${HTTPS_PROXY_PORT}
|
||||
EXPOSE ${SOCKS5_PROXY_PORT}
|
||||
EXPOSE 8888
|
||||
EXPOSE 8889
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
|
|
|||
|
|
@ -1,15 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Set proxy port
|
||||
sed "s/^Port .*$/Port $HTTPS_PROXY_PORT/" -i /etc/tinyproxy.conf
|
||||
sed "s/^Port .*$/Port 8888/" -i /etc/tinyproxy.conf
|
||||
/usr/bin/tinyproxy -c /etc/tinyproxy.conf
|
||||
|
||||
# Start proxy
|
||||
/usr/bin/tinyproxy -c /etc/tinyproxy.conf && echo "HTTP/S proxy listening on $HTTPS_PROXY_PORT"
|
||||
|
||||
# Start socks5 proxy
|
||||
/usr/local/bin/microsocks -i 0.0.0.0 -p $SOCKS5_PROXY_PORT &
|
||||
echo "socks5 proxy listening on $SOCKS5_PROXY_PORT"
|
||||
/usr/local/bin/microsocks -i 0.0.0.0 -p 8889 &
|
||||
|
||||
run () {
|
||||
# Start openconnect
|
||||
if [[ -z "${OPENCONNECT_PASSWORD}" ]]; then
|
||||
# Ask for password
|
||||
|
|
@ -21,3 +17,10 @@ elif [[ ! -z "${OPENCONNECT_PASSWORD}" ]]; then
|
|||
# Standard authentication
|
||||
echo $OPENCONNECT_PASSWORD | openconnect -u $OPENCONNECT_USER $OPENCONNECT_OPTIONS --passwd-on-stdin $OPENCONNECT_URL
|
||||
fi
|
||||
}
|
||||
|
||||
until (run); do
|
||||
echo "openconnect exited. Restarting process in 60 seconds…" >&2
|
||||
sleep 60
|
||||
done
|
||||
|
||||
|
|
|
|||
|
|
@ -501,6 +501,10 @@ $LINE" ;;
|
|||
done
|
||||
exec 6<&-
|
||||
|
||||
# Add default Docker nameserver
|
||||
NEW_RESOLVCONF="$NEW_RESOLVCONF
|
||||
nameserver 127.0.0.11"
|
||||
|
||||
for i in $INTERNAL_IP4_DNS ; do
|
||||
NEW_RESOLVCONF="$NEW_RESOLVCONF
|
||||
nameserver $i"
|
||||
|
|
@ -676,6 +680,9 @@ restore_resolvconf_openwrt() {
|
|||
# === resolv.conf handling via /sbin/resolvconf (Debian, Ubuntu, Gentoo)) =========
|
||||
|
||||
modify_resolvconf_manager() {
|
||||
# Add default Docker nameserver
|
||||
NEW_RESOLVCONF="$NEW_RESOLVCONF
|
||||
nameserver 127.0.0.11"
|
||||
NEW_RESOLVCONF=""
|
||||
for i in $INTERNAL_IP4_DNS; do
|
||||
NEW_RESOLVCONF="$NEW_RESOLVCONF
|
||||
|
|
|
|||
15
run.sh
Executable file
15
run.sh
Executable file
|
|
@ -0,0 +1,15 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
CONTAINER_TAG=openconnect_vpn
|
||||
|
||||
docker build -t "$CONTAINER_TAG" build/
|
||||
|
||||
docker run \
|
||||
-it \
|
||||
--privileged \
|
||||
--cap-add NET_ADMIN \
|
||||
-e OPENCONNECT_URL= \
|
||||
-e OPENCONNECT_USER= \
|
||||
-p 9000:8888 \
|
||||
-p 9001:8889 \
|
||||
"$CONTAINER_TAG"
|
||||
Loading…
Reference in a new issue