Runs openvpn as non-root user

Dockerfile

@@ -25,7 +25,8 @@ RUN apk add -q --progress --no-cache --update openvpn ca-certificates iptables i
     unzip -q openvpn-tcp.zip -d /openvpn-tcp-normal && \
     unzip -q openvpn-strong-tcp.zip -d /openvpn-tcp-strong && \
     apk del -q --progress --purge build-dependencies && \
-    rm -rf /*.zip /var/cache/apk/* /etc/unbound/unbound.conf
+    rm -rf /*.zip /var/cache/apk/* /etc/unbound/unbound.conf && \
+    addgroup -S nonrootusers && adduser -S nonrootuser -G nonrootusers
 COPY unbound.conf /etc/unbound/unbound.conf
 COPY entrypoint.sh /
 ENTRYPOINT /entrypoint.sh

README.md

@@ -226,4 +226,5 @@ For more containers, add more `--link pia:xxx` and modify *nginx.conf* according
 
 - More iptables restrictions
 - Rework readme with unbound required for VPN
-- Block malicious websites with Unbound
+- Block malicious websites with Unbound
+- Add checks when launching PIA $?

entrypoint.sh

@@ -84,17 +84,19 @@ printf "DONE"
 ############################################
 # SUMMARY
 ############################################
-printf "\n * Starting OpenVPN using the following parameters:"
+printf "\nStarting OpenVPN using the following parameters:"
-printf "\n   * Domain: $PIADOMAIN"
+printf "\n * Domain: $PIADOMAIN"
-printf "\n   * Port: $PORT"
+printf "\n * Port: $PORT"
-printf "\n   * Protocol: $PROTOCOL"
+printf "\n * Protocol: $PROTOCOL"
-printf "\n   * Encryption: $ENCRYPTION\n"
+printf "\n * Encryption: $ENCRYPTION"
 
 ############################################
 # OPENVPN LAUNCH
 ############################################
-# RUN AS OTHER USER TODO
 cd /openvpn-$PROTOCOL-$ENCRYPTION
+printf "\nSwitching from root to nonrootuser..."
+su -l nonrootuser
+printf "DONE\n"
 openvpn --config "$REGION.ovpn" --auth-user-pass /auth.conf
 
 ############################################