admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated ARM Dockerfiles

Browse Source
This commit is contained in:
Quentin McGaw
2019-04-23 10:41:05 +02:00
parent 305b5954f9
commit 6dab611027
2 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Dockerfile.arm32v6
View File

@@ -1,4 +1,4 @@
ARG ALPINE_VERSION=3.8 ARG ALPINE_VERSION=3.9
FROM arm32v6/alpine:${ALPINE_VERSION} FROM arm32v6/alpine:${ALPINE_VERSION}
ARG BUILD_DATE ARG BUILD_DATE
@@ -13,9 +13,9 @@ LABEL org.label-schema.schema-version="1.0.0-rc1" \
org.label-schema.vcs-usage="https://github.com/qdm12/private-internet-access-docker/blob/master/README.md#setup" \ org.label-schema.vcs-usage="https://github.com/qdm12/private-internet-access-docker/blob/master/README.md#setup" \
org.label-schema.docker.cmd="docker run -d --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \ org.label-schema.docker.cmd="docker run -d --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \
org.label-schema.docker.cmd.devel="docker run -it --rm --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \ org.label-schema.docker.cmd.devel="docker run -it --rm --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \
org.label-schema.docker.params="REGION=PIA region,PROTOCOL=udp/tcp,ENCRYPTION=strong/normal,BLOCK_MALICIOUS=on/off,USER=PIA user,PASSWORD=PIA password,EXTRA_SUBNETS=extra subnets to allow on the firewall,NONROOT=yes/no" \ org.label-schema.docker.params="REGION=PIA region,PROTOCOL=udp/tcp,ENCRYPTION=strong/normal,BLOCK_MALICIOUS=on/off,BLOCK_NSA=on/off,UNBLOCK=allowed hostnames,USER=PIA user,PASSWORD=PIA password,EXTRA_SUBNETS=extra subnets to allow on the firewall,NONROOT=yes/no" \
org.label-schema.version="" \ org.label-schema.version="" \
image-size="15.6MB" \ image-size="16.9MB" \
ram-usage="13MB to 80MB" \ ram-usage="13MB to 80MB" \
cpu-usage="Low to Medium" cpu-usage="Low to Medium"
ENV USER= \ ENV USER= \
@@ -24,8 +24,10 @@ ENV USER= \
PROTOCOL=udp \ PROTOCOL=udp \
REGION="CA Montreal" \ REGION="CA Montreal" \
BLOCK_MALICIOUS=off \ BLOCK_MALICIOUS=off \
BLOCK_NSA=off \
UNBLOCK= \
EXTRA_SUBNETS= \ EXTRA_SUBNETS= \
NONROOT= NONROOT=no
ENTRYPOINT /entrypoint.sh ENTRYPOINT /entrypoint.sh
HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \
@@ -45,10 +47,13 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab
wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/root.key.updated -O /etc/unbound/root.key && \ wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/root.key.updated -O /etc/unbound/root.key && \
cd /tmp && \ cd /tmp && \
wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-hostnames.updated -O malicious-hostnames && \ wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-hostnames.updated -O malicious-hostnames && \
wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/nsa-hostnames.updated -O nsa-hostnames && \
wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-ips.updated -O malicious-ips && \ wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-ips.updated -O malicious-ips && \
while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-malicious.conf; done < malicious-hostnames && \ while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-malicious.conf; done < malicious-hostnames && \
while read ip; do echo "private-address: $ip" >> blocks-malicious.conf; done < malicious-ips && \ while read ip; do echo "private-address: $ip" >> blocks-malicious.conf; done < malicious-ips && \
tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \ tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \
while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-nsa.conf; done < nsa-hostnames && \
tar -cjf /etc/unbound/blocks-nsa.bz2 blocks-nsa.conf && \
rm -f /tmp/* rm -f /tmp/*
COPY unbound.conf /etc/unbound/unbound.conf COPY unbound.conf /etc/unbound/unbound.conf
COPY entrypoint.sh healthcheck.sh / COPY entrypoint.sh healthcheck.sh /
@@ -59,4 +64,4 @@ RUN chown nonrootuser -R /etc/unbound && \
/etc/unbound/root.hints \ /etc/unbound/root.hints \
/etc/unbound/root.key \ /etc/unbound/root.key \
/etc/unbound/unbound.conf \ /etc/unbound/unbound.conf \
/etc/unbound/blocks-malicious.bz2 /etc/unbound/*.bz2

15
Dockerfile.arm64v8
View File

@@ -1,4 +1,4 @@
ARG ALPINE_VERSION=3.8 ARG ALPINE_VERSION=3.9
FROM arm64v8/alpine:${ALPINE_VERSION} FROM arm64v8/alpine:${ALPINE_VERSION}
ARG BUILD_DATE ARG BUILD_DATE
@@ -13,9 +13,9 @@ LABEL org.label-schema.schema-version="1.0.0-rc1" \
org.label-schema.vcs-usage="https://github.com/qdm12/private-internet-access-docker/blob/master/README.md#setup" \ org.label-schema.vcs-usage="https://github.com/qdm12/private-internet-access-docker/blob/master/README.md#setup" \
org.label-schema.docker.cmd="docker run -d --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \ org.label-schema.docker.cmd="docker run -d --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \
org.label-schema.docker.cmd.devel="docker run -it --rm --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \ org.label-schema.docker.cmd.devel="docker run -it --rm --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \
org.label-schema.docker.params="REGION=PIA region,PROTOCOL=udp/tcp,ENCRYPTION=strong/normal,BLOCK_MALICIOUS=on/off,USER=PIA user,PASSWORD=PIA password,EXTRA_SUBNETS=extra subnets to allow on the firewall,NONROOT=yes/no" \ org.label-schema.docker.params="REGION=PIA region,PROTOCOL=udp/tcp,ENCRYPTION=strong/normal,BLOCK_MALICIOUS=on/off,BLOCK_NSA=on/off,UNBLOCK=allowed hostnames,USER=PIA user,PASSWORD=PIA password,EXTRA_SUBNETS=extra subnets to allow on the firewall,NONROOT=yes/no" \
org.label-schema.version="" \ org.label-schema.version="" \
image-size="16.7MB" \ image-size="19.2MB" \
ram-usage="13MB to 80MB" \ ram-usage="13MB to 80MB" \
cpu-usage="Low to Medium" cpu-usage="Low to Medium"
ENV USER= \ ENV USER= \
@@ -24,8 +24,10 @@ ENV USER= \
PROTOCOL=udp \ PROTOCOL=udp \
REGION="CA Montreal" \ REGION="CA Montreal" \
BLOCK_MALICIOUS=off \ BLOCK_MALICIOUS=off \
BLOCK_NSA=off \
UNBLOCK= \
EXTRA_SUBNETS= \ EXTRA_SUBNETS= \
NONROOT= NONROOT=no
ENTRYPOINT /entrypoint.sh ENTRYPOINT /entrypoint.sh
HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \
@@ -45,10 +47,13 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab
wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/root.key.updated -O /etc/unbound/root.key && \ wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/root.key.updated -O /etc/unbound/root.key && \
cd /tmp && \ cd /tmp && \
wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-hostnames.updated -O malicious-hostnames && \ wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-hostnames.updated -O malicious-hostnames && \
wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/nsa-hostnames.updated -O nsa-hostnames && \
wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-ips.updated -O malicious-ips && \ wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-ips.updated -O malicious-ips && \
while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-malicious.conf; done < malicious-hostnames && \ while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-malicious.conf; done < malicious-hostnames && \
while read ip; do echo "private-address: $ip" >> blocks-malicious.conf; done < malicious-ips && \ while read ip; do echo "private-address: $ip" >> blocks-malicious.conf; done < malicious-ips && \
tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \ tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \
while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-nsa.conf; done < nsa-hostnames && \
tar -cjf /etc/unbound/blocks-nsa.bz2 blocks-nsa.conf && \
rm -f /tmp/* rm -f /tmp/*
COPY unbound.conf /etc/unbound/unbound.conf COPY unbound.conf /etc/unbound/unbound.conf
COPY entrypoint.sh healthcheck.sh / COPY entrypoint.sh healthcheck.sh /
@@ -59,4 +64,4 @@ RUN chown nonrootuser -R /etc/unbound && \
/etc/unbound/root.hints \ /etc/unbound/root.hints \
/etc/unbound/root.key \ /etc/unbound/root.key \
/etc/unbound/unbound.conf \ /etc/unbound/unbound.conf \
/etc/unbound/blocks-malicious.bz2 /etc/unbound/*.bz2