admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More defaults and fixing typos

Browse Source
This commit is contained in:
Quentin McGaw
2019-04-23 10:32:15 +02:00
parent b26cb508de
commit aad11510f5
4 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@@ -13,7 +13,7 @@ LABEL org.label-schema.schema-version="1.0.0-rc1" \
org.label-schema.vcs-usage="https://github.com/qdm12/private-internet-access-docker/blob/master/README.md#setup" \ org.label-schema.vcs-usage="https://github.com/qdm12/private-internet-access-docker/blob/master/README.md#setup" \
org.label-schema.docker.cmd="docker run -d --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \ org.label-schema.docker.cmd="docker run -d --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \
org.label-schema.docker.cmd.devel="docker run -it --rm --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \ org.label-schema.docker.cmd.devel="docker run -it --rm --cap-add=NET_ADMIN --device=/dev/net/tun -e USER=js89ds7 -e PASSWORD=8fd9s239G qmcgaw/private-internet-access" \
org.label-schema.docker.params="REGION=PIA region,PROTOCOL=udp/tcp,ENCRYPTION=strong/normal,BLOCK_MALICIOUS=on/off,USER=PIA user,PASSWORD=PIA password,EXTRA_SUBNETS=extra subnets to allow on the firewall,NONROOT=yes/no" \ org.label-schema.docker.params="REGION=PIA region,PROTOCOL=udp/tcp,ENCRYPTION=strong/normal,BLOCK_MALICIOUS=on/off,BLOCK_NSA=on/off,UNBLOCK=allowed hostnames,USER=PIA user,PASSWORD=PIA password,EXTRA_SUBNETS=extra subnets to allow on the firewall,NONROOT=yes/no" \
org.label-schema.version="" \ org.label-schema.version="" \
image-size="17.1MB" \ image-size="17.1MB" \
ram-usage="13MB to 80MB" \ ram-usage="13MB to 80MB" \
@@ -27,7 +27,7 @@ ENV USER= \
BLOCK_NSA=off \ BLOCK_NSA=off \
UNBLOCK= \ UNBLOCK= \
EXTRA_SUBNETS= \ EXTRA_SUBNETS= \
NONROOT= NONROOT=no
ENTRYPOINT /entrypoint.sh ENTRYPOINT /entrypoint.sh
HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \

6
README.md
View File

@@ -75,7 +75,7 @@
modprobe tun modprobe tun
``` ```
1. **ONLY IF YOU AN ARM DEVICE, depending on your cpu architecture:** 1. **ONLY IF YOU HAVE AN ARM DEVICE, depending on your cpu architecture:**
```sh ```sh
# ARM 32 bit V6 # ARM 32 bit V6
@@ -138,8 +138,8 @@ You can simply use the Docker healthcheck. The container will mark itself as **u
| `ENCRYPTION` | `strong` | `normal` or `strong` | | `ENCRYPTION` | `strong` | `normal` or `strong` |
| `USER` | | Your PIA username | | `USER` | | Your PIA username |
| `PASSWORD` | | Your PIA password | | `PASSWORD` | | Your PIA password |
| `NONROOT` | | Run OpenVPN without root, `yes` or other | | `NONROOT` | `no` | Run OpenVPN without root, `yes` or other |
| `EXTRA_SUBNETS` | | Comma separated subnets allowed in the container firewall | | `EXTRA_SUBNETS` | | comma separated subnets allowed in the container firewall (i.e. `192.168.1.0/24,192.168.10.121,10.0.0.5/28`) |
| `BLOCK_MALICIOUS` | `off` | `on` or `off`, blocks malicious hostnames and IPs | | `BLOCK_MALICIOUS` | `off` | `on` or `off`, blocks malicious hostnames and IPs |
| `BLOCK_NSA` | `off` | `on` or `off`, blocks NSA hostnames | | `BLOCK_NSA` | `off` | `on` or `off`, blocks NSA hostnames |
| `UNBLOCK` | | comma separated string (i.e. `web.com,web2.ca`) to unblock hostnames | | `UNBLOCK` | | comma separated string (i.e. `web.com,web2.ca`) to unblock hostnames |

1
docker-compose.yml
View File

@@ -16,6 +16,7 @@ services:
- ENCRYPTION=strong - ENCRYPTION=strong
- REGION=CA Montreal - REGION=CA Montreal
- EXTRA_SUBNETS= - EXTRA_SUBNETS=
- NONROOT=no
- BLOCK_MALICIOUS=off - BLOCK_MALICIOUS=off
- BLOCK_NSA=off - BLOCK_NSA=off
- UNBLOCK= - UNBLOCK=

1
entrypoint.sh
View File

@@ -59,6 +59,7 @@ exitIfNotIn ENCRYPTION "normal,strong"
exitIfNotIn PROTOCOL "tcp,udp" exitIfNotIn PROTOCOL "tcp,udp"
exitIfNotIn BLOCK_MALICIOUS "on,off" exitIfNotIn BLOCK_MALICIOUS "on,off"
exitIfNotIn BLOCK_NSA "on,off" exitIfNotIn BLOCK_NSA "on,off"
exitIfNotIn NONROOT "yes,no"
cat "/openvpn/$PROTOCOL-$ENCRYPTION/$REGION.ovpn" &> /dev/null cat "/openvpn/$PROTOCOL-$ENCRYPTION/$REGION.ovpn" &> /dev/null
exitOnError $? "/openvpn/$PROTOCOL-$ENCRYPTION/$REGION.ovpn is not accessible" exitOnError $? "/openvpn/$PROTOCOL-$ENCRYPTION/$REGION.ovpn is not accessible"
for SUBNET in ${EXTRA_SUBNETS//,/ }; do for SUBNET in ${EXTRA_SUBNETS//,/ }; do