Removed Unbound from image

Better use it in another Docker container, it caused quite some problems with my firewall so I thought it would be better to only

Dockerfile

@@ -1,12 +1,12 @@
 FROM alpine:3.8
 LABEL maintainer="quentin.mcgaw@gmail.com" \
-      description="VPN client to private internet access servers using OpenVPN, Alpine, IPtables firewall and Cloudflare 1.1.1.1 DNS over TLS" \
+      description="VPN client to private internet access servers using OpenVPN, Alpine and IPtables firewall" \
       download="5.7MB" \
-      size="13.5MB" \
+      size="8.94MB" \
-      ram="12MB" \
+      ram="11MB" \
       cpu_usage="Low" \
       github="https://github.com/qdm12/private-internet-access-docker"
-RUN apk add -q --progress --no-cache --update openvpn unbound ca-certificates iptables && \
+RUN apk add -q --progress --no-cache --update openvpn ca-certificates iptables && \
     apk add -q --progress --no-cache --update --virtual=build-dependencies unzip && \
     mkdir /openvpn-udp-normal /openvpn-udp-strong /openvpn-tcp-normal /openvpn-tcp-strong && \
     wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \
@@ -18,8 +18,7 @@ RUN apk add -q --progress --no-cache --update openvpn unbound ca-certificates ip
     unzip -q openvpn-tcp.zip -d /openvpn-tcp-normal && \
     unzip -q openvpn-strong-tcp.zip -d /openvpn-tcp-strong && \
     apk del -q --progress --purge build-dependencies && \
-    rm -rf /*.zip /etc/unbound/unbound.conf /var/cache/apk/*
+    rm -rf /*.zip /var/cache/apk/*
-COPY unbound.conf /etc/unbound/unbound.conf
 HEALTHCHECK --interval=10m --timeout=10s --start-period=10s --retries=1 \
             CMD export OLD_VPN_IP="$NEW_VPN_IP" && \
                 export NEW_VPN_IP=$(wget -qqO- 'https://duckduckgo.com/?q=what+is+my+ip' | grep -ow 'Your IP address is [0-9.]*[0-9]' | grep -ow '[0-9][0-9.]*') && \

README.md

@@ -1,10 +1,10 @@
-# Private Internet Access Client (OpenVPN, Alpine and DNS over TLS with Unbound)
+# Private Internet Access Client (OpenVPN on Alpine Linux)
 
-Docker VPN client to private internet access servers using [OpenVPN](https://openvpn.net/) and [Cloudflare DNS 1.1.1.1 over TLS](https://developers.cloudflare.com/1.1.1.1/dns-over-tls)
+Docker VPN client to private internet access servers using [OpenVPN](https://openvpn.net/) and Iptables on Alpine Linux.
 
 Optionally set the protocol (TCP, UDP) and the level of encryption using Docker environment variables.
 
-A killswitch is implemented with a firewall (*iptables*), only allowing traffic with PIA servers on needed ports / protocols.
+A killswitch is implemented with the *iptables* firewall, only allowing traffic with PIA servers on needed ports / protocols.
 
 [![PIA Docker OpenVPN](https://github.com/qdm12/private-internet-access-docker/raw/master/readme/title.png)](https://hub.docker.com/r/qmcgaw/private-internet-access/)
 
@@ -19,29 +19,30 @@ A killswitch is implemented with a firewall (*iptables*), only allowing traffic
 [![Docker Stars](https://img.shields.io/docker/stars/qmcgaw/private-internet-access.svg)](https://hub.docker.com/r/qmcgaw/private-internet-access)
 [![Docker Automated](https://img.shields.io/docker/automated/qmcgaw/private-internet-access.svg)](https://hub.docker.com/r/qmcgaw/private-internet-access)
 
-[![](https://images.microbadger.com/badges/image/qmcgaw/private-internet-access.svg)](https://microbadger.com/images/qmcgaw/private-internet-access)
+[![?](https://images.microbadger.com/badges/image/qmcgaw/private-internet-access.svg)](https://microbadger.com/images/qmcgaw/private-internet-access)
-[![](https://images.microbadger.com/badges/version/qmcgaw/private-internet-access.svg)](https://microbadger.com/images/qmcgaw/private-internet-access)
+[![?](https://images.microbadger.com/badges/version/qmcgaw/private-internet-access.svg)](https://microbadger.com/images/qmcgaw/private-internet-access)
 
 | Download size | Image size | RAM usage | CPU usage |
 | --- | --- | --- | --- |
-| 5.6MB | 13.5MB | 12MB | Low |
+| 5MB | 8.94MB | 11MB | Low |
 
 It is based on:
+
 - [Alpine 3.8](https://alpinelinux.org)
-- [OpenVPN 	2.4.6-r3](https://pkgs.alpinelinux.org/package/edge/main/ppc64le/openvpn)
+- [OpenVPN 2.4.6-r3](https://pkgs.alpinelinux.org/package/v3.8/main/x86_64/openvpn)
-- [Unbound 1.7.3-r0](https://pkgs.alpinelinux.org/package/edge/main/aarch64/unbound)
+- [IPtables 1.6.2-r0](https://pkgs.alpinelinux.org/package/v3.8/main/x86_64/iptables)
-- Ca-Certificates for the healthcheck (through HTTPS)
+- CA-Certificates for the healthcheck (through HTTPS)
 
 It requires:
+
 - A Private Internet Access **username** and **password** - [Sign up](https://www.privateinternetaccess.com/pages/buy-vpn/)
 - [Docker](https://docs.docker.com/install/) installed on the host
 
-The PIA *.ovpn* configuration files are downloaded from 
+The PIA *.ovpn* configuration files are downloaded from [the PIA website](https://www.privateinternetaccess.com/openvpn/openvpn.zip) when the Docker image is built. You can build the image yourself if you are paranoid.
-[the PIA website](https://www.privateinternetaccess.com/openvpn/openvpn.zip) 
-when the Docker image is built. You can build the image yourself if you are paranoid.
 
-Cloudflare **DNS 1.1.1.1 over TLS** is used to connect to any PIA server for multiple reasons:
+You might also want to use [my Cloudflare DNS over TLS Docker container](https://hub.docker.com/r/qmcgaw/cloudflare-dns-server/) to connect to any PIA server so that:
-- Man-in-the-middle (ISP, hacker, government) can't block you from resolving the PIA server domain name. 
+
+- Man-in-the-middle (ISP, hacker, government) can't block you from resolving the PIA server domain name
     *For example, `austria.privateinternetaccess.com` maps to `185.216.34.229`*
 - Man-in-the-middle (ISP, hacker, government) can't see to which server you connect nor when.
     *As the domain name are sent to 1.1.1.1 over TLS, there is no way to examine what domains you are asking to be resolved*
@@ -50,15 +51,15 @@ Cloudflare **DNS 1.1.1.1 over TLS** is used to connect to any PIA server for mul
 
 1. Make sure you have your `/dev/net/tun` device setup on your host with one of the following commands, depending on your OS:
 
-	```bash
+    ```bash
-	insmod /lib/modules/tun.ko
+    insmod /lib/modules/tun.ko
-	```
+    ```
-	
+
-	Or
+    Or
-	
+
-	```bash
+    ```bash
-	sudo modprobe tun
+    sudo modprobe tun
-	```
+    ```
 
 1. Create a network to be used by this container and other containers connecting to it with:
 
@@ -76,14 +77,13 @@ Cloudflare **DNS 1.1.1.1 over TLS** is used to connect to any PIA server for mul
 
     ```bash
     docker run -d --name=pia \
-	--cap-add=NET_ADMIN --device=/dev/net/tun --network=pianet \
+    --cap-add=NET_ADMIN --device=/dev/net/tun --network=pianet \
-	-v /yourhostpath/auth.conf:/auth.conf:ro \
+    -v /yourhostpath/auth.conf:/auth.conf:ro \
     -e REGION=Germany -e PROTOCOL=udp -e ENCRYPTION=normal \
     qmcgaw/private-internet-access
     ```
 
-    Note that you can change `REGION`, `PROTOCOL` and `ENCRYPTION`. 
+    Note that you can change `REGION`, `PROTOCOL` and `ENCRYPTION`, see the [Environment variables section](#environment-variables) for more.
-    See the [Environment variables section](#environment-variables)
 1. Wait about 5 seconds for it to connect to the PIA server. You can check with:
 
     ```bash
@@ -98,24 +98,22 @@ Cloudflare **DNS 1.1.1.1 over TLS** is used to connect to any PIA server for mul
 1. Edit it and change at least `yourpath`
 1. Run the container as a daemon in the background with:
 
-   ```bash
+    ```bash
     docker-compose up -d
     ```
 
-    Note that you can change `REGION`, `PROTOCOL` and `ENCRYPTION`. 
+    Note that you can change `REGION`, `PROTOCOL` and `ENCRYPTION`, see the [Environment variables section](#environment-variables) for more.
-    See the [Environment variables section](#environment-variables)
 1. Wait about 5 seconds for it to connect to the PIA server. You can check with:
 
     ```bash
-    docker logs pia
+    docker logs -f pia
     ```
-    
+
 1. Follow the [**Testing section**](#testing)
 
 ## Testing
 
-1. Note that you can simply use the HEALTCHECK provided. The container will stop by itself 
+1. Note that you can simply use the HEALTCHECK provided. The container will stop by itself if the VPN IP is the same as your initial public IP address.
-if the VPN IP is the same as your initial public IP address.
 
 Otherwise you can follow these instructions:
 
@@ -131,8 +129,7 @@ Otherwise you can follow these instructions:
     docker run --rm --network=container:pia byrnedo/alpine-curl -s ifconfig.co
     ```
 
-    If the displayed IP address appears and is different that your host IP address, 
+    If the displayed IP address appears and is different that your host IP address, the PIA client works !
-    the PIA client works !
 
 ## Environment variables
 
@@ -142,39 +139,37 @@ Otherwise you can follow these instructions:
 | `PROTOCOL` | `tcp` | `tcp` or `udp` |
 | `ENCRYPTION` | `strong` | `normal` or `strong` |
 
-If you know what you're doing, you can change the container name (`pia`), 
+If you know what you're doing, you can change the container name (`pia`), the hostname (`piaclient`) and the network name (`pianet`) as well.
-the hostname (`piaclient`) and the network name (`pianet`) as well.
 
 ## Connect other containers to it
 
-Connect other Docker containers to the PIA VPN connection by adding 
+Connect other Docker containers to the PIA VPN connection by adding `--network=container:pia` when launching them.
-`--network=container:pia` when launching them.
 
 ---
 
 ## EXTRA: Access ports of containers connected to the VPN container
 
-You have to use another container acting as a Reverse Proxy such as Nginx. 
+You have to use another container acting as a Reverse Proxy such as Nginx.
 
 **Example**:
+
 - We launch a *Deluge* (torrent client) container with name **deluge** connected to the `pia` container with:
 
-	```bash
+    ```bash
-	docker run -d --name=deluge --network=container:pia linuxserver/deluge
+    docker run -d --name=deluge --network=container:pia linuxserver/deluge
-	```
+    ```
 
 - We launch a *Hydra* container with name **hydra** connected to the `pia` container with:
 
-	```bash
+    ```bash
-	docker run -d --name=hydra --network=container:pia linuxserver/hydra
+    docker run -d --name=hydra --network=container:pia linuxserver/hydra
-	```
+    ```
 
 - HTTP User interfaces are accessible at port 8112 for Deluge and 5075 for Hydra
 
-
 1. Create the Nginx configuration file *nginx.conf*:
 
-    ```
+    ```txt
     user  nginx;
     worker_processes  1;
     error_log  /var/log/nginx/error.log warn;
@@ -226,4 +221,3 @@ For more containers, add more `--link pia:xxx` and modify *nginx.conf* according
 - The download and unziping is done at build for the ones not able to download the zip files with their ISPs.
 - Checksums for PIA openvpn zip files are not used as these files change often
 - You should use strong encryption for the environment variable `ENCRYPTION`
-

unbound.conf

@@ -1,15 +0,0 @@
-server:
-  verbosity: 0
-  use-syslog: no
-  qname-minimisation: yes
-  do-tcp: yes
-  prefetch: yes
-  rrset-roundrobin: yes
-  use-caps-for-id: yes
-  do-ip4: yes
-  do-ip6: no
-forward-zone:
-  name: "."
-  forward-addr: 1.1.1.1@853#cloudflare-dns.com
-  forward-addr: 1.0.0.1@853#cloudflare-dns.com
-  forward-ssl-upstream: yes