admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
162 Commits 18 Branches 75 Tags
a21bb009e5f19a3695636b43bb5965cc80d05ec2
Commit Graph

74 Commits

Author SHA1 Message Date
Quentin McGaw (desktop)
a21bb009e5 openvpn runs without root by default 2019-11-24 11:04:55 -05:00
Quentin McGaw (desktop)
8b313cf211 Small changes and cleanup 2019-11-24 11:04:37 -05:00
Quentin McGaw
0af0632304 Building Docker images for all CPU architectures (#57) 
* Created Travis config to build images for all CPU architectures
* Updated readme
 2019-11-23 18:01:18 -05:00
Quentin McGaw (desktop)
9a2d0ec3ef Simplified ARM build instructions 2019-11-21 20:45:21 -05:00
Quentin McGaw (desktop)
e8300f123f Uses new files from github.com/qdm12/files 2019-11-18 07:12:30 -05:00
elmerfdz
6856276fd7 Added tzdata so that users can set timezone via TZ var (#51) 
* Update Dockerfile
* Update README.md
 2019-09-16 09:10:15 -04:00
Quentin McGaw
0d41564f7d Fixes several small bugs regarding #48 
- Proxies are `off` by default so `SHADOWSOCKS_PASSWORD` is not required
- Documentation fixed and clarified
- `PORT_FORWARDING` should be `on` or `off` only now (although it's backward compatible with `false` and `true`)
 2019-09-10 09:05:49 -04:00
Quentin McGaw
bea809778b Shadowsocks proxy built-in, fixes #30 (#46) 
* Added ShadowSocks proxy to container

* Updated docker-compose.yml example

* Updated readme with new instructions for Shadowsocks proxy
 2019-09-09 20:39:47 -04:00
Quentin McGaw
87c84afb4c Small fixes 2019-09-09 13:56:50 -04:00
Quentin McGaw
aca632ab94 Tinyproxy variables renamed 2019-09-09 12:40:00 -04:00
Quentin McGaw
38f8f5ae19 Adopted new opencontainers.org labelling scheme for Dockerfile 2019-09-09 11:50:06 -04:00
Juggels
d35437bd73 Make forwarded_port file location configurable (#43) 
* Make port forwarding status file dynamic

* Readme updates
 2019-09-02 10:38:41 -04:00
Gauthier Delacroix
55492015cb Fix/improve port forwarding handling 2019-07-15 22:02:40 +02:00
Quentin McGaw
e4336c02d7 Fixes #28 allowing to set the port of Tinyproxy 2019-07-03 11:07:37 +02:00
Quentin McGaw
cb7bba6d42 Large refactoring: proxy+firewall+readme 
- Cleaner logs
- HTTP proxy is working... finally
- Firewall was adjusted
- Firewall cannot be turned off anymore
- portforward script changes the firewall
- readme reworked
- Possibility to pass commands to Openvpn with Docker command
 2019-06-29 13:42:44 +02:00
Quentin McGaw
8ce905bd1d Added web HTTP proxy 2019-06-27 13:12:03 +02:00
Quentin McGaw
95e69b5c9c More modularity and reworked readme 
- Docker's init added to avoid zombie processes (i.e. Unbound)
- Added environment variables to enable or disable features: `DOT`, `FIREWALL`
- Reworked readme
 2019-06-27 13:10:51 +02:00
Quentin McGaw
62f4cc56b4 Added port forwarding, fixes #14 2019-06-26 17:24:10 +02:00
Quentin McGaw
302aa58dbe Updated packages and Alpine to 3.10 2019-06-26 17:23:24 +02:00
Quentin McGaw
21aba4680d Readme update and typo fixes 2019-04-26 21:43:26 +02:00
Quentin McGaw
39ed1d93f5 Dropped building of ARM images in Travis CI in favor of manual building 2019-04-26 16:20:23 +02:00
Quentin McGaw
99f48b964b Adding QEMU static arm binary to build ARM images 2019-04-26 16:02:14 +02:00
Quentin McGaw
29d9fb5879 Reworked Travis CI to produce ARM images 2019-04-26 12:28:32 +02:00
Quentin McGaw
305b5954f9 Upgrade to Alpine 3.9 2019-04-23 10:32:31 +02:00
Quentin McGaw
aad11510f5 More defaults and fixing typos 2019-04-23 10:32:15 +02:00
Quentin McGaw
b26cb508de Splitted BLOCK_MALICIOUS with BLOCK_NSA and UNBLOCK env variable 2019-04-23 10:29:44 +02:00
Quentin McGaw
27802ba886 Runs OpenVPN as root by default, fixes #19 2019-03-18 11:27:36 +01:00
Quentin McGaw
a3bfa2d77a Changed healthcheck to only ping 1.1.1.1 to check connectivity 
This is because your VPN public IP might not be the VPN server entrance IP address, resulting in the container being unhealthy most of the time.
 2019-01-15 14:40:28 +01:00
Quentin McGaw
63eae489c7 Reduced image size by removing unbound useless binaries 2019-01-14 09:54:33 +01:00
Quentin McGaw
a8e88cc7fc Replaced external docker images with Github hosted files 2019-01-01 23:14:36 +02:00
Quentin McGaw
24ba0958ac Fixed healthcheck 2018-11-27 21:09:21 +02:00
Quentin McGaw
2b45ba3425 The target files are created in /openvpn/target 
- More resilience to failure
- Less verbose
- Works with start/stop
 2018-11-27 17:50:08 +02:00
Quentin McGaw
d1ebddb029 Fixed auth_failed error 
- Removed nonrootgroup
- File directories are slightly different
- Resolv-retry is removed as pointless as IP addresses are used
- Fixed some arguments to openvpn
 2018-11-17 14:44:17 +02:00
Quentin McGaw
9ba7f5969c Fixed healthcheck 2018-11-15 14:41:39 +02:00
Quentin McGaw
9c6afff973 Healthcheck checks your IP is in the VPN configuration file 2018-11-14 16:25:23 +02:00
Quentin McGaw
d3dc6c74d8 Multiple additions and fixes #12 
- Unbound ran as `nonrootuser`
- Readme updated
- auth.conf replaced by `USER` and `PASSWORD` env variables
- Removed Nginx section from readme for now
- Reworked entrypoint with more checks
- Malicious IPs and hostnames building is done at Docker build to gain time at launch
- docker-compose updated to reflect changes
 2018-11-14 14:38:10 +02:00
Quentin McGaw
7b4c216fc8 Reworked project overall 2018-11-06 14:55:11 +01:00
Quentin McGaw
08d1afccfe Reworked labels, readme and added License 2018-10-29 16:32:11 +01:00
Quentin McGaw
4bcaec6a33 Big refactoring (more secured, more modular) 
- Region change to "CA Montreal"
- Using external data images for malicious hostnames
- Added malicious IP addresses blocking with Unbound
- Unbound has DNS rebinding protection
 2018-10-28 14:08:14 +01:00
Tomasz Janowski
559bec0ba0 Update md5 hash of the named.root file 2018-10-28 16:46:18 +11:00
Tomasz Janowski
867992f435 Run apk with --update --no-cache flags to fetch a fresh list of dependencies 2018-10-28 16:45:56 +11:00
Quentin McGaw
3bc45d930c Hostnames block is done in memory only 2018-10-10 10:24:15 +02:00
Quentin McGaw
e0f201a334 Openvpn runs as non root user and tries all IP addresses 2018-10-05 12:43:16 +02:00
Quentin McGaw
b73ad75cde Multiple additions and fixes #5 
- Multi stage build
- Download and checks Unbound Root anchors
- Download and build malicious hostnames block list for Unbound
- Healthcheck only based on the current IP being different from the initial IP
- IPv6 related completely removed
- Multiple checks at launch with $?
- Launch openvpn as root (can't change user)
- Unbound configured with DNS SEC for DNS over TLS
 2018-10-04 22:24:43 +02:00
Quentin McGaw
b8dbf0761f Moved DNS over TLS at start as DNS is required in firewall anyway 2018-09-28 19:51:30 +02:00
Quentin McGaw
93ea50bd49 Fixed non root permission issue 2018-09-21 17:39:03 +02:00
Quentin McGaw
2b7c7cc62a Restarts on fail; DNS over TLS only when connected to VPN; readme update 2018-09-21 16:39:08 +02:00
Quentin McGaw
6929947611 Runs openvpn as non-root user 2018-09-21 11:39:00 +02:00
Quentin McGaw
706050619d Re-added Unbound DNS over TLS 
It turns out you can't use a local DNS server once connected with the VPN, so running the DNS over TLS in the PIA container is the best.
 2018-09-21 11:28:23 +02:00
Quentin McGaw
de981c3566 Fixed firewall (iptables) and added ip6tables for ipv6 2018-09-21 09:33:37 +02:00