ovk / silverbox Goto Github PK
View Code? Open in Web Editor NEWGuide describing how to setup compact, silent and energy-efficient GNU/Linux home server
Home Page: https://ovk.github.io/silverbox
License: Other
silverbox's People
Contributors
Stargazers
Watchers
silverbox's Issues
Docker VPN entry point syntax error
Hello!
Thank you for this project, I've been creating a homelab based on your guide using Ansible. I can't seem to get the Docker VPN working. Whenever I start the docker container it gets stuck on "restarting".
I ran docker logs --tail 50 --follow --timestamps vpn to see what the error is. This is what I get: 2022-12-05T20:41:13.493172422Z /usr/local/bin/docker-entrypoint.sh: 5: Syntax error: "(" unexpected
I've been looking at the docker-entrypoint.sh file for about an hour and I can't figure it out. Here is what that file looks like. Below I added my docker-compose file, if that helps.
#!/usr/bin/env bash
function configure_iptables()
{
set -e
local config_file="$1"
local host=$(awk '/^remote / {print $2}' "$config_file")
local port=$(awk '/^remote / && NF ~ /^[0-9]*$/ {print $NF}' "$config_file")
if [ -z "$port" ]; then
echo "-- No port number specified in the VPN profile file"
exit 1
else
echo "-- Setting up firewall rules for VPN server $host on port $port"
fi
iptables --flush
iptables --delete-chain
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 8888 -m conntrack --ctstate NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource
iptables -A INPUT -p tcp --dport 8888 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name SSH --mask 255.255.255.255 --rsource -j DROP
iptables -A INPUT -p tcp --dport 8888 -m conntrack --ctstate NEW -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A OUTPUT -o eth0 -d 192.168.0.0/24 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -d $host --dport $port -m owner --gid-owner vpn -j ACCEPT
set +e
}
function run_sshd()
{
set -e
if [ ! -f "/etc/ssh/ssh_host_ed25519_key" ]; then
if [ ! -f "/ssh-host-key/ssh_host_ed25519_key" ]; then
echo "-- Generating host key"
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
cp /etc/ssh/ssh_host_ed25519_key /ssh-host-key/ssh_host_ed25519_key
else
cp /ssh-host-key/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key
fi
fi
echo "-- Adding route back to LAN"
ip route add 192.168.0.0/24 via 172.18.0.1
echo "-- Starting SSH server"
/usr/sbin/sshd
set +e
}
if [[ $# -ge 1 ]]; then
exec "$@"
else
if [ -f /vpn-profiles/profile ]; then
echo "-- Profile file found: only it will be used"
PROFILE_FILE="/vpn-profiles/profile"
else
echo "-- Profile file not found: random profile file will be picked"
PROFILE_FILE="$(ls -1 /vpn-profiles/*.ovpn | shuf -n 1)"
echo "-- Selected profile file: $PROFILE_FILE"
fi
configure_iptables "$PROFILE_FILE"
run_sshd
exec sg vpn -c "openvpn --config $PROFILE_FILE --verb 1 --auth-user-pass /vpn-credentials/credentials --auth-nocache"
fi
Docker Compose:
version: '3.8'
networks:
default:
name: vpn
external: true
services:
vpn-proxy:
container_name: vpn
init: true
build:
context: /root/anacreon/containers/vpn-proxy
args:
version: '11.5-slim'
restart: on-failure:15
logging:
driver: json-file
options:
max-size: 10mb
ports:
- 192.168.0.31:8888:8888/tcp
networks:
default:
ipv4_address: 172.18.0.100
devices:
- /dev/net/tun
cap_add:
- NET_ADMIN
volumes:
- /root/anacreon/vpn/proxy:/vpn-profiles
- /root/anacreon/vpn/auth:/vpn-credentials
- /root/anacreon/containers/vpn-proxy/host-key:/ssh-host-key
Thank you for your help!
Images placeholder
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.