Coder Social home page Coder Social logo

ovk / silverbox Goto Github PK

View Code? Open in Web Editor NEW
59.0 4.0 4.0 315 KB

Guide describing how to setup compact, silent and energy-efficient GNU/Linux home server

Home Page: https://ovk.github.io/silverbox

License: Other

linux server selfhosted nextcloud nfs guide firefly-iii apache docker docker-compose privacy

silverbox's Issues

Docker VPN entry point syntax error

Hello!

Thank you for this project, I've been creating a homelab based on your guide using Ansible. I can't seem to get the Docker VPN working. Whenever I start the docker container it gets stuck on "restarting".

I ran docker logs --tail 50 --follow --timestamps vpn to see what the error is. This is what I get: 2022-12-05T20:41:13.493172422Z /usr/local/bin/docker-entrypoint.sh: 5: Syntax error: "(" unexpected

I've been looking at the docker-entrypoint.sh file for about an hour and I can't figure it out. Here is what that file looks like. Below I added my docker-compose file, if that helps.

#!/usr/bin/env bash

function configure_iptables()
{
    set -e

    local config_file="$1"
    local host=$(awk '/^remote / {print $2}' "$config_file")
    local port=$(awk '/^remote / && NF ~ /^[0-9]*$/ {print $NF}' "$config_file")

    if [ -z "$port" ]; then
        echo "-- No port number specified in the VPN profile file"
        exit 1
    else
        echo "-- Setting up firewall rules for VPN server $host on port $port"
    fi

    iptables --flush
    iptables --delete-chain

    iptables --policy INPUT DROP
    iptables --policy OUTPUT DROP
    iptables --policy FORWARD DROP

    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

    iptables -A INPUT -p tcp --dport 8888 -m conntrack --ctstate NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource
    iptables -A INPUT -p tcp --dport 8888  -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name SSH --mask 255.255.255.255 --rsource -j DROP
    iptables -A INPUT -p tcp --dport 8888  -m conntrack --ctstate NEW -j ACCEPT

    iptables -A OUTPUT -o lo -j ACCEPT
    iptables -A OUTPUT -o tun0 -j ACCEPT
    iptables -A OUTPUT -o eth0 -d 192.168.0.0/24 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 
    iptables -A OUTPUT -o eth0 -p tcp -d $host --dport $port -m owner --gid-owner vpn -j ACCEPT

    set +e
}

function run_sshd()
{
    set -e

    if [ ! -f "/etc/ssh/ssh_host_ed25519_key" ]; then
        if [ ! -f "/ssh-host-key/ssh_host_ed25519_key" ]; then
          echo "-- Generating host key"
          ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
          cp /etc/ssh/ssh_host_ed25519_key /ssh-host-key/ssh_host_ed25519_key
        else
          cp /ssh-host-key/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key
        fi
    fi

    echo "-- Adding route back to LAN"
    ip route add 192.168.0.0/24 via 172.18.0.1 
    echo "-- Starting SSH server"
    /usr/sbin/sshd

    set +e
}

if [[ $# -ge 1 ]]; then
    exec "$@"
else
    if [ -f /vpn-profiles/profile ]; then
        echo "-- Profile file found: only it will be used"
        PROFILE_FILE="/vpn-profiles/profile"
    else
        echo "-- Profile file not found: random profile file will be picked"
        PROFILE_FILE="$(ls -1 /vpn-profiles/*.ovpn | shuf -n 1)"
        echo "-- Selected profile file: $PROFILE_FILE"
    fi

    configure_iptables "$PROFILE_FILE"
    run_sshd

    exec sg vpn -c "openvpn --config $PROFILE_FILE --verb 1 --auth-user-pass /vpn-credentials/credentials --auth-nocache"
fi

Docker Compose:

version: '3.8'

networks:
  default:
    name: vpn
    external: true

services:
  vpn-proxy:
    container_name: vpn
    init: true
    build:
      context: /root/anacreon/containers/vpn-proxy
      args:
        version: '11.5-slim' 
    restart: on-failure:15
    logging:
      driver: json-file
      options:
        max-size: 10mb
    ports:
      - 192.168.0.31:8888:8888/tcp 
    networks:
      default:
        ipv4_address: 172.18.0.100 
    devices:
      - /dev/net/tun
    cap_add:
      - NET_ADMIN
    volumes:
      - /root/anacreon/vpn/proxy:/vpn-profiles
      - /root/anacreon/vpn/auth:/vpn-credentials
      - /root/anacreon/containers/vpn-proxy/host-key:/ssh-host-key

Thank you for your help!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.