diff --git a/.github/workflows/docker-image-arm64.yml b/.github/workflows/docker-image-arm64.yml index 9635ee8..8001e21 100644 --- a/.github/workflows/docker-image-arm64.yml +++ b/.github/workflows/docker-image-arm64.yml @@ -20,7 +20,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: softethervpn/vpnserver-arm64 tags: | @@ -30,20 +30,21 @@ jobs: type=semver,pattern={{major}}.{{minor}} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub if: github.event_name != 'pull_request' - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: #context: "{{defaultContext}}:build" #might be used later if Dockerfile is somewhere else file: ./Dockerfile + target: vpnserver push: ${{ github.event_name != 'pull_request' }} platforms: linux/arm64 tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/docker-vpnclient-arm64.yml b/.github/workflows/docker-vpnclient-arm64.yml new file mode 100644 index 0000000..b45e110 --- /dev/null +++ b/.github/workflows/docker-vpnclient-arm64.yml @@ -0,0 +1,51 @@ +name: Docker vpnclient ARM64 + +on: + schedule: + - cron: "0 6 * * 1" # Every Monday at 6:00 AM + push: + branches: + - "master" + tags: + - '*' + pull_request: + branches: + - 'main' + workflow_dispatch: + +jobs: + docker: + runs-on: ARM64 + steps: + - + name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: softethervpn/vpnclient-arm64 + tags: | + # set latest tag for default branch + type=raw,value=latest,enable={{is_default_branch}} + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v6 + with: + #context: "{{defaultContext}}:build" #might be used later if Dockerfile is somewhere else + file: ./Dockerfile + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/docker-vpnclient.yml b/.github/workflows/docker-vpnclient.yml new file mode 100644 index 0000000..889d5bd --- /dev/null +++ b/.github/workflows/docker-vpnclient.yml @@ -0,0 +1,55 @@ +name: Docker vpnclient CI + +on: + schedule: + - cron: "0 6 * * 1" # Every Monday at 6:00 AM + push: + branches: + - "master" + tags: + - '*' + pull_request: + branches: + - 'main' + workflow_dispatch: + +jobs: + docker-vpnclient: + runs-on: ubuntu-latest + steps: + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: softethervpn/vpnclient + tags: | + # set latest tag for default branch + type=raw,value=latest,enable={{is_default_branch}} + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v6 + with: + #context: "{{defaultContext}}:build" #might be used later if Dockerfile is somewhere else + file: ./Dockerfile + target: vpnclient + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64,linux/arm/v7 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index 6725577..e5e4e35 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,33 +11,49 @@ RUN mkdir /usr/local/src && apk add binutils --no-cache\ libsodium-dev \ gnu-libiconv -ENV LD_PRELOAD /usr/lib/preloadable_libiconv.so +ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so WORKDIR /usr/local/src RUN git clone https://github.com/SoftEtherVPN/SoftEtherVPN.git #RUN git clone -b ${GIT_TAG} https://github.com/SoftEtherVPN/SoftEtherVPN.git ENV USE_MUSL=YES +ENV CMAKE_FLAGS="-DSE_PIDDIR=/run/softether -DSE_LOGDIR=/var/log/softether -DSE_DBDIR=/var/lib/softether" RUN cd SoftEtherVPN &&\ git submodule init &&\ git submodule update &&\ ./configure &&\ make -j $(getconf _NPROCESSORS_ONLN) -C build -FROM alpine +FROM alpine AS vpnserver RUN apk add --no-cache readline \ openssl \ libsodium \ gnu-libiconv \ iptables -ENV LD_PRELOAD /usr/lib/preloadable_libiconv.so -ENV LD_LIBRARY_PATH /root +ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so +ENV LD_LIBRARY_PATH=/root WORKDIR /usr/local/bin -VOLUME /mnt -RUN ln -s /mnt/vpn_server.config vpn_server.config && \ - mkdir /mnt/backup.vpn_server.config &&\ - ln -s /mnt/backup.vpn_server.config backup.vpn_server.config &&\ - ln -s /mnt/lang.config lang.config +VOLUME /var/log/softether +VOLUME /var/lib/softether +VOLUME /run/softether COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnserver /usr/local/src/SoftEtherVPN/build/vpncmd /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so /usr/local/src/SoftEtherVPN/build/hamcore.se2 ./ COPY --from=builder /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so ../lib/ EXPOSE 443/tcp 992/tcp 1194/tcp 1194/udp 5555/tcp 500/udp 4500/udp CMD ["/usr/local/bin/vpnserver", "execsvc"] + +FROM alpine AS vpnclient +RUN apk add --no-cache readline \ + openssl \ + libsodium \ + gnu-libiconv \ + iptables +ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so +ENV LD_LIBRARY_PATH=/root +WORKDIR /usr/local/bin +VOLUME /var/log/softether +VOLUME /var/lib/softether +VOLUME /run/softether +COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnclient /usr/local/src/SoftEtherVPN/build/vpncmd /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so /usr/local/src/SoftEtherVPN/build/hamcore.se2 ./ +COPY --from=builder /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so ../lib/ + +CMD ["/usr/local/bin/vpnclient", "execsvc"] \ No newline at end of file diff --git a/README.md b/README.md index 2b58d16..88a88cb 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,12 @@ This will keep your config and Logfiles in the docker volume `softetherdata` `docker run -d --rm --name softether-vpn-server -v softetherdata:/mnt -p 443:443/tcp -p 992:992/tcp -p 1194:1194/udp -p 5555:5555/tcp -p 500:500/udp -p 4500:4500/udp -p 1701:1701/udp --cap-add NET_ADMIN softethervpn/vpnserver:stable` +## Port requirements + +As there are different operating modes for SoftetherVPN there is a variety of ports that might or might not be needed. +For operation with Softether Clients at least 443, 992 or 5555 is needed. +See https://www.softether.org/4-docs/1-manual/1/1.6 for reference on the Softether ports. +Others are commented out in the docker-compose example. ## Usage docker-compose @@ -43,27 +49,25 @@ version: '3' services: softether: - image: softethervpn/vpnserver:stable + image: softethervpn/vpnserver:latest cap_add: - NET_ADMIN restart: always ports: - - 53:53 - - 443:443 - - 992:992 - - 1194:1194/udp - - 5555:5555 - - 500:500/udp - - 4500:4500/udp - - 1701:1701/udp + - # 53:53 #DNS tunneling + - 443:443 #Management and HTTPS tunneling + - 992:992 #HTTPS tunneling + - # 1194:1194/udp #OpenVPN + - 5555:5555 #HTTPS tunneling + - # 500:500/udp #IPsec/L2TP + - # 4500:4500/udp #IPsec/L2TP + - # 1701:1701/udp #IPsec/L2TP volumes: - "/etc/localtime:/etc/localtime:ro" - "/etc/timezone:/etc/timezone:ro" - - "./softether_data:/mnt" - - "./softether_log:/root/server_log" - - "./softether_packetlog:/root/packet_log" - - "./softether_securitylog:/root/security_log" - # - "./adminip.txt:/usr/local/bin/adminip.txt:ro" + - "./softether_data:/var/lib/softether" + - "./softether_log:/var/log/softether" + # - "./adminip.txt:/var/lib/softether/adminip.txt:ro" ``` ### Use vpncmd @@ -75,4 +79,4 @@ With newer releases vpncmd is directly in the container so you can use it to con ## Building -` docker build -t softethevpn:latest .` +` docker build --target vpnclient -t softethevpn:latest .` diff --git a/TODO.MD b/TODO.MD index f411884..c92cfa8 100644 --- a/TODO.MD +++ b/TODO.MD @@ -1,14 +1,6 @@ -To get this publicly available there is still some work to to - -* Create a pipline for automatic building and uploading * define needed "flavours" / tags, (server,client,vpncmd) * delete this file ;) -DONE -* Get an "official" dockerhub account -* rename all references to toprock/softether - - docker buildx build -t softethervpn/vpnserver:stable -f .\Dockerfile.stable --push --platform linux/amd64,linux/arm64,linux/arm/v7 . \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index 71a2365..442120f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -2,24 +2,22 @@ version: '3' services: softether: - image: softethervpn/vpnserver:v4.39-9772-beta + image: softethervpn/vpnserver:latest cap_add: - NET_ADMIN restart: always ports: - - 53:53 - - 444:443 - - 992:992 - - 1194:1194/udp - - 5555:5555 - - 500:500/udp - - 4500:4500/udp - - 1701:1701/udp + - # 53:53 #DNS tunneling + - 443:443 #Management and HTTPS tunneling + - 992:992 #HTTPS tunneling + - # 1194:1194/udp #OpenVPN + - 5555:5555 #HTTPS tunneling + - # 500:500/udp #IPsec/L2TP + - # 4500:4500/udp #IPsec/L2TP + - # 1701:1701/udp #IPsec/L2TP volumes: - "/etc/localtime:/etc/localtime:ro" - "/etc/timezone:/etc/timezone:ro" - - "./softether_data:/mnt" - - "./softether_log:/root/server_log" - - "./softether_packetlog:/root/packet_log" - - "./softether_securitylog:/root/security_log" - # - "./adminip.txt:/usr/local/bin/adminip.txt:ro" + - "./softether_data:/var/lib/softether" + - "./softether_log:/var/log/softether" + # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"