-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: The Oh Brothers Bot <bot@theohbrothers.com>
- Loading branch information
1 parent
4190792
commit a9fd00d
Showing
6 changed files
with
231 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
[ | ||
"3.1.6", | ||
"3.1.5", | ||
"3.1.4", | ||
"3.1.3", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
FROM alpine:3.17 | ||
ARG TARGETPLATFORM | ||
ARG BUILDPLATFORM | ||
RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" | ||
|
||
RUN apk add --no-cache ca-certificates | ||
|
||
# Install easyrsa dependencies | ||
RUN apk add --no-cache iptables openssl | ||
|
||
WORKDIR /data | ||
ENV EASYRSA=/usr/share/easy-rsa | ||
ENV EASYRSA_PKI=/data/pki | ||
|
||
# Install easyrsa | ||
# See: https://github.com/OpenVPN/easy-rsa/tree/master/release-keys | ||
RUN set -eux; \ | ||
apk add --no-cache gnupg gpg-agent dirmngr; \ | ||
URL=https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.6/EasyRSA-3.1.6.tgz; \ | ||
FILE=$( basename $URL ); \ | ||
wget -q "$URL"; \ | ||
wget -q "$URL.sig"; \ | ||
gpg --keyserver keys.openpgp.org --recv-keys 6F4056821152F03B6B24F2FCF8489F839D7367F3; \ | ||
gpg --verify "$FILE.sig" "$FILE"; \ | ||
mkdir -p /usr/share/easy-rsa; \ | ||
tar -zxvf "$FILE" --strip-components=1 -C /usr/share/easy-rsa; \ | ||
ln -sf /usr/share/easy-rsa/easyrsa /usr/local/bin/easyrsa; \ | ||
\ | ||
easyrsa help; \ | ||
easyrsa init-pki; \ | ||
rm -rfv /data/pki; \ | ||
\ | ||
rm -fv "$FILE"; \ | ||
rm -fv "$FILE.sig"; \ | ||
rm -rf /root/.gnupg; \ | ||
apk del gnupg gpg-agent dirmngr; | ||
|
||
VOLUME /data | ||
|
||
COPY docker-entrypoint.sh /docker-entrypoint.sh | ||
RUN chmod +x /docker-entrypoint.sh | ||
|
||
ENTRYPOINT ["/docker-entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
version: '2.1' | ||
services: | ||
easyrsa: | ||
container_name: easyrsa | ||
image: theohbrothers/docker-easyrsa:v3.1.6 | ||
|
||
# Uncomment and configure these environment to your needs. The following are the default values, according to: https://github.com/OpenVPN/easy-rsa/blob/v3.0.8/doc/EasyRSA-Advanced.md#configuration-reference | ||
# Using environment variables is preferred to using a vars file | ||
# Double dollar signs '$$' is to escape a dollar sign in the docker-compose yaml parser, see: https://stackoverflow.com/a/40621373 | ||
# environment: | ||
# - EASYRSA_SSL_CONF=/etc/ssl/openssl.cnf | ||
# - EASYRSA=$${0%/*} | ||
# - EASYRSA_OPENSSL=openssl | ||
# - EASYRSA_SSL_CONF=$$EASYRSA/openssl-easyrsa.cnf | ||
# - EASYRSA_PKI=$$PWD/pki | ||
# - EASYRSA_DN=cn_only | ||
# - EASYRSA_REQ_COUNTRY=US | ||
# - EASYRSA_REQ_PROVINCE=California | ||
# - EASYRSA_REQ_CITY=San Francisco | ||
# - EASYRSA_REQ_ORG=Copyleft Certificate Co | ||
# - EASYRSA_REQ_EMAIL=me@example.net | ||
# - EASYRSA_REQ_OU=My Organizational Unit | ||
# - EASYRSA_KEY_SIZE=2048 | ||
# - EASYRSA_ALGO=rsa | ||
# - EASYRSA_CURVE=secp384r1 | ||
# - EASYRSA_CA_EXPIRE=3650 | ||
# - EASYRSA_CERT_EXPIRE=180 | ||
# - EASYRSA_CERT_RENEW=30 | ||
# - EASYRSA_NS_SUPPORT=no | ||
# - EASYRSA_NS_COMMENT=Easy-RSA Generated Certificate | ||
# - EASYRSA_TEMP_FILE=$$EASYRSA_PKI/extensions.temp | ||
# - EASYRSA_EXT_DIR=$$EASYRSA/x509-types | ||
# - EASYRSA_REQ_CN=ChangeMe | ||
# - EASYRSA_DIGEST=sha256 | ||
# - EASYRSA_BATCH= | ||
|
||
# Uncomment this to mount your own openssl.cnf, vars file(s) | ||
# volumes: | ||
# - ./path/to/openssl.conf:/etc/ssl/openssl.cnf | ||
# - ./path/to/vars:/etc/ssl/openssl.cnf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
#!/bin/sh | ||
set -eu | ||
|
||
if [ $# -gt 0 ]; then | ||
# Get all subcommands. 'help' is also a subcommand | ||
SUBCOMMANDS=$( easyrsa | awk "/^'help'/,/^DIRECTORY/" | grep -vE "^'help'|^DIRECTORY|^\s*$" | awk '{print $1}'; echo help ) | ||
if echo "$SUBCOMMANDS" | grep "^$1$"; then | ||
set "easyrsa" "$@" | ||
echo "Executing: $@" | ||
exec "$@" | ||
fi | ||
else | ||
exec "easyrsa" "$@" | ||
fi | ||
|
||
exec "$@" |