-
-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Suggestions] Update base image. Remove easyrsa steps from build. Create github actions to build docker images #243
Comments
Hi! Thanks a lot for suggestions. I highly appreciate this! For the integration tests, I already have a wrapper for Dockovpn written in Golang and I'm creating unit-tests with it. For integration tests it can be used as well. Old tests reside in dockovpn-it repo and are written in Scala. I have been long thinking about multiplatform builds as well. It'd be nice to have them in Docker Hub. GitHub Registry requires authentication with token even for public artefacts if I can recall correctly. Can you please tell me little bit more about why iptables is the problem? |
Mmmm, you call iptables from start.sh https://github.com/dockovpn/dockovpn/blob/master/scripts/start.sh#L54, right? How that works? Maybe it's supposed to run hosts iptables (due to NET_ADMIN capability)? Building the container in arm yields an error because of missing iptables (so I guess start.sh iptables rules aren't even working as expected, actually I couldn't make UDP work) |
Yes, indeed, iptables are called in start.sh, when container starts. It does run host iptables in a namespace dedicated for that container. It's not possible to set ip routing rules at build time. What kind of error do you get when building an image for ARM? |
Regarding live-chat platform, I did research some time ago and Slack was more favourable option because of many factors such as convenience, plugins, ...etc. I may reevaluate Discord in the future though. |
Hi, the error was a misconfiguration by myself, my VPS seems to be running very restrictive rules and I had to disable multiple firewalls to allow UDP traffic.
Strangely, this doesn't happen when building using alpine 3.14.1. So it's just a matter of adding iptables in the RUN statement. P.S.: I've been playing around with the rules and only these https://github.com/dockovpn/dockovpn/blob/master/scripts/start.sh#L62 seem relevant, am I missing something? Commenting out all rules except these 2 two allow the connection both TCP and UDP. |
Hi, what do you think about these requests?
The current container is a bit outdated, I've compiled my own container (arm) using latest alpine version, the only "problem" is that
iptables
is missing (we just need to add it to apk add list). Also integration testing should be performed, I know that it works with TCP, but I haven't tested UDP.Also, I can help with the github action to build the container for multiple architectures (x86_64/arm) and deploy it to dockerhub (or github registry), but I think we should remove
easyrsa init-pki/gen-dh
from the Dockerfile, to my understanding, the primitives generated in this step must be unique for each user, but right now they're the same for every person using the container.P.S.: Finally, I think you should move to discord instead of slack, right now discord has converted into the de facto standard to build a community for a repository.
The text was updated successfully, but these errors were encountered: