fixed substition of user&group in Dockerfile, use OPENVPN in lighttpd

config as well
kylemanna · loigu · Mar 23, 2021 · Mar 23, 2021 · Mar 23, 2021 · Mar 23, 2021
commit 7cf65db78318ebd3bc3fb1ec7b0fea0385493939
diff --git a/Dockerfile b/Dockerfile
@@ -11,26 +11,27 @@ RUN echo "http:https://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/reposi
  ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin && \
  rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/*
 
-ENV OVPN_USER=openvpn
-ENV OVPN_GROUP=openvpn
+# Needed by scripts
+ENV OPENVPN=/etc/openvpn
+ENV EASYRSA=/usr/share/easy-rsa \
+ EASYRSA_CRL_DAYS=3650 \
+ EASYRSA_PKI=$OPENVPN/pki \
+ OVPN_USER=openvpn \
+ OVPN_GROUP=openvpn
 
 ADD ./lighttpd/htdocs/ /var/www/localhost/htdocs/
 ADD ./lighttpd/config/* /etc/lighttpd/
-RUN sed -i /etc/lighttpd/lighttpd.conf -e 's/server\.username.*/server.username\ =\ "$OVPN_USER"/' -e 's/server\.groupname.*/server.groupname\ =\ "$OVPN_GROUP"/' && \
- chown -R ${OVPN_USER}:${OVPN_GROUP} /var/www/localhost/htdocs /etc/lighttpd /var/log/lighttpd
+RUN OPENVPN=$(echo $OPENVPN | sed -e 's/\//\\\//g') && sed -i /etc/lighttpd/lighttpd.conf -e 's/server\.username.*/server.username\ =\ "'$OVPN_USER'"/' \
+ -e 's/server\.groupname.*/server.groupname\ =\ "'$OVPN_GROUP'"/' \
+ -e 's/^var\.ovpndir.*$/var.ovpndir\ =\ "'${OPENVPN}'"/' && \
+ chown -R ${OVPN_USER}:${OVPN_GROUP} /var/www/localhost/htdocs /etc/lighttpd /var/log/lighttpd 
 
 ADD ./bin /usr/local/bin
 RUN chmod 755 /usr/local/bin/* && chown root:${OVPN_GROUP} /usr/local/bin/*
 
 # Add support for OTP authentication using a PAM module
 ADD ./otp/openvpn /etc/pam.d/
 
-# Needed by scripts
-ENV OPENVPN=/etc/openvpn
-ENV EASYRSA=/usr/share/easy-rsa \
- EASYRSA_CRL_DAYS=3650 \
- EASYRSA_PKI=$OPENVPN/pki
-
 VOLUME ["/etc/openvpn"]
 VOLUME ["/var/log"]
 

diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig
@@ -185,6 +185,8 @@ OVPN_SERVER=192.168.255.0/24
 OVPN_SERVER_URL=''
 OVPN_TLS_CIPHER=''
 OVPN_HTTPS_ADMIN=0
+OVPN_USER=openvpn
+OVPN_GROUP=openvpn
 
 # Import existing configuration if present
 [ -r "$OVPN_ENV" ] && source "$OVPN_ENV"

diff --git a/bin/ovpn_run b/bin/ovpn_run
@@ -54,6 +54,9 @@ addArg "--config" "$OPENVPN/openvpn.conf"
 
 source "$OPENVPN/ovpn_env.sh"
 
+[ -n "${OVPN_USER}" ] && addArg "--user" "${OVPN_USER}"
+[ -n "${OVPN_GROUP}" ] && addArg "--group" "${OVPN_GROUP}"
+
 mkdir -p /dev/net
 if [ ! -c /dev/net/tun ]; then
  mknod /dev/net/tun c 10 200
@@ -111,7 +114,7 @@ fi
 
 # TODO: ovpn user
 echo "Running 'openvpn ${ARGS[@]} ${USER_ARGS[@]}'"
-exec openvpn --user ${OVPN_USER} -- group "${OVPN_GROUP}" ${ARGS[@]} ${USER_ARGS[@]}
+exec openvpn ${ARGS[@]} ${USER_ARGS[@]}
 
 echo "shutting down https admin iface"
 [ "$OVPN_HTTPS_ADMIN" = 1 ] && [ -f /var/run/lighttpd.pid ] && kill -TERM $(cat /var/run/lighttpd.pid)

diff --git a/lighttpd/config/lighttpd.conf b/lighttpd/config/lighttpd.conf
@@ -7,6 +7,7 @@
 var.basedir = "/var/www/localhost"
 var.logdir = "/var/log/lighttpd"
 var.statedir = "/var/lib/lighttpd"
+var.ovpndir = "/etc/openvpn"
 # }}}
 
 # {{{ modules
@@ -151,8 +152,8 @@ url.access-deny = ("~", ".inc")
 # see ssl.txt
 #
  ssl.engine = "enable"
- ssl.pemfile = "/etc/openvpn/http/server.pem"
- ssl.privkey = "/etc/openvpn/http/server.key"
+ ssl.pemfile = var.ovpndir + "/http/server.pem"
+ ssl.privkey = var.ovpndir + "/http/server.key"
 # }}}
 
 # {{{ mod_status
@@ -182,7 +183,7 @@ url.access-deny = ("~", ".inc")
 # see authentication.txt
 #
  auth.backend = "htpasswd"
- auth.backend.htpasswd.userfile = "/etc/openvpn/http/htpasswd"
+ auth.backend.htpasswd.userfile = var.ovpndir + "/http/htpasswd"
 
  auth.require = ( "" =>
 # (