mirror of
https://github.com/angristan/openvpn-install.git
synced 2025-12-15 16:37:03 +01:00
2374e4e81c
Refactor Unbound DNS installation to use modern `conf.d` pattern and add E2E testing. **Changes:** - Unified Unbound config across all distros using `/etc/unbound/unbound.conf.d/openvpn.conf` - Added startup validation with retry logic - Added `ip-freebind` to allow binding before tun interface exists - E2E tests now verify Unbound DNS resolution from VPN clients **Testing:** - Server: verifies config creation, interface binding, security options - Client: verifies DNS resolution through Unbound (10.8.0.1) --- Closes https://github.com/angristan/openvpn-install/issues/602 Closes https://github.com/angristan/openvpn-install/pull/604 Closes https://github.com/angristan/openvpn-install/issues/1189 Co-authored-by: Henry N <henrynmail-github@yahoo.de>
45 lines
1.6 KiB
Docker
45 lines
1.6 KiB
Docker
# checkov:skip=CKV_DOCKER_2:Test container doesn't need healthcheck
|
|
# checkov:skip=CKV_DOCKER_3:OpenVPN server requires root for NET_ADMIN
|
|
# checkov:skip=CKV_DOCKER_7:Base image is parameterized, some use latest tag
|
|
ARG BASE_IMAGE=ubuntu:24.04
|
|
FROM ${BASE_IMAGE}
|
|
|
|
ARG BASE_IMAGE
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
# Install basic dependencies based on the OS
|
|
# dnsutils/bind-utils provides dig for DNS testing with Unbound
|
|
RUN if command -v apt-get >/dev/null; then \
|
|
apt-get update && apt-get install -y --no-install-recommends \
|
|
iproute2 iptables curl procps systemd systemd-sysv dnsutils \
|
|
&& rm -rf /var/lib/apt/lists/*; \
|
|
elif command -v dnf >/dev/null; then \
|
|
dnf install -y --allowerasing \
|
|
iproute iptables curl procps-ng systemd tar gzip bind-utils \
|
|
&& dnf clean all; \
|
|
elif command -v yum >/dev/null; then \
|
|
yum install -y \
|
|
iproute iptables curl procps-ng systemd tar gzip bind-utils \
|
|
&& yum clean all; \
|
|
elif command -v pacman >/dev/null; then \
|
|
pacman -Syu --noconfirm \
|
|
iproute2 iptables curl procps-ng bind \
|
|
&& pacman -Scc --noconfirm; \
|
|
fi
|
|
|
|
# Create TUN device (will be mounted at runtime)
|
|
RUN mkdir -p /dev/net
|
|
|
|
# Copy the install script
|
|
COPY openvpn-install.sh /opt/openvpn-install.sh
|
|
RUN chmod +x /opt/openvpn-install.sh
|
|
|
|
# Copy test scripts
|
|
COPY test/server-entrypoint.sh /entrypoint.sh
|
|
COPY test/validate-output.sh /opt/test/validate-output.sh
|
|
RUN chmod +x /entrypoint.sh /opt/test/validate-output.sh
|
|
|
|
WORKDIR /opt
|
|
|
|
ENTRYPOINT ["/entrypoint.sh"]
|