2024-07-28 12:43:33 +00:00
ARG ALPINE_VERSION = 3 .20
ARG GO_ALPINE_VERSION = 3 .20
2024-03-25 15:58:13 +00:00
ARG GO_VERSION = 1 .22
2021-06-25 18:57:04 +00:00
ARG XCPUTRANSLATE_VERSION = v0.6.0
2024-03-21 09:48:02 +00:00
ARG GOLANGCI_LINT_VERSION = v1.56.2
2022-07-04 00:39:01 +00:00
ARG MOCKGEN_VERSION = v1.6.0
2021-01-18 00:58:47 +00:00
ARG BUILDPLATFORM = linux/amd64
2020-08-17 20:39:49 -04:00
2021-07-20 15:27:16 +00:00
FROM --platform=${BUILDPLATFORM } qmcgaw/xcputranslate:${ XCPUTRANSLATE_VERSION } AS xcputranslate
2021-06-25 18:56:18 +00:00
FROM --platform=${BUILDPLATFORM } qmcgaw/binpot:golangci-lint-${ GOLANGCI_LINT_VERSION } AS golangci-lint
2022-07-04 00:39:01 +00:00
FROM --platform=${BUILDPLATFORM } qmcgaw/binpot:mockgen-${ MOCKGEN_VERSION } AS mockgen
2021-06-21 18:50:30 +00:00
2021-07-20 15:27:16 +00:00
FROM --platform=${BUILDPLATFORM } golang:${ GO_VERSION } -alpine${ GO_ALPINE_VERSION } AS base
2021-06-21 18:50:30 +00:00
COPY --from= xcputranslate /xcputranslate /usr/local/bin/xcputranslate
2022-07-04 00:39:01 +00:00
# Note: findutils needed to have xargs support `-d` flag for mocks stage.
RUN apk --update add git g++ findutils
2020-08-17 20:39:49 -04:00
ENV CGO_ENABLED = 0
2021-06-25 18:56:18 +00:00
COPY --from= golangci-lint /bin /go/bin/golangci-lint
2022-07-04 00:39:01 +00:00
COPY --from= mockgen /bin /go/bin/mockgen
2020-08-17 20:39:49 -04:00
WORKDIR /tmp/gobuild
COPY go.mod go.sum ./
2020-09-12 18:06:10 +00:00
RUN go mod download
2021-01-06 06:02:31 +00:00
COPY cmd/ ./cmd/
COPY internal/ ./internal/
2021-07-20 15:27:16 +00:00
FROM --platform=${BUILDPLATFORM } base AS test
2021-01-22 13:19:45 +00:00
# Note on the go race detector:
# - we set CGO_ENABLED=1 to have it enabled
2021-06-15 12:27:32 +00:00
# - we installed g++ to support the race detector
2021-01-06 06:02:31 +00:00
ENV CGO_ENABLED = 1
2021-06-15 12:25:57 +00:00
ENTRYPOINT go test -race -coverpkg= ./... -coverprofile= coverage.txt -covermode= atomic ./...
2021-01-06 06:02:31 +00:00
2021-07-20 15:27:16 +00:00
FROM --platform=${BUILDPLATFORM } base AS lint
2021-01-06 06:02:31 +00:00
COPY .golangci.yml ./
RUN golangci-lint run --timeout= 10m
2022-07-04 00:39:01 +00:00
FROM --platform=${BUILDPLATFORM } base AS mocks
RUN git init && \
git config user.email ci@localhost && \
git config user.name ci && \
git config core.fileMode false && \
git add -A && \
git commit -m "snapshot" && \
grep -lr -E '^// Code generated by MockGen\. DO NOT EDIT\.$' . | xargs -r -d '\n' rm && \
go generate -run "mockgen" ./... && \
git diff --exit-code && \
rm -rf .git/
2021-07-20 15:27:16 +00:00
FROM --platform=${BUILDPLATFORM } base AS build
2021-01-06 06:10:42 +00:00
ARG TARGETPLATFORM
2020-08-29 19:14:52 +00:00
ARG VERSION = unknown
2021-07-20 15:28:02 +00:00
ARG CREATED = "an unknown date"
2020-08-29 19:14:52 +00:00
ARG COMMIT = unknown
2021-06-21 18:01:21 +00:00
RUN GOARCH = " $( xcputranslate translate -field arch -targetplatform ${ TARGETPLATFORM } ) " \
GOARM = " $( xcputranslate translate -field arm -targetplatform ${ TARGETPLATFORM } ) " \
2021-01-06 06:10:42 +00:00
go build -trimpath -ldflags= " -s -w \
2020-12-22 13:52:37 +00:00
-X 'main.version=$VERSION' \
2021-07-20 23:10:33 +00:00
-X 'main.created=$CREATED' \
2020-12-22 13:52:37 +00:00
-X 'main.commit=$COMMIT' \
2021-01-06 06:02:31 +00:00
" -o entrypoint cmd/gluetun/main.go
2020-08-17 20:39:49 -04:00
FROM alpine:${ALPINE_VERSION }
2020-08-29 19:14:52 +00:00
ARG VERSION = unknown
2021-07-20 15:28:02 +00:00
ARG CREATED = "an unknown date"
2020-08-29 19:14:52 +00:00
ARG COMMIT = unknown
2020-08-17 20:39:49 -04:00
LABEL \
org.opencontainers.image.authors= "quentin.mcgaw@gmail.com" \
2021-07-20 15:28:02 +00:00
org.opencontainers.image.created= $CREATED \
2020-08-17 20:39:49 -04:00
org.opencontainers.image.version= $VERSION \
2020-08-29 19:14:52 +00:00
org.opencontainers.image.revision= $COMMIT \
2020-08-17 20:39:49 -04:00
org.opencontainers.image.url= "https://github.com/qdm12/gluetun" \
org.opencontainers.image.documentation= "https://github.com/qdm12/gluetun" \
org.opencontainers.image.source= "https://github.com/qdm12/gluetun" \
2020-12-30 22:30:59 +00:00
org.opencontainers.image.title= "VPN swiss-knife like client for multiple VPN providers" \
org.opencontainers.image.description= "VPN swiss-knife like client to tunnel to multiple VPN servers using OpenVPN, IPtables, DNS over TLS, Shadowsocks, an HTTP proxy and Alpine Linux"
2022-02-05 22:34:35 +00:00
ENV VPN_SERVICE_PROVIDER = pia \
2021-08-22 14:58:39 -07:00
VPN_TYPE = openvpn \
2022-01-28 00:09:58 +00:00
# Common VPN options
2022-01-29 15:00:04 +00:00
VPN_INTERFACE = tun0 \
2021-09-11 15:24:00 +00:00
# OpenVPN
2024-07-27 10:42:01 +00:00
OPENVPN_ENDPOINT_IP = \
OPENVPN_ENDPOINT_PORT = \
2021-09-14 19:27:13 +00:00
OPENVPN_PROTOCOL = udp \
2021-09-11 15:24:00 +00:00
OPENVPN_USER = \
OPENVPN_PASSWORD = \
OPENVPN_USER_SECRETFILE = /run/secrets/openvpn_user \
OPENVPN_PASSWORD_SECRETFILE = /run/secrets/openvpn_password \
2024-05-02 08:13:51 +00:00
OPENVPN_VERSION = 2.6 \
2020-08-17 20:39:49 -04:00
OPENVPN_VERBOSITY = 1 \
2021-07-19 15:10:53 +00:00
OPENVPN_FLAGS = \
2022-02-05 22:36:51 +00:00
OPENVPN_CIPHERS = \
2021-09-11 15:24:00 +00:00
OPENVPN_AUTH = \
2023-06-29 16:20:25 +00:00
OPENVPN_PROCESS_USER = root \
2021-03-13 08:51:05 -05:00
OPENVPN_CUSTOM_CONFIG = \
2021-09-11 15:24:00 +00:00
# Wireguard
2024-07-27 10:42:01 +00:00
WIREGUARD_ENDPOINT_IP = \
WIREGUARD_ENDPOINT_PORT = \
2024-03-21 08:17:21 +00:00
WIREGUARD_CONF_SECRETFILE = /run/secrets/wg0.conf \
2021-08-22 14:58:39 -07:00
WIREGUARD_PRIVATE_KEY = \
2024-03-21 10:08:41 +01:00
WIREGUARD_PRIVATE_KEY_SECRETFILE = /run/secrets/wireguard_private_key \
2021-08-22 14:58:39 -07:00
WIREGUARD_PRESHARED_KEY = \
2024-03-21 10:08:41 +01:00
WIREGUARD_PRESHARED_KEY_SECRETFILE = /run/secrets/wireguard_preshared_key \
2021-09-13 19:33:04 +00:00
WIREGUARD_PUBLIC_KEY = \
2023-07-06 10:08:59 +03:00
WIREGUARD_ALLOWED_IPS = \
2024-04-25 10:42:09 +00:00
WIREGUARD_PERSISTENT_KEEPALIVE_INTERVAL = 0 \
2022-02-05 22:31:46 +00:00
WIREGUARD_ADDRESSES = \
2024-03-21 10:08:41 +01:00
WIREGUARD_ADDRESSES_SECRETFILE = /run/secrets/wireguard_addresses \
2023-06-08 09:50:21 +00:00
WIREGUARD_MTU = 1400 \
2022-12-02 11:16:27 +00:00
WIREGUARD_IMPLEMENTATION = auto \
2021-09-11 15:24:00 +00:00
# VPN server filtering
2022-02-05 23:18:58 +00:00
SERVER_REGIONS = \
2022-02-05 23:15:20 +00:00
SERVER_COUNTRIES = \
2022-02-05 23:16:47 +00:00
SERVER_CITIES = \
2022-02-05 23:20:17 +00:00
SERVER_HOSTNAMES = \
2024-03-22 09:02:31 +00:00
SERVER_CATEGORIES = \
2021-09-11 15:24:00 +00:00
# # Mullvad only:
2020-08-17 20:39:49 -04:00
ISP = \
2022-01-27 14:12:25 +00:00
OWNED_ONLY = no \
2021-09-11 15:24:00 +00:00
# # Private Internet Access only:
2022-02-05 22:38:03 +00:00
PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET = \
2023-04-27 10:22:23 +00:00
VPN_PORT_FORWARDING = off \
2023-11-10 17:21:35 +00:00
VPN_PORT_FORWARDING_LISTENING_PORT = 0 \
2023-06-30 19:24:01 +02:00
VPN_PORT_FORWARDING_PROVIDER = \
2023-04-27 10:22:23 +00:00
VPN_PORT_FORWARDING_STATUS_FILE = "/tmp/gluetun/forwarded_port" \
2024-07-09 14:44:46 +00:00
VPN_PORT_FORWARDING_USERNAME = \
VPN_PORT_FORWARDING_PASSWORD = \
2021-09-11 15:24:00 +00:00
# # Cyberghost only:
2022-08-13 18:55:29 +00:00
OPENVPN_CERT = \
2022-08-13 18:56:37 +00:00
OPENVPN_KEY = \
2020-12-29 20:47:56 +00:00
OPENVPN_CLIENTCRT_SECRETFILE = /run/secrets/openvpn_clientcrt \
OPENVPN_CLIENTKEY_SECRETFILE = /run/secrets/openvpn_clientkey \
2022-08-15 19:54:58 -04:00
# # VPNSecure only:
OPENVPN_ENCRYPTED_KEY = \
OPENVPN_ENCRYPTED_KEY_SECRETFILE = /run/secrets/openvpn_encrypted_key \
OPENVPN_KEY_PASSPHRASE = \
OPENVPN_KEY_PASSPHRASE_SECRETFILE = /run/secrets/openvpn_key_passphrase \
2021-09-11 15:24:00 +00:00
# # Nordvpn only:
2020-08-17 20:39:49 -04:00
SERVER_NUMBER = \
2022-06-12 01:58:46 +00:00
# # PIA only:
2022-02-05 23:22:25 +00:00
SERVER_NAMES = \
2024-09-28 17:49:03 +00:00
# # VPNUnlimited and ProtonVPN only:
STREAM_ONLY = \
2021-05-23 21:51:12 +00:00
FREE_ONLY = \
2024-09-28 17:49:03 +00:00
# # ProtonVPN only:
2024-07-29 08:57:31 +02:00
SECURE_CORE_ONLY = \
TOR_ONLY = \
2021-09-11 15:24:00 +00:00
# # Surfshark only:
MULTIHOP_ONLY = \
2022-08-15 19:54:58 -04:00
# # VPN Secure only:
PREMIUM_ONLY = \
2024-09-28 17:49:03 +00:00
# # PIA and ProtonVPN only:
2024-03-18 17:40:09 +00:00
PORT_FORWARD_ONLY = \
2021-09-11 15:24:00 +00:00
# Firewall
2024-07-26 08:25:05 +00:00
FIREWALL_ENABLED_DISABLING_IT_SHOOTS_YOU_IN_YOUR_FOOT = on \
2021-09-11 15:24:00 +00:00
FIREWALL_VPN_INPUT_PORTS = \
FIREWALL_INPUT_PORTS = \
FIREWALL_OUTBOUND_SUBNETS = \
FIREWALL_DEBUG = off \
# Logging
LOG_LEVEL = info \
2021-07-22 20:13:20 +00:00
# Health
2021-09-11 15:24:00 +00:00
HEALTH_SERVER_ADDRESS = 127.0.0.1:9999 \
2022-04-11 20:21:03 +00:00
HEALTH_TARGET_ADDRESS = cloudflare.com:443 \
2023-05-07 09:35:51 +00:00
HEALTH_SUCCESS_WAIT_DURATION = 5s \
2021-09-13 01:30:37 +00:00
HEALTH_VPN_DURATION_INITIAL = 6s \
HEALTH_VPN_DURATION_ADDITION = 5s \
2020-08-17 20:39:49 -04:00
# DNS over TLS
DOT = on \
DOT_PROVIDERS = cloudflare \
2021-05-14 14:06:30 +00:00
DOT_PRIVATE_ADDRESS = 127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:7f00:1/104,::ffff:a00:0/104,::ffff:a9fe:0/112,::ffff:ac10:0/108,::ffff:c0a8:0/112 \
2020-08-17 20:39:49 -04:00
DOT_CACHING = on \
DOT_IPV6 = off \
BLOCK_MALICIOUS = on \
BLOCK_SURVEILLANCE = off \
BLOCK_ADS = off \
UNBLOCK = \
DNS_UPDATE_PERIOD = 24h \
2022-02-05 22:23:58 +00:00
DNS_ADDRESS = 127.0.0.1 \
2020-08-17 20:39:49 -04:00
DNS_KEEP_NAMESERVER = off \
2020-10-31 21:50:31 -04:00
# HTTP proxy
HTTPPROXY = \
HTTPPROXY_LOG = off \
2022-01-06 06:40:23 -05:00
HTTPPROXY_LISTENING_ADDRESS = ":8888" \
2023-06-29 16:20:25 +00:00
HTTPPROXY_STEALTH = off \
2020-10-31 21:50:31 -04:00
HTTPPROXY_USER = \
HTTPPROXY_PASSWORD = \
2020-12-29 20:47:56 +00:00
HTTPPROXY_USER_SECRETFILE = /run/secrets/httpproxy_user \
HTTPPROXY_PASSWORD_SECRETFILE = /run/secrets/httpproxy_password \
2020-08-17 20:39:49 -04:00
# Shadowsocks
SHADOWSOCKS = off \
SHADOWSOCKS_LOG = off \
2022-01-13 17:10:09 +00:00
SHADOWSOCKS_LISTENING_ADDRESS = ":8388" \
2020-08-17 20:39:49 -04:00
SHADOWSOCKS_PASSWORD = \
2020-12-29 20:47:56 +00:00
SHADOWSOCKS_PASSWORD_SECRETFILE = /run/secrets/shadowsocks_password \
2021-07-29 00:48:46 +00:00
SHADOWSOCKS_CIPHER = chacha20-ietf-poly1305 \
2022-01-27 23:15:08 +00:00
# Control server
2023-06-29 16:20:25 +00:00
HTTP_CONTROL_SERVER_LOG = on \
2022-01-27 23:15:08 +00:00
HTTP_CONTROL_SERVER_ADDRESS = ":8000" \
2024-09-18 13:29:36 +02:00
HTTP_CONTROL_SERVER_AUTH_CONFIG_FILEPATH = /gluetun/auth/config.toml \
2021-09-11 15:24:00 +00:00
# Server data updater
2021-09-10 22:54:02 +00:00
UPDATER_PERIOD = 0 \
2022-06-12 14:03:00 +00:00
UPDATER_MIN_RATIO = 0.8 \
2022-01-27 12:57:27 +00:00
UPDATER_VPN_SERVICE_PROVIDERS = \
2021-09-11 15:24:00 +00:00
# Public IP
PUBLICIP_FILE = "/tmp/gluetun/ip" \
PUBLICIP_PERIOD = 12h \
2024-02-14 07:35:39 +00:00
PUBLICIP_API = ipinfo \
2024-02-13 10:55:06 +00:00
PUBLICIP_API_TOKEN = \
2024-08-18 17:26:46 -07:00
# Storage
STORAGE_FILEPATH = /gluetun/servers.json \
2022-01-26 17:23:55 -05:00
# Pprof
PPROF_ENABLED = no \
PPROF_BLOCK_PROFILE_RATE = 0 \
PPROF_MUTEX_PROFILE_RATE = 0 \
PPROF_HTTP_SERVER_ADDRESS = ":6060" \
2021-09-11 15:24:00 +00:00
# Extras
VERSION_INFORMATION = on \
TZ = \
PUID = \
PGID =
2022-01-19 00:23:50 +00:00
ENTRYPOINT [ "/gluetun-entrypoint" ]
2020-08-17 20:39:49 -04:00
EXPOSE 8000/tcp
2024-05-10 14:31:01 +00:00
HEALTHCHECK --interval= 5s --timeout= 5s --start-period= 10s --retries= 3 CMD /gluetun-entrypoint healthcheck
2021-07-27 19:45:23 +00:00
ARG TARGETPLATFORM
2023-04-03 08:20:08 +00:00
RUN apk add --no-cache --update -l wget && \
2023-05-21 13:25:01 +00:00
apk add --no-cache --update -X "https://dl-cdn.alpinelinux.org/alpine/v3.17/main" openvpn\~ 2.5 && \
mv /usr/sbin/openvpn /usr/sbin/openvpn2.5 && \
2023-05-21 13:23:51 +00:00
apk del openvpn && \
2024-08-21 14:35:41 +02:00
apk add --no-cache --update openvpn ca-certificates iptables iptables-legacy tzdata && \
2023-05-21 13:25:01 +00:00
mv /usr/sbin/openvpn /usr/sbin/openvpn2.6 && \
2024-08-21 14:35:41 +02:00
rm -rf /var/cache/apk/* /etc/openvpn/*.sh /usr/lib/openvpn/plugins/openvpn-plugin-down-root.so && \
2020-08-17 20:39:49 -04:00
deluser openvpn && \
2020-08-25 19:38:50 -04:00
mkdir /gluetun
2022-01-19 00:23:50 +00:00
COPY --from= build /tmp/gobuild/entrypoint /gluetun-entrypoint
