Dockerfile

ARG ALPINE_VERSION=3.11
ARG GO_VERSION=1.14

FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
RUN apk --update add git
ENV CGO_ENABLED=0
ARG GOLANGCI_LINT_VERSION=v1.27.0
RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s ${GOLANGCI_LINT_VERSION}
WORKDIR /tmp/gobuild
COPY .golangci.yml .
COPY go.mod go.sum ./
RUN go mod download 2>&1
COPY cmd/gluetun/main.go .
COPY internal/ ./internal/
RUN go test ./...
RUN golangci-lint run --timeout=10m
RUN go build -ldflags="-s -w" -o entrypoint main.go

FROM alpine:${ALPINE_VERSION}
ARG VERSION
ARG BUILD_DATE
ARG VCS_REF
ENV VERSION=$VERSION \
    BUILD_DATE=$BUILD_DATE \
    VCS_REF=$VCS_REF
LABEL \
    org.opencontainers.image.authors="quentin.mcgaw@gmail.com" \
    org.opencontainers.image.created=$BUILD_DATE \
    org.opencontainers.image.version=$VERSION \
    org.opencontainers.image.revision=$VCS_REF \
    org.opencontainers.image.url="https://github.com/qdm12/private-internet-access-docker" \
    org.opencontainers.image.documentation="https://github.com/qdm12/private-internet-access-docker" \
    org.opencontainers.image.source="https://github.com/qdm12/private-internet-access-docker" \
    org.opencontainers.image.title="VPN client for PIA, Mullvad, Windscribe, Surfshark and Cyberghost" \
    org.opencontainers.image.description="VPN client to tunnel to PIA, Mullvad, Windscribe, Surfshark and Cyberghost servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux"
ENV VPNSP=pia \
    PROTOCOL=udp \
    OPENVPN_VERBOSITY=1 \
    OPENVPN_ROOT=no \
    OPENVPN_TARGET_IP= \
    TZ= \
    UID=1000 \
    GID=1000 \
    IP_STATUS_FILE="/ip" \
    # PIA, Windscribe, Surfshark and Cyberghost only
    USER= \
    PASSWORD= \
    REGION="Austria" \
    # PIA only
    PIA_ENCRYPTION=strong \
    PORT_FORWARDING=off \
    PORT_FORWARDING_STATUS_FILE="/forwarded_port" \
    # Mullvad only
    COUNTRY=Sweden \
    CITY= \
    ISP= \
    # Mullvad and Windscribe only
    PORT= \
    # Cyberghost only
    CYBERGHOST_GROUP="Premium UDP Europe" \
    # Openvpn
    OPENVPN_CIPHER= \
    OPENVPN_AUTH= \
    # DNS over TLS
    DOT=on \
    DOT_PROVIDERS=cloudflare \
    DOT_PRIVATE_ADDRESS=127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:0:0/96 \
    DOT_VERBOSITY=1 \
    DOT_VERBOSITY_DETAILS=0 \
    DOT_VALIDATION_LOGLEVEL=0 \
    DOT_CACHING=on \
    DOT_IPV6=off \
    BLOCK_MALICIOUS=on \
    BLOCK_SURVEILLANCE=off \
    BLOCK_ADS=off \
    UNBLOCK= \
    DNS_UPDATE_PERIOD=24h \
    # Firewall
    FIREWALL=on \
    EXTRA_SUBNETS= \
    # Tinyproxy
    TINYPROXY=off \
    TINYPROXY_LOG=Info \
    TINYPROXY_PORT=8888 \
    TINYPROXY_USER= \
    TINYPROXY_PASSWORD= \
    # Shadowsocks
    SHADOWSOCKS=off \
    SHADOWSOCKS_LOG=off \
    SHADOWSOCKS_PORT=8388 \
    SHADOWSOCKS_PASSWORD= \
    SHADOWSOCKS_METHOD=chacha20-ietf-poly1305
ENTRYPOINT /entrypoint
EXPOSE 8000/tcp 8888/tcp 8388/tcp 8388/udp
HEALTHCHECK --interval=10m --timeout=10s --start-period=30s --retries=2 CMD /entrypoint healthcheck
RUN apk add -q --progress --no-cache --update openvpn ca-certificates iptables ip6tables unbound tinyproxy tzdata && \
    echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
    apk add -q --progress --no-cache --update shadowsocks-libev && \
    rm -rf /var/cache/apk/* /etc/unbound/* /usr/sbin/unbound-* /etc/tinyproxy/tinyproxy.conf && \
    deluser openvpn && \
    deluser tinyproxy && \
    deluser unbound
COPY --from=builder /tmp/gobuild/entrypoint /entrypoint
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`ARG ALPINE_VERSION=3.11`
Update to Go 1.14 2020-03-18 01:04:44 +00:00			`ARG GO_VERSION=1.14`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00
			`FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder`
			`RUN apk --update add git`
			`ENV CGO_ENABLED=0`
Update golangci-lint to 1.27.0 2020-05-17 17:49:40 -04:00			`ARG GOLANGCI_LINT_VERSION=v1.27.0`
Golangcilint in build pipeline and fix lint errors - Fix bad permissions bits for files - VPNSP is 'private internet access' instead of 'pia' (retro compatible) - Check errors of deferred unsetEnv functions in params package - Other lint errors fixing and code simplifications 2020-04-12 20:05:28 +00:00			`RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh \| sh -s ${GOLANGCI_LINT_VERSION}`
			`WORKDIR /tmp/gobuild`
			`COPY .golangci.yml .`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`COPY go.mod go.sum ./`
			`RUN go mod download 2>&1`
Moved main.go to cmd/gluetun/main.go 2020-05-28 23:59:35 +00:00			`COPY cmd/gluetun/main.go .`
Minor changes 2020-02-22 17:07:06 +00:00			`COPY internal/ ./internal/`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`RUN go test ./...`
Golangcilint in build pipeline and fix lint errors - Fix bad permissions bits for files - VPNSP is 'private internet access' instead of 'pia' (retro compatible) - Check errors of deferred unsetEnv functions in params package - Other lint errors fixing and code simplifications 2020-04-12 20:05:28 +00:00			`RUN golangci-lint run --timeout=10m`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`RUN go build -ldflags="-s -w" -o entrypoint main.go`

			`FROM alpine:${ALPINE_VERSION}`
			`ARG VERSION`
			`ARG BUILD_DATE`
			`ARG VCS_REF`
			`ENV VERSION=$VERSION \`
			`BUILD_DATE=$BUILD_DATE \`
			`VCS_REF=$VCS_REF`
			`LABEL \`
			`org.opencontainers.image.authors="quentin.mcgaw@gmail.com" \`
			`org.opencontainers.image.created=$BUILD_DATE \`
			`org.opencontainers.image.version=$VERSION \`
			`org.opencontainers.image.revision=$VCS_REF \`
			`org.opencontainers.image.url="https://github.com/qdm12/private-internet-access-docker" \`
			`org.opencontainers.image.documentation="https://github.com/qdm12/private-internet-access-docker" \`
			`org.opencontainers.image.source="https://github.com/qdm12/private-internet-access-docker" \`
Replace pia with gluetun wherever possible - in Readme documentation - Changed splash title string - Changed Dockerfile labels - Changed commands and docker-compose service & container name 2020-06-03 02:11:35 +00:00			`org.opencontainers.image.title="VPN client for PIA, Mullvad, Windscribe, Surfshark and Cyberghost" \`
			`org.opencontainers.image.description="VPN client to tunnel to PIA, Mullvad, Windscribe, Surfshark and Cyberghost servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux"`
			`ENV VPNSP=pia \`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`PROTOCOL=udp \`
Added OPENVPN_VERBOSITY environment variable 2020-02-22 15:48:09 +00:00			`OPENVPN_VERBOSITY=1 \`
Fix #81, new env variable OPENVPN_ROOT 2020-03-18 23:05:47 +00:00			`OPENVPN_ROOT=no \`
Fix #90 add env variable OPENVPN_TARGET_IP 2020-03-18 23:49:40 +00:00			`OPENVPN_TARGET_IP= \`
Added Mullvad environment variables and getters 2020-02-16 20:30:29 +00:00			`TZ= \`
Custom UID and GID for subprocesses and files written (#116) Fix #116 - Environment variables `UID` and `GID`, both defaulting to `1000` - All subprocesses (openvpn, tinyproxy, etc.) run using the UID and GID given - All files are written with an ownership for the UID and GID given - Port forwarded file has also ownership for UID, GID and read permission only 2020-03-29 19:52:49 -04:00			`UID=1000 \`
			`GID=1000 \`
IP_STATUS_FILE and routing improvements (#130) - Obtains VPN public IP address from routing table - Logs and writes VPN Public IP address to `/ip` as soon as VPN is up - Obtain port forward, logs it and writes it as soon as VPN is up - Routing fully refactored and tested - Routing reads from `/proc/net/route` - Routing mutates the routes using `ip route ...` 2020-04-12 08:55:13 -04:00			`IP_STATUS_FILE="/ip" \`
Cyberghost support (#168) * Host finder CLI for cyberghost * Resolver program updated with Cyberghost data * Gluetun cli clientkey subcommand 2020-06-13 10:43:47 -04:00			`# PIA, Windscribe, Surfshark and Cyberghost only`
Env variables cleanup in Docker config files 2020-05-29 00:03:10 +00:00			`USER= \`
Added Mullvad environment variables and getters 2020-02-16 20:30:29 +00:00			`PASSWORD= \`
Windscribe support (#114) 2020-03-29 16:42:06 -04:00			`REGION="Austria" \`
Env variables cleanup in Docker config files 2020-05-29 00:03:10 +00:00			`# PIA only`
Rename ENCRYPTION to PIA_ENCRYPTION (#98) 2020-03-26 08:11:50 -04:00			`PIA_ENCRYPTION=strong \`
Added Mullvad environment variables and getters 2020-02-16 20:30:29 +00:00			`PORT_FORWARDING=off \`
			`PORT_FORWARDING_STATUS_FILE="/forwarded_port" \`
			`# Mullvad only`
			`COUNTRY=Sweden \`
			`CITY= \`
			`ISP= \`
Windscribe support (#114) 2020-03-29 16:42:06 -04:00			`# Mullvad and Windscribe only`
Added Mullvad environment variables and getters 2020-02-16 20:30:29 +00:00			`PORT= \`
Cyberghost support (#168) * Host finder CLI for cyberghost * Resolver program updated with Cyberghost data * Gluetun cli clientkey subcommand 2020-06-13 10:43:47 -04:00			`# Cyberghost only`
			`CYBERGHOST_GROUP="Premium UDP Europe" \`
Env variables cleanup in Docker config files 2020-05-29 00:03:10 +00:00			`# Openvpn`
			`OPENVPN_CIPHER= \`
			`OPENVPN_AUTH= \`
Added Mullvad environment variables and getters 2020-02-16 20:30:29 +00:00			`# DNS over TLS`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`DOT=on \`
			`DOT_PROVIDERS=cloudflare \`
Added DOT_PRIVATE_ADDRESS environment variable 2020-02-08 21:28:33 +00:00			`DOT_PRIVATE_ADDRESS=127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:0:0/96 \`
Minor changes - Added missing environment variables to Dockerfile - Constant ca certificates filepath - Removed dns/os.go unused file - Formatting improvements - Added comments - Readme TODOs update 2020-02-08 21:08:49 +00:00			`DOT_VERBOSITY=1 \`
			`DOT_VERBOSITY_DETAILS=0 \`
			`DOT_VALIDATION_LOGLEVEL=0 \`
Added DOT_CACHING environment variable 2020-02-08 21:28:03 +00:00			`DOT_CACHING=on \`
Defaults DOT_IPV6 to off 2020-05-02 15:40:40 +00:00			`DOT_IPV6=off \`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`BLOCK_MALICIOUS=on \`
			`BLOCK_SURVEILLANCE=off \`
			`BLOCK_ADS=off \`
			`UNBLOCK= \`
DNS_UPDATE_PERIOD environment variable 2020-05-05 18:00:56 +00:00			`DNS_UPDATE_PERIOD=24h \`
Added Mullvad environment variables and getters 2020-02-16 20:30:29 +00:00			`# Firewall`
Add FIREWALL variable, refers to #171 2020-06-12 17:11:21 +00:00			`FIREWALL=on \`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`EXTRA_SUBNETS= \`
Added Mullvad environment variables and getters 2020-02-16 20:30:29 +00:00			`# Tinyproxy`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`TINYPROXY=off \`
			`TINYPROXY_LOG=Info \`
			`TINYPROXY_PORT=8888 \`
			`TINYPROXY_USER= \`
			`TINYPROXY_PASSWORD= \`
Added Mullvad environment variables and getters 2020-02-16 20:30:29 +00:00			`# Shadowsocks`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`SHADOWSOCKS=off \`
Shadowsocks log defaults to off 2020-02-22 17:43:17 +00:00			`SHADOWSOCKS_LOG=off \`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`SHADOWSOCKS_PORT=8388 \`
SHADOWSOCKS_METHOD environment variable (#117) 2020-03-29 20:06:27 -04:00			`SHADOWSOCKS_PASSWORD= \`
			`SHADOWSOCKS_METHOD=chacha20-ietf-poly1305`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`ENTRYPOINT /entrypoint`
Go HTTP control server with restart openvpn route - Fix #147 - Dockerfile updated - Documentation updated - Using contexts to restart openvpn - Code foundation for more http routes 2020-04-30 23:41:57 +00:00			`EXPOSE 8000/tcp 8888/tcp 8388/tcp 8388/udp`
Better healthcheck (#169), fixes #133 * Changed healthcheck to get and compare IP address * Change default healthcheck frequency and retries 2020-06-03 21:52:44 -04:00			`HEALTHCHECK --interval=10m --timeout=10s --start-period=30s --retries=2 CMD /entrypoint healthcheck`
ip6tables package, refers to #153 2020-05-04 12:27:15 +00:00			`RUN apk add -q --progress --no-cache --update openvpn ca-certificates iptables ip6tables unbound tinyproxy tzdata && \`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \`
			`apk add -q --progress --no-cache --update shadowsocks-libev && \`
Custom UID and GID for subprocesses and files written (#116) Fix #116 - Environment variables `UID` and `GID`, both defaulting to `1000` - All subprocesses (openvpn, tinyproxy, etc.) run using the UID and GID given - All files are written with an ownership for the UID and GID given - Port forwarded file has also ownership for UID, GID and read permission only 2020-03-29 19:52:49 -04:00			`rm -rf /var/cache/apk/* /etc/unbound/* /usr/sbin/unbound-* /etc/tinyproxy/tinyproxy.conf && \`
			`deluser openvpn && \`
			`deluser tinyproxy && \`
			`deluser unbound`
			`COPY --from=builder /tmp/gobuild/entrypoint /entrypoint`