2022-05-29 20:30:10 +03:00
ARG ALPINE_VERSION = 3 .16
ARG GO_ALPINE_VERSION = 3 .16
2021-08-20 00:07:41 +00:00
ARG GO_VERSION = 1 .17
2021-06-25 18:57:04 +00:00
ARG XCPUTRANSLATE_VERSION = v0.6.0
2022-05-27 00:52:25 +00:00
ARG GOLANGCI_LINT_VERSION = v1.46.2
2021-01-18 00:58:47 +00:00
ARG BUILDPLATFORM = linux/amd64
2020-08-17 20:39:49 -04:00
2021-07-20 15:27:16 +00:00
FROM --platform=${BUILDPLATFORM } qmcgaw/xcputranslate:${ XCPUTRANSLATE_VERSION } AS xcputranslate
2021-06-25 18:56:18 +00:00
FROM --platform=${BUILDPLATFORM } qmcgaw/binpot:golangci-lint-${ GOLANGCI_LINT_VERSION } AS golangci-lint
2021-06-21 18:50:30 +00:00
2021-07-20 15:27:16 +00:00
FROM --platform=${BUILDPLATFORM } golang:${ GO_VERSION } -alpine${ GO_ALPINE_VERSION } AS base
2021-06-21 18:50:30 +00:00
COPY --from= xcputranslate /xcputranslate /usr/local/bin/xcputranslate
2021-06-15 12:27:32 +00:00
RUN apk --update add git g++
2020-08-17 20:39:49 -04:00
ENV CGO_ENABLED = 0
2021-06-25 18:56:18 +00:00
COPY --from= golangci-lint /bin /go/bin/golangci-lint
2020-08-17 20:39:49 -04:00
WORKDIR /tmp/gobuild
COPY go.mod go.sum ./
2020-09-12 18:06:10 +00:00
RUN go mod download
2021-01-06 06:02:31 +00:00
COPY cmd/ ./cmd/
COPY internal/ ./internal/
2021-07-20 15:27:16 +00:00
FROM --platform=${BUILDPLATFORM } base AS test
2021-01-22 13:19:45 +00:00
# Note on the go race detector:
# - we set CGO_ENABLED=1 to have it enabled
2021-06-15 12:27:32 +00:00
# - we installed g++ to support the race detector
2021-01-06 06:02:31 +00:00
ENV CGO_ENABLED = 1
2021-06-15 12:25:57 +00:00
ENTRYPOINT go test -race -coverpkg= ./... -coverprofile= coverage.txt -covermode= atomic ./...
2021-01-06 06:02:31 +00:00
2021-07-20 15:27:16 +00:00
FROM --platform=${BUILDPLATFORM } base AS lint
2021-01-06 06:02:31 +00:00
COPY .golangci.yml ./
RUN golangci-lint run --timeout= 10m
2021-07-20 15:27:16 +00:00
FROM --platform=${BUILDPLATFORM } base AS build
2021-01-06 06:10:42 +00:00
ARG TARGETPLATFORM
2020-08-29 19:14:52 +00:00
ARG VERSION = unknown
2021-07-20 15:28:02 +00:00
ARG CREATED = "an unknown date"
2020-08-29 19:14:52 +00:00
ARG COMMIT = unknown
2021-06-21 18:01:21 +00:00
RUN GOARCH = " $( xcputranslate translate -field arch -targetplatform ${ TARGETPLATFORM } ) " \
GOARM = " $( xcputranslate translate -field arm -targetplatform ${ TARGETPLATFORM } ) " \
2021-01-06 06:10:42 +00:00
go build -trimpath -ldflags= " -s -w \
2020-12-22 13:52:37 +00:00
-X 'main.version=$VERSION' \
2021-07-20 23:10:33 +00:00
-X 'main.created=$CREATED' \
2020-12-22 13:52:37 +00:00
-X 'main.commit=$COMMIT' \
2021-01-06 06:02:31 +00:00
" -o entrypoint cmd/gluetun/main.go
2020-08-17 20:39:49 -04:00
FROM alpine:${ALPINE_VERSION }
2020-08-29 19:14:52 +00:00
ARG VERSION = unknown
2021-07-20 15:28:02 +00:00
ARG CREATED = "an unknown date"
2020-08-29 19:14:52 +00:00
ARG COMMIT = unknown
2020-08-17 20:39:49 -04:00
LABEL \
org.opencontainers.image.authors= "quentin.mcgaw@gmail.com" \
2021-07-20 15:28:02 +00:00
org.opencontainers.image.created= $CREATED \
2020-08-17 20:39:49 -04:00
org.opencontainers.image.version= $VERSION \
2020-08-29 19:14:52 +00:00
org.opencontainers.image.revision= $COMMIT \
2020-08-17 20:39:49 -04:00
org.opencontainers.image.url= "https://github.com/qdm12/gluetun" \
org.opencontainers.image.documentation= "https://github.com/qdm12/gluetun" \
org.opencontainers.image.source= "https://github.com/qdm12/gluetun" \
2020-12-30 22:30:59 +00:00
org.opencontainers.image.title= "VPN swiss-knife like client for multiple VPN providers" \
org.opencontainers.image.description= "VPN swiss-knife like client to tunnel to multiple VPN servers using OpenVPN, IPtables, DNS over TLS, Shadowsocks, an HTTP proxy and Alpine Linux"
2022-02-05 22:34:35 +00:00
ENV VPN_SERVICE_PROVIDER = pia \
2021-08-22 14:58:39 -07:00
VPN_TYPE = openvpn \
2022-01-28 00:09:58 +00:00
# Common VPN options
VPN_ENDPOINT_IP = \
2022-01-29 14:18:15 +00:00
VPN_ENDPOINT_PORT = \
2022-01-29 15:00:04 +00:00
VPN_INTERFACE = tun0 \
2021-09-11 15:24:00 +00:00
# OpenVPN
2021-09-14 19:27:13 +00:00
OPENVPN_PROTOCOL = udp \
2021-09-11 15:24:00 +00:00
OPENVPN_USER = \
OPENVPN_PASSWORD = \
OPENVPN_USER_SECRETFILE = /run/secrets/openvpn_user \
OPENVPN_PASSWORD_SECRETFILE = /run/secrets/openvpn_password \
2021-05-31 18:54:36 +00:00
OPENVPN_VERSION = 2.5 \
2020-08-17 20:39:49 -04:00
OPENVPN_VERBOSITY = 1 \
2021-07-19 15:10:53 +00:00
OPENVPN_FLAGS = \
2022-02-05 22:36:51 +00:00
OPENVPN_CIPHERS = \
2021-09-11 15:24:00 +00:00
OPENVPN_AUTH = \
2022-01-27 23:34:19 +00:00
OPENVPN_PROCESS_USER = \
2020-09-26 09:33:24 -04:00
OPENVPN_IPV6 = off \
2021-03-13 08:51:05 -05:00
OPENVPN_CUSTOM_CONFIG = \
2021-09-11 15:24:00 +00:00
# Wireguard
2021-08-22 14:58:39 -07:00
WIREGUARD_PRIVATE_KEY = \
WIREGUARD_PRESHARED_KEY = \
2021-09-13 19:33:04 +00:00
WIREGUARD_PUBLIC_KEY = \
2022-02-05 22:31:46 +00:00
WIREGUARD_ADDRESSES = \
2021-09-11 15:24:00 +00:00
# VPN server filtering
2022-02-05 23:18:58 +00:00
SERVER_REGIONS = \
2022-02-05 23:15:20 +00:00
SERVER_COUNTRIES = \
2022-02-05 23:16:47 +00:00
SERVER_CITIES = \
2022-02-05 23:20:17 +00:00
SERVER_HOSTNAMES = \
2021-09-11 15:24:00 +00:00
# # Mullvad only:
2020-08-17 20:39:49 -04:00
ISP = \
2022-01-27 14:12:25 +00:00
OWNED_ONLY = no \
2021-09-11 15:24:00 +00:00
# # Private Internet Access only:
2022-02-05 22:38:03 +00:00
PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET = \
2022-02-05 23:02:29 +00:00
PRIVATE_INTERNET_ACCESS_VPN_PORT_FORWARDING = off \
2022-02-05 23:03:27 +00:00
PRIVATE_INTERNET_ACCESS_VPN_PORT_FORWARDING_STATUS_FILE = "/tmp/gluetun/forwarded_port" \
2021-09-11 15:24:00 +00:00
# # Cyberghost only:
2020-12-29 20:47:56 +00:00
OPENVPN_CLIENTCRT_SECRETFILE = /run/secrets/openvpn_clientcrt \
OPENVPN_CLIENTKEY_SECRETFILE = /run/secrets/openvpn_clientkey \
2021-09-11 15:24:00 +00:00
# # Nordvpn only:
2020-08-17 20:39:49 -04:00
SERVER_NUMBER = \
2022-06-12 01:58:46 +00:00
# # PIA only:
2022-02-05 23:22:25 +00:00
SERVER_NAMES = \
2021-09-11 15:24:00 +00:00
# # ProtonVPN only:
2021-05-23 21:51:12 +00:00
FREE_ONLY = \
2021-09-11 15:24:00 +00:00
# # Surfshark only:
MULTIHOP_ONLY = \
# Firewall
FIREWALL = on \
FIREWALL_VPN_INPUT_PORTS = \
FIREWALL_INPUT_PORTS = \
FIREWALL_OUTBOUND_SUBNETS = \
FIREWALL_DEBUG = off \
# Logging
LOG_LEVEL = info \
2021-07-22 20:13:20 +00:00
# Health
2021-09-11 15:24:00 +00:00
HEALTH_SERVER_ADDRESS = 127.0.0.1:9999 \
2022-04-11 20:21:03 +00:00
HEALTH_TARGET_ADDRESS = cloudflare.com:443 \
2021-09-13 01:30:37 +00:00
HEALTH_VPN_DURATION_INITIAL = 6s \
HEALTH_VPN_DURATION_ADDITION = 5s \
2020-08-17 20:39:49 -04:00
# DNS over TLS
DOT = on \
DOT_PROVIDERS = cloudflare \
2021-05-14 14:06:30 +00:00
DOT_PRIVATE_ADDRESS = 127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:7f00:1/104,::ffff:a00:0/104,::ffff:a9fe:0/112,::ffff:ac10:0/108,::ffff:c0a8:0/112 \
2020-08-17 20:39:49 -04:00
DOT_VERBOSITY = 1 \
DOT_VERBOSITY_DETAILS = 0 \
DOT_VALIDATION_LOGLEVEL = 0 \
DOT_CACHING = on \
DOT_IPV6 = off \
BLOCK_MALICIOUS = on \
BLOCK_SURVEILLANCE = off \
BLOCK_ADS = off \
UNBLOCK = \
DNS_UPDATE_PERIOD = 24h \
2022-02-05 22:23:58 +00:00
DNS_ADDRESS = 127.0.0.1 \
2020-08-17 20:39:49 -04:00
DNS_KEEP_NAMESERVER = off \
2020-10-31 21:50:31 -04:00
# HTTP proxy
HTTPPROXY = \
HTTPPROXY_LOG = off \
2022-01-06 06:40:23 -05:00
HTTPPROXY_LISTENING_ADDRESS = ":8888" \
2020-10-31 21:50:31 -04:00
HTTPPROXY_USER = \
HTTPPROXY_PASSWORD = \
2020-12-29 20:47:56 +00:00
HTTPPROXY_USER_SECRETFILE = /run/secrets/httpproxy_user \
HTTPPROXY_PASSWORD_SECRETFILE = /run/secrets/httpproxy_password \
2020-08-17 20:39:49 -04:00
# Shadowsocks
SHADOWSOCKS = off \
SHADOWSOCKS_LOG = off \
2022-01-13 17:10:09 +00:00
SHADOWSOCKS_LISTENING_ADDRESS = ":8388" \
2020-08-17 20:39:49 -04:00
SHADOWSOCKS_PASSWORD = \
2020-12-29 20:47:56 +00:00
SHADOWSOCKS_PASSWORD_SECRETFILE = /run/secrets/shadowsocks_password \
2021-07-29 00:48:46 +00:00
SHADOWSOCKS_CIPHER = chacha20-ietf-poly1305 \
2022-01-27 23:15:08 +00:00
# Control server
HTTP_CONTROL_SERVER_ADDRESS = ":8000" \
2021-09-11 15:24:00 +00:00
# Server data updater
2021-09-10 22:54:02 +00:00
UPDATER_PERIOD = 0 \
2022-06-12 14:03:00 +00:00
UPDATER_MIN_RATIO = 0.8 \
2022-01-27 12:57:27 +00:00
UPDATER_VPN_SERVICE_PROVIDERS = \
2021-09-11 15:24:00 +00:00
# Public IP
PUBLICIP_FILE = "/tmp/gluetun/ip" \
PUBLICIP_PERIOD = 12h \
2022-01-26 17:23:55 -05:00
# Pprof
PPROF_ENABLED = no \
PPROF_BLOCK_PROFILE_RATE = 0 \
PPROF_MUTEX_PROFILE_RATE = 0 \
PPROF_HTTP_SERVER_ADDRESS = ":6060" \
2021-09-11 15:24:00 +00:00
# Extras
VERSION_INFORMATION = on \
TZ = \
PUID = \
PGID =
2022-01-19 00:23:50 +00:00
ENTRYPOINT [ "/gluetun-entrypoint" ]
2020-08-17 20:39:49 -04:00
EXPOSE 8000/tcp
2022-01-19 00:23:50 +00:00
HEALTHCHECK --interval= 5s --timeout= 5s --start-period= 10s --retries= 1 CMD /gluetun-entrypoint healthcheck
2021-07-27 19:45:23 +00:00
ARG TARGETPLATFORM
2021-08-09 14:49:45 +00:00
RUN apk add --no-cache --update -l apk-tools && \
2022-03-28 17:32:56 +00:00
apk add --no-cache --update -X "https://dl-cdn.alpinelinux.org/alpine/v3.12/main" openvpn = = 2.4.12-r0 && \
2021-05-31 18:54:36 +00:00
mv /usr/sbin/openvpn /usr/sbin/openvpn2.4 && \
apk del openvpn && \
apk add --no-cache --update openvpn ca-certificates iptables ip6tables unbound tzdata && \
2021-11-12 22:48:19 +00:00
mv /usr/sbin/openvpn /usr/sbin/openvpn2.5 && \
2021-11-12 23:04:42 +00:00
# Fix vulnerability issue
apk add --no-cache --update busybox && \
2021-05-31 17:55:56 +00:00
rm -rf /var/cache/apk/* /etc/unbound/* /usr/sbin/unbound-* /etc/openvpn/*.sh /usr/lib/openvpn/plugins/openvpn-plugin-down-root.so && \
2020-08-17 20:39:49 -04:00
deluser openvpn && \
2020-08-25 19:38:50 -04:00
deluser unbound && \
mkdir /gluetun
2022-01-19 00:23:50 +00:00
COPY --from= build /tmp/gobuild/entrypoint /gluetun-entrypoint
