From a8e88cc7fc443d8ebb5c131d4a40186cf42d9151 Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Tue, 1 Jan 2019 23:14:36 +0200 Subject: [PATCH] Replaced external docker images with Github hosted files --- Dockerfile | 14 ++++++-------- README.md | 12 +++++------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index cfcf46cf..d968fb37 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,14 +40,12 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab unzip -q openvpn-strong-tcp.zip -d /openvpn/tcp-strong && \ apk del -q --progress --purge unzip && \ rm -rf /*.zip /var/cache/apk/* /etc/unbound/unbound.conf && \ - adduser nonrootuser -D -H --uid 1000 -COPY --from=qmcgaw/dns-trustanchor /named.root /etc/unbound/root.hints -COPY --from=qmcgaw/dns-trustanchor /root.key /etc/unbound/root.key -COPY --from=qmcgaw/malicious-hostnames /malicious-hostnames.bz2 /tmp/malicious-hostnames.bz2 -COPY --from=qmcgaw/malicious-ips /malicious-ips.bz2 /tmp/malicious-ips.bz2 -RUN cd /tmp && \ - tar -xjf malicious-hostnames.bz2 && \ - tar -xjf malicious-ips.bz2 && \ + adduser nonrootuser -D -H --uid 1000 && \ + wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/named.root.updated -O /etc/unbound/root.hints && \ + wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/root.key.updated -O /etc/unbound/root.key && \ + cd /tmp && \ + wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-hostnames.updated -O malicious-hostnames && \ + wget -q https://raw.githubusercontent.com/qdm12/updated/master/files/malicious-ips.updated -O malicious-ips && \ while read hostname; do echo "local-zone: \""$hostname"\" static" >> blocks-malicious.conf; done < malicious-hostnames && \ while read ip; do echo "private-address: $ip" >> blocks-malicious.conf; done < malicious-ips && \ tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \ diff --git a/README.md b/README.md index 25a67d0d..955e3fac 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ | Image size | RAM usage | CPU usage | | --- | --- | --- | -| 20MB | 14MB to 80MB | Low to Medium | +| 19.1MB | 14MB to 80MB | Low to Medium | It is based on: @@ -28,15 +28,14 @@ It is based on: - [OpenVPN 2.4.6-r3](https://pkgs.alpinelinux.org/package/v3.8/main/x86_64/openvpn) to tunnel to PIA servers - [IPtables 1.6.2-r0](https://pkgs.alpinelinux.org/package/v3.8/main/x86_64/iptables) enforces the container to communicate only through the VPN or with other containers in its virtual network (acts as a killswitch) - [Unbound 1.7.3-r0](https://pkgs.alpinelinux.org/package/v3.8/main/x86_64/unbound) configured with Cloudflare's [1.1.1.1](https://1.1.1.1) DNS over TLS -- [Malicious hostnames list](https://github.com/qdm12/malicious-hostnames-docker) used with Unbound (see `BLOCK_MALICIOUS` environment variable) -- [Malicious IPs list](https://github.com/qdm12/malicious-ips-docker) used with Unbound (see `BLOCK_MALICIOUS`) +- [Files and blocking lists built periodically](https://github.com/qdm12/updated/tree/master/files) used with Unbound (see `BLOCK_MALICIOUS` environment variable) ## Extra features - Only use environment variables: - - the [destination region]((https://www.privateinternetaccess.com/pages/network/)) - - the protocol `tcp` or `udp` - - the level of encryption `normal` or `strong` + - the [destination region]((https://www.privateinternetaccess.com/pages/network/)) + - the protocol `tcp` or `udp` + - the level of encryption `normal` or `strong` - Connect other containers to it - The *iptables* firewall allows traffic only with needed PIA servers (IP addresses, port, protocol) combination - OpenVPN restarts on failure using another PIA IP address for the same region @@ -240,7 +239,6 @@ will publish port 8112 as Deluge WebUI without any trouble. ## TODOs -- [ ] Malicious IPs and hostnames with wget at launch+checksums - [ ] Nginx scratch - [ ] SOCKS proxy/Hiproxy/VPN server for other devices to use the container - [ ] Port forwarding