fix(cistech-tunnel): correct routing config and sync compose files
Some checks failed
Test / test (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
- host-routing.sh: Updated to use cistech values (172.30.0.10, br-vpn-static) - config.json: Added TARGET_IP form field, bumped tipi_version to 2 - docker-compose.json: Added TARGET_IP environment variable - docker-compose.yml: Synced with docker-compose.json (correct image, port 6080, all env vars) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -10,7 +10,7 @@
|
|||||||
"network"
|
"network"
|
||||||
],
|
],
|
||||||
"description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.",
|
"description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.",
|
||||||
"tipi_version": 1,
|
"tipi_version": 2,
|
||||||
"version": "latest",
|
"version": "latest",
|
||||||
"source": "local",
|
"source": "local",
|
||||||
"exposable": true,
|
"exposable": true,
|
||||||
@@ -48,6 +48,13 @@
|
|||||||
"type": "password",
|
"type": "password",
|
||||||
"env_variable": "VNC_PASSWORD",
|
"env_variable": "VNC_PASSWORD",
|
||||||
"required": true
|
"required": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"label": "Target IP",
|
||||||
|
"type": "text",
|
||||||
|
"env_variable": "TARGET_IP",
|
||||||
|
"required": false,
|
||||||
|
"hint": "IP address to route through VPN (for host routing)"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"supported_architectures": [
|
"supported_architectures": [
|
||||||
|
|||||||
@@ -11,7 +11,8 @@
|
|||||||
{ "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" },
|
{ "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" },
|
||||||
{ "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" },
|
{ "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" },
|
||||||
{ "key": "NOVNC_PORT", "value": "6080" },
|
{ "key": "NOVNC_PORT", "value": "6080" },
|
||||||
{ "key": "TZ", "value": "${TZ}" }
|
{ "key": "TZ", "value": "${TZ}" },
|
||||||
|
{ "key": "TARGET_IP", "value": "${TARGET_IP}" }
|
||||||
],
|
],
|
||||||
"internalPort": 6080,
|
"internalPort": 6080,
|
||||||
"volumes": [
|
"volumes": [
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
cistech-tunnel:
|
cistech-tunnel:
|
||||||
image: cistech-vpn:latest
|
image: git.alexzaw.dev/alexz/cistech-vpn:latest
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
cistech-tunnel_runtipi_network:
|
cistech-tunnel_runtipi_network:
|
||||||
@@ -9,20 +9,33 @@ services:
|
|||||||
gw_priority: 1
|
gw_priority: 1
|
||||||
environment:
|
environment:
|
||||||
OC_URL: ${OC_URL}
|
OC_URL: ${OC_URL}
|
||||||
OC_SERVERCERT: ${OC_SERVERCERT}
|
|
||||||
OC_USER: ${OC_USER}
|
OC_USER: ${OC_USER}
|
||||||
|
OC_PASSWORD: ${OC_PASSWORD}
|
||||||
|
OC_TOTP_SECRET: ${OC_TOTP_SECRET}
|
||||||
VNC_PASSWORD: ${VNC_PASSWORD}
|
VNC_PASSWORD: ${VNC_PASSWORD}
|
||||||
NOVNC_PORT: "6902"
|
NOVNC_PORT: "6080"
|
||||||
|
TZ: ${TZ}
|
||||||
|
TARGET_IP: ${TARGET_IP}
|
||||||
ports:
|
ports:
|
||||||
- ${APP_PORT}:6902
|
- ${APP_PORT}:6080
|
||||||
volumes:
|
volumes:
|
||||||
- ${APP_DATA_DIR}/data:/root
|
- ${APP_DATA_DIR}/config:/config
|
||||||
|
- ${APP_DATA_DIR}:/runtime
|
||||||
|
- /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared:/shared
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup
|
||||||
|
- /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup:/root/.vnc/xstartup:ro
|
||||||
|
devices:
|
||||||
|
- /dev/net/tun
|
||||||
|
privileged: true
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
stop_grace_period: 30s
|
||||||
labels:
|
labels:
|
||||||
generated: true
|
generated: true
|
||||||
traefik.enable: true
|
traefik.enable: true
|
||||||
traefik.docker.network: runtipi_tipi_main_network
|
traefik.docker.network: runtipi_tipi_main_network
|
||||||
traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https
|
traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https
|
||||||
traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6902"
|
traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6080"
|
||||||
traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
|
traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
|
||||||
traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web
|
traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web
|
||||||
traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi
|
traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
#
|
#
|
||||||
# Host routing script for rego-tunnel
|
# Host routing script for cistech-tunnel
|
||||||
# Routes TARGET_IP through the VPN container
|
# Routes TARGET_IP through the VPN container
|
||||||
#
|
#
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
@@ -8,15 +8,15 @@ set -euo pipefail
|
|||||||
ACTION="${1:-start}"
|
ACTION="${1:-start}"
|
||||||
|
|
||||||
# Fixed configuration (we assigned these)
|
# Fixed configuration (we assigned these)
|
||||||
CONTAINER_IP="172.31.0.10"
|
CONTAINER_IP="172.30.0.10"
|
||||||
BRIDGE_NAME="br-rego-vpn"
|
BRIDGE_NAME="br-vpn-static"
|
||||||
TARGET_IP="${TARGET_IP:-10.35.33.230}"
|
TARGET_IP="${TARGET_IP:-}"
|
||||||
LAN_SUBNET="192.168.0.0/23"
|
LAN_SUBNET="192.168.0.0/23"
|
||||||
LAN_INTERFACES="eth0 eth1 wlan0"
|
LAN_INTERFACES="eth0 eth1 wlan0"
|
||||||
LOG_FILE="/var/log/rego-routing.log"
|
LOG_FILE="/var/log/cistech-routing.log"
|
||||||
|
|
||||||
log() {
|
log() {
|
||||||
local msg="[$(date '+%Y-%m-%d %H:%M:%S')] [rego-routing] $*"
|
local msg="[$(date '+%Y-%m-%d %H:%M:%S')] [cistech-routing] $*"
|
||||||
echo "$msg" | tee -a "$LOG_FILE" >&2
|
echo "$msg" | tee -a "$LOG_FILE" >&2
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user