alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(cistech-tunnel): correct routing config and sync compose files
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source 
- host-routing.sh: Updated to use cistech values (172.30.0.10, br-vpn-static)
- config.json: Added TARGET_IP form field, bumped tipi_version to 2
- docker-compose.json: Added TARGET_IP environment variable
- docker-compose.yml: Synced with docker-compose.json (correct image, port 6080, all env vars)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Alex Zaw
2026-01-17 11:10:59 +00:00
parent e462edd99b
commit 9307cab1bb
4 changed files with 36 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/cistech-tunnel/config.json
View File

@@ -10,7 +10,7 @@
"network" "network"
], ],
"description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.", "description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.",
"tipi_version": 1, "tipi_version": 2,
"version": "latest", "version": "latest",
"source": "local", "source": "local",
"exposable": true, "exposable": true,
@@ -48,6 +48,13 @@
"type": "password", "type": "password",
"env_variable": "VNC_PASSWORD", "env_variable": "VNC_PASSWORD",
"required": true "required": true
},
{
"label": "Target IP",
"type": "text",
"env_variable": "TARGET_IP",
"required": false,
"hint": "IP address to route through VPN (for host routing)"
} }
], ],
"supported_architectures": [ "supported_architectures": [

3
apps/cistech-tunnel/docker-compose.json
View File

@@ -11,7 +11,8 @@
{ "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" }, { "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" },
{ "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" }, { "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" },
{ "key": "NOVNC_PORT", "value": "6080" }, { "key": "NOVNC_PORT", "value": "6080" },
{ "key": "TZ", "value": "${TZ}" } { "key": "TZ", "value": "${TZ}" },
{ "key": "TARGET_IP", "value": "${TARGET_IP}" }
], ],
"internalPort": 6080, "internalPort": 6080,
"volumes": [ "volumes": [

27
apps/cistech-tunnel/docker-compose.yml
View File

@@ -1,6 +1,6 @@
services: services:
cistech-tunnel: cistech-tunnel:
image: cistech-vpn:latest image: git.alexzaw.dev/alexz/cistech-vpn:latest
restart: unless-stopped restart: unless-stopped
networks: networks:
cistech-tunnel_runtipi_network: cistech-tunnel_runtipi_network:
@@ -9,20 +9,33 @@ services:
gw_priority: 1 gw_priority: 1
environment: environment:
OC_URL: ${OC_URL} OC_URL: ${OC_URL}
OC_SERVERCERT: ${OC_SERVERCERT}
OC_USER: ${OC_USER} OC_USER: ${OC_USER}
OC_PASSWORD: ${OC_PASSWORD}
OC_TOTP_SECRET: ${OC_TOTP_SECRET}
VNC_PASSWORD: ${VNC_PASSWORD} VNC_PASSWORD: ${VNC_PASSWORD}
NOVNC_PORT: "6902" NOVNC_PORT: "6080"
TZ: ${TZ}
TARGET_IP: ${TARGET_IP}
ports: ports:
- ${APP_PORT}:6902 - ${APP_PORT}:6080
volumes: volumes:
- ${APP_DATA_DIR}/data:/root - ${APP_DATA_DIR}/config:/config
- ${APP_DATA_DIR}:/runtime
- /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared:/shared
- /sys/fs/cgroup:/sys/fs/cgroup
- /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup:/root/.vnc/xstartup:ro
devices:
- /dev/net/tun
privileged: true
cap_add:
- NET_ADMIN
stop_grace_period: 30s
labels: labels:
generated: true generated: true
traefik.enable: true traefik.enable: true
traefik.docker.network: runtipi_tipi_main_network traefik.docker.network: runtipi_tipi_main_network
traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https
traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6902" traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6080"
traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`) traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web
traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi
@@ -31,4 +44,4 @@ services:
traefik.http.routers.cistech-tunnel-runtipi.entrypoints: websecure traefik.http.routers.cistech-tunnel-runtipi.entrypoints: websecure
traefik.http.routers.cistech-tunnel-runtipi.service: cistech-tunnel-runtipi traefik.http.routers.cistech-tunnel-runtipi.service: cistech-tunnel-runtipi
traefik.http.routers.cistech-tunnel-runtipi.tls.certresolver: myresolver traefik.http.routers.cistech-tunnel-runtipi.tls.certresolver: myresolver
runtipi.managed: true runtipi.managed: true

12
apps/cistech-tunnel/shared/host-routing.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# #
# Host routing script for rego-tunnel # Host routing script for cistech-tunnel
# Routes TARGET_IP through the VPN container # Routes TARGET_IP through the VPN container
# #
set -euo pipefail set -euo pipefail
@@ -8,15 +8,15 @@ set -euo pipefail
ACTION="${1:-start}" ACTION="${1:-start}"
# Fixed configuration (we assigned these) # Fixed configuration (we assigned these)
CONTAINER_IP="172.31.0.10" CONTAINER_IP="172.30.0.10"
BRIDGE_NAME="br-rego-vpn" BRIDGE_NAME="br-vpn-static"
TARGET_IP="${TARGET_IP:-10.35.33.230}" TARGET_IP="${TARGET_IP:-}"
LAN_SUBNET="192.168.0.0/23" LAN_SUBNET="192.168.0.0/23"
LAN_INTERFACES="eth0 eth1 wlan0" LAN_INTERFACES="eth0 eth1 wlan0"
LOG_FILE="/var/log/rego-routing.log" LOG_FILE="/var/log/cistech-routing.log"
log() { log() {
local msg="[$(date '+%Y-%m-%d %H:%M:%S')] [rego-routing] $*" local msg="[$(date '+%Y-%m-%d %H:%M:%S')] [cistech-routing] $*"
echo "$msg" | tee -a "$LOG_FILE" >&2 echo "$msg" | tee -a "$LOG_FILE" >&2
} }