Update build/README.md for current architecture
Some checks failed
Test / test (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
This commit is contained in:
@@ -4,15 +4,10 @@ This directory contains the Dockerfile and scripts to build the Cisco VPN Docker
|
|||||||
|
|
||||||
## Files
|
## Files
|
||||||
|
|
||||||
- `Dockerfile` - Main Docker image definition
|
- `Dockerfile` - Docker image definition (Ubuntu 22.04 + Cisco Secure Client + noVNC)
|
||||||
- `cisco-secure-client-full.tar.gz` - Pre-extracted Cisco Secure Client installation
|
- `cisco-secure-client-full.tar.gz` - Pre-extracted Cisco Secure Client 5.1.14.145
|
||||||
- `build.sh` - Build script to create the Docker image
|
- `build.sh` - Build and push script
|
||||||
- `scripts/` - Container scripts:
|
- `scripts/entrypoint.sh` - Container entrypoint (starts systemd)
|
||||||
- `init-vpn.sh` - Container init (unmounts DNS files for VPN, starts systemd)
|
|
||||||
- `startup-vnc.sh` - VNC/noVNC startup script
|
|
||||||
- `vpn-connect.sh` - VPN automation script (inside container)
|
|
||||||
- `xstartup` - VNC session startup
|
|
||||||
- `vnc.service` - Systemd service for VNC
|
|
||||||
|
|
||||||
## Building
|
## Building
|
||||||
|
|
||||||
@@ -21,21 +16,36 @@ cd /etc/runtipi/repos/runtipi/apps/rego-tunnel/build
|
|||||||
./build.sh
|
./build.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
To push to registry:
|
This builds and pushes to `git.alexzaw.dev/alexz/cisco-vpn:latest`
|
||||||
|
|
||||||
|
To build without pushing:
|
||||||
```bash
|
```bash
|
||||||
docker push git.alexzaw.dev/alexz/cisco-vpn:latest
|
docker build -t git.alexzaw.dev/alexz/cisco-vpn:latest .
|
||||||
```
|
```
|
||||||
|
|
||||||
## Architecture
|
## What's in the image
|
||||||
|
|
||||||
1. **init-vpn.sh**: Unmounts Docker's bind-mounted `/etc/resolv.conf` and `/etc/hosts` (required for VPN to modify DNS), then starts systemd
|
The Dockerfile creates an image with:
|
||||||
2. **systemd**: Manages vpnagentd (Cisco VPN agent) and vnc (VNC server) services
|
- Ubuntu 22.04 with systemd
|
||||||
3. **xstartup**: Runs when VNC session starts - by default launches vpnui, but can be overridden via volume mount
|
- Cisco Secure Client 5.1.14.145 (VPN, DART, Posture modules)
|
||||||
4. **vpn-connect.sh**: Optional automation script for auto-login with TOTP
|
- TigerVNC server + noVNC (web-based VNC)
|
||||||
|
- Tools: xdotool, oathtool (for TOTP), xclip, openbox
|
||||||
|
|
||||||
## Runtime Mounts
|
### Systemd services (baked in)
|
||||||
|
- `vpnagentd.service` - Cisco VPN agent
|
||||||
|
- `vnc.service` - VNC server + noVNC websockify
|
||||||
|
|
||||||
When running as rego-tunnel app, these are mounted:
|
### Scripts (baked in via base64 in Dockerfile)
|
||||||
- `/shared` - Contains the `cisco-vpn` script with full automation
|
- `/opt/scripts/startup-vnc.sh` - Starts VNC server and noVNC
|
||||||
- `/root/.vnc/xstartup` - Custom xstartup that launches terminal with cisco-vpn script
|
- `/opt/scripts/entrypoint.sh` - Container entrypoint
|
||||||
- `/opt/scripts/init-vpn.sh` - Custom init script with network setup
|
|
||||||
|
## Runtime mounts (from shared/)
|
||||||
|
|
||||||
|
When running as rego-tunnel app, these are mounted from `shared/`:
|
||||||
|
- `/shared/cisco-vpn` - Main VPN automation script
|
||||||
|
- `/shared/xstartup` → `/root/.vnc/xstartup` - VNC session startup
|
||||||
|
|
||||||
|
## Ports
|
||||||
|
|
||||||
|
- `5901` - VNC server
|
||||||
|
- `6080` - noVNC web interface
|
||||||
|
|||||||
Reference in New Issue
Block a user