This commit is contained in:
33
apps/cistech-tunnel/vpn-openconnect-sso/Dockerfile
Executable file
33
apps/cistech-tunnel/vpn-openconnect-sso/Dockerfile
Executable file
@@ -0,0 +1,33 @@
|
||||
FROM ubuntu:24.04
|
||||
ENV QTWEBENGINE_DISABLE_SANDBOX=1
|
||||
ENV QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu"
|
||||
ENV DEBIAN_FRONTEND=noninteractive \
|
||||
PLAYWRIGHT_BROWSERS_PATH=/ms-playwright \
|
||||
VIRTUAL_ENV=/opt/venv \
|
||||
PATH=/opt/venv/bin:$PATH
|
||||
|
||||
RUN apt-get update && apt-get install -y \
|
||||
openconnect iproute2 iptables ca-certificates \
|
||||
python3 python3-pip python3-venv \
|
||||
vpnc-scripts curl \
|
||||
x11vnc xvfb fluxbox novnc websockify \
|
||||
xauth libnss3 libatk1.0-0 libatk-bridge2.0-0 \
|
||||
libx11-6 libx11-xcb1 libxcomposite1 libxrandr2 libgbm1 libxdamage1 \
|
||||
libpango-1.0-0 fonts-liberation \
|
||||
libegl1 libgl1 libopengl0 libdbus-1-3 libglib2.0-0 \
|
||||
libxkbcommon0 libxkbcommon-x11-0 \
|
||||
libxcb1 libxcb-cursor0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-render0 libxcb-render-util0 libxcb-shm0 libxcb-xfixes0 libxcb-xinerama0 libxcb-randr0 libxcb-glx0 \
|
||||
sudo \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN apt-get update && (apt-get install -y libasound2t64 || apt-get install -y libasound2) && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN python3 -m venv "$VIRTUAL_ENV"
|
||||
RUN pip install --no-cache-dir openconnect-sso playwright \
|
||||
&& python -m playwright install --with-deps chromium
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
EXPOSE 6901
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
36
apps/cistech-tunnel/vpn-openconnect-sso/entrypoint.sh
Executable file
36
apps/cistech-tunnel/vpn-openconnect-sso/entrypoint.sh
Executable file
@@ -0,0 +1,36 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
: "${OC_URL:?OC_URL is required}"
|
||||
: "${OC_SERVERCERT:?OC_SERVERCERT is required}"
|
||||
|
||||
NOVNC_PORT="${NOVNC_PORT:-6901}"
|
||||
VNC_PASSWORD="${VNC_PASSWORD:-changeme}"
|
||||
DISPLAY_ADDR="${DISPLAY:-:1}"
|
||||
OC_INTERFACE="${OC_INTERFACE:-tun0}"
|
||||
OC_SSO_ARGS_DEFAULT="--browser-display-mode shown"
|
||||
|
||||
if [[ "${OC_SSO_ARGS:-$OC_SSO_ARGS_DEFAULT}" == *"shown"* ]]; then
|
||||
mkdir -p /root/.vnc
|
||||
x11vnc -storepasswd "$VNC_PASSWORD" /root/.vnc/pass >/dev/null 2>&1 || true
|
||||
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
|
||||
Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR &
|
||||
sleep 0.5
|
||||
export DISPLAY="$DISPLAY_ADDR"
|
||||
fluxbox >/tmp/fluxbox.log 2>&1 &
|
||||
x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet &
|
||||
websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 &
|
||||
fi
|
||||
|
||||
OPENCONNECT_CMD=(
|
||||
/usr/sbin/openconnect
|
||||
--protocol=anyconnect
|
||||
--servercert "$OC_SERVERCERT"
|
||||
--interface "$OC_INTERFACE"
|
||||
--script /usr/share/vpnc-scripts/vpnc-script
|
||||
)
|
||||
[[ -n "${OC_AUTHGROUP:-}" ]] && OPENCONNECT_CMD+=(--authgroup "$OC_AUTHGROUP")
|
||||
[[ -n "${OC_USERAGENT:-}" ]] && OPENCONNECT_CMD+=(--useragent "$OC_USERAGENT")
|
||||
[[ -n "${OC_EXTRA_ARGS:-}" ]] && OPENCONNECT_CMD+=(${OC_EXTRA_ARGS})
|
||||
|
||||
exec openconnect-sso -s "$OC_URL" ${OC_SSO_ARGS:-$OC_SSO_ARGS_DEFAULT} -- "${OPENCONNECT_CMD[@]}"
|
||||
Reference in New Issue
Block a user