alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

.
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Alex Zaw
2026-01-17 14:23:50 +00:00
parent 418390fe8d
commit f1793baa57
21 changed files with 2547 additions and 372 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
apps/cistech-tunnel/build/README.md Normal file
View File

@@ -0,0 +1,67 @@
# Cistech Tunnel - Build Files
This directory contains the Dockerfile and scripts to build the OpenConnect-SSO VPN Docker image.
## Files
- `Dockerfile` - Docker image definition (Ubuntu 22.04 + openconnect-sso + noVNC)
- `build.sh` - Build and push script
- `scripts/entrypoint.sh` - Container entrypoint
## Building
```bash
cd /etc/runtipi/repos/runtipi/apps/cistech-tunnel/build
./build.sh
```
This builds and pushes to `git.alexzaw.dev/alexz/openconnect-vpn:latest`
To build without pushing:
```bash
docker build -t git.alexzaw.dev/alexz/openconnect-vpn:latest .
```
## What's in the image
The Dockerfile creates an image with:
- Ubuntu 22.04
- openconnect + openconnect-sso[full] (Python)
- Playwright Chromium browser (for SSO authentication)
- TigerVNC server + noVNC (web-based VNC)
- Tools: oathtool (TOTP), openbox, xterm
### Scripts (baked in)
- `/opt/scripts/startup-vnc.sh` - Starts VNC server and noVNC
- `/opt/scripts/entrypoint.sh` - Container entrypoint (DNS fix, IP forwarding, config generation)
## Runtime mounts (from shared/)
When running as cistech-tunnel app, these are mounted from `shared/`:
- `/shared/openconnect-vpn` - Main VPN connection script
- `/shared/xstartup` -> `/root/.vnc/xstartup` - VNC session startup
## Environment Variables
| Variable | Description |
|----------|-------------|
| `VPN_EMAIL` | Email/username for SSO login |
| `VPN_PASSWORD` | Password for SSO login |
| `VPN_TOTP_SECRET` | TOTP secret for 2FA (base32) |
| `VPN_HOST` | VPN server URL (e.g., `https://vpn.example.com/Group`) |
| `TARGET_IP` | Target IP for connectivity testing |
| `VNC_PASSWORD` | VNC access password |
## Ports
- `5901` - VNC server
- `6092` - noVNC web interface
## How it works
1. Container starts, generates openconnect-sso config from env vars
2. VNC server starts with noVNC web interface
3. xterm launches with the `openconnect-vpn` script
4. Script sets up keyring with credentials (password + TOTP)
5. openconnect-sso handles SSO authentication via hidden browser
6. VPN connects and IP forwarding/NAT is configured