- entrypoint.sh: Start VNC directly instead of systemd /sbin/init
- Changed NOVNC_PORT from 6080 to 6092 everywhere
- Dockerfile: Updated EXPOSE and default NOVNC_PORT
- Bumped tipi_version to 3
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- host-routing.sh: Updated to use cistech values (172.30.0.10, br-vpn-static)
- config.json: Added TARGET_IP form field, bumped tipi_version to 2
- docker-compose.json: Added TARGET_IP environment variable
- docker-compose.yml: Synced with docker-compose.json (correct image, port 6080, all env vars)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The elif branch was missing 'echo "" |' which caused openconnect-sso
to hang waiting for stdin input when OC_PASSWORD is not set.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- entrypoint.sh: Auto-fetch pin-sha256 from VPN URL if not provided
- config.json: Remove OC_SERVERCERT (auto-fetched), add OC_PASSWORD
- docker-compose.json: Add OC_PASSWORD env var
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- docker-compose.json: Use git.alexzaw.dev/alexz/cistech-vpn:latest
- config.json: Add OC_TOTP_SECRET field, keep server cert as default
- Dockerfile: Remove hardcoded credentials (come from env at runtime)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add shared/host-routing.sh with nft for NAT masquerade
- Add shared/install-host-services.sh to set up systemd watcher
- Add shared/uninstall-host-services.sh for cleanup
- Add /runtime volume mount for trigger file
- Update entrypoint.sh to trigger host routing when VPN connects
Run install-host-services.sh on host after app install.
Requires image rebuild for entrypoint changes.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
