alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
004c58b4456e0b5ed50310321e6f392997c469d0
runtipi/apps/cistech-tunnel/build
History
alexz 8c9ebea489 fix: Install noVNC from GitHub instead of apt package 
The apt novnc package (v1.0.0) has module export issues causing
JavaScript errors. Switch to noVNC v1.4.0 from GitHub which has
proper ES6 module exports.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-18 01:04:45 +00:00
..
scripts
fix(cistech-tunnel): add software rendering support for Qt WebEngine
2026-01-17 16:08:51 +00:00
.gitignore
.
2026-01-17 14:23:50 +00:00
build.sh
.
2026-01-17 14:23:50 +00:00
Dockerfile
fix: Install noVNC from GitHub instead of apt package
2026-01-18 01:04:45 +00:00
README.md
.
2026-01-17 14:23:50 +00:00

README.md

Cistech Tunnel - Build Files

This directory contains the Dockerfile and scripts to build the OpenConnect-SSO VPN Docker image.

Files

  • Dockerfile - Docker image definition (Ubuntu 22.04 + openconnect-sso + noVNC)
  • build.sh - Build and push script
  • scripts/entrypoint.sh - Container entrypoint

Building

cd /etc/runtipi/repos/runtipi/apps/cistech-tunnel/build
./build.sh

This builds and pushes to git.alexzaw.dev/alexz/openconnect-vpn:latest

To build without pushing:

docker build -t git.alexzaw.dev/alexz/openconnect-vpn:latest .

What's in the image

The Dockerfile creates an image with:

  • Ubuntu 22.04
  • openconnect + openconnect-sso[full] (Python)
  • Playwright Chromium browser (for SSO authentication)
  • TigerVNC server + noVNC (web-based VNC)
  • Tools: oathtool (TOTP), openbox, xterm

Scripts (baked in)

  • /opt/scripts/startup-vnc.sh - Starts VNC server and noVNC
  • /opt/scripts/entrypoint.sh - Container entrypoint (DNS fix, IP forwarding, config generation)

Runtime mounts (from shared/)

When running as cistech-tunnel app, these are mounted from shared/:

  • /shared/openconnect-vpn - Main VPN connection script
  • /shared/xstartup -> /root/.vnc/xstartup - VNC session startup

Environment Variables

Variable Description
VPN_EMAIL Email/username for SSO login
VPN_PASSWORD Password for SSO login
VPN_TOTP_SECRET TOTP secret for 2FA (base32)
VPN_HOST VPN server URL (e.g., https://vpn.example.com/Group)
TARGET_IP Target IP for connectivity testing
VNC_PASSWORD VNC access password

Ports

  • 5901 - VNC server
  • 6092 - noVNC web interface

How it works

  1. Container starts, generates openconnect-sso config from env vars
  2. VNC server starts with noVNC web interface
  3. xterm launches with the openconnect-vpn script
  4. Script sets up keyring with credentials (password + TOTP)
  5. openconnect-sso handles SSO authentication via hidden browser
  6. VPN connects and IP forwarding/NAT is configured
Reference in New Issue View Git Blame Copy Permalink