alexz
e5d4b4d2e5
Changed ${NOVNC_PORT-:-6080} to ${NOVNC_PORT:-6080}
The extra dash was causing websockify to not start properly.
89 lines
3.0 KiB
Docker
Executable File
89 lines
3.0 KiB
Docker
Executable File
FROM ubuntu:22.04
|
|
|
|
LABEL maintainer="alexz"
|
|
LABEL description="Cisco Secure Client VPN in Docker with noVNC"
|
|
LABEL version="5.1.14.145"
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
ENV container=docker
|
|
|
|
# VNC/noVNC settings
|
|
ENV DISPLAY=:1
|
|
ENV VNC_PORT=5901
|
|
ENV NOVNC_PORT=6080
|
|
|
|
# Install systemd and dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
systemd \
|
|
systemd-sysv \
|
|
dbus \
|
|
dbus-x11 \
|
|
libgtk-3-0 \
|
|
libglib2.0-0 \
|
|
libstdc++6 \
|
|
iptables \
|
|
libxml2 \
|
|
network-manager \
|
|
zlib1g \
|
|
policykit-1 \
|
|
xdg-utils \
|
|
libwebkit2gtk-4.0-37 \
|
|
tigervnc-standalone-server \
|
|
tigervnc-common \
|
|
novnc \
|
|
websockify \
|
|
openbox \
|
|
xterm \
|
|
procps \
|
|
net-tools \
|
|
curl \
|
|
iproute2 \
|
|
iputils-ping \
|
|
nano \
|
|
x11vnc \
|
|
xvfb \
|
|
fluxbox \
|
|
xdotool \
|
|
oathtool \
|
|
xclip \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Remove unnecessary systemd services that cause issues in containers
|
|
RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
|
|
/etc/systemd/system/*.wants/* \
|
|
/lib/systemd/system/local-fs.target.wants/* \
|
|
/lib/systemd/system/sockets.target.wants/*udev* \
|
|
/lib/systemd/system/sockets.target.wants/*initctl* \
|
|
/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \
|
|
/lib/systemd/system/systemd-update-utmp*
|
|
|
|
# Copy and extract Cisco Secure Client
|
|
COPY cisco-secure-client-full.tar.gz /tmp/
|
|
RUN tar -xzf /tmp/cisco-secure-client-full.tar.gz -C / && rm /tmp/cisco-secure-client-full.tar.gz
|
|
|
|
# Enable vpnagentd service
|
|
RUN systemctl enable vpnagentd.service
|
|
|
|
RUN mkdir -p /opt/scripts /shared
|
|
RUN echo 'IyEvYmluL2Jhc2gKc2V0IC1lCmV4cG9ydCBIT01FPScvcm9vdCcKZXhwb3J0IFVTRVI9J3Jvb3QnCnJtIC1mIC90bXAvLlAxLWxvY2sgL3RtcC8uWDExLXVuaXgvWDEgMj4vZGV2L251bGwgfHwgdHJ1ZQpybSAtcmYgL3RtcC8uWCotbG9jayAvdG1wLy5YMTQtdW5peC8qIDI+L2Rldi9udWxsIHx8IHRydWUKZWNobyAiU3RhcnRpbmcgVGlnZXJWTkMgc2VydmVyIG9uIGRpc3BsYXkgOjEuLi4iCnZuY3NlcnZlciA6MSAtZ2VvbWV0cnkgMTI4MHg4MDAgLWRlcHRoIDI0IC1TZWN1cml0eVR5cGVzIFZuY0F1dGggLWxvY2FsaG9zdCBubwpzbGVlcCAyCmVjaG8gIlN0YXJ0aW5nIG5vVk5DIG9uIHBvcnQgJHtOT1ZOQ19QT1JUOi02MDgwfS4uLiIKd2Vic29ja2lmeSAtLXdlYj0vdXNyL3NoYXJlL25vdm5jLyAke05PVk5DX1BPUlQ6LTYwODB9IGxvY2FsaG9zdDo1OTAxICYKdGFpbCAtZiAvcm9vdC8udm5jLyoubG9nCg==' \
|
|
| base64 -d > /opt/scripts/startup-vnc.sh && \
|
|
chmod +x /opt/scripts/startup-vnc.sh
|
|
|
|
RUN echo 'W1VuaXRdCkRlc2NyaXB0aW9uPVZOQyBhbmQgbm9WTkMgU2VydmVyCkFmdGVyPW5ldHdvcmsudGFyZ2V0IHZwbmFnZW50ZC5zZXJ2aWNlCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9vcHQvc2NyaXB0cy9zdGFydHVwLXZuYy5zaApSZXN0YXJ0PWFsd2F5cwpSZXN0YXJ0U2VjPTUKRW52aXJvbm1lbnQ9SE9NRT0vcm9vdApFbnZpcm9ubWVudD1VU0VSPXJvb3QKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=' \
|
|
| base64 -d > /lib/systemd/system/vnc.service
|
|
RUN chmod 644 /lib/systemd/system/vnc.service && \
|
|
systemctl enable vnc.service
|
|
|
|
# Copy entrypoint script
|
|
COPY scripts/entrypoint.sh /opt/scripts/
|
|
RUN chmod +x /opt/scripts/entrypoint.sh
|
|
|
|
VOLUME ["/sys/fs/cgroup"]
|
|
|
|
EXPOSE 5901 6080
|
|
|
|
STOPSIGNAL SIGRTMIN+3
|
|
|
|
CMD ["/opt/scripts/entrypoint.sh"]
|