alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5bffff1d9bfdd7707f3f2eab2b3e466cc25d2568
runtipi/apps/cistech-tunnel/build
History
alexz 16b7a66c01 cistech-tunnel: move all scripts to dynamic mounts 
- Move entrypoint.sh from build/scripts/ to shared/ (no longer baked into image)
- Add entrypoint directive to docker-compose.json pointing to /shared/entrypoint.sh
- Update entrypoint.sh to reference /shared/startup-vnc.sh instead of /opt/scripts/
- Bump tipi_version to 7

All scripts are now dynamically controlled via volume mounts from the shared/
directory. The Docker image is a clean base with only packages installed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 20:39:20 +00:00
..
.gitignore
.
2026-01-17 14:23:50 +00:00
build.sh
.
2026-01-17 14:23:50 +00:00
Dockerfile
Update apps/cistech-tunnel/build/Dockerfile
2026-02-04 20:29:37 +00:00
README.md
.
2026-01-17 14:23:50 +00:00

README.md

Cistech Tunnel - Build Files

This directory contains the Dockerfile and scripts to build the OpenConnect-SSO VPN Docker image.

Files

  • Dockerfile - Docker image definition (Ubuntu 22.04 + openconnect-sso + noVNC)
  • build.sh - Build and push script
  • scripts/entrypoint.sh - Container entrypoint

Building

cd /etc/runtipi/repos/runtipi/apps/cistech-tunnel/build
./build.sh

This builds and pushes to git.alexzaw.dev/alexz/openconnect-vpn:latest

To build without pushing:

docker build -t git.alexzaw.dev/alexz/openconnect-vpn:latest .

What's in the image

The Dockerfile creates an image with:

  • Ubuntu 22.04
  • openconnect + openconnect-sso[full] (Python)
  • Playwright Chromium browser (for SSO authentication)
  • TigerVNC server + noVNC (web-based VNC)
  • Tools: oathtool (TOTP), openbox, xterm

Scripts (baked in)

  • /opt/scripts/startup-vnc.sh - Starts VNC server and noVNC
  • /opt/scripts/entrypoint.sh - Container entrypoint (DNS fix, IP forwarding, config generation)

Runtime mounts (from shared/)

When running as cistech-tunnel app, these are mounted from shared/:

  • /shared/openconnect-vpn - Main VPN connection script
  • /shared/xstartup -> /root/.vnc/xstartup - VNC session startup

Environment Variables

Variable Description
VPN_EMAIL Email/username for SSO login
VPN_PASSWORD Password for SSO login
VPN_TOTP_SECRET TOTP secret for 2FA (base32)
VPN_HOST VPN server URL (e.g., https://vpn.example.com/Group)
TARGET_IP Target IP for connectivity testing
VNC_PASSWORD VNC access password

Ports

  • 5901 - VNC server
  • 6092 - noVNC web interface

How it works

  1. Container starts, generates openconnect-sso config from env vars
  2. VNC server starts with noVNC web interface
  3. xterm launches with the openconnect-vpn script
  4. Script sets up keyring with credentials (password + TOTP)
  5. openconnect-sso handles SSO authentication via hidden browser
  6. VPN connects and IP forwarding/NAT is configured
Reference in New Issue View Git Blame Copy Permalink