alexz
838b33d6c5
Some checks failed
Test / test (push) Has been cancelled
Includes: - Dockerfile for native Cisco Secure Client in Docker - Build scripts (init-vpn.sh, startup-vnc.sh, vpn-connect.sh) - VNC configuration (xstartup, vnc.service) - build.sh for manual image builds - README documenting the architecture Note: cisco-secure-client-full.tar.gz is gitignored (large binary) Copy it from ~/projects/cisco-vpn/build/ before building. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
102 lines
2.5 KiB
Docker
Executable File
102 lines
2.5 KiB
Docker
Executable File
FROM ubuntu:22.04
|
|
|
|
LABEL maintainer="alexz"
|
|
LABEL description="Cisco Secure Client VPN in Docker with noVNC"
|
|
LABEL version="5.1.14.145"
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
ENV container=docker
|
|
|
|
# VNC/noVNC settings
|
|
ENV DISPLAY=:1
|
|
ENV VNC_PORT=5901
|
|
ENV NOVNC_PORT=6080
|
|
|
|
# Install systemd and dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
systemd \
|
|
systemd-sysv \
|
|
dbus \
|
|
dbus-x11 \
|
|
libgtk-3-0 \
|
|
libglib2.0-0 \
|
|
libstdc++6 \
|
|
iptables \
|
|
libxml2 \
|
|
network-manager \
|
|
zlib1g \
|
|
policykit-1 \
|
|
xdg-utils \
|
|
libwebkit2gtk-4.0-37 \
|
|
# VNC
|
|
tigervnc-standalone-server \
|
|
tigervnc-common \
|
|
novnc \
|
|
websockify \
|
|
# Window manager
|
|
openbox \
|
|
xterm \
|
|
# Utilities
|
|
procps \
|
|
net-tools \
|
|
curl \
|
|
iproute2 \
|
|
iputils-ping \
|
|
nano \
|
|
# Automation tools
|
|
xdotool \
|
|
oathtool \
|
|
xclip \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Remove unnecessary systemd services that cause issues in containers
|
|
RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
|
|
/etc/systemd/system/*.wants/* \
|
|
/lib/systemd/system/local-fs.target.wants/* \
|
|
/lib/systemd/system/sockets.target.wants/*udev* \
|
|
/lib/systemd/system/sockets.target.wants/*initctl* \
|
|
/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \
|
|
/lib/systemd/system/systemd-update-utmp*
|
|
|
|
# Copy and extract the FULL Cisco Secure Client installation (VPN + DART + Posture)
|
|
COPY cisco-secure-client-full.tar.gz /tmp/
|
|
RUN tar -xzf /tmp/cisco-secure-client-full.tar.gz -C / && rm /tmp/cisco-secure-client-full.tar.gz
|
|
|
|
# Enable vpnagentd service
|
|
RUN systemctl enable vpnagentd.service
|
|
|
|
# Create scripts directory
|
|
RUN mkdir -p /opt/scripts
|
|
|
|
# Copy scripts
|
|
COPY scripts/init-vpn.sh /opt/scripts/
|
|
COPY scripts/startup-vnc.sh /opt/scripts/
|
|
COPY scripts/vpn-connect.sh /opt/scripts/
|
|
RUN chmod +x /opt/scripts/*.sh
|
|
|
|
# Setup VNC password (default, can be overridden via mount)
|
|
ARG VNC_PASSWORD=cisco123
|
|
RUN mkdir -p /root/.vnc && \
|
|
echo "${VNC_PASSWORD}" | vncpasswd -f > /root/.vnc/passwd && \
|
|
chmod 600 /root/.vnc/passwd
|
|
|
|
# VNC xstartup script (can be overridden via mount)
|
|
COPY scripts/xstartup /root/.vnc/xstartup
|
|
RUN chmod +x /root/.vnc/xstartup
|
|
|
|
# Create systemd service for VNC
|
|
COPY scripts/vnc.service /lib/systemd/system/vnc.service
|
|
RUN systemctl enable vnc.service
|
|
|
|
# Create shared directory for mounting scripts
|
|
RUN mkdir -p /shared
|
|
|
|
VOLUME ["/sys/fs/cgroup"]
|
|
|
|
EXPOSE 5901 6080
|
|
|
|
STOPSIGNAL SIGRTMIN+3
|
|
|
|
CMD ["/opt/scripts/init-vpn.sh"]
|