treyzania
/
sscraggles-docker-deluge-openvpn
Volgen 2
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
488 Commits
1 Branch
Tree: 6649edeedf
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van '6649edeedf'
${ noResults }
sscraggles-docker-deluge-op.../openvpn/start.sh

start.sh 5.0KB
Ruw Blame Geschiedenis

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 
  1. #!/bin/bash

  2. VPN_PROVIDER="${OPENVPN_PROVIDER,,}"

  3. VPN_PROVIDER_CONFIGS="/etc/openvpn/${VPN_PROVIDER}"

  4. 

  5. if [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then

  6.   echo "OpenVPN provider not set. Exiting."

  7.   exit 1

  8. elif [[ ! -d "${VPN_PROVIDER_CONFIGS}" ]]; then

  9.   echo "Could not find OpenVPN provider: ${OPENVPN_PROVIDER}"

  10.   echo "Please check your settings."

  11.   exit 1

  12. fi

  13. 

  14. echo "Using OpenVPN provider: ${OPENVPN_PROVIDER}"

  15. 

  16. if [[ -n "${OPENVPN_CONFIG-}" ]]; then

  17.   readarray -t OPENVPN_CONFIG_ARRAY <<< "${OPENVPN_CONFIG//,/$'\n'}"

  18.   if (( ${#OPENVPN_CONFIG_ARRAY[@]} > 1 )); then

  19.     OPENVPN_CONFIG_RANDOM=$((RANDOM%${#OPENVPN_CONFIG_ARRAY[@]}))

  20.     echo "${#OPENVPN_CONFIG_ARRAY[@]} servers found in OPENVPN_CONFIG, ${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]} chosen randomly"

  21.     OPENVPN_CONFIG="${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]}"

  22.   fi

  23. 

  24.   if [[ -f "${VPN_PROVIDER_CONFIGS}/${OPENVPN_CONFIG}".ovpn ]]; then

  25.     echo "Starting OpenVPN using config ${OPENVPN_CONFIG}.ovpn"

  26.     OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/${OPENVPN_CONFIG}.ovpn"

  27.   else

  28.     echo "Supplied config ${OPENVPN_CONFIG}.ovpn could not be found."

  29.     echo "Using default OpenVPN gateway for provider ${VPN_PROVIDER}"

  30.     OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/default.ovpn"

  31.   fi

  32. else

  33.   echo "No VPN configuration provided. Using default."

  34.   OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/default.ovpn"

  35. fi

  36. 

  37. # add OpenVPN user/pass

  38. if [[ "${OPENVPN_USERNAME}" == "**None**" ]] || [[ "${OPENVPN_PASSWORD}" == "**None**" ]] ; then

  39.   if [[ ! -f /config/openvpn-credentials.txt ]] ; then

  40.     echo "OpenVPN credentials not set. Exiting."

  41.     exit 1

  42.   fi

  43.   echo "Found existing OPENVPN credentials..."

  44. else

  45.   echo "Setting OPENVPN credentials..."

  46.   mkdir -p /config

  47.   echo "${OPENVPN_USERNAME}" > /config/openvpn-credentials.txt

  48.   echo "${OPENVPN_PASSWORD}" >> /config/openvpn-credentials.txt

  49.   chmod 600 /config/openvpn-credentials.txt

  50. fi

  51. 

  52. # add transmission credentials from env vars

  53. echo "${TRANSMISSION_RPC_USERNAME}" > /config/transmission-credentials.txt

  54. echo "${TRANSMISSION_RPC_PASSWORD}" >> /config/transmission-credentials.txt

  55. 

  56. # Persist transmission settings for use by transmission-daemon

  57. dockerize -template /etc/transmission/environment-variables.tmpl:/etc/transmission/environment-variables.sh

  58. 

  59. TRANSMISSION_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/openvpn/tunnelUp.sh --down /etc/openvpn/tunnelDown.sh"

  60. 

  61. ## If we use UFW or the LOCAL_NETWORK we need to grab network config info

  62. if [[ "${ENABLE_UFW,,}" == "true" ]] || [[ -n "${LOCAL_NETWORK-}" ]]; then

  63.   eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')

  64.   ## IF we use UFW_ALLOW_GW_NET along with ENABLE_UFW we need to know what our netmask CIDR is

  65.   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then

  66.     eval $(ip r l dev ${INT} | awk '{if($5=="link"){print "GW_CIDR="$1; exit}}')

  67.   fi

  68. fi

  69. 

  70. ## Open port to any address

  71. function ufwAllowPort {

  72.   typeset -n portNum=${1}

  73.   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ -n "${portNum-}" ]]; then

  74.     echo "allowing ${portNum} through the firewall"

  75.     ufw allow ${portNum}

  76.   fi

  77. }

  78. 

  79. ## Open port to specific address.

  80. function ufwAllowPortLong {

  81.   typeset -n portNum=${1} sourceAddress=${2}

  82. 

  83.   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ -n "${portNum-}" ]] && [[ -n "${sourceAddress-}" ]]; then

  84.     echo "allowing ${sourceAddress} through the firewall to port ${portNum}"

  85.     ufw allow from ${sourceAddress} to any port ${portNum}

  86.   fi

  87. }

  88. 

  89. if [[ "${ENABLE_UFW,,}" == "true" ]]; then

  90.   # Enable firewall

  91.   echo "enabling firewall"

  92.   sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw

  93.   ufw enable

  94. 

  95.   if [[ "${TRANSMISSION_PEER_PORT_RANDOM_ON_START,,}" == "true" ]]; then

  96.     PEER_PORT="${TRANSMISSION_PEER_PORT_RANDOM_LOW}:${TRANSMISSION_PEER_PORT_RANDOM_HIGH}"

  97.   else

  98.     PEER_PORT="${TRANSMISSION_PEER_PORT}"

  99.   fi

  100. 

  101.   ufwAllowPort PEER_PORT

  102. 

  103.   if [[ "${WEBPROXY_ENABLED,,}" == "true" ]]; then

  104.     ufwAllowPort WEBPROXY_PORT

  105.   fi

  106.   if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then

  107.     ufwAllowPortLong TRANSMISSION_RPC_PORT GW_CIDR

  108.   else

  109.     ufwAllowPortLong TRANSMISSION_RPC_PORT GW

  110.   fi

  111. 

  112.   if [[ -n "${UFW_EXTRA_PORTS-}"  ]]; then

  113.     for port in ${UFW_EXTRA_PORTS//,/ }; do

  114.       if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then

  115.         ufwAllowPortLong port GW_CIDR

  116.       else

  117.         ufwAllowPortLong port GW

  118.       fi

  119.     done

  120.   fi

  121. fi

  122. 

  123. if [[ -n "${LOCAL_NETWORK-}" ]]; then

  124.   if [[ -n "${GW-}" ]] && [[ -n "${INT-}" ]]; then

  125.     for localNet in ${LOCAL_NETWORK//,/ }; do

  126.       echo "adding route to local network ${localNet} via ${GW} dev ${INT}"

  127.       /sbin/ip r a "${localNet}" via "${GW}" dev "${INT}"

  128.       if [[ "${ENABLE_UFW,,}" == "true" ]]; then

  129.         ufwAllowPortLong TRANSMISSION_RPC_PORT localNet

  130.         if [[ -n "${UFW_EXTRA_PORTS-}" ]]; then

  131.           for port in ${UFW_EXTRA_PORTS//,/ }; do

  132.             ufwAllowPortLong port localNet

  133.           done

  134.         fi

  135.       fi

  136.     done

  137.   fi

  138. fi

  139. 

  140. exec openvpn ${TRANSMISSION_CONTROL_OPTS} ${OPENVPN_OPTS} --config "${OPENVPN_CONFIG}"