treyzania
/
sscraggles-docker-deluge-openvpn
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
515 Commits
1 Branch
Tree: 6e48957a9d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6e48957a9d'
${ noResults }
sscraggles-docker-deluge-op.../openvpn/start.sh

start.sh 5.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 
  1. #!/bin/bash

  2. VPN_PROVIDER="${OPENVPN_PROVIDER,,}"

  3. VPN_PROVIDER_CONFIGS="/etc/openvpn/${VPN_PROVIDER}"

  4. 

  5. if [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then

  6.   echo "OpenVPN provider not set. Exiting."

  7.   exit 1

  8. elif [[ ! -d "${VPN_PROVIDER_CONFIGS}" ]]; then

  9.   echo "Could not find OpenVPN provider: ${OPENVPN_PROVIDER}"

  10.   echo "Please check your settings."

  11.   exit 1

  12. fi

  13. 

  14. echo "Using OpenVPN provider: ${OPENVPN_PROVIDER}"

  15. 

  16. if [[ -n "${OPENVPN_CONFIG-}" ]]; then

  17.   readarray -t OPENVPN_CONFIG_ARRAY <<< "${OPENVPN_CONFIG//,/$'\n'}"

  18.   ## Trim leading and trailing spaces from all entries. Inefficient as all heck, but works like a champ.

  19.   for i in "${!OPENVPN_CONFIG_ARRAY[@]}"; do

  20.     OPENVPN_CONFIG_ARRAY[${i}]="${OPENVPN_CONFIG_ARRAY[${i}]#"${OPENVPN_CONFIG_ARRAY[${i}]%%[![:space:]]*}"}"

  21.     OPENVPN_CONFIG_ARRAY[${i}]="${OPENVPN_CONFIG_ARRAY[${i}]%"${OPENVPN_CONFIG_ARRAY[${i}]##*[![:space:]]}"}"

  22.   done

  23.   if (( ${#OPENVPN_CONFIG_ARRAY[@]} > 1 )); then

  24.     OPENVPN_CONFIG_RANDOM=$((RANDOM%${#OPENVPN_CONFIG_ARRAY[@]}))

  25.     echo "${#OPENVPN_CONFIG_ARRAY[@]} servers found in OPENVPN_CONFIG, ${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]} chosen randomly"

  26.     OPENVPN_CONFIG="${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]}"

  27.   fi

  28. 

  29.   if [[ -f "${VPN_PROVIDER_CONFIGS}/${OPENVPN_CONFIG}.ovpn" ]]; then

  30.     echo "Starting OpenVPN using config ${OPENVPN_CONFIG}.ovpn"

  31.     OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/${OPENVPN_CONFIG}.ovpn"

  32.   else

  33.     echo "Supplied config ${OPENVPN_CONFIG}.ovpn could not be found."

  34.     echo "Using default OpenVPN gateway for provider ${VPN_PROVIDER}"

  35.     OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/default.ovpn"

  36.   fi

  37. else

  38.   echo "No VPN configuration provided. Using default."

  39.   OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/default.ovpn"

  40. fi

  41. 

  42. # add OpenVPN user/pass

  43. if [[ "${OPENVPN_USERNAME}" == "**None**" ]] || [[ "${OPENVPN_PASSWORD}" == "**None**" ]] ; then

  44.   if [[ ! -f /data/openvpn-credentials.txt ]] ; then

  45.     echo "OpenVPN credentials not set. Exiting."

  46.     exit 1

  47.   fi

  48.   echo "Found existing OPENVPN credentials..."

  49. else

  50.   echo "Setting OPENVPN credentials..."

  51.   mkdir -p /data

  52.   echo "${OPENVPN_USERNAME}" > /data/openvpn-credentials.txt

  53.   echo "${OPENVPN_PASSWORD}" >> /data/openvpn-credentials.txt

  54.   chmod 600 /data/openvpn-credentials.txt

  55. fi

  56. 

  57. ## add deluge credentials from env vars

  58. #echo "${DELUGE_RPC_USERNAME}" > /config/deluge-credentials.txt

  59. #echo "${DELUGE_RPC_PASSWORD}" >> /config/deluge-credentials.txt

  60. 

  61. # Persist deluge settings for use by deluge-daemon

  62. dockerize -template /etc/deluge/environment-variables.tmpl:/etc/deluge/environment-variables.sh

  63. 

  64. DELUGE_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/openvpn/tunnelUp.sh --down /etc/openvpn/tunnelDown.sh"

  65. 

  66. ## If we use UFW or the LOCAL_NETWORK we need to grab network config info

  67. if [[ "${ENABLE_UFW,,}" == "true" ]] || [[ -n "${LOCAL_NETWORK-}" ]]; then

  68.   eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')

  69.   ## IF we use UFW_ALLOW_GW_NET along with ENABLE_UFW we need to know what our netmask CIDR is

  70.   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then

  71.     eval $(ip r l dev ${INT} | awk '{if($5=="link"){print "GW_CIDR="$1; exit}}')

  72.   fi

  73. fi

  74. 

  75. ## Open port to any address

  76. function ufwAllowPort {

  77.   typeset -n portNum=${1}

  78.   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ -n "${portNum-}" ]]; then

  79.     echo "allowing ${portNum} through the firewall"

  80.     ufw allow ${portNum}

  81.   fi

  82. }

  83. 

  84. ## Open port to specific address.

  85. function ufwAllowPortLong {

  86.   typeset -n portNum=${1} sourceAddress=${2}

  87. 

  88.   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ -n "${portNum-}" ]] && [[ -n "${sourceAddress-}" ]]; then

  89.     echo "allowing ${sourceAddress} through the firewall to port ${portNum}"

  90.     ufw allow from ${sourceAddress} to any port ${portNum}

  91.   fi

  92. }

  93. 

  94. if [[ "${ENABLE_UFW,,}" == "true" ]]; then

  95.   # Enable firewall

  96.   echo "enabling firewall"

  97.   sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw

  98.   ufw enable

  99. 

  100.   if [[ "${DELUGE_PEER_PORT_RANDOM_ON_START,,}" == "true" ]]; then

  101.     PEER_PORT="${DELUGE_PEER_PORT_RANDOM_LOW}:${DELUGE_PEER_PORT_RANDOM_HIGH}"

  102.   else

  103.     PEER_PORT="${DELUGE_PEER_PORT}"

  104.   fi

  105. 

  106.   ufwAllowPort PEER_PORT

  107. 

  108.   if [[ "${WEBPROXY_ENABLED,,}" == "true" ]]; then

  109.     ufwAllowPort WEBPROXY_PORT

  110.   fi

  111.   if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then

  112.     ufwAllowPortLong DELUGE_RPC_PORT GW_CIDR

  113.   else

  114.     ufwAllowPortLong DELUGE_RPC_PORT GW

  115.   fi

  116. 

  117.   if [[ -n "${UFW_EXTRA_PORTS-}"  ]]; then

  118.     for port in ${UFW_EXTRA_PORTS//,/ }; do

  119.       if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then

  120.         ufwAllowPortLong port GW_CIDR

  121.       else

  122.         ufwAllowPortLong port GW

  123.       fi

  124.     done

  125.   fi

  126. fi

  127. 

  128. if [[ -n "${LOCAL_NETWORK-}" ]]; then

  129.   if [[ -n "${GW-}" ]] && [[ -n "${INT-}" ]]; then

  130.     for localNet in ${LOCAL_NETWORK//,/ }; do

  131.       echo "adding route to local network ${localNet} via ${GW} dev ${INT}"

  132.       /sbin/ip r a "${localNet}" via "${GW}" dev "${INT}"

  133.       if [[ "${ENABLE_UFW,,}" == "true" ]]; then

  134.         ufwAllowPortLong DELUGE_RPC_PORT localNet

  135.         if [[ -n "${UFW_EXTRA_PORTS-}" ]]; then

  136.           for port in ${UFW_EXTRA_PORTS//,/ }; do

  137.             ufwAllowPortLong port localNet

  138.           done

  139.         fi

  140.       fi

  141.     done

  142.   fi

  143. fi

  144. 

  145. exec openvpn ${DELUGE_CONTROL_OPTS} ${OPENVPN_OPTS} --config "${OPENVPN_CONFIG}"