2025-04-02 08:31:34 +04:00
|
|
|
version: "3"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
ocserv:
|
|
|
|
|
image: quay.io/aminvakil/ocserv
|
|
|
|
|
container_name: ocserv
|
|
|
|
|
sysctls:
|
|
|
|
|
- net.ipv4.ip_forward=1
|
|
|
|
|
cap_add:
|
|
|
|
|
- NET_ADMIN
|
|
|
|
|
security_opt:
|
|
|
|
|
- no-new-privileges
|
2025-10-31 08:59:15 +04:00
|
|
|
networks:
|
|
|
|
|
overlay_net:
|
|
|
|
|
ipv4_address: 11.101.0.2
|
|
|
|
|
|
2025-04-02 08:31:34 +04:00
|
|
|
ports:
|
2025-10-31 08:59:15 +04:00
|
|
|
- "5443:443"
|
|
|
|
|
- "5443:443/udp"
|
2025-04-02 08:31:34 +04:00
|
|
|
environment:
|
|
|
|
|
- SRV_CN=${LETSENCRYPT_DOMAIN}
|
|
|
|
|
- CA_DAYS=${LETSENCRYPT_RENEW}
|
|
|
|
|
- CAMOUFLAGE_SECRET=${CAMOUFLAGE_SECRET}
|
|
|
|
|
- OCSERV_USER=${OCSERV_USER}
|
|
|
|
|
- OCSERV_PASS=${OCSERV_PASS}
|
|
|
|
|
volumes:
|
|
|
|
|
- /app/openconnect/config:/etc/ocserv
|
2025-10-31 08:59:15 +04:00
|
|
|
- /etc/letsencrypt/:/ssl
|
2025-04-02 08:31:34 +04:00
|
|
|
restart: unless-stopped
|
|
|
|
|
command: bash -c "
|
|
|
|
|
sed -i '/^camouflage = /{s/false/true/}' /etc/ocserv/ocserv.conf &&
|
|
|
|
|
sed -i '/^camouflage_secret = /{s/mysecretkey/${CAMOUFLAGE_SECRET}/}' /etc/ocserv/ocserv.conf &&
|
|
|
|
|
echo -e '${OCSERV_PASS}\n${OCSERV_PASS}' | ocpasswd -c /etc/ocserv/ocpasswd ${OCSERV_USER} &&
|
|
|
|
|
ocpasswd -c /etc/ocserv/ocpasswd -d test &&
|
|
|
|
|
ocserv -f -c /etc/ocserv/ocserv.conf"
|
2025-10-31 08:59:15 +04:00
|
|
|
|
|
|
|
|
networks:
|
|
|
|
|
overlay_net:
|
|
|
|
|
external: true
|
