[Suggestions] Update base image. Remove easyrsa steps from build. Create github actions to build docker images

[scmanjarrez]

Hi, what do you think about these requests?

The current container is a bit outdated, I've compiled my own container (arm) using latest alpine version, the only "problem" is that iptables is missing (we just need to add it to apk add list). Also integration testing should be performed, I know that it works with TCP, but I haven't tested UDP.

Also, I can help with the github action to build the container for multiple architectures (x86_64/arm) and deploy it to dockerhub (or github registry), but I think we should remove easyrsa init-pki/gen-dh from the Dockerfile, to my understanding, the primitives generated in this step must be unique for each user, but right now they're the same for every person using the container.

P.S.: Finally, I think you should move to discord instead of slack, right now discord has converted into the de facto standard to build a community for a repository.

[alekslitvinenk]

Hi!

Thanks a lot for suggestions. I highly appreciate this!

For the integration tests, I already have a wrapper for Dockovpn written in Golang and I'm creating unit-tests with it. For integration tests it can be used as well. Old tests reside in dockovpn-it repo and are written in Scala.

I have been long thinking about multiplatform builds as well. It'd be nice to have them in Docker Hub. GitHub Registry requires authentication with token even for public artefacts if I can recall correctly.

Can you please tell me little bit more about why iptables is the problem?

[scmanjarrez]

Mmmm, you call iptables from start.sh https://github.com/dockovpn/dockovpn/blob/master/scripts/start.sh#L54, right? How that works? Maybe it's supposed to run hosts iptables (due to NET_ADMIN capability)? Building the container in arm yields an error because of missing iptables (so I guess start.sh iptables rules aren't even working as expected, actually I couldn't make UDP work)

[alekslitvinenk]

Yes, indeed, iptables are called in start.sh, when container starts. It does run host iptables in a namespace dedicated for that container. It's not possible to set ip routing rules at build time.

What kind of error do you get when building an image for ARM?

[alekslitvinenk]

Regarding live-chat platform, I did research some time ago and Slack was more favourable option because of many factors such as convenience, plugins, ...etc. I may reevaluate Discord in the future though.

[scmanjarrez]

Hi, the error was a misconfiguration by myself, my VPS seems to be running very restrictive rules and I had to disable multiple firewalls to allow UDP traffic.
Anyway, this is the output after docker compose up when running latest alpine version (3.19.1):

❯ docker compose up
[+] Running 2/0
 ✔ Network openvpn_default       Created                                                                                                                                                                      0.1s
 ✔ Container openvpn-dockovpn-1  Created                                                                                                                                                                      0.0s
Attaching to dockovpn-1
dockovpn-1  | Sun Mar 24 10:51:02 2024 Creating tun/tap device.
dockovpn-1  | ./start.sh: line 54: iptables: command not found
dockovpn-1  | ./start.sh: line 55: iptables: command not found
dockovpn-1  | ./start.sh: line 58: iptables: command not found

Strangely, this doesn't happen when building using alpine 3.14.1. So it's just a matter of adding iptables in the RUN statement.

P.S.: I've been playing around with the rules and only these https://github.com/dockovpn/dockovpn/blob/master/scripts/start.sh#L62 seem relevant, am I missing something? Commenting out all rules except these 2 two allow the connection both TCP and UDP.