Skip to content

Conversation

@osiloke
Copy link

@osiloke osiloke commented Oct 24, 2017

  • Adds customizable docker image for running tunneld

* Adds customizable docker image for running tunneld
@osiloke osiloke mentioned this pull request Oct 24, 2017
@mmatczuk
Copy link
Owner

Thanks, I'll review it next week as I'm on a conference.

@ubergesundheit
Copy link

ubergesundheit commented Nov 8, 2017

Hi @osiloke,

I've built your image successfully with some changes:

In the builder:

RUN apk add --no-cache git ca-certificates \
	&& go get -v github.com/mmatczuk/go-http-tunnel/cmd/tunneld

In the final image:

RUN apk add --no-cache openssl ca-certificates

ENV COUNTY="US" \
  STATE="New Jersey" \
  LOCATION="Piscataway" \
  ORGANISATION="Ecample" \
  ROOT_CN="Root" \
  ISSUER_CN="Example Ltd" \
  PUBLIC_CN="example.com" \
  ROOT_NAME="root" \
  ISSUER_NAME="example" \
  PUBLIC_NAME="public" \
  RSA_KEY_NUMBITS="2048" \
  DAYS="365"

Also, are you sure the env key COUNTY shouln't be COUNTRY?

@ubergesundheit
Copy link

Sorry for hijacking..
The .sh files should be executable (chmod +x )

@rheinardkorf
Copy link

rheinardkorf commented Nov 11, 2017

@osiloke I really like this but ran into some issues with creating and reading the certs... I mapped /etc/ssl/certs to a different volume than in the README.md.

Error sample:

[i] Start OpenSSL, cert file save path: /etc/ssl/certs
[i] Generate root.crt
Generating RSA private key, 2048 bit long modulus
....+++
.....................................+++
e is 65537 (0x10001)
Cannot modifiy certificate subject
cp: can't stat 'root.crt': No such file or directory

Also, like @ubergesundheit mentioned, I had to chmod +x the .sh files in the Dockerfile because I got a permission error on entrypoint.sh.

I tried to follow the README.md, but I feel it misses critical build steps that would make this addition even more friendly.

@ubergesundheit
Copy link

It would make even more sense to use a docker volume to store the certificates or even use certificates obtained from lets encrypt.

Create docker image:
docker volume create tunnel-certs
And then
docker run -v tunnel-certs:/etc/ssl/certs -p 4443:4443 tunneld/tunneld

@thdxr
Copy link

thdxr commented Nov 28, 2017

Is there a plan to get this published in Docker Hub?

@mmatczuk
Copy link
Owner

There is a plan to do that yet right now the focus is on streamlining the tunnel usage. Based on that there will be an official docker image.

@MichelDiz
Copy link

MichelDiz commented Feb 25, 2018

Some news for this official image?

@gpatri
Copy link

gpatri commented Sep 18, 2018

This is my draft of a very optimized image (4meg). You can remove 'tunnel' for server need (2meg)

FROM golang:alpine as builder
EXPOSE 80 443 5223

RUN apk add --update bash git upx && rm -rf /var/cache/apk/*
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go get -u -ldflags="-s -w" -u github.com/mmatczuk/go-http-tunnel/cmd/...
RUN upx -5 /go/bin/tunnel
RUN upx -5 /go/bin/tunneld

FROM scratch
COPY --from=builder /etc/passwd /etc/passwd
EXPOSE 5223

COPY --from=builder /go/bin/tunneld /go/bin/tunneld

optional

COPY --from=builder /go/bin/tunnel /go/bin/tunnel

Run it:
docker run -d -v pwd:/tunnel go-tunnel /go/bin/tunneld -tlsCrt /tunnel/server.crt -tlsKey /tunnel/server.key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants