ocserv-dashboard/Dockerfile-Ocserv at 5491de1bca6cdeeb95c9e5c205c8e4c51a235632 · mmtaee/ocserv-dashboard · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# -----------------------------
# Builder Stage
# -----------------------------
FROM golang:1.25.0 AS builder

ARG OCSERV_VERSION

ENV OCSERV_VERSION="${OCSERV_VERSION}"
ENV CGO_ENABLED=1
ENV GOOS=linux
ENV GOARCH=amd64
ENV DEBIAN_FRONTEND=noninteractive

RUN mkdir /common

COPY services/common /common

WORKDIR /app

# Copy Go modules first for caching
COPY services/api/go.mod services/api/go.sum ./

RUN go mod download

# Copy source code and build
COPY services/api .

RUN go build -ldflags="-s -w" -o api main.go

# -----------------------------
# Build Webhook Service
# -----------------------------
WORKDIR /webhook

# Copy webhook source
COPY services/webhook/go.mod services/webhook/go.sum ./
RUN go mod download

COPY services/webhook .

RUN go build -ldflags="-s -w" -o webhook main.go

# -----------------------------
# Final Stage
# -----------------------------
FROM debian:trixie-slim

ENV PATH="/usr/local/sbin:$PATH"

COPY scripts/ocserv_setup_docker.sh /setup.sh

# Install dependencies
# Install dependencies, run setup, cleanup
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        # runtime deps
        sudo ca-certificates procps gnutls-bin iptables \
        openssl less dnsutils jq curl \
        \
        # build deps (needed for ocserv build)
        build-essential meson ninja-build pkg-config git \
        libgnutls28-dev libev-dev libreadline-dev libtasn1-bin \
        libpam0g-dev liblz4-dev libseccomp-dev \
        libnl-route-3-dev libkrb5-dev libradcli-dev \
        libcurl4-gnutls-dev libcjose-dev libjansson-dev liboath-dev \
        libprotobuf-c-dev libtalloc-dev libllhttp-dev protobuf-c-compiler \
        gperf ipcalc

# build ocserv service
RUN chmod +x /setup.sh && bash /setup.sh

# 🔥 remove build deps after install (important)
RUN apt-get purge -y \
        build-essential meson ninja-build pkg-config git protobuf-c-compiler gperf \
    && apt-get autoremove -y \
    \
    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /setup.sh

# Set working directory
WORKDIR /usr/local/bin

# Copy API binary and scripts
COPY --from=builder /app/api /usr/local/bin/api
COPY --from=builder /webhook/webhook /usr/local/bin/webhook

COPY scripts/ocserv_entrypoint.sh /entrypoint.sh
COPY scripts/ocserv_server.sh /server.sh

# Make binaries and scripts executable
RUN chmod +x /entrypoint.sh /server.sh /usr/local/bin/api /usr/local/bin/webhook

# Expose ports
EXPOSE 443/tcp 443/udp 8080 8888

# Volumes
VOLUME ["/etc/ocserv", "/usr/local/bin/db"]

# Run entrypoint as root (required for ocserv)
ENTRYPOINT ["/entrypoint.sh"]

# Default CMD
CMD ["/server.sh"]