This will build a Docker Image for tinc - A VPN service.
- Latest Release automatically downloaded and compiled (1.1 test series)
- Automatically downloads peer configuration files from git server based on network name.
- Configurable Options for resyncing information from git server
- Configurable Options to enable various types of compression or enable debugging for troubleshooting.
- Logrotate Installed and will rotate logs daily and hold for 7 days.
Do NOT use a public git server to host your repository, as it will reveal personal details of your network! You have been warned
- About
- Maintainer
- Table of Contents
- Prerequisites and Assumptions
- Installation
- Configuration
- Maintenance
- Support
- License
- References
- This image relies on a private Git Repository to store configuration data. Create a private repo and user account in git before proceeding.
Clone this repository and build the image with docker build <arguments> (imagename) .
Builds of the image are available on Docker Hub
docker pull docker.io/tiredofit/docker-tinc:(imagetag)
Builds of the image are also available on the [Github Container Registry](https://github.com/tiredofit/docker-tinc/pkgs/container/docker-tinc)
```bash
docker pull ghcr.io/tiredofit/docker-tinc:(imagetag)
The following image tags are available along with their tagged release based on what's written in the Changelog:
Container OS | Tag |
---|---|
Alpine | :latest |
Images are built primarily for amd64
architecture, and may also include builds for arm/v7
, arm64
and others. These variants are all unsupported. Consider sponsoring my work so that I can work with various hardware. To see if this image supports multiple architecures, type docker manifest (image):(tag)
-
The quickest way to get started is using docker-compose. See the examples folder for a working compose.yml that can be modified for development or production use.
-
Set various environment variables to understand the capabilities of this image.
-
Map persistent storage for access to configuration and data files for backup.
-
Alter Firewall Configuration to allow access to network ports
The following directories are used for configuration and can be mapped for persistent storage.
Directory | Description |
---|---|
/etc/tinc/ |
Root tinc Directory |
/var/log/tinc |
Log Files |
This image relies on an Alpine Linux base image that relies on an init system for added capabilities. Outgoing SMTP capabilities are handlded via msmtp
. Individual container performance monitoring is performed by zabbix-agent. Additional tools include: bash
,curl
,less
,logrotate
, nano
.
Be sure to view the following repositories to understand all the customizable options:
Image | Description |
---|---|
OS Base | Customized Image based on Alpine Linux |
Parameter | Description | Default |
---|---|---|
CIPHER |
Encryption Cipher | aes-256-cbc |
COMPRESSION |
Level of LZO Compression (e.g. 9) | 0 |
CRON_PERIOD |
Adjustable time to check GIT Server for any updates | 30 |
DIGEST |
Hashing Digest | sha256 |
ENABLE_GIT |
Enable Git Repository Functionality TRUE or FALSE |
TRUE |
ENABLE_CONFIG_RELOAD |
Enable reloading Tinc when configuration changes | TRUE |
ENABLE_WATCHDOG |
Reload Tinc when it can't get a response from a host | FALSE |
GIT_PASS |
Password for above user (e.g. password ) |
|
GIT_URL |
GIT Repository URL (ie https://github.com/username/repo.git ) |
|
GIT_USER |
Username to Authenticate to git server (e.g. username ) |
|
INTERFACE |
Which Interface to use (relies on /dev/tun) (e.g. tun0 ) |
tun0 |
LISTEN_PORT |
Listening Port | 655 |
LOG_LEVEL |
Adjustable Debug level as per tinc documentation (e.g 5) | 2 |
LOG_PATH |
Log Path | /var/log/tinc |
MAC_LENGTH |
MAC Length | 16 |
NETWORK |
The VPN name - (e.g. securenetwork ) |
|
NODE |
The unique hostname of the machine joining the VPN (e.g. hostname ) |
|
PEERS |
Which server should be used to contact first to create the mesh VPN (e.g. host1_hostname_com host2_hostname_com ) |
|
PRIVATE_IP |
The private IP that is assigned to this machine on the VPN (e.g. 172.16.23.13 ) |
|
PUBLIC_IP |
The public IP you wish to listen on (e.g. 137.233.212.121 ) |
|
SETUP_TYPE |
Utilize these above environment variables AUTO or MANUAL |
AUTO |
WATCHDOG_HOST |
IP Address or hostname of host to check connectivity | |
WATCHDOG_FREQUENCY |
How many seconds to wait between checks on host | 60 |
The following ports are exposed.
Port | Description |
---|---|
655 |
Tinc |
NOTE: You must also allow capabilities for
NET_ADMIN
to docker to be able to have access to the IP Stack. Also, you must create/dev/tun
as a device. If you want to make the Docker Host be able to be accessible you also must addnetwork:host
as an option otherwise only the containers will be accessible. See the working compose.yml example as shown above.
For debugging and maintenance purposes you may want access the containers shell.
docker exec -it (whatever your container name is) bash
These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.
- The Discussions board is a great place for working with the community on tips and tricks of using this image.
- Sponsor me for personalized support
- Please, submit a Bug Report if something isn't working as expected. I'll do my best to issue a fix in short order.
- Feel free to submit a feature request, however there is no guarantee that it will be added, or at what timeline.
- Sponsor me regarding development of features.
- Best effort to track upstream changes, More priority if I am actively using the image in a production environment.
- Sponsor me for up to date releases.
MIT. See LICENSE for more details.