Skip to content

Commit

Permalink
Move cipher configuration to Dockerfile so the defaults are also
Browse files Browse the repository at this point in the history 
available to the scripts (ie getclient)
  • Loading branch information
@pieterlange
pieterlange committed Jan 24, 2017
1 parent 60d6e9f commit 915a4ff
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 3 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ ENV OVPN_CRL $OPENVPN/crl/crl.pem
ENV OVPN_CCD $OPENVPN/ccd
ENV OVPN_DEFROUTE 0

ENV OVPN_CIPHER "AES-256-CBC"
ENV OVPN_TLS_CIPHER "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"

ENV EASYRSA /usr/share/easy-rsa
ENV EASYRSA_PKI $OPENVPN/pki

Expand Down
2 changes: 0 additions & 2 deletions entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@ OVPN_PROTO="${OVPN_PROTO:-tcp}"
OVPN_NATDEVICE="${OVPN_NATDEVICE:-eth0}"
OVPN_K8S_DOMAIN="${OVPN_K8S_DOMAIN:-svc.cluster.local}"
OVPN_VERB=${OVPN_VERB:-3}
OVPN_CIPHER=${OVPN_CIPHER:-"AES-256-CBC"}
OVPN_TLS_CIPHER=${OVPN_TLS_CIPHER:-"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"}

if [ ! -d "${EASYRSA_PKI}" ]; then
echo "PKI directory missing. Did you mount in your Secret?"
Expand Down

0 comments on commit 915a4ff

Please sign in to comment.