2026-02-05 07:36:25 +03:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
# EnsureTUN device exists
|
|
|
|
|
if [ ! -c /dev/net/tun ]; then
|
|
|
|
|
mkdir -p /dev/net
|
|
|
|
|
mknod /dev/net/tun c 10 200
|
|
|
|
|
chmod 600 /dev/net/tun
|
|
|
|
|
fi
|
|
|
|
|
|
2026-02-07 14:07:47 +03:00
|
|
|
# Enable IP forwarding (moved to docker-compose.yml sysctls)
|
|
|
|
|
# sysctl -w net.ipv4.ip_forward=1 || true
|
2026-02-05 07:36:25 +03:00
|
|
|
|
2026-02-06 21:14:52 +03:00
|
|
|
# NAT MASQUERADE
|
|
|
|
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
|
|
|
|
|
|
# MSS Clamping (Path MTU Tuning)
|
|
|
|
|
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
|
|
|
|
|
2026-02-07 14:07:47 +03:00
|
|
|
# Minimal OpenRC initialization to allow rc-service to work in Alpine
|
|
|
|
|
mkdir -p /run/openrc
|
|
|
|
|
touch /run/openrc/softlevel
|
2026-02-05 07:36:25 +03:00
|
|
|
|
2026-02-07 14:16:49 +03:00
|
|
|
# Initialize Easy-RSA if not already present in /app/easy-rsa
|
|
|
|
|
if [ ! -d /app/easy-rsa ]; then
|
|
|
|
|
echo "[INIT] Initializing Easy-RSA workspace..."
|
|
|
|
|
mkdir -p /app/easy-rsa
|
|
|
|
|
# Alpine installs easy-rsa files to /usr/share/easy-rsa
|
|
|
|
|
ln -s /usr/share/easy-rsa/* /app/easy-rsa/
|
|
|
|
|
fi
|
|
|
|
|
|
2026-02-05 07:36:25 +03:00
|
|
|
# Start the APP_PROFILER API
|
2026-02-07 14:07:47 +03:00
|
|
|
|
2026-02-07 14:16:49 +03:00
|
|
|
|
2026-02-05 07:36:25 +03:00
|
|
|
# We use 0.0.0.0 to be reachable from other containers
|
|
|
|
|
python main.py
|
