2026-02-05 07:36:25 +03:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
# EnsureTUN device exists
|
|
|
|
|
if [ ! -c /dev/net/tun ]; then
|
|
|
|
|
mkdir -p /dev/net
|
|
|
|
|
mknod /dev/net/tun c 10 200
|
|
|
|
|
chmod 600 /dev/net/tun
|
|
|
|
|
fi
|
|
|
|
|
|
2026-02-07 14:07:47 +03:00
|
|
|
# Enable IP forwarding (moved to docker-compose.yml sysctls)
|
|
|
|
|
# sysctl -w net.ipv4.ip_forward=1 || true
|
2026-02-05 07:36:25 +03:00
|
|
|
|
2026-02-06 21:14:52 +03:00
|
|
|
# NAT MASQUERADE
|
|
|
|
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
|
|
|
|
|
|
# MSS Clamping (Path MTU Tuning)
|
|
|
|
|
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
|
|
|
|
|
2026-02-07 14:51:15 +03:00
|
|
|
# Ensure /run exists for PID files
|
|
|
|
|
mkdir -p /run
|
|
|
|
|
|
2026-02-05 07:36:25 +03:00
|
|
|
|
2026-02-07 14:16:49 +03:00
|
|
|
# Initialize Easy-RSA if not already present in /app/easy-rsa
|
2026-02-07 14:37:57 +03:00
|
|
|
if [ ! -f /app/easy-rsa/easyrsa ]; then
|
2026-02-07 14:16:49 +03:00
|
|
|
echo "[INIT] Initializing Easy-RSA workspace..."
|
|
|
|
|
mkdir -p /app/easy-rsa
|
|
|
|
|
# Alpine installs easy-rsa files to /usr/share/easy-rsa
|
2026-02-07 14:30:45 +03:00
|
|
|
cp -r /usr/share/easy-rsa/* /app/easy-rsa/
|
2026-02-07 14:16:49 +03:00
|
|
|
fi
|
|
|
|
|
|
2026-02-07 14:37:57 +03:00
|
|
|
|
2026-02-05 07:36:25 +03:00
|
|
|
# Start the APP_PROFILER API
|
2026-02-07 14:07:47 +03:00
|
|
|
|
2026-02-07 14:16:49 +03:00
|
|
|
|
2026-02-05 07:36:25 +03:00
|
|
|
# We use 0.0.0.0 to be reachable from other containers
|
|
|
|
|
python main.py
|
