vpn-node/Dockerfile

FROM debian:bookworm-slim

LABEL description="dante SOCKS5 + purevpn-cli exit node"

# ── System dependencies (all in one layer so apt cache is fresh for installer) ─
RUN apt-get update && apt-get install -y --no-install-recommends \
        dante-server \
        curl wget ca-certificates \
        iproute2 iptables iputils-ping \
        netcat-openbsd procps dnsutils \
        expect \
        openvpn wireguard wireguard-tools \
        net-tools openresolv \
    && rm -rf /var/lib/apt/lists/*

# ── Stub openvpn-systemd-resolved ────────────────────────────────────────────
# This package is not in Debian repos. Its absence is what triggers purevpn-cli
# to call `sudo --install-missing-components`. A no-op stub satisfies the check.
RUN mkdir -p /usr/lib/openvpn \
    && printf '#!/bin/sh\nexit 0\n' \
        | tee /usr/local/bin/openvpn-systemd-resolved \
              /usr/lib/openvpn/openvpn-systemd-resolved > /dev/null \
    && chmod +x /usr/local/bin/openvpn-systemd-resolved \
                /usr/lib/openvpn/openvpn-systemd-resolved

# ── Install purevpn-cli ───────────────────────────────────────────────────────
RUN curl -fsSL https://apps.purevpn-tools.com/cross-platform/linux-cli/production/cli-install.sh \
        -o /tmp/cli-install.sh \
    && bash /tmp/cli-install.sh \
    && rm -f /tmp/cli-install.sh

# ── Inspect binary (visible in build log, remove once confirmed working) ──────
RUN echo "=== binary type ===" \
    && file /opt/purevpn-cli/bin/purevpn-cli /opt/purevpn-cli/purevpn-cli 2>/dev/null || true \
    && echo "=== bin/purevpn-cli header ===" \
    && head -3 /opt/purevpn-cli/bin/purevpn-cli 2>/dev/null || true

# ── Fake sudo wrapper ────────────────────────────────────────────────────────
# Strips --install-missing-components (crashes pkg bootstrap when combined with
# --connect) then re-runs the binary with a CLEAN environment (env -i) so that
# any env vars set by the parent purevpn-cli don't corrupt the child's pkg
# bootstrap. Prints env key names and exec'd command for diagnosis.
RUN printf '#!/bin/bash\necho "[sudo] env: $(env | cut -d= -f1 | tr "\\n" " ")"\nnew=()\nfor a in "$@"; do\n  [[ "$a" == "--install-missing-components" ]] && { echo "[sudo] stripped --install-missing-components"; continue; }\n  new+=("$a")\ndone\necho "[sudo] exec (clean env): ${new[*]}"\nexec env -i PATH="$PATH" HOME=/root USER=root "${new[@]}"\n' \
    > /usr/local/bin/sudo && chmod +x /usr/local/bin/sudo

# ── PATH ──────────────────────────────────────────────────────────────────────
ENV PATH=/opt/purevpn-cli/bin:/opt/purevpn-cli:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

# ── Location list ─────────────────────────────────────────────────────────────
COPY servers.txt /etc/vpndock/servers.txt

# ── Entrypoint ────────────────────────────────────────────────────────────────
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

EXPOSE 1080

ENTRYPOINT ["/entrypoint.sh"]
feat: initial vpndock stack HAProxy SOCKS5 entry point + scalable purevpn-cli/microsocks exit nodes. Supports up to 10 simultaneous connections (PureVPN limit), random location selection from a predefined pool, and automatic reconnect to an unused location on server-side drop. 2026-03-11 09:45:42 +01:00			`FROM debian:bookworm-slim`

fix: replace microsocks with dante-server (apt package, no compilation) - Removes gcc/make/git and the microsocks git clone+build step - Installs dante-server from apt — zero compilation required - danted uses 'external: tun0' to explicitly route all proxied traffic through the VPN interface, more reliable than iptables-based routing - Config is generated at runtime after tun0 is confirmed up 2026-03-11 09:58:44 +01:00			`LABEL description="dante SOCKS5 + purevpn-cli exit node"`
feat: initial vpndock stack HAProxy SOCKS5 entry point + scalable purevpn-cli/microsocks exit nodes. Supports up to 10 simultaneous connections (PureVPN limit), random location selection from a predefined pool, and automatic reconnect to an unused location on server-side drop. 2026-03-11 09:45:42 +01:00
fix: correct purevpn-cli PATH (/opt/purevpn-cli/bin) and pre-install VPN deps 2026-03-11 10:11:01 +01:00			`# ── System dependencies (all in one layer so apt cache is fresh for installer) ─`
feat: initial vpndock stack HAProxy SOCKS5 entry point + scalable purevpn-cli/microsocks exit nodes. Supports up to 10 simultaneous connections (PureVPN limit), random location selection from a predefined pool, and automatic reconnect to an unused location on server-side drop. 2026-03-11 09:45:42 +01:00			`RUN apt-get update && apt-get install -y --no-install-recommends \`
fix: replace microsocks with dante-server (apt package, no compilation) - Removes gcc/make/git and the microsocks git clone+build step - Installs dante-server from apt — zero compilation required - danted uses 'external: tun0' to explicitly route all proxied traffic through the VPN interface, more reliable than iptables-based routing - Config is generated at runtime after tun0 is confirmed up 2026-03-11 09:58:44 +01:00			`dante-server \`
feat: initial vpndock stack HAProxy SOCKS5 entry point + scalable purevpn-cli/microsocks exit nodes. Supports up to 10 simultaneous connections (PureVPN limit), random location selection from a predefined pool, and automatic reconnect to an unused location on server-side drop. 2026-03-11 09:45:42 +01:00			`curl wget ca-certificates \`
			`iproute2 iptables iputils-ping \`
			`netcat-openbsd procps dnsutils \`
			`expect \`
fix: correct purevpn-cli PATH (/opt/purevpn-cli/bin) and pre-install VPN deps 2026-03-11 10:11:01 +01:00			`openvpn wireguard wireguard-tools \`
			`net-tools openresolv \`
feat: initial vpndock stack HAProxy SOCKS5 entry point + scalable purevpn-cli/microsocks exit nodes. Supports up to 10 simultaneous connections (PureVPN limit), random location selection from a predefined pool, and automatic reconnect to an unused location on server-side drop. 2026-03-11 09:45:42 +01:00			`&& rm -rf /var/lib/apt/lists/*`

fix: stub openvpn-systemd-resolved to prevent missing-components sudo call + binary inspection 2026-03-11 10:56:34 +01:00			`# ── Stub openvpn-systemd-resolved ────────────────────────────────────────────`
			`# This package is not in Debian repos. Its absence is what triggers purevpn-cli`
			# to call `sudo --install-missing-components`. A no-op stub satisfies the check.
			`RUN mkdir -p /usr/lib/openvpn \`
			`&& printf '#!/bin/sh\nexit 0\n' \`
			`\| tee /usr/local/bin/openvpn-systemd-resolved \`
			`/usr/lib/openvpn/openvpn-systemd-resolved > /dev/null \`
			`&& chmod +x /usr/local/bin/openvpn-systemd-resolved \`
			`/usr/lib/openvpn/openvpn-systemd-resolved`

fix: correct purevpn-cli PATH (/opt/purevpn-cli/bin) and pre-install VPN deps 2026-03-11 10:11:01 +01:00			`# ── Install purevpn-cli ───────────────────────────────────────────────────────`
feat: initial vpndock stack HAProxy SOCKS5 entry point + scalable purevpn-cli/microsocks exit nodes. Supports up to 10 simultaneous connections (PureVPN limit), random location selection from a predefined pool, and automatic reconnect to an unused location on server-side drop. 2026-03-11 09:45:42 +01:00			`RUN curl -fsSL https://apps.purevpn-tools.com/cross-platform/linux-cli/production/cli-install.sh \`
			`-o /tmp/cli-install.sh \`
			`&& bash /tmp/cli-install.sh \`
fix: correct purevpn-cli PATH (/opt/purevpn-cli/bin) and pre-install VPN deps 2026-03-11 10:11:01 +01:00			`&& rm -f /tmp/cli-install.sh`

fix: stub openvpn-systemd-resolved to prevent missing-components sudo call + binary inspection 2026-03-11 10:56:34 +01:00			`# ── Inspect binary (visible in build log, remove once confirmed working) ──────`
			`RUN echo "=== binary type ===" \`
			`&& file /opt/purevpn-cli/bin/purevpn-cli /opt/purevpn-cli/purevpn-cli 2>/dev/null \|\| true \`
			`&& echo "=== bin/purevpn-cli header ===" \`
			`&& head -3 /opt/purevpn-cli/bin/purevpn-cli 2>/dev/null \|\| true`

feat: manual connect mode + env -i sudo wrapper to fix pkg bootstrap crash - MANUAL_CONNECT=true: container waits for tun0, user connects via docker exec - MANUAL_CONNECT=false: auto mode (current), now with env -i in sudo wrapper - sudo wrapper logs inherited env key names so we can see what parent injects - monitor_loop extracted as shared function used by both modes - auto mode connect logic cleaned up into a single while-true rotation loop 2026-03-12 07:23:19 +01:00			`# ── Fake sudo wrapper ────────────────────────────────────────────────────────`
			`# Strips --install-missing-components (crashes pkg bootstrap when combined with`
			`# --connect) then re-runs the binary with a CLEAN environment (env -i) so that`
			`# any env vars set by the parent purevpn-cli don't corrupt the child's pkg`
			`# bootstrap. Prints env key names and exec'd command for diagnosis.`
			`RUN printf '#!/bin/bash\necho "[sudo] env: $(env \| cut -d= -f1 \| tr "\\n" " ")"\nnew=()\nfor a in "$@"; do\n [[ "$a" == "--install-missing-components" ]] && { echo "[sudo] stripped --install-missing-components"; continue; }\n new+=("$a")\ndone\necho "[sudo] exec (clean env): ${new[*]}"\nexec env -i PATH="$PATH" HOME=/root USER=root "${new[@]}"\n' \`
fix: fake sudo intercepts --install-missing-components to avoid pkg/Node.js bootstrap crash 2026-03-11 10:34:00 +01:00			`> /usr/local/bin/sudo && chmod +x /usr/local/bin/sudo`
fix: add fake sudo passthrough for purevpn-cli --install-missing-components 2026-03-11 10:23:35 +01:00
fix: stub openvpn-systemd-resolved to prevent missing-components sudo call + binary inspection 2026-03-11 10:56:34 +01:00			`# ── PATH ──────────────────────────────────────────────────────────────────────`
fix: correct purevpn-cli PATH (/opt/purevpn-cli/bin) and pre-install VPN deps 2026-03-11 10:11:01 +01:00			`ENV PATH=/opt/purevpn-cli/bin:/opt/purevpn-cli:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin`
feat: initial vpndock stack HAProxy SOCKS5 entry point + scalable purevpn-cli/microsocks exit nodes. Supports up to 10 simultaneous connections (PureVPN limit), random location selection from a predefined pool, and automatic reconnect to an unused location on server-side drop. 2026-03-11 09:45:42 +01:00
			`# ── Location list ─────────────────────────────────────────────────────────────`
			`COPY servers.txt /etc/vpndock/servers.txt`

			`# ── Entrypoint ────────────────────────────────────────────────────────────────`
			`COPY entrypoint.sh /entrypoint.sh`
			`RUN chmod +x /entrypoint.sh`

			`EXPOSE 1080`

			`ENTRYPOINT ["/entrypoint.sh"]`