openfortivpn-haproxy
openfortivpn-haproxy copied to clipboard
Published
20 hours ago •
jeffre
jeffre
Unable to find docker-entrypoint.sh
I followed the instructions in the readme, but I always receive an error, whether I use the help-flag to view the options or try to actually connect with a server. This is the command I use to run the container:
docker run --rm -it ^
--privileged ^
--cap-add=NET_ADMIN ^
-p 3390:3389 ^
-e PORT_FORWARD="3389:10.0.0.1:3390" ^
jeffre/openfortivpn-haproxy:latest ^
-v "config/default"
And this is the error I get every time:
exec /usr/bin/docker-entrypoint.sh: no such file or directory
Building the container works fine and docker-entrypoint.sh is located in the same directory as the dockerfile, so I don't know why it insists it can't be found.
Commit: 9da011447ed163642c3c5bcc25b2e494cc8fc113 OS: Windows Server 2022 Docker: 4.17.0 (99724)
Your command worked for me. However, I am not running on windows so that might be a factor. I wonder if docker-entrypoint.sh lost its executable status because of windows. What do you get from docker run --rm -it --entrypoint=ls jeffre/openfortivpn-haproxy:latest -l /usr/bin
Using this command gets me this:
total 1936
lrwxrwxrwx 1 root root 12 May 9 18:39 [ -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 [[ -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 awk -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 basename -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 bc -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 beep -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 blkdiscard -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 bunzip2 -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 bzcat -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 bzip2 -> /bin/busybox
-rwxr-xr-x 1 root root 14400 May 6 12:08 c_rehash
lrwxrwxrwx 1 root root 12 May 9 18:39 cal -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 chvt -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 cksum -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 clear -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 cmp -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 comm -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 cpio -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 crontab -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 cryptpw -> /bin/busybox
-rwxr-xr-x 1 root root 227416 May 30 16:44 curl
lrwxrwxrwx 1 root root 12 May 9 18:39 cut -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 dc -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 deallocvt -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 diff -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 dirname -> /bin/busybox
-rwxr-xr-x 1 root root 2531 Jun 1 11:36 docker-entrypoint.sh
lrwxrwxrwx 1 root root 12 May 9 18:39 dos2unix -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 du -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 eject -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 env -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 expand -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 expr -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 factor -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 fallocate -> /bin/busybox
-rwxr-xr-x 1 root root 84336 Apr 11 16:01 filan
lrwxrwxrwx 1 root root 12 May 9 18:39 find -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 flock -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 fold -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 free -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 fuser -> /bin/busybox
-rwxr-xr-x 1 root root 35008 May 2 03:49 getconf
-rwxr-xr-x 1 root root 48544 May 2 03:49 getent
lrwxrwxrwx 1 root root 12 May 9 18:39 groups -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 hd -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 head -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 hexdump -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 hostid -> /bin/busybox
-rwxr-xr-x 1 root root 24256 May 2 03:49 iconv
lrwxrwxrwx 1 root root 12 May 9 18:39 id -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 install -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 ipcrm -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 ipcs -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 killall -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 last -> /bin/busybox
-rwxr-xr-x 1 root root 52 May 2 03:49 ldd
lrwxrwxrwx 1 root root 12 May 9 18:39 less -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 logger -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 lsof -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 lsusb -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 lzcat -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 lzma -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 lzopcat -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 md5sum -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 mesg -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 microcom -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 mkfifo -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 mkpasswd -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 nc -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 nl -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 nmeter -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 nohup -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 nproc -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 nsenter -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 nslookup -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 od -> /bin/busybox
-rwxr-xr-x 1 root root 303080 Jun 1 11:38 openfortivpn
-rwxr-xr-x 1 root root 746936 May 30 17:48 openssl
lrwxrwxrwx 1 root root 12 May 9 18:39 openvt -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 passwd -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 paste -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 pgrep -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 pkill -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 pmap -> /bin/busybox
-rwxr-xr-x 1 root root 2783 Apr 11 16:01 poff
-rwxr-xr-x 1 root root 970 Apr 11 16:01 pon
lrwxrwxrwx 1 root root 12 May 9 18:39 printf -> /bin/busybox
-rwxr-xr-x 1 root root 72048 Apr 11 16:01 procan
lrwxrwxrwx 1 root root 12 May 9 18:39 pscan -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 pstree -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 pwdx -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 readlink -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 realpath -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 renice -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 reset -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 resize -> /bin/busybox
-rwxr-xr-x 1 root root 75720 Apr 11 16:01 scanelf
lrwxrwxrwx 1 root root 12 May 9 18:39 seq -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 setkeycodes -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 setsid -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 sha1sum -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 sha256sum -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 sha3sum -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 sha512sum -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 showkey -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 shred -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 shuf -> /bin/busybox
-rwxr-xr-x 1 root root 302888 Apr 11 16:01 socat
lrwxrwxrwx 1 root root 12 May 9 18:39 sort -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 split -> /bin/busybox
-rwxr-xr-x 1 root root 14392 May 5 06:41 ssl_client
lrwxrwxrwx 1 root root 12 May 9 18:39 strings -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 sum -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 tac -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 tail -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 tee -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 test -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 time -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 timeout -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 top -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 tr -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 traceroute -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 traceroute6 -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 tree -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 truncate -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 tty -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 ttysize -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 udhcpc6 -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 unexpand -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 uniq -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 unix2dos -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 unlink -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 unlzma -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 unlzop -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 unshare -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 unxz -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 unzip -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 uptime -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 uudecode -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 uuencode -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 vi -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 vlock -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 volname -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 wc -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 wget -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 which -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 who -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 whoami -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 whois -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 xargs -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 xxd -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 xzcat -> /bin/busybox
lrwxrwxrwx 1 root root 12 May 9 18:39 yes -> /bin/busybox
-rwxr-xr-x 1 root root 2531 Jun 1 11:36 docker-entrypoint.sh
Looks like my first guess was wrong as the executable permissions are set correctly.
I have pushed an update to this repo and docker image that fixes an issue an unrelated issue and more importantly looks for an environment variable ENTRYDEBUG which, when set to TRUE, may help us track the problem down. Will you pull down the changes and try again with -e ENTRYDEBUG=TRUE?
Alright, this time I tried it with and without manually building the image before running it. For reference, this is the run command:
docker run --rm -it ^
--privileged ^
--cap-add=NET_ADMIN ^
-p 3390:3389 ^
-e PORT_FORWARD="3389:10.0.0.1:3390" ^
-e ENTRYDEBUG=TRUE ^
-v "config/default" ^
jeffre/openfortivpn-haproxy:latest
Without building the image first, this is the output:
C:\internal\openfortivpn-haproxy>docker run --rm -it --privileged --cap-add=NET_ADMIN -p 3390:3389 -e PORT_FORWARD="3389:10.0.0.1:3390" -e ENTRYDEBUG=TRUE -v "config/default" jeffre/openfortivpn-haproxy:latest
Unable to find image 'jeffre/openfortivpn-haproxy:latest' locally
latest: Pulling from jeffre/openfortivpn-haproxy
8a49fdb3b6a5: Already exists
e2881883f46a: Pull complete
9294aa36b7e7: Pull complete
34a236d9b137: Pull complete
Digest: sha256:2191db8114a62bca40337066ee0e9cd37a19c66037aea4b6c497f7d1beeba2d1
Status: Downloaded newer image for jeffre/openfortivpn-haproxy:latest
# Ensure the ppp device exists
[ -c /dev/ppp ] || su-exec root mknod /dev/ppp c 108 0
# Generate regex search string
r="^" # Required start of variable name
r="${r}\(PORT_FORWARD\|REMOTE_ADDR\)[^=]*=" # Required variable name
r="${r}\(\(tcp\|udp\):\)\?" # Optional tcp or udp
r="${r}\(\(\d\{1,5\}\):\)\?" # Optional LOCAL_PORT
r="${r}[a-zA-Z0-9.-]\+" # Required REMOTE_HOST (ip or hostname)
r="${r}:\d\{1,5\}" # Required REMOTE_PORT
r="${r}$" # Required end of variable contents
# Create a space separated list of forwarded ports. Pause immediate script
# termination on non-zero exits to permit use without port forwarding.
set +e
forwards=$(
env \
| grep "${r}" \
| cut -d= -f2-
)
set -e
# Remove our old socat entries from ip-up
sed '/^socat/d' -i /etc/ppp/ip-up
# Iterate over all REMOTE_ADDR.* environment variables and create ppp ip-up
# scripts
for forward in ${forwards}; do
# Replace colons with spaces add them into a bash array
colons=$(echo "${forward}" | grep -o ':' | wc -l)
if [ "${colons}" -eq "3" ]; then
PROTOCOL=$(echo "${forward}" | cut -d: -f1)
LOCAL_PORT=$(echo "${forward}" | cut -d: -f2)
REMOTE_HOST=$(echo "${forward}" | cut -d: -f3)
REMOTE_PORT=$(echo "${forward}" | cut -d: -f4)
elif [ "${colons}" -eq "2" ]; then
PROTOCOL="tcp"
LOCAL_PORT=$(echo "${forward}" | cut -d: -f1)
REMOTE_HOST=$(echo "${forward}" | cut -d: -f2)
REMOTE_PORT=$(echo "${forward}" | cut -d: -f3)
elif [ "${colons}" -eq "1" ]; then
PROTOCOL="tcp"
LOCAL_PORT="1111"
REMOTE_HOST=$(echo "${forward}" | cut -d: -f1)
REMOTE_PORT=$(echo "${forward}" | cut -d: -f2)
else
printf 'Unrecognized PORT_FORWARD(*) value: "%s"\n' "${address}" >&2
exit 1
fi
# Use ppp's ip-up script to start the socat tunnels. In testing, this works
# well with one exception being hostname resolution doesnt happen within the
# VPN.
# For future attemps at solving this issue: dig/drill resolve properly after
# VPN is established whereas `getent hosts` and whatver ping/ssh use do not.
# It seems potentially related to musl and would be worth testing if this
# docker image should base of debian instead of alpine.
echo "socat ${PROTOCOL}-l:${LOCAL_PORT},fork,reuseaddr ${PROTOCOL}:${REMOTE_HOST}:${REMOTE_PORT} &" \
>> "/etc/ppp/ip-up"
done
# Force all args into openfortivpn
if [ "$1" = "openfortivpn" ]; then
shift
fi
exec openfortivpn "$@"
WARN: Could not load configuration file "/etc/openfortivpn/config" (No such file or directory).
ERROR: Specify a valid host:port couple.
Usage: openfortivpn [<host>[:<port>]] [-u <user>] [-p <pass>]
[--cookie=<cookie>] [--cookie-on-stdin]
[--otp=<otp>] [--otp-delay=<delay>] [--otp-prompt=<prompt>]
[--pinentry=<program>] [--realm=<realm>]
[--ifname=<ifname>] [--set-routes=<0|1>]
[--half-internet-routes=<0|1>] [--set-dns=<0|1>]
[--pppd-use-peerdns=<0|1>] [--pppd-log=<file>]
[--pppd-ifname=<string>] [--pppd-ipparam=<string>]
[--pppd-call=<name>] [--pppd-plugin=<file>]
[--ca-file=<file>]
[--user-cert=<file>] [--user-key=<file>]
[--use-syslog] [--trusted-cert=<digest>]
[--persistent=<interval>] [-c <file>] [-v|-q]
openfortivpn --help
openfortivpn --version
And for the second try, I first ran the following command:
docker build . -t "jeffre/openfortivpn-haproxy:latest"
And the result was, once again, this:
C:\internal\openfortivpn-haproxy>docker run --rm -it --privileged --cap-add=NET_ADMIN -p 3390:3389 -e PORT_FORWARD="3389:10.0.0.1:3390" -e ENTRYDEBUG=TRUE -v "config/default" jeffre/openfortivpn-haproxy:latest
exec /usr/bin/docker-entrypoint.sh: no such file or directory
Building on windows is a stretch for me to support but my immediate thought is this Dockerfile is multistage and perhaps your docker --version is old and is skipping part of the build? May I suggest updating your docker installation?
~Another thought: perhaps the version of alpine you have locally doesn't include /usr/bin in the PATH env variable.~
Never mind this thought. Realizing your error message includes /usr/bin which tells me it is in PATH already.
Looking back at this, I would have expected a more verbose error message since you used ENTRYDEBUG=TRUE. Did you update your local source code before building it?
And for the second try, I first ran the following command:
docker build . -t "jeffre/openfortivpn-haproxy:latest"And the result was, once again, this:
C:\internal\openfortivpn-haproxy>docker run --rm -it --privileged --cap-add=NET_ADMIN -p 3390:3389 -e PORT_FORWARD="3389:10.0.0.1:3390" -e ENTRYDEBUG=TRUE -v "config/default" jeffre/openfortivpn-haproxy:latest exec /usr/bin/docker-entrypoint.sh: no such file or directory
I did notice that my Dockerfile was different, so I cloned the repo again and built the image again. The error on docker run is still the same, however. For reference, here is the log when building the image:
[+] Building 1.7s (10/10) FINISHED
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 1.13kB 0.0s
=> [internal] load .dockerignore 0.1s
=> => transferring context: 76B 0.0s
=> [internal] load metadata for docker.io/library/alpine:latest 1.3s
=> [builder 1/2] FROM docker.io/library/alpine@sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 2.79kB 0.0s
=> CACHED [stage-1 2/4] RUN apk add --no-cache ca-certificates openssl ppp curl su-exec socat 0.0s
=> CACHED [builder 2/2] RUN apk add --no-cache openssl-dev ppp ca-certificates curl && apk add --no-cache --virtual .build-deps 0.0s
=> CACHED [stage-1 3/4] COPY --from=builder /usr/bin/openfortivpn /usr/bin/openfortivpn 0.0s
=> CACHED [stage-1 4/4] COPY ./docker-entrypoint.sh /usr/bin/ 0.0s
=> exporting to image 0.1s
=> => exporting layers 0.0s
=> => writing image sha256:3b4fe3197101deb11bed57d27d2a5f42afbd12a3264b936476c5426c96a009bf 0.0s
=> => naming to docker.io/jeffre/openfortivpn-haproxy:latest 0.0s
Closing this as I am unable to recreate it. Feel free to re-open if you have any more info to add.