examples/hemmelig/docker-compose.yml

@@ -6,8 +6,8 @@ services:
     init: true
     volumes:
       - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hemmelig/files:/var/tmp/hemmelig/upload/files
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hemmelig/database:/home/node/hemmelig/database/
     environment:
+      - SECRET_REDIS_HOST=hemmelig-redis  # Override this for your redis host address
       - SECRET_LOCAL_HOSTNAME=0.0.0.0     # The local hostname for the fastify instance
       - SECRET_PORT=3000                  # The port number for the fastify instance
       - SECRET_HOST=                      # Used for i.e. set cors to your domain name
@@ -19,6 +19,8 @@ services:
       - SECRET_MAX_TEXT_SIZE=256          # The max text size for the secret. Is set in kb. i.e. 256 for 256kb
     ports:
       - "3000:3000"
+    depends_on:
+      - redis
     restart: always
     stop_grace_period: 1m
     healthcheck:
@@ -32,3 +34,19 @@ services:
     #  - traefik.docker.network=proxy
     #  # Part for optional traefik middlewares
     #  - traefik.http.routers.hemmelig.middlewares=local-ipwhitelist@file,basic-auth@file  
+
+  redis:
+    image: redis
+    container_name: hemmelig-redis
+    hostname: hemmelig-redis
+    init: true
+    # Enable to make redis data persistent
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hemmelig/redis/:/data
+    command: redis-server --appendonly yes
+    restart: always
+    stop_grace_period: 1m
+    healthcheck:
+      test: "redis-cli ping | grep PONG || exit 1"
+      timeout: 5s
+      retries: 1

examples/ipsec-vpn-server/README.md

@@ -1,29 +1,3 @@
 # References 
 
 - https://github.com/hwdsl2/docker-ipsec-vpn-server
-
-# Notes
-
-> IKEv2 mode has improvements over IPsec/L2TP and IPsec/XAuth ("Cisco IPsec"), and does not require an IPsec PSK, username or password.
-
---> Therefore, IKEv2 only was chosen as preset via the environment variables of the provided docker-compose.yml.
-
-````
-# copy IKEv2 VPN profile from docker container onto host
-docker cp ipsec-vpn-server:/etc/ipsec.d/vpnclient.p12 ./
-
-# inspect randomly created certificate password
-docker logs ipsec-vpn-server
-
-# elevated powershell; import the VPN profile into Windows using the password from docker logs above
-# if you have not chosen to use a randomly created password (env var VPN_PROTECT_CONFIG=yes), then use a blank entry and just hit enter
-certutil.exe -f -importpfx .\vpnclient.p12 NoExport
-
-# elevated powershell; set additional reg key to harden IKEv2 key exchange
-REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2048_AES256 /t REG_DWORD /d 0x1 /f
-
-# lowpriv powershell; add the IKEv2 VPN connection
-powershell -command "Add-VpnConnection -ServerAddress 'vpn.example.com' -Name 'IKEVPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
-
-powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'IKEVPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
-````

examples/ipsec-vpn-server/docker-compose.yml

@@ -6,9 +6,9 @@ services:
     hostname: ipsec-vpn-server
     container_name: ipsec-vpn-server
     environment:
-      #- VPN_IPSEC_PSK=3gAW0sDYI2ARSMQIQRa2xpIHb42JS+ImsiHdf3jbTl8 # set a secure psk; e.g. via `openssl rand -base64 32`; only necessary if not IKEv2 only
+      - VPN_IPSEC_PSK=3gAW0sDYI2ARSMQIQRa2xpIHb42JS+ImsiHdf3jbTl8 # set a secure psk; e.g. via `openssl rand -base64 32`
-      #- VPN_USER=vpn # define your vpn username; only necessary if not IKEv2 only
+      - VPN_USER=vpn # define your vpn username
-      #- VPN_PASSWORD=Cy7jRPIZGVK7dbAF5v # set a secure vpn password; e.g. via `openssl rand -base64 16`; only necessary if not IKEv2 only
+      - VPN_PASSWORD=Cy7jRPIZGVK7dbAF5v # set a secure vpn password; e.g. via `openssl rand -base64 16`
       #- VPN_ADDL_USERS=additional_username_1 additional_username_2 # add additional users; usernames must be separated by spaces, no duplicates allowed
       #- VPN_ADDL_PASSWORDS=additional_password_1 additional_password_2 # define pws for additional users; passwords must be separated by spaces
       #- VPN_ADDL_IP_ADDRS=192.168.42.2 192.168.42.3 # assign static IPs to clients; IKEv2 mode does NOT support this feature
@@ -17,8 +17,8 @@ services:
       #- VPN_CLIENT_NAME=vpnclient # optionally set your first vpn client name; default is vpnclient
       #- VPN_DNS_NAME=vpn.example.com # optionally define dns name
       #- VPN_PUBLIC_IP=103.10.199.1 # optionally define public IP address; this variable has no effect for IKEv2 mode
-      - VPN_PROTECT_CONFIG=yes # optionally protect client config files using a random password
+      #- VPN_PROTECT_CONFIG=yes # optionally protect client config files using a random password
-      - VPN_IKEV2_ONLY=yes # disable both IPsec/L2TP and IPsec/XAuth modes; only use IKEv2
+      #- VPN_IKEV2_ONLY=yes # disable both IPsec/L2TP and IPsec/XAuth modes; only use IKEv2
       #- VPN_DISABLE_IPSEC_L2TP=yes # disable IPsec/L2TP mode
       #- VPN_DISABLE_IPSEC_XAUTH=yes # disable IPsec/XAuth ("Cisco IPsec") mode
     restart: always