Move cipher configuration to Dockerfile so the defaults are also

pieterlange · pieterlange · commit 915a4ffecda4 · 2017-01-24T10:00:30.000+01:00
available to the scripts (ie getclient)
diff --git a/Dockerfile b/Dockerfile
@@ -22,6 +22,9 @@ ENV OVPN_CRL $OPENVPN/crl/crl.pem
 ENV OVPN_CCD $OPENVPN/ccd
 ENV OVPN_DEFROUTE 0
 
+ENV OVPN_CIPHER "AES-256-CBC"
+ENV OVPN_TLS_CIPHER "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
 ENV EASYRSA /usr/share/easy-rsa
 ENV EASYRSA_PKI $OPENVPN/pki
 
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -22,8 +22,6 @@ OVPN_PROTO="${OVPN_PROTO:-tcp}"
 OVPN_NATDEVICE="${OVPN_NATDEVICE:-eth0}"
 OVPN_K8S_DOMAIN="${OVPN_K8S_DOMAIN:-svc.cluster.local}"
 OVPN_VERB=${OVPN_VERB:-3}
-OVPN_CIPHER=${OVPN_CIPHER:-"AES-256-CBC"}
-OVPN_TLS_CIPHER=${OVPN_TLS_CIPHER:-"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"}
 
 if [ ! -d "${EASYRSA_PKI}" ]; then
     echo "PKI directory missing. Did you mount in your Secret?"
