add docker compose and ubuntu dockerfile with jemalloc

docker-compose.yml

@@ -0,0 +1,13 @@
+services:
+
+  ocserv:
+    build:
+      context: .
+      dockerfile: ubuntu.dockerfile
+    volumes:
+    - ./ocserv.conf:/etc/ocserv/ocserv.conf
+    privileged: true
+    restart: always
+    ports:
+    - 444:443/tcp
+    - 444:443/udp

ocserv.conf

@@ -189,7 +189,7 @@ max-clients = 16
 
 # Limit the number of identical clients (i.e., users connecting 
 # multiple times). Unset or set to zero for unlimited.
-max-same-clients = 2
+# max-same-clients = 2
 
 # When the server receives connections from a proxy, like haproxy
 # which supports the proxy protocol, set this to obtain the correct
@@ -225,14 +225,14 @@ keepalive = 32400
 # needs to be short enough to prevent the NAT disassociating
 # his UDP session from the port number. Otherwise the client
 # could have his UDP connection stalled, for several minutes.
-dpd = 90
+dpd = 86400
 
 # Dead peer detection for mobile clients. That needs to
 # be higher to prevent such clients being awaken too 
 # often by the DPD messages, and save battery.
 # The mobile clients are distinguished from the header
 # 'X-AnyConnect-Identifier-Platform'.
-mobile-dpd = 1800
+mobile-dpd = 86400
 
 # If using DTLS, and no UDP traffic is received for this
 # many seconds, attempt to send future traffic over the TCP
@@ -318,7 +318,7 @@ tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-1
 
 # The time (in seconds) that a client is allowed to stay connected prior
 # to authentication
-auth-timeout = 240
+auth-timeout = 86400
 
 # The time (in seconds) that a client is allowed to stay idle (no traffic)
 # before being disconnected. Unset to disable.
@@ -716,4 +716,4 @@ dtls-legacy = true
 #ipv4-network = 192.168.2.0
 #ipv4-netmask = 255.255.255.0
 
-#cert-user-oid = 0.9.2342.19200300.100.1.1
+#cert-user-oid = 0.9.2342.19200300.100.1.1

ubuntu.dockerfile

@@ -0,0 +1,62 @@
+FROM ubuntu:24.04
+
+ENV OCSERV_VERSION 1.3.0
+ENV CA_CN SAMPLE CA
+ENV CA_ORG Big Corp
+ENV SRV_CN SAMPLE server
+ENV SRV_ORG MyCompany
+RUN set -ex \
+    && apt-get update \
+    && apt-get install -y \
+      build-essential pkg-config \
+      libgnutls28-dev libev-dev \
+      libpam0g-dev liblz4-dev libseccomp-dev \
+      libreadline-dev libnl-route-3-dev libkrb5-dev libradcli-dev \
+      libcurl4-gnutls-dev libcjose-dev libjansson-dev liboath-dev \
+      libprotobuf-c-dev libtalloc-dev node-undici protobuf-c-compiler \
+      gperf iperf3 lcov libuid-wrapper libpam-wrapper libnss-wrapper \
+      libsocket-wrapper gss-ntlmssp haproxy iputils-ping freeradius \
+      gawk gnutls-bin iproute2 yajl-tools tcpdump \
+      ronn \
+      wget tar ipcalc-ng libjemalloc2 iptables \
+    && wget ftp://ftp.infradead.org/pub/ocserv/ocserv-$OCSERV_VERSION.tar.xz \
+    && mkdir -p /etc/ocserv \
+    && tar xf ocserv-$OCSERV_VERSION.tar.xz \
+    && rm ocserv-$OCSERV_VERSION.tar.xz \
+    && cd ocserv-$OCSERV_VERSION \
+    && ./configure \
+    && make \
+    && make install \
+    && cd .. \
+    && rm -rf ocserv-$OCSERV_VERSION \
+    && mkdir -p /etc/ocserv/certs \
+    && cd /etc/ocserv/certs \
+    && certtool --generate-privkey --outfile ca-key.pem \
+    && touch ca.tmpl \
+    && echo "cn = $CA_CN" >> ca.tmpl \
+    && echo "organization = $CA_ORG" >> ca.tmpl \
+    && echo "serial = 1" >> ca.tmpl \
+    && echo "expiration_days = -1" >> ca.tmpl \
+    && echo "ca" >> ca.tmpl \
+    && echo "signing_key" >> ca.tmpl \
+    && echo "cert_signing_key" >> ca.tmpl \
+    && echo "crl_signing_key" >> ca.tmpl \
+    && certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem \
+    && certtool --generate-privkey --outfile server-key.pem \
+    && touch server.tmpl \
+    && echo "cn = $SRV_CN" >> server.tmpl \
+    && echo "organization = $SRV_ORG" >> server.tmpl \
+    && echo "expiration_days = -1" >> server.tmpl \
+    && echo "signing_key" >> server.tmpl \
+    && echo "encryption_key" >> server.tmpl \
+    && echo "tls_www_server" >> server.tmpl \
+    && certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem \
+    && touch /etc/ocserv/ocpasswd
+WORKDIR /etc/ocserv
+COPY ocserv.conf /etc/ocserv/ocserv.conf
+COPY entrypoint.sh /entrypoint.sh
+EXPOSE 443/tcp
+EXPOSE 443/udp
+ENV LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2
+ENTRYPOINT ["sh", "/entrypoint.sh"]
+CMD ["ocserv", "-c", "/etc/ocserv/ocserv.conf", "-f"]