misc: Switch from data container to data volume

* Use the `docker volume` mechanism.
* Less confusing and makes more sense.
* Released in ~ docker v1.9

docs/advanced.md

@@ -4,7 +4,7 @@ The [`ovpn_genconfig`](/bin/ovpn_genconfig) script is intended for simple config
 
 ## Create host volume mounts rather than data volumes
 
-* Refer to the Quick Start document, and substitute `--volumes-from $OVPN_DATA` with `-v /path/on/host/openvpn0:/etc/openvpn`
+* Refer to the Quick Start document, and substitute `-v $OVPN_DATA:/etc/openvpn` with `-v /path/on/host/openvpn0:/etc/openvpn`
 * Quick example that is likely to be out of date, but here's how to get started:
 
         mkdir openvpn0

docs/backup.md

@@ -11,10 +11,10 @@ I'd recommend encrypting the archive with something strong (e.g. gpg or openssl
 
 ## Backup to Archive
 
-    docker run --volumes-from $OVPN_DATA --rm busybox tar -cvf - -C /etc openvpn | xz > openvpn-backup.tar.xz
+    docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn tar -cvf - -C /etc openvpn | xz > openvpn-backup.tar.xz
 
 ## Restore to New Container
 
 Assumes an existing container named `$OVPN_DATA` to extract the data over the top.
 
-    xzcat openvpn-backup.tar.xz | docker run --name $OVPN_DATA -v /etc/openvpn -i busybox tar -xvf - -C /etc
+    xzcat openvpn-backup.tar.xz | docker run --name $OVPN_DATA -v /etc/openvpn -i kylemanna/openvpn tar -xvf - -C /etc

docs/clients.md

@@ -13,7 +13,7 @@ Note that some client software might be picky about which configuration format i
 
 See an overview of the configured clients, including revokation status:
 
-    docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn ovpn_listclients
+    docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn ovpn_listclients
 
 ## Batch Mode
 
@@ -21,7 +21,7 @@ If you have more than a few clients, you will want to generate and update your c
 
 Execute the following to generate the configuration for all clients:
 
-    docker run --rm -it --volumes-from $OVPN_DATA --volume /tmp/openvpn_clients:/etc/openvpn/clients kylemanna/openvpn ovpn_getclient_all
+    docker run --rm -it -v $OVPN_DATA:/etc/openvpn --volume /tmp/openvpn_clients:/etc/openvpn/clients kylemanna/openvpn ovpn_getclient_all
 
 After doing so, you will find the following files in each of the `$cn` directories:
 
@@ -36,7 +36,7 @@ After doing so, you will find the following files in each of the `$cn` directori
 
 Revoke `client1`'s certificate and generate the certificate revocation list (CRL):
 
-    docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn easyrsa revoke client1
-    docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn easyrsa gen-crl
+    docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn easyrsa revoke client1
+    docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn easyrsa gen-crl
 
 The OpenVPN server will read this change every time a client connects (no need to restart server) and deny clients access using revoked certificates.

docs/debug.md

@@ -7,7 +7,7 @@ Random things I do to debug the containers.
 * Create a shell in the running docker container (aka namespace) with [nsenter](https://github.com/jpetazzo/nsenter)
 * If you don't have nsenter/docker-enter, you can mount the data container and modify it with
 
-        docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn bash -l
+        docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn bash -l
 
 ## Stream OpenVPN Logs
 

docs/faqs.md

@@ -4,7 +4,7 @@
 
 Use a Docker image with a text editor pre-installed (i.e. Ubuntu) and connect the volume container:
 
-    docker run --volumes-from $OVPN_DATA --rm -it ubuntu vi /etc/openvpn/openvpn.conf
+    docker run -v $OVPN_DATA:/etc/openvpn --rm -it ubuntu vi /etc/openvpn/openvpn.conf
 
 
 ## Why not keep everything in one image?

docs/otp.md

@@ -13,15 +13,15 @@ In order to enable two factor authentication the following steps are required.
 
 * Generate server configuration with `-2` option
 
-        docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u udp://vpn.example.com -2
+        docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://vpn.example.com -2
 
 * Generate your client certificate (possibly without a password since you're using OTP)
 
-        docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full <user> nopass
+        docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full <user> nopass
 
 * Generate authentication configuration for your client. -t is needed to show QR code, -i is optional for interactive usage
 
-        docker run --volumes-from $OVPN_DATA --rm -t kylemanna/openvpn ovpn_otp_user <user>
+        docker run -v $OVPN_DATA:/etc/openvpn --rm -t kylemanna/openvpn ovpn_otp_user <user>
 
 The last step will generate OTP configuration for the provided user with the following options
 
@@ -62,7 +62,7 @@ If something is not working you can verify your PAM setup with these commands
 
 ```
 # Start a shell in container
-docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn bash
+docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn bash
 # Then in container you have pamtester utility already installed
 which pamtester
 # To check authentication use this command that will prompt for a valid code from Authenticator APP

docs/paranoid.md

@@ -22,7 +22,7 @@ If you want to select the cyphers used by OpenVPN the following parameters of th
 
 The following options have been tested successfully:
 
-    docker run --volumes-from $OVPN_DATA --net=none --rm kylemanna/openvpn ovpn_genconfig -C 'AES-256-CBC' -a 'SHA384'
+    docker run -v $OVPN_DATA:/etc/openvpn --net=none --rm kylemanna/openvpn ovpn_genconfig -C 'AES-256-CBC' -a 'SHA384'
 
 Changing the `tls-cipher` option seems to be more complicated because some clients (namely NetworkManager in Debian Jessie) seem to have trouble with this. Running `openvpn` manually also did not solve the issue:
 

docs/static-ips.md

@@ -6,7 +6,7 @@ The docker image is setup for static client configuration on the 192.168.254.0/2
 
 1. Create a client specific configuration:
 
-        $ echo "ifconfig-push 192.168.254.1 192.168.254.2" | docker run --volumes-from $OVPN_DATA -i --rm kylemanna/openvpn tee /etc/openvpn/ccd/CERT_COMMON_NAME
+        $ echo "ifconfig-push 192.168.254.1 192.168.254.2" | docker run -v $OVPN_DATA:/etc/openvpn -i --rm kylemanna/openvpn tee /etc/openvpn/ccd/CERT_COMMON_NAME
         ifconfig-push 192.168.254.1 192.168.254.2
 
 2. Wait for client to reconnect if necessary
@@ -15,10 +15,10 @@ The docker image is setup for static client configuration on the 192.168.254.0/2
 
 Login to the data volume with a `bash` container, note only changes in /etc/openvpn will persist:
 
-    docker run --volumes-from $OVPN_DATA -it --rm kylemanna/openvpn bash -l
+    docker run -v $OVPN_DATA:/etc/openvpn -it --rm kylemanna/openvpn bash -l
 
 ## Upgrading from Old OpenVPN Configurations
 
 If you're running an old configuration and need to upgrade it to pull in the ccd directory run the following:
 
-    docker run  --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig
+    docker run  -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig

docs/tcp.md

@@ -10,18 +10,18 @@ Another example would be trying to open a VPN connection from within a very rest
 ## Using TCP
 Those requiring TCP connections should initialize the data container by specifying the TCP protocol and port number:
 
-    docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u tcp://VPN.SERVERNAME.COM:443
-    docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki
+    docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u tcp://VPN.SERVERNAME.COM:443
+    docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
 
 Because the server container always exposes port 1194, regardless of the
 specified protocol, adjust the mapping appropriately:
 
-    docker run --volumes-from $OVPN_DATA -d -p 443:1194/tcp --cap-add=NET_ADMIN kylemanna/openvpn
+    docker run -v $OVPN_DATA:/etc/openvpn -d -p 443:1194/tcp --cap-add=NET_ADMIN kylemanna/openvpn
 
 ## Running a Second Fallback TCP Container
 Instead of choosing between UDP and TCP, you can use both. A single instance of OpenVPN can only listen for a single protocol on a single port, but this image makes it easy to run two instances simultaneously. After building, configuring, and starting a standard container listening for UDP traffic on 1194, you can start a second container listening for tcp traffic on port 443:
 
-    docker run --volumes-from $OVPN_DATA --rm -p 443:1194/tcp --privileged kylemanna/openvpn ovpn_run --proto tcp
+    docker run -v $OVPN_DATA:/etc/openvpn --rm -p 443:1194/tcp --privileged kylemanna/openvpn ovpn_run --proto tcp
 
 `ovpn_run` will load all the values from the default config file, and `--proto tcp` will override the protocol setting.