Wrote script to copy only the needed files to the docker host which runs the docker openvpn server.

* For the truly paranoid users, never keep any keys (i.e. client and
  certificate authority) in the docker container to begin with :).

README.md

@@ -105,7 +105,7 @@ packets, etc).
   simplicity.  It's highly recommended to secure the CA key with some
   passphrase to protect against a filesystem compromise.  A more secure system
   would put the EasyRSA PKI CA on an offline system (can use the same Docker
-  image to accomplish this).
+  image and the script ovpn_copy_server_files to accomplish this).
 * It would be impossible for an adversary to sign bad or forged certificates
   without first cracking the key's passphase should the adversary have root
   access to the filesystem.

bin/ovpn_copy_server_files

@@ -0,0 +1,24 @@
+#!/bin/bash
+## @licence AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>
+## @author Copyright (C) 2015 Robin Schneider <ypid@riseup.net>
+
+source "$OPENVPN/ovpn_env.sh"
+
+TARGET="/tmp/openvpn_${OVPN_CN}"
+if [ -n "$1" ]; then
+    TARGET="$1"
+fi
+
+rsync --recursive --verbose --prune-empty-dirs \
+    --include "*/" \
+    --include "/pki/private/${OVPN_CN}.key" \
+    --include "/pki/ca.crt" \
+    --include "/pki/issued/${OVPN_CN}.crt" \
+    --include "/pki/dh.pem" \
+    --include "ta.key" \
+    --include "/openvpn.conf" \
+    --include "/ovpn_env.sh" \
+    --exclude="*" \
+    "$OPENVPN/" "$TARGET"
+
+echo "Created the openvpn configuration for the server: $TARGET"