From 816eff9af654e8be8e775bd653a395ac6b317f0f Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Wed, 9 Jul 2014 12:09:27 -0700 Subject: [PATCH 1/4] docs: openvpn-data -> $OVPN_DATA * Easier to work with. --- docs/backup.md | 4 ++-- docs/static-ips.md | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/backup.md b/docs/backup.md index a16ee26..04ca7fa 100644 --- a/docs/backup.md +++ b/docs/backup.md @@ -11,8 +11,8 @@ TL;DR Protect the resulting archive file, by ensure there is very limited access ## Backup to Archive - docker run --volumes-from openvpn-data --rm busybox tar -cvf - -C /etc openvpn | xz > openvpn-backup.tar.xz + docker run --volumes-from $OVPN_DATA --rm busybox tar -cvf - -C /etc openvpn | xz > openvpn-backup.tar.xz ## Retore to New Image - xzcat openvpn-backup.tar.xz | docker run --name openvpn-data -v /etc/openvpn -i busybox tar -xvf - -C /etc + xzcat openvpn-backup.tar.xz | docker run --name $OVPN_DATA -v /etc/openvpn -i busybox tar -xvf - -C /etc diff --git a/docs/static-ips.md b/docs/static-ips.md index 39ccfe2..38fcbc2 100644 --- a/docs/static-ips.md +++ b/docs/static-ips.md @@ -6,19 +6,19 @@ The docker image is setup for static client configuration on the 192.168.254.0/2 1. Create a client specific configuration: - $ echo "ifconfig-push 192.168.254.1 192.168.254.2" | docker run --volumes-from openvpn-data -i --rm kylemanna/openvpn tee /etc/openvpn/ccd/CERT_COMMON_NAME + $ echo "ifconfig-push 192.168.254.1 192.168.254.2" | docker run --volumes-from $OVPN_DATA -i --rm kylemanna/openvpn tee /etc/openvpn/ccd/CERT_COMMON_NAME ifconfig-push 192.168.254.1 192.168.254.2 2. Wait for client to reconnect if necessary ## Advanced Admin -Login to the openvpn-data volume with a `bash` container, note only changes in /etc/openvpn will persist: +Login to the data volume with a `bash` container, note only changes in /etc/openvpn will persist: - docker run --volumes-from openvpn-data -it --rm kylemanna/openvpn bash -l + docker run --volumes-from $OVPN_DATA -it --rm kylemanna/openvpn bash -l ## Upgrading from Old OpenVPN Configurations If you're running an old configuration and need to upgrade it to pull in the ccd directory run the following: - docker run --volumes-from openvpn-data --rm kylemanna/openvpn ovpn_genconfig + docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig From e9c5108a8f5410b340fffbd8418541944c1fecfc Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Wed, 9 Jul 2014 12:09:47 -0700 Subject: [PATCH 2/4] debug: Add mention of shells * Very useful for getting in a running container or fix a data volume. --- docs/debug.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/debug.md b/docs/debug.md index 983c768..8b55554 100644 --- a/docs/debug.md +++ b/docs/debug.md @@ -2,6 +2,13 @@ Random things I do to debug the containers. +## Login Shells + +* Create a shell in the running docker container (aka namespace) with [nsenter](https://github.com/jpetazzo/nsenter) +* If you don't have nsenter/docker-enter, you can mount the data container and modify it with + + docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn bash -l + ## Stream OpenVPN Logs 1. Get the container's name or container ID: From 37f86037d835cc535b93841a3d2e144d15b68737 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Wed, 9 Jul 2014 12:18:43 -0700 Subject: [PATCH 3/4] advanced: Add advanced configs * Copy paste stuff for using host mounted volumes --- docs/advanced.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 docs/advanced.md diff --git a/docs/advanced.md b/docs/advanced.md new file mode 100644 index 0000000..ced0407 --- /dev/null +++ b/docs/advanced.md @@ -0,0 +1,21 @@ +# Advanced Configurations + +The ovpn_genconfig script is intended for simple configurations that apply to the majority of the users. If your use case isn't general, it likely won't be supported. This document aims to explain how to work around that. + +## Create host volume mounts rather then data volumes + +* Refer to the Quick Start document, and substitute `--volumes-from $OVPN_DATA` with `-v /path/on/host/openvpn0:/etc/openvpn` +* Quick example that is likely to be out of date, but here's how to get started: + + mkdir openvpn0 + cd openvpn0 + docker run --rm -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM:1194 + docker run --rm -v $PWD:/etc/openvpn -it kylemanna/openvpn ovpn_initpki + vim openvpn.conf + docker run --rm -v $PWD:/etc/openvpn -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass + docker run --rm -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn + +* Start the server with: + + docker run -v $PWD:/etc/openvpn -d -p 1194:1194/udp --privileged kylemanna/openvpn + From 5fd47763d735728fa5916b7f8b57a885f2cddf58 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Wed, 9 Jul 2014 12:19:15 -0700 Subject: [PATCH 4/4] README: Add --rm to init steps * Don't need these containers to stick around polluting docker. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index cb39a3e..ca1a009 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,8 @@ OpenVPN server in a Docker container complete with an EasyRSA PKI CA. * Initalize the `$OVPN_DATA` container that will hold the configuration files and certificates - docker run --volumes-from $OVPN_DATA kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM:1194 - docker run --volumes-from $OVPN_DATA -it kylemanna/openvpn ovpn_initpki + docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM:1194 + docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki * Start OpenVPN server process