Merge pull request #190 from vielmetti/patch-1
add logging warning to paranoid.md
This commit is contained in:
commit
acc84e016c
@ -36,6 +36,14 @@ EasyRSA will generate 4096 bit RSA keys when the `-e EASYRSA_KEY_SIZE=4096` argu
|
||||
docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
|
||||
docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
|
||||
|
||||
## Logging and stdout
|
||||
|
||||
Because you are running within Docker, remember that any command that generates output to stdout may also log that output through Docker's log-driver mechanism. That may mean that e.g. keying material generated by `ovpn_getclient` will be logged somewhere that you don't want it to be logged.
|
||||
|
||||
A simple way to avoid having Docker log output for a given command is to run with `--log-driver=none`, e.g
|
||||
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient USER > USER.ovpn
|
||||
|
||||
## Additional Resources
|
||||
|
||||
Have a look at the [Applied-Crypto-Hardening](https://github.com/BetterCrypto/Applied-Crypto-Hardening/tree/master/src/configuration/VPNs/OpenVPN) project for more examples.
|
||||
|
Loading…
Reference in New Issue
Block a user