From 6028a2b5b79f6d1a8116d55628f315f333cf9826 Mon Sep 17 00:00:00 2001 From: Edward Vielmetti Date: Sat, 31 Dec 2016 01:27:28 -0500 Subject: [PATCH] add logging warning to paranoid.md Update documentation with logging warning; closes #189 . --- docs/paranoid.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/paranoid.md b/docs/paranoid.md index f048a70..79a8fdf 100644 --- a/docs/paranoid.md +++ b/docs/paranoid.md @@ -36,6 +36,14 @@ EasyRSA will generate 4096 bit RSA keys when the `-e EASYRSA_KEY_SIZE=4096` argu docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass +## Logging and stdout + +Because you are running within Docker, remember that any command that generates output to stdout may also log that output through Docker's log-driver mechanism. That may mean that e.g. keying material generated by `ovpn_getclient` will be logged somewhere that you don't want it to be logged. + +A simple way to avoid having Docker log output for a given command is to run with `--log-driver=none`, e.g + + docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient USER > USER.ovpn + ## Additional Resources Have a look at the [Applied-Crypto-Hardening](https://github.com/BetterCrypto/Applied-Crypto-Hardening/tree/master/src/configuration/VPNs/OpenVPN) project for more examples.