diff --git a/README.md b/README.md index 8fb4133..956c345 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,10 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq). $ dig google.com # won't use the search directives in resolv.conf $ nslookup google.com # will use search +* Consider setting up a [systemd service](/docs/systemd.md) for automatic + start-up at boot time and restart in the event the OpenVPN daemon or Docker + crashes. + ## How Does It Work? Initialize the volume container using the `kylemanna/openvpn` image with the @@ -166,7 +170,7 @@ of a guarantee in the future. volume for re-use across containers * Addition of tls-auth for HMAC security -## Tested On +## Originally Tested On * Docker hosts: * server a [Digital Ocean](https://www.digitalocean.com/?refcode=d19f7fe88c94) Droplet with 512 MB RAM running Ubuntu 14.04 @@ -175,8 +179,3 @@ of a guarantee in the future. * OpenVPN core 3.0 android armv7a thumb2 32-bit * OS X Mavericks with Tunnelblick 3.4beta26 (build 3828) using openvpn-2.3.4 * ArchLinux OpenVPN pkg 2.3.4-1 - * - -## Having permissions issues with Selinux enabled? - -See [this](docs/selinux.md) diff --git a/docs/systemd.md b/docs/systemd.md new file mode 100644 index 0000000..ae14eb3 --- /dev/null +++ b/docs/systemd.md @@ -0,0 +1,37 @@ +# Docker + OpenVPN systemd Service + +The systemd service aims to make the update and invocation of the +`docker-openvpn` container seamless. It automatically downloads the latest +`docker-openvpn` image and instantiates a Docker container with that image. At +shutdown it cleans-up the old container. + +In the event the service dies (crashes, or is killed) systemd will attempt to +restart the service every 10 seconds until the service is stopped with +`systemctl stop docker-openvpn@NAME.service`. + +A number of IPv6 hacks are incorporated to workaround Docker shortcomings and +are harmless for those not using IPv6. + +To use and enable automatic start by systemd: + +1. Create a Docker volume container named `ovpn-data-NAME` where `NAME` is the + user's choice to describe the use of the container. In the example + configuration given in the [README](/README.md) `NAME=data`. +2. Initialize the data container according to the [docker-openvpn + README](/README.md), but don't start the container. Stop the Docker + container if started. +3. Download the [docker-openvpn@.service](https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service) + file to `/etc/systemd/system`: + + curl -L https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service | sudo tee /etc/systemd/system/docker-openvpn@.service + +4. Enable and start the service with: + + systemctl enable --now docker-openvpn@NAME.service + +5. Verify service start-up with: + + systemctl status docker-openvpn@NAME.service + journalctl --unit docker-openvpn@NAME.service + +For more information, see the [systemd manual pages](https://www.freedesktop.org/software/systemd/man/index.html). diff --git a/init/docker-openvpn@.service b/init/docker-openvpn@.service index 31925fb..19f7e46 100644 --- a/init/docker-openvpn@.service +++ b/init/docker-openvpn@.service @@ -1,3 +1,35 @@ +# +# Docker + OpenVPN systemd service +# +# Author: Kyle Manna +# Source: https://github.com/kylemanna/docker-openvpn +# +# This service aims to make the update and invocation of the docker-openvpn +# container seemless. It automatically downloads the latest docker-openvpn +# image and instantiates a Docker container with that image. At shutdown it +# cleans-up the old container. +# +# In the event the service dies (crashes, or is killed) systemd will attempt +# to restart the service every 10 seconds until the service is stopped with +# `systemctl stop docker-openvpn@NAME`. +# +# A number of IPv6 hacks are incorporated to workaround Docker shortcomings and +# are harmless for those not using IPv6. +# +# To use: +# 1. Create a Docker volume container named `ovpn-data-NAME` where NAME is the +# user's choice to describe the use of the container. +# 2. Initialize the data container according to the docker-openvpn README, but +# don't start the container. Stop the docker container if started. +# 3. Download this service file to /etc/systemd/service/docker-openvpn@.service +# 4. Enable and start the service template with: +# `systemctl enable --now docker-openvpn@NAME.service` +# 5. Verify service start-up with: +# `systemctl status docker-openvpn@NAME.service` +# `journalctl --unit docker-openvpn@NAME.service` +# +# For more information, see the systemd manual pages. +# [Unit] Description=OpenVPN Docker Container Documentation=https://github.com/kylemanna/docker-openvpn