allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

Merge pull request #204 from kylemanna/docs_systemd

Browse Source 
Document systemd service usage
This commit is contained in:
Kyle Manna 2017-01-16 15:45:45 -08:00 committed by GitHub
commit b07b4957f8
3 changed files with 74 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -56,6 +56,10 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).
$ dig google.com # won't use the search directives in resolv.conf $ dig google.com # won't use the search directives in resolv.conf
$ nslookup google.com # will use search $ nslookup google.com # will use search
* Consider setting up a [systemd service](/docs/systemd.md) for automatic
start-up at boot time and restart in the event the OpenVPN daemon or Docker
crashes.
## How Does It Work? ## How Does It Work?
Initialize the volume container using the `kylemanna/openvpn` image with the Initialize the volume container using the `kylemanna/openvpn` image with the
@ -166,7 +170,7 @@ of a guarantee in the future.
volume for re-use across containers volume for re-use across containers
* Addition of tls-auth for HMAC security * Addition of tls-auth for HMAC security
## Tested On ## Originally Tested On
* Docker hosts: * Docker hosts:
* server a [Digital Ocean](https://www.digitalocean.com/?refcode=d19f7fe88c94) Droplet with 512 MB RAM running Ubuntu 14.04 * server a [Digital Ocean](https://www.digitalocean.com/?refcode=d19f7fe88c94) Droplet with 512 MB RAM running Ubuntu 14.04
@ -175,8 +179,3 @@ of a guarantee in the future.
* OpenVPN core 3.0 android armv7a thumb2 32-bit * OpenVPN core 3.0 android armv7a thumb2 32-bit
* OS X Mavericks with Tunnelblick 3.4beta26 (build 3828) using openvpn-2.3.4 * OS X Mavericks with Tunnelblick 3.4beta26 (build 3828) using openvpn-2.3.4
* ArchLinux OpenVPN pkg 2.3.4-1 * ArchLinux OpenVPN pkg 2.3.4-1
*
## Having permissions issues with Selinux enabled?
See [this](docs/selinux.md)

37
docs/systemd.md Normal file
View File

@ -0,0 +1,37 @@
# Docker + OpenVPN systemd Service
The systemd service aims to make the update and invocation of the
`docker-openvpn` container seamless. It automatically downloads the latest
`docker-openvpn` image and instantiates a Docker container with that image. At
shutdown it cleans-up the old container.
In the event the service dies (crashes, or is killed) systemd will attempt to
restart the service every 10 seconds until the service is stopped with
`systemctl stop docker-openvpn@NAME.service`.
A number of IPv6 hacks are incorporated to workaround Docker shortcomings and
are harmless for those not using IPv6.
To use and enable automatic start by systemd:
1. Create a Docker volume container named `ovpn-data-NAME` where `NAME` is the
user's choice to describe the use of the container. In the example
configuration given in the [README](/README.md) `NAME=data`.
2. Initialize the data container according to the [docker-openvpn
README](/README.md), but don't start the container. Stop the Docker
container if started.
3. Download the [docker-openvpn@.service](https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service)
file to `/etc/systemd/system`:
curl -L https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service | sudo tee /etc/systemd/system/docker-openvpn@.service
4. Enable and start the service with:
systemctl enable --now docker-openvpn@NAME.service
5. Verify service start-up with:
systemctl status docker-openvpn@NAME.service
journalctl --unit docker-openvpn@NAME.service
For more information, see the [systemd manual pages](https://www.freedesktop.org/software/systemd/man/index.html).

32
init/docker-openvpn@.service
View File

@ -1,3 +1,35 @@
#
# Docker + OpenVPN systemd service
#
# Author: Kyle Manna <kyle@kylemanna.com>
# Source: https://github.com/kylemanna/docker-openvpn
#
# This service aims to make the update and invocation of the docker-openvpn
# container seemless. It automatically downloads the latest docker-openvpn
# image and instantiates a Docker container with that image. At shutdown it
# cleans-up the old container.
#
# In the event the service dies (crashes, or is killed) systemd will attempt
# to restart the service every 10 seconds until the service is stopped with
# `systemctl stop docker-openvpn@NAME`.
#
# A number of IPv6 hacks are incorporated to workaround Docker shortcomings and
# are harmless for those not using IPv6.
#
# To use:
# 1. Create a Docker volume container named `ovpn-data-NAME` where NAME is the
# user's choice to describe the use of the container.
# 2. Initialize the data container according to the docker-openvpn README, but
# don't start the container. Stop the docker container if started.
# 3. Download this service file to /etc/systemd/service/docker-openvpn@.service
# 4. Enable and start the service template with:
# `systemctl enable --now docker-openvpn@NAME.service`
# 5. Verify service start-up with:
# `systemctl status docker-openvpn@NAME.service`
# `journalctl --unit docker-openvpn@NAME.service`
#
# For more information, see the systemd manual pages.
#
[Unit] [Unit]
Description=OpenVPN Docker Container Description=OpenVPN Docker Container
Documentation=https://github.com/kylemanna/docker-openvpn Documentation=https://github.com/kylemanna/docker-openvpn