self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-04-21 12:07:00 +02:00
Code Issues Releases Activity

update openvpn

Browse Source
This commit is contained in:
kev 2016-09-02 12:23:56 +08:00
parent eaa75b551f
commit f7f3fed822
3 changed files with 48 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
openvpn/README.md
View File

@ -1,4 +1,4 @@
openvpn OpenVPN
======= =======
[OpenVPN][1] is blocked in China. You need to connect vpn via secure tunnel. [OpenVPN][1] is blocked in China. You need to connect vpn via secure tunnel.
@ -11,18 +11,13 @@ Instead of using [fteproxy][2] as bridge, you can also use [stunnel][3].
## docker-compose.yml (server) ## docker-compose.yml (server)
``` ```yaml
data: openvpn:
image: busybox
volumes:
- /etc/openvpn
server:
image: vimagick/openvpn image: vimagick/openvpn
expose: ports:
- "1194/tcp" - "1194:1194"
volumes_from: volumes:
- data - ./data:/etc/openvpn
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
restart: always restart: always
@ -32,59 +27,55 @@ fteproxy:
ports: ports:
- "4911:4911" - "4911:4911"
links: links:
- "server" - openvpn
environment: environment:
- "MODE=server" - MODE=server
- "SERVER_IP=0.0.0.0" - SERVER_IP=0.0.0.0
- "SERVER_PORT=4911" - SERVER_PORT=4911
- "PROXY_IP=server" - PROXY_IP=openvpn
- "PROXY_PORT=1194" - PROXY_PORT=1194
- "KEY=CB2FBA2BC70490526E749E01BB050F6B555964290DFF58CF24785B4A093F7B18" - KEY=CB2FBA2BC70490526E749E01BB050F6B555964290DFF58CF24785B4A093F7B18
restart: always restart: always
``` ```
## docker-compose.yml (bridge) ## docker-compose.yml (bridge)
``` ```yaml
fteproxy: fteproxy:
image: vimagick/fteproxy image: vimagick/fteproxy
ports: ports:
- "1194:1194" - "1194:1194"
environment: environment:
- "MODE=client" - MODE=client
- "SERVER_IP=vpn.easypi.info" - SERVER_IP=vpn.easypi.info
- "SERVER_PORT=4911" - SERVER_PORT=4911
- "CLIENT_IP=0.0.0.0" - CLIENT_IP=0.0.0.0
- "CLIENT_PORT=1194" - CLIENT_PORT=1194
- "KEY=CB2FBA2BC70490526E749E01BB050F6B555964290DFF58CF24785B4A093F7B18" - KEY=CB2FBA2BC70490526E749E01BB050F6B555964290DFF58CF24785B4A093F7B18
restart: always restart: always
``` ```
## server ## Server Setup
```
$ fig up -d data
```bash
$ ./setup.sh $ ./setup.sh
1) server 1) server ...... (Step 1)
2) client 2) client ...... (Step 2)
3) revoke 3) revoke
4) backup 4) quit ...... (Step 3)
5) restore
6) quit
$ fig up -d $ docker-compose up -d
``` ```
## bridge ## Bridge Setup
``` ```bash
$ fig up -d $ docker-compose up -d
``` ```
## client ## Client Setup
``` ```bash
$ cat /etc/openvpn/client.conf $ cat /etc/openvpn/client.conf
... ...
remote bridge.easypi.info 1194 tcp remote bridge.easypi.info 1194 tcp

19
openvpn/docker-compose.yml
View File

@ -1,14 +1,9 @@
data: openvpn:
image: busybox
volumes:
- /etc/openvpn
server:
image: vimagick/openvpn image: vimagick/openvpn
expose: ports:
- "1194/tcp" - "1194:1194"
volumes_from: volumes:
- data - ./data:/etc/openvpn
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
restart: always restart: always
@ -18,10 +13,10 @@ stunnel:
ports: ports:
- "4911:4911" - "4911:4911"
links: links:
- server - openvpn
environment: environment:
- CLIENT=no - CLIENT=no
- SERVICE=openvpn - SERVICE=openvpn
- ACCEPT=0.0.0.0:4911 - ACCEPT=0.0.0.0:4911
- CONNECT=server:1194 - CONNECT=openvpn:1194
restart: always restart: always

33
openvpn/setup.sh
View File

@ -4,44 +4,29 @@
# #
OVPN_DIR=./ovpn OVPN_DIR=./ovpn
OVPN_IMG=vimagick/openvpn OVPN_SERVER=tcp://openvpn.easypi.info
OVPN_DATA=openvpn_data_1
OVPN_BACKUP=openvpn.tgz
OVPN_SERVER=tcp://vpn.easypi.info
mkdir -p $OVPN_DIR mkdir -p $OVPN_DIR
select opt in server client revoke backup restore quit select opt in server client revoke quit
do do
if [[ $opt == "server" ]] if [[ $opt == "server" ]]
then then
echo "setup server ..." echo "setup server ..."
docker run --rm --volumes-from $OVPN_DATA $OVPN_IMG ovpn_genconfig -u $OVPN_SERVER docker-compose run --rm openvpn ovpn_genconfig -u $OVPN_SERVER
docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG ovpn_initpki docker-compose run --rm openvpn ovpn_initpki
elif [[ $opt == "client" ]] elif [[ $opt == "client" ]]
then then
echo "setup client ..." echo "setup client ..."
read -p '>>> ' OVPN_CLIENT read -p '>>> ' OVPN_CLIENT
docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG easyrsa build-client-full ${OVPN_CLIENT:?client is empty} nopass docker-compose run --rm openvpn easyrsa build-client-full ${OVPN_CLIENT:?client is empty} nopass
docker run --rm --volumes-from $OVPN_DATA $OVPN_IMG ovpn_getclient $OVPN_CLIENT > $OVPN_DIR/$OVPN_CLIENT.ovpn docker-compose run --rm openvpn ovpn_getclient $OVPN_CLIENT > $OVPN_DIR/$OVPN_CLIENT.ovpn
elif [[ $opt == "revoke" ]] elif [[ $opt == "revoke" ]]
then then
echo "revoke client ..."
read -p '>>> ' OVPN_CLIENT read -p '>>> ' OVPN_CLIENT
docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG easyrsa revoke ${OVPN_CLIENT:?client is empty} docker-compose run --rm openvpn easyrsa revoke ${OVPN_CLIENT:?client is empty}
docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG easyrsa gen-crl docker-compose run --rm openvpn easyrsa gen-crl
elif [[ $opt == "backup" ]]
then
echo "backup volume ..."
docker run --rm --volumes-from $OVPN_DATA alpine tar cvzf - -C /etc openvpn > $OVPN_DIR/$OVPN_BACKUP
elif [[ $opt == "restore" ]]
then
echo "restore volume ..."
if docker inspect $OVPN_DATA >& /dev/null
then
docker run --rm --volumes-from $OVPN_DATA -i alpine tar xvzf - -C /etc < $OVPN_DIR/$OVPN_BACKUP
else
docker run --name $OVPN_DATA -v /etc/openvpn -i alpine tar xvzf - -C /etc < $OVPN_DIR/$OVPN_BACKUP
fi
elif [[ $opt == "quit" ]] elif [[ $opt == "quit" ]]
then then
echo "bye" echo "bye"