Category: Docker Project

Creating an OpenVPN-AS container

Previously:

 

I installed Docker CE on Ubuntu 16.04, but the method described would work on most versions of Linux.

Creating an OpenVPN-AS container:

For this part, I’m going to be posting the scripts and dockerfile that I wrote to create my OpenVPN-AS container.

The dockerfile is a text document that instructs Docker how to build the image.  I’ll be starting from a Ubuntu 16.04 build and will install the required packages, download the OpenVPN-AS package and install it, then change the openvpn user’s password.  After that,  I’ll open communication over the required ports, copy over my entrypoint.sh script, set it as executable, and run it.

The entrypoint.sh script is essentially a startup script for the instance that will launch OpenVPN-AS and, if required, removes files from a previously running instance of the OpenVPN services.  If OpenVPN crashes, I’ll need to stop twistd.pid and then remove the file.

dockerfile:
[shell]
 FROM ubuntu:16.04
 MAINTAINER Thurdi "https://github.com/thurdi";
 USER root
 WORKDIR /
 RUN apt-get update && apt-get install -y wget \
     iptables \
     net-tools \
     psmisc && \
     wget https://swupdate.openvpn.org/as/openvpn-as-2.1.12-
     ubuntu16.amd_64.deb && \
     dpkg -i openvpn-as-2.1.12-Ubuntu16.amd_64.deb && \
     echo "openvpn:password1234" | chpasswd && \
     rm -rf openvpn-as-2.1.12-Ubuntu16.amd_64.deb
 COPY Build/entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 EXPOSE 443/tcp 1194/udp 943/tcp
 VOLUME ["/usr/local/openvpn_as"]
 CMD ["/entrypoint.sh"]
 [/shell]
entrypoint.sh:
[shell]
 #!/bin/bash
 # remove twisted pid
 if ps -p $(cat twistd.pid) > /dev/null 2>&1
 then
     TMP=$(cat twistd.pid)
     kill $TMP
     exit 1
 else
     echo "no twistd.pid found"
 fi
 if [ -e "/twistd.pid" ]; then
    rm -rf twistd.pid &>/dev/null
 fi
 # remove pid file if it exists
 if [ -e "/var/run/openvpnas.pid" ]; then
     rm -f "/var/run/openvpnas.pid" &>/dev/null
 fi
 #start openvpn
 /usr/local/openvpn_as/scripts/openvpnas -n
 [/shell]

Installing Docker

Previously:

I setup SSH on a freshly installed Ubuntu 16.04 server.

Creating the Docker Server:

Next, I’m going to install Docker and get it ready to run the VPN and Plex containers.  For this part, I’m going to cheat a bit and use the script that Docker provides.  The code is as follows:

[shell]

wget https://raw.githubusercontent.com/docker/docker-install/master/install.sh

sudo chmod +x install.sh

sudo ./install.sh

[/shell]

This downloads the [shell]install.sh[/shell] script, adds execute permissions to it, then runs the script.  The Docker script installs the correct version of Docker CE depending on your flavor of Linux, in my case Ubuntu 16.04.

After running the script, verify that Docker is installed by running:

[shell]

sudo docker run hello-world

[/shell]

And with that, Docker has successfully been installed, and I’m ready to move on to installing OpenVPN-AS!

Setting Up SSH

So the first thing I need to do is setup a Linux VM.  I’m choosing to use Ubuntu 16.04 as my host VM.  From a base install of Ubuntu, I’m going to configure SSH by removing password authentication and requiring RSA key based authentication.  

 

Login to the Ubuntu Server and type in:

[shell]sudo nano /etc/ssh/sshd_config[/shell]

Remove the comment (#) from the line that has:

[shell]#PasswordAuthentication yes[/shell]

And change the “yes” to a “no”.  Do not restart the server!

 

Next, I’ll need to copy the public key to the server, but first I’ll need to create a private and public key combination.  I’ll start by downloading PuTTYGen.  I select Generate and follow the instructions to move the mouse to generate a random sequence.  Once the RSA keys have been generated, I’ll save them using the “Save public key” and “Save private key” buttons.

Copy the id_rsa.pub file to the server as ~/.ssh/authorized_keys.

 

Once I have the public key copied over, I’m good to go! I’ll restart the service using:

[shell]sudo service ssh restart[/shell], and I’ll be required to use my private key to connect over SSH.  Easy peasy.

New Project

The Project

I’ve recently started a project where I’m consolidating my VMs into docker containers.  Docker containers are another layer of abstraction for servers and their OS is provided by the host docker server. The applications run inside virtual environments where only the bare minimum required software is running.

 

In my case, I decided to create a docker VM instead of installing docker on the bare metal.  My fileserver is still going to run as its own VM alongside the docker VM, but I’m going to move my Plex server and VPN server to run inside docker.

 

Why Docker?

Docker allows for rapid application deployment. Although it is not the best place to host a VPN server or a Plex server, it does have some appeal in having portability for those servers. Creating a dockerfile with a strict definition for what you want the server to be allows the server to build with a single command.  For my purposes, in my home test environment, this allows me to blow up and rebuild my servers on a whim and makes it a quick process.  Sounds like enough of a win to learn a new technology with great applications for the applications I’m going to write later down the road.  Haha, see what I did there?

 

The Blog

In my blog, I intend on documenting my move to Docker as both notes for myself and notes for you, the reader.  The upcoming posts will detail the steps to recreate an OpenVPN-AS and a Plex server in a series of Docker containers running on a single Docker host VM.  I’ll include everything from setting up the Docker host VM all the way through adding users for the VPN and mapping symlinks for Plex.