As part as my efforts of reducing the management overhead of multiple systems – much like the rest of the world – I am in a long process of migrating all my workload from virtual machines, each dedicated to a single or a small number of related services, to a container-based solutions. While containers are old news for most, I might dedicate a future post to explaining the considerations I’ve had and the advantages they provide me with.
As part of this migration, there are times when I find a good, but not good-enough solution. In such cases, I am required to modify it to match my needs.
This is the case with Dockovpn container, which I found to be mostly what I wanted, but not all. As a result, I have forked out and modified it to match my needs.
I have made the following changes (for now):
- Use latest Alpine Linux (alpine:latest)
- Use more recent openvpn server (as provided with the latest Alpine Linux)
- Use a more recent easyrsa package, and adjusting the scripts to work with it
- Keeping the openvpn config file on persistent volume, to allow for easier customizations
- Better handle removed (revoked) accounts (certificates) – A better post-remove cleanup
- Add support for simple-authentication web proxy in the path of obtaining the client config
- Added a common case with missing iptables modules to the README.md file for a quick win
Deploying a VPN based on this container is a 30 seconds job. There is a working docker-compose example, and a working example of docker-compose combined with nginx to protect generated client configuration files.
Take a look at this project github page, and see if it works for you.