[Operation and Maintenance Notes] openVPN+docker-compose deployment record

Enterprise 2023-09-30 05:35:10 views: null

[Operation and Maintenance Notes] openVPN+docker-compose deployment record

Problem background

Need to access another (heap) network service that is not directly accessible.

Ideas

The two subnets that cannot access each other are called subnet A and subnet B. The router of subnet B has the function of a virtual server and can map some services within the network to the external network.
Now we want to enable the hosts in subnet A to access all services in subnet B after logging into the VPN. Therefore, consider deploying the VPN server on the hosts in subnet B and mapping the VPN service ports through the function of the virtual server to complete the establishment of the VPN.

Technology options

Based on rapid deployment considerations, this article chooses docker+openVPN for deployment.

docker image

I found the openvpn image released by linuxserver on dockerhub. After deploying it according to the guidelines, I found that some domestic localization adaptation was needed.

dockerfile

First, modify the apt source in the dockerfile to a domestic image source, and then the openvpn software source needs to use technical means.

FROM linuxserver/openvpn-as:latest

# 技术手段,不然会安装不了openvpn
RUN echo 'Acquire::http::Proxy "http://192.168.2.148:10809/";\nAcquire::http::Proxy "http://192.168.2.148:10809/";'>/etc/apt/apt.conf.d/proxy.conf
# apt替换为国内镜像源
RUN echo 'deb http://mirrors.cernet.edu.cn/ubuntu/ jammy main restricted universe multiverse\ndeb http://mirrors.cernet.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse\ndeb http://mirrors.cernet.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse\ndeb http://mirrors.cernet.edu.cn/ubuntu/ jammy-security main restricted universe multiverse'> /etc/apt/sources.list

docker-compose file

Basically it is the default configuration of linuxserver, that is, the image has been changed and the time zone has been changed.

version: "3"
services:
  openvpn-as:
    build:
      context: .
    image: openvpn-as
    container_name: openvpn-as
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Shanghai
      - INTERFACE=eth1 #网卡名,可选
    volumes:
      - <openvpn_data>:/config
    ports:
      - 943:943
      - 9443:9443
      - 1194:1194/udp
    restart: unless-stopped

Deploy successfully with just one command

docker-compose up -d

After successful deployment, visit https://domain:943/admin for web management. The default account password is admin/password.
overview

New configuration

Add a new user in user management, remember to edit the password, and then you can log in.user management

Guess you like

Origin blog.csdn.net/u013943146/article/details/131365858
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com