Fast and reliable VPN using docker and digitalocean
I've been using openvpn for a long time, but I was having some problems with performance. I've decided to change the usual approach of having openvpn installed on my host machine and move it to docker. I'm using my own server, but in this blog post I will show you how to do it with digitalocean.
It's very easy to create a docker machine inside a digitalocean droplet. Just head over to their webpage and follow the instruction. 5 USD/month is reasonable price and you do not need to have it running non-stop. One big advantage is that you are billed for hourly usage This tutorial will cost me just 1 cent. Netflix, hulu are just another benefits.
Ok, if you have an account on digitalocean do not forget to generate a token.
You will find it in API
section. I've exported the token as my env variable
Let's create a docker machine and setup the docker to use this machine.
$ docker-machine create -d digitalocean --digitalocean-access-token=$OCEAN_TOKEN ocean INFO Creating SSH key... INFO Creating Digital Ocean droplet... INFO "ocean" has been created and is now the active machine. INFO To point your Docker client at it, run this in your shell: eval "$(docker-machine env ocean)" $ eval $(docker-machine env ocean)
Now you have a completely clean docker machine inside of digitalocean server room.
I was creating my own setup, but I have found this, which basically has solved all my problems. It's quite easy to setup. You just need to create two containers, one for the persistent data (or you can just use directory/volume) and one as actual opnvpn application container.
$ OVPN_DATA="ovpn-data" $ IP=$(docker-machine ip) $ docker run --name $OVPN_DATA -v /etc/openvpn busybox $ docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u udp://$IP
Next command will generate all the certificates and keys. Please save the password for later use.
$ docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki
And finally we can run our vpn container.
$ docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged kylemanna/openvpn
Next step is to generate client key. In this case we will generate one without password.
$ docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
Retrive the client configuration with embedded certificates.
$ docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
Now you can use whatever client you like. In case you want to backup the configuration please use following command.
$ docker run --volumes-from $OVPN_DATA -v $(pwd):/backup --rm kylemanna/openvpn tar cvzf /backup/openvpn.tar.gz /etc/openvpn