百分百源码网-让建站变得如此简单! 登录 注册 签到领金币!

主页 | 如何升级VIP | TAG标签

当前位置: 主页>网站教程>服务器> CentOS 6系统上借助docker快速搭建openvpn服务
分享文章到:

CentOS 6系统上借助docker快速搭建openvpn服务

发布时间:01/15 来源: 浏览: 关键词:
本文章为各位介绍一篇关于CentOS 6系统上借助docker快速搭建openvpn服务的教程,希望文章对大家有帮助.

一、安装docker

1、在CentOS6上安装docker除去编译之外还可以通过yum安装,不过是用EPEL源来安装
[root@li760-160 ~]# yum clean all
[root@li760-160 ~]# yum makecache
[root@li760-160 ~]# yum install -y epel-release
2、安装docker 和rzsz命令方便等下传输ovpn配置文件
[root@li760-160 ~]# yum install -y docker-io lszrz
3、启动docker和设置docker开机启动
[root@li760-160 ~]# service docker start
Starting cgconfig service:                                 [确定]
Starting docker:                                           [确定]
[root@li760-160 ~]# chkconfig docker on
[root@li760-160 ~]# chkconfig --list docker
docker          0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
二、安装openvpn

1、设置环境变量
[root@li760-160 ~]# OVPN_DATA="ovpn-data"
2、使用busybox作为一个最小的Docker镜像,创建一个空Docker volume容器
[root@li760-160 ~]# docker run --name $OVPN_DATA -v /etc/openvpn busybox
Unable to find image 'busybox:latest' locally
latest: Pulling from busybox
d1592a710ac3: Pull complete
17583c7dd0da: Pull complete
busybox:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.

Digest: sha256:87fcdf79b696560b61905297f3be7759e01130a4befdfe2cc9ece9234bbbab6f
Status: Downloaded newer image for busybox:latest
3、初始化ovpn_data容器,它将包含配置文件和证书,并用你的FQDN替代li760-160.members.linode.com。
li760-160.members.linode.com的值必须是完全合格的域名,你需要用它来与服务器通信,这里假设你已经配置了DNS。另外,也可以使用IP地址,但不推荐。
[root@li760-160 ~]# docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u udp://li760-160.members.linode.com:1194
Unable to find image 'kylemanna/openvpn:latest' locally
latest: Pulling from kylemanna/openvpn
f4fddc471ec2: Pull complete
436e44808d7e: Pull complete
53dc01341c1a: Pull complete
19ef56561d59: Pull complete
4244388d7507: Pull complete
2766f436f026: Pull complete
6c2bf215f932: Pull complete
58e4204b748a: Pull complete
c6117666d7ea: Pull complete
27500bc73b15: Pull complete
a2142c0e2d01: Pull complete
47bc69d9a3ac: Pull complete
f083c7fd707b: Pull complete
Digest: sha256:70757f7391115db3ac544c08253d595b09d9655941694b2a4fe4c64cbf492b7f
Status: Downloaded newer image for kylemanna/openvpn:latest
Successfully generated config
4、生成EasyRSA PKI 证书授权中心时,可能会要求你输入CA私有密钥的密码。
[root@li760-160 ~]# docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/pki

Generating a 2048 bit RSA private key
....................+++
.............................................................................................................+++
writing new private key to '/etc/openvpn/pki/private/ca.key.XXXXPKEfGd'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/pki/ca.crt

Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
....+..........................................................................+................................................................................+..........+...................................................................................................+.....+.........................+.....................+..............................................................................................................................................................................................................+............+............................................................................+.........................+.....................................................................................................................................................................+............................................................................................................................................................................................................................................................................................................++*++*

DH parameters of size 2048 created at /etc/openvpn/pki/dh.pem

Generating a 2048 bit RSA private key
..........................................+++
........................................................................................................................+++
writing new private key to '/etc/openvpn/pki/private/li760-160.members.linode.com.key.XXXXLiKPjM'
-----
Using configuration from /usr/share/easy-rsa/openssl-1.0.cnf
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'li760-160.members.linode.com'
Certificate is to be certified until Nov  3 06:55:16 2025 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
Linux之在CentOS 6系统上借助docker快速搭建openvpn服务

5、创建一个Upstart初始化文件来自动运行OpenVPN服务进程
[root@li760-160 ~]# cat > /etc/init/docker-openvpn.conf << EOF
description "Docker container for OpenVPN server"
start on filesystem and started docker
stop on runlevel [!2345]
respawn
script
exec docker run --volumes-from ovpn-data --rm -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
end script
EOF
6、使用Upstart初始化机制来启动进程
[root@li760-160 ~]# start docker-openvpn
docker-openvpn start/running, process 27961
7、通过看STATUS列确认容器开启,容器没有立即崩溃
[root@li760-160 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                    NAMES
ea5551261636        kylemanna/openvpn   "ovpn_run"          9 seconds ago       Up 8 seconds        0.0.0.0:1194->1194/udp   sad_colden         
[root@li760-160 ~]#
8、生成客户端证书和配置文件
[root@li760-160 ~]# docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full li760-160.members.linode.com.ovpn nopass
Linux之在CentOS 6系统上借助docker快速搭建openvpn服务

9、导出配置文件
[root@li760-160 ~]# docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_getclient li760-160.members.linode.com.1.ovpn > li760-160.members.linode.com.1.ovpn
Linux之在CentOS 6系统上借助docker快速搭建openvpn服务

10、将配置文件导出到本地电脑
[root@li760-160 ~]# sz li760-160.members.linode.com.1.ovpn
三、测试可用性

[root@li760-160 ~]# ss -unlp |grep :1194
UNCONN     0      0                        :::1194                    :::*      users:(("docker",28025,5))
[root@li760-160 ~]#
Linux之在CentOS 6系统上借助docker快速搭建openvpn服务

Linux之在CentOS 6系统上借助docker快速搭建openvpn服务

Linux之在CentOS 6系统上借助docker快速搭建openvpn服务

Linux之在CentOS 6系统上借助docker快速搭建openvpn服务
Linux之在CentOS 6系统上借助docker快速搭建openvpn服务

四、一键脚本
wget -4qO- onekey.sh/docker-openvpn|bash
#!/bin/bash
#########################################################################
# File Name: docker-openvpn.sh
# Author: LookBack
# Email: admin#dwhd.org
# Version:
# Created Time: 2015年11月06日 星期五 17时12分35秒
#########################################################################

if [ $(id -u) != "0" ]; then { echo "Please use the root account to run this script"; exit $?;} ;fi

yum clean all
yum makecache
#yum repolist 2>&1|grep '^\*epel' >/dev/null 2>&1
#[ "$?" = "0" ] && yum install -y docker-io lszrz || { yum install -y epel-release; yum install -y docker-io lszrz; }

if ! yum repolist 2>&1|grep -E '^(\*)?epel' >/dev/null 2>&1; then
        yum remove -y epel-release
        yum install -y epel-release
fi
 
 
if ! awk '{a=substr($3,0,1);exit (a==6)?0:1}' /etc/redhat-release; then
        yum update
        cat >/etc/yum.repos.d/docker.repo << EOF
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
        yum install -y docker-engine lszrz
else
        yum install -y docker-io lszrz
fi

service docker start
chkconfig docker on
#chkconfig --list docker

OVPN_DATA="ovpn-data"
docker run --name $OVPN_DATA -v /etc/openvpn busybox

read -p "Pls input your domain: " FQDNDomain
docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u udp://${FQDNDomain}:1194

docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki
cat > /etc/init/docker-openvpn.conf << EOF
description "Docker container for OpenVPN server"
start on filesystem and started docker
stop on runlevel [!2345]
respawn
script
exec docker run --volumes-from ovpn-data --rm -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
end script
EOF

start docker-openvpn

if docker ps|grep 1194 >/dev/null 2>&1; then echo "OpenVPN installd and running."

docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full ${FQDNDomain}.ovpn nopass
docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_getclient ${FQDNDomain}.ovpn > ${FQDNDomain}.ovpn
sz ${FQDNDomain}.ovpn && /bin/rm -rf ${FQDNDomain}.ovpn

打赏

打赏

取消

感谢您的支持,我会继续努力的!

扫码支持
扫码打赏,你说多少就多少

打开支付宝扫一扫,即可进行扫码打赏哦

百分百源码网 建议打赏1~10元,土豪随意,感谢您的阅读!

相关文章

共有3人阅读,期待你的评论!发表评论
昵称: 网址: 验证码: 点击我更换图片
最新评论

本文标签

广告赞助

能出一分力是一分吧!

订阅获得更多模板

本文标签

广告赞助

订阅获得更多模板

关于我们-免责声明-业务报价-广告服务-意见反馈-常见问题-网站地图

百分百源码网声明:本站所有模板文章除标明原创外,均来自网络转载,版权归作者所有,如果有侵犯权益,请联系本站删除!

Copyright © 2021 完整无错带数据网站源码模板下载平台! WWW.BAIDOW.COM.