Present day software deployment ways never cease to amaze me. Yesterday I was able to set up an OpenVPN server with dokku on one of my spare linodes in a matter of minutes!

What you’ll need:

  1. A server with dokku running on it
  2. A vpn client software. I use tunnelblick for macOS and OpenVPN Connect for iOS.

Setting things up:

  1. Clone this git repo:

     git clone https://github.com/v-yarotsky/dokku-openvpn.git

  2. On your dokku host:

     dokku apps:create vpn

 # Create & mount the directory where the certificate
 # and profiles will be stored
 sudo -u dokku mkdir /var/lib/dokku/data/storage/vpn
 dokku storage:mount vpn /var/lib/dokku/data/storage/vpn:/etc/openvpn

  3. Push the repo to dokku from your machine:

     git remote add dokku dokku@yourhost.example.org:vpn
 git push dokku master

  4. On the dokku host again:

     # Generate OpenVPN config
 dokku run vpn ovpn_genconfig -u udp://yourvpn.example.org

 # Generate self-signed certificate
 # Remember the password!
 dokku run vpn ovpn_initpki

 # Tell dokku to bind a port and allow the container to perform network
 # configuration operations
 dokku docker-options:add vpn deploy --cap-add=NET_ADMIN
 dokku docker-options:add vpn deploy -p 1194:1194/udp

 # Tell dokku not to perform http health checks
 dokku checks:disable vpn

 # Tell dokku to not even try to proxy a udp service through nginx
 dokku proxy:disable vpn

 # Always restart the container on errror
 dokku ps:set-restart-policy vpn always

 # Scale up the vpn process
 dokku ps:scale vpn vpn=1

 # Generate client profile
 dokku run vpn easyrsa build-client-full your-client-name nopass

  5. On your client:

     ssh yourhost.example.org dokku run vpn ovpn_getclient your-client-name > your-client-name.ovpn
  6. Open the downloaded profile in your OpenVPN client of choice.
  8. Profit!

Credits:

Thanks to Kyle Manna and everyone who has contributed to docker-openvpn for making the process of setting up a vpn server so painless.

Also, thank you dokku maintainers & contributors for providing a clean & easy way to deploy hobby projects without paying absurd amounts of money to heroku!