Present day software deployment ways never cease to amaze me. Yesterday I was able to set up an OpenVPN server with dokku on one of my spare linodes in a matter of minutes!
What you’ll need:
- A server with dokku running on it
- A vpn client software. I use tunnelblick for macOS and OpenVPN Connect for iOS.
Setting things up:
Clone this git repo:
git clone https://github.com/v-yarotsky/dokku-openvpn.git
On your dokku host:
dokku apps:create vpn # Create & mount the directory where the certificate # and profiles will be stored sudo -u dokku mkdir /var/lib/dokku/data/storage/vpn dokku storage:mount vpn /var/lib/dokku/data/storage/vpn:/etc/openvpn
Push the repo to dokku from your machine:
git remote add dokku email@example.com:vpn git push dokku master
On the dokku host again:
# Generate OpenVPN config dokku run vpn ovpn_genconfig -u udp://yourvpn.example.org # Generate self-signed certificate # Remember the password! dokku run vpn ovpn_initpki # Tell dokku to bind a port and allow the container to perform network # configuration operations dokku docker-options:add vpn deploy --cap-add=NET_ADMIN dokku docker-options:add vpn deploy -p 1194:1194/udp # Tell dokku not to perform http health checks dokku checks:disable vpn # Tell dokku to not even try to proxy a udp service through nginx dokku proxy:disable vpn # Always restart the container on errror dokku ps:set-restart-policy vpn always # Scale up the vpn process dokku ps:scale vpn vpn=1 # Generate client profile dokku run vpn easyrsa build-client-full your-client-name nopass
On your client:
ssh yourhost.example.org dokku run vpn ovpn_getclient your-client-name > your-client-name.ovpn
- Open the downloaded profile in your OpenVPN client of choice.
Thanks to Kyle Manna and everyone who has contributed to docker-openvpn for making the process of setting up a vpn server so painless.
Also, thank you dokku maintainers & contributors for providing a clean & easy way to deploy hobby projects without paying absurd amounts of money to heroku!