ProHoster > Блог > Nchịkwa > Gbaa OpenVPN na Docker n'ime sekọnd abụọ

Gbaa OpenVPN na Docker n'ime sekọnd abụọ

Ndewo, Khabrovits! Ị nwetụla ọnọdụ ebe ị ga-achọ n'ezie ka ebuga gị n'obodo ọzọ, obodo ma ọ bụ kọntinent ọzọ? Enwere m mkpa dị otú ahụ mgbe mgbe, ya mere ikike inwe ihe nkesa VPN nke m nwere ike ịmalite ebe ọ bụla, n'ime sekọnd ole na ole, dị oke njọ. N'isiokwu a, achọrọ m ikwu banyere ọrụ m, nke m tụrụ ime mgbe m dị. na-achọ ihe ngwọta emebere, na nke a, docker ihe oyiyi nke ga-enye gị ohere ibulite ihe nkesa OpenVPN ngwa ngwa, yana opekempe ntọala yana ọkwa nchekwa dị mma.

Gbaa OpenVPN na Docker n'ime sekọnd abụọ

prehistory

Ikike iji rụọ ọrụ na igwe ọ bụla-ma ọ bụ ihe nkesa anụ ahụ, ma ọ bụ ihe nkesa nkeonwe, ma ọ bụ ọbụna oghere akpa n'ime sistemụ njikwa akpa ọzọ-dị oke mkpa. Anya m ozugbo dakwasịrị Docker. Firstly, ọrụ a na-enweta ewu ewu, ya mere, ọtụtụ na ndị ọzọ na-enye ihe ngwọta na njikere mere ya tupu echichi; Nke abuo, enwere ebe nchekwa ihe onyonyo site na ebe ị nwere ike budata ma jiri otu iwu rụọ ọrụ na ọdụ. Echiche na ụdị ọrụ ahụ kwesịrị ịdị adị letara m ma chọsie ike. Ma, ọtụtụ n'ime ọrụ m chọpụtara bụ ma dị oke egwu (ọ dị mkpa ịmepụta akpa maka nchekwa data na-adịgide adịgide ma na-eji ngwa ahụ na-eji ngwa ahụ ọtụtụ ugboro na paramita dị iche iche), ma ọ bụ na-enweghị akwụkwọ mara mma, ma ọ bụ gbahapụrụ kpamkpam. Ọ dịghị ihe na-anabata, amalitere m ọrụ na ọrụ gị. Enwere abalị na-enweghị ụra nke ịmụ akwụkwọ, koodu ederede na debugging n'ihu, mana n'ikpeazụ, ọrụ m hụrụ ìhè nke ụbọchị wee jiri agba niile nke monochrome LED panel nke rawụta. Yabụ, a na m arịọ gị ka ị hụ n'anya na ihu ọma - docker-openvpn. M ọbụna wee na a logo (n'elu, tupu ịkpụ), ma ekpela ikpe ya nke ọma, n'ihi na m na-abụghị a mmebe (ama) Mgbe m mejuputa atumatu a, m tinye deployment ọsọ, a kacha nta nke ntọala na. ọkwa nchekwa nke a na-anabata n'ihu. Site na nnwale na njehie, achọpụtara m nguzozi kachasị mma nke njirisi ndị a, agbanyeghị, n'ebe ụfọdụ m ga-achụrịrị ọsọ mbugharị n'ihi nchekwa, na a ga-akwụrịrị ọdụ ụgbọ ala maka opekempe ntọala: na nhazi ugbu a, ozugbo emebere ya. enweghị ike ibufe akpa n'otu ihe nkesa wee gbaa ọsọ na nke ọzọ. Dịka ọmụmaatụ, ndị ahịa niile na asambodo nkesa na-emepụta mgbe ọrụ malitere na ọ na-ewe ihe dịka 2 sekọnd. Otú ọ dị, ekwesịrị ịkwaga ọgbọ nke faịlụ Defi Hellman iji wuo oge: a na-emepụta ya n'oge a na-ewu ihe oyiyi docker ma nwee ike iwe ihe dị ka nkeji iri. Ọ ga-amasị m ịnweta nyocha nchekwa nke ngwọta dị otú ahụ site na obodo a na-akwanyere ùgwù nke ukwuu.

Mwepụta

Iji malite ọrụ ahụ, anyị chọrọ ihe ole na ole:

  1. Ihe nkesa: anụ ahụ ma ọ bụ mebere. Ọ ga-ekwe omume ịgba ọsọ na ọnọdụ docker-in-docker, mana anwalebeghị m nhọrọ a nke ukwuu;
  2. N'ezie Docker. Ọtụtụ ndị na-eweta nnabata na-enye azịza turnkey na Docker "na ụgbọ mmiri";
  3. Adreesị IP ọha.

Ọ bụrụ na nkọwa niile dị, mgbe ahụ ihe anyị ga-eme bụ ịme iwu na-esonụ na njikwa nke ihe nkesa gị:

docker run --cap-add=NET_ADMIN 
-it -p 1194:1194/udp -p 80:8080/tcp 
-e HOST_ADDR=$(curl -s https://api.ipify.org) 
alekslitvinenk/openvpn

Onye na-agụ nke ọma nwere ike chọpụtala na a na-ekpebi adreesị IP nke ihe nkesa na-akpaghị aka ipify.org. Ọ bụrụ n'ihi ihe ụfọdụ nke a anaghị arụ ọrụ, mgbe ahụ ị nwere ike iji aka kọwaa adreesị ahụ, ọ bụrụ na emere usoro niile gara aga nke ọma, yabụ anyị kwesịrị ịhụ ihe yiri ya na njikwa:

Sun Jun  9 08:56:11 2019 Initialization Sequence Completed
Sun Jun  9 08:56:12 2019 Client.ovpn file has been generated
Sun Jun  9 08:56:12 2019 Config server started, download your client.ovpn config at http://example.com/
Sun Jun  9 08:56:12 2019 NOTE: After you download you client config, http server will be shut down!

Anyị dị nso na ihe mgbaru ọsọ: ugbu a, anyị kwesịrị iṅomi example.com (n'ọnọdụ gị ọ ga-abụ adreesị nke ihe nkesa gị) ma mado ya n'ime adreesị mmanya nke ihe nchọgharị ahụ. Mgbe ịpịrị Tinye, a ga-ebudata faịlụ client.ovpn, na sava http n'onwe ya ga-abanye na nchefu. Ọ bụrụ na mkpebi a nwere obi abụọ, mgbe ahụ ị nwere ike iji aghụghọ a: mee iwu gara aga ma gbakwunye ọkọlọtọ zp na paswọọdụ. Ugbu a, ọ bụrụ na ị mado njikọ emepụtara n'ime mpio ihe nchọgharị, ị ga-enweta ebe nchekwa zip nwere paswọọdụ mgbe ị nwere faịlụ nwere nhazi onye ahịa, ịnwere ike iji onye ahịa ọ bụla dabara adaba. M na-eji Tunnelblick maka Mac.

Nkuzi vidiyo

Nkuzi vidiyo a nwere ntuziaka zuru ezu maka itinye ọrụ na DigitalOcean.

PS Ọ bụrụ na ịchọtara na ọrụ a bara uru, biko nye ya kpakpando na GitHub, gbanye ya ma gwa ndị enyi gị. A na-anabatakwa ndị ntinye aka na nyocha nchekwa.Pps Ọ bụrụ na edemede a kwụsịrị na Habr, m na-eme atụmatụ ide nke na-esote banyere otu m si agba ọsọ docker-in-docker na docker-in-docker-in-docker, ihe kpatara m ji mee ya na ihe si na ya pụta.
EDIT1:

  1. Njehie nbipute edobere
  2. N'ịzaghachi okwu, ekpebiri m itinye ozi a ebe a: ọkọlọtọ --privileged dị mkpa iji rụọ ọrụ na iptables.

EDIT2:

  1. Emelitere iwu mbido onyonyo: ugbu a ọ chọghị ọkọlọtọ --privileged
  2. Etinyere njikọ na ntuziaka vidiyo asụsụ Russian: youtube.be/A8zvrHsT9A0

isi: www.habr.com

Tinye a comment