ProHoster > Blog > Utongi > Tangisa OpenVPN muDocker mumasekonzi maviri

Tangisa OpenVPN muDocker mumasekonzi maviri

Mhoroi, vagari veKhabrovsk! Wakambosangana nemamiriro ezvinhu pawaida chaizvo kutakurwa kuenda kune rimwe guta, nyika kana kondinendi? Ndine chinodiwa ichi kazhinji, saka mukana wekuva neyangu VPN server, iyo inogona kutangwa chero kupi, mumasekonzi mashoma, yaive yekukurumidzira.Muchinyorwa chino ndinoda kutaura nezve purojekiti yangu, yandakabata pamuviri pandakanga ndiri uchitsvaga mhinduro yakagadzirwa, mune iyi Docker mufananidzo waizokubvumidza iwe kukurumidza kuseta OpenVPN server, ine hushoma hwezvirongwa uye inogamuchirwa mwero wekuchengetedza.

Tangisa OpenVPN muDocker mumasekonzi maviri

prehistory

Iko kugona kumhanyisa sevhisi pane chero muchina - ingave sevha yemuviri, kana chaiyo yakavanzika sevha, kana kunyange nzvimbo yemidziyo mukati meimwe mudziyo manejimendi system - yaive yakakosha. Ziso rangu rakabva rawira paDocker. Chekutanga, sevhisi iyi iri kuwedzera mukurumbira, uye nekudaro vapeji vakawanda vari kupa zvigadziriso zvakagadzirirwa ne pre-installation; chechipiri, kune nzvimbo yekuchengetedza yepakati yemifananidzo kubva kwaunogona kudhawunirodha nekumhanyisa sevhisi uchishandisa murairo mumwechete mune terminal. Pfungwa yekuti chirongwa chakadaro chinofanirwa kunge chiriko chakauya kwandiri ndikatsvaga. Asi mazhinji emapurojekiti andakawana anga akaomesesa (waifanira kugadzira chigaba chekuchengetera data zvachose uye wotanga chigaba chine application kakawanda nemaparameta akasiyana), kana pasina magwaro ane hungwaru, kana kusiiwa zvachose. , ndatanga basa pachirongwa chenyu. Paive nehusiku hwekusarara pamberi pekudzidza zvinyorwa, kunyora kodhi uye kugadzirisa, asi pakupedzisira sevhisi yangu yakaona chiedza chezuva ndokutanga kupenya nemavara ese eiyo router's monochrome LED panel. Saka, ndinokukumbira kuti ude uye nyasha - Docker-OpenVPN. Ini ndakatouya nelogo (pamusoro, isati yachekwa), asi usaitonge zvakanyanya, nekuti ini handisi mugadziri (zvakare).Pandakaita chirongwa ichi, ndakaisa pamberi kumhanya kwekutumirwa, kushoma kwe zvigadziriso uye mwero unogamuchirwa wechengetedzo. Kuburikidza nekuedza uye kukanganisa, ndakawana chiyero chakakwana chemaitiro aya, zvisinei, mune dzimwe nzvimbo ndaifanira kubayira kukurumidza kuendesa nekuda kwekuchengetedza, uye ndaifanira kubhadhara kutakurika kwezvishoma zvigadziriso: mukugadzirisa kwazvino, a mudziyo wakambogadzirwa pane imwe server haugone kutamiswa uye kutangwa pane imwe. Semuyenzaniso, ese mutengi uye server zvitupa zvinogadzirwa kana sevhisi yatanga uye izvi zvinotora anenge 2 masekondi. Nekudaro, chizvarwa cheHellman Defi faira chaifanira kutorwa munguva yekuvaka: inogadzirwa panguva yekuvakwa kweiyo docker mufananidzo uye inogona kugara kusvika kumaminitsi gumi. Ndinoda chaizvo kugamuchira kuongororwa kwekuchengetedza kwemhinduro yakadai kubva munharaunda inoremekedzwa.

Kutanga

Kuti titange sevhisi tinoda zvinhu zvakati wandei:

  1. Sevha: yemuviri kana yechokwadi. Izvo zvinokwanisika kumhanya mu docker-mukati-docker modhi, asi ini handina zvakanyanya kuyedza iyi sarudzo;
  2. Chaizvoizvo Docker. Vazhinji vanopa vanopa vanopa mhinduro dzakagadzirirwa-dzakagadzirwa neDocker pabhodhi;
  3. Public IP address.

Kana zvese zvese zviri munzvimbo, saka zvese zvatinofanira kuita kumhanyisa unotevera kuraira mukoni ye server yako:

docker run --cap-add=NET_ADMIN 
-it -p 1194:1194/udp -p 80:8080/tcp 
-e HOST_ADDR=$(curl -s https://api.ipify.org) 
alekslitvinenk/openvpn

Muverengi anoteerera anogona kunge aona kuti sevha IP kero inotemwa nekushandisa ipify.org. Kana nekuda kwechimwe chikonzero izvi zvisingashande, saka unogona kudoma kero nemawoko.Kana matanho ese apfuura akapedzwa nemazvo, saka tinofanira kuona chimwe chinhu chakafanana mukoni:

Sun Jun  9 08:56:11 2019 Initialization Sequence Completed
Sun Jun  9 08:56:12 2019 Client.ovpn file has been generated
Sun Jun  9 08:56:12 2019 Config server started, download your client.ovpn config at http://example.com/
Sun Jun  9 08:56:12 2019 NOTE: After you download you client config, http server will be shut down!

Isu tave pedyo nechinangwa: ikozvino tinoda kutevedzera Example.com (munyaya yako ichave iyo kero yeserver yako) uye isa mukero bar yebrowser yako. Mushure mekudzvanya Enter, iyo client.ovpn faira ichatorwa, uye iyo http server pachayo ichanyangarika mukukanganwa. Kana mhinduro iyi iri mukupokana, unogona kushandisa hunyengeri hunotevera: mhanyisa rairo yapfuura uye wedzera mireza zp uye password. Zvino, kana ukaisa chinongedzo chagadzirwa pahwindo rebrowser, uchagashira zip archive ine password.Kana wava neclient configuration file, unogona kushandisa chero mutengi akakodzera. Ini ndinoshandisa Tunnelblick yeMac.

Vhidhiyo Tutorial

Vhidhiyo iyi dzidziso ine yakadzama mirairo yekuendesa sevhisi paDigitalOcean.

PS Kana iwe ukaona ichi purojekiti ichibatsira, ndapota ipa nyeredzi paGitHub, forogo uye uudze shamwari dzako. Vanopa uye kuchengetedza ongororo vanogamuchirwawo zvakanyanya.PPS Kana chinyorwa ichi chikaguma paHabr, saka ndinoronga kunyora inotevera pamusoro pekuti ndakatanga sei docker-in-docker uye docker-in-docker-in-docker, nei ndakazviita uye zvakabuda mairi.
EDIT1:

  1. Kugadziriswa zvikanganiso mukuburitswa,
  2. Ndichipindura zvakataurwa, ndakafunga kuisa ruzivo urwu pano: iyo -yakaropafadzwa mureza inodiwa kushanda ne iptables.

EDIT2:

  1. Yakavandudza iwo mufananidzo wekutanga kuraira: ikozvino haidi iyo -yakaropafadzwa mureza
  2. Yakawedzera chinongedzo kugwaro revhidhiyo remutauro weRussia: youtube.be/A8zvrHsT9A0

Source: www.habr.com

Voeg