I-ProHoster > Π‘Π»ΠΎΠ³ > Ukuphatha > Yethula i-OpenVPN ku-Docker emizuzwaneni emi-2

Yethula i-OpenVPN ku-Docker emizuzwaneni emi-2

Sawubona, bahlali baseKhabrovsk! Wake wahlangabezana nesimo lapho ufuna ngempela ukuthuthwa uye kwelinye idolobha, izwe noma izwekazi? Nginalesi sidingo kaningi, ngakho-ke ithuba lokuba neseva yami ye-VPN, engathulwa noma kuphi, emizuzwaneni embalwa, laliphuthuma kakhulu. Kulesi sihloko ngifuna ukukhuluma ngephrojekthi yami, engayikhulelwa ngenkathi ngifuna isisombululo esenziwe ngomumo, kulokhu i-Docker isithombe esingakuvumela ukuthi usethe ngokushesha iseva ye-OpenVPN, nobuncane bezilungiselelo kanye nezinga elamukelekayo lokuphepha.

Yethula i-OpenVPN ku-Docker emizuzwaneni emi-2

prehistory

Amandla okusebenzisa isevisi kunoma yimuphi umshini - kungaba iseva ebonakalayo, noma iseva yangasese ebonakalayo, noma isikhala sesitsha ngaphakathi kolunye uhlelo lokuphatha iziqukathi - lalibalulekile. Amehlo ami avele awela kuDocker. Okokuqala, le sevisi ithola ukuthandwa, ngakho-ke abahlinzeki abaningi ngokwengeziwe bahlinzeka ngezixazululo ezenziwe ngomumo ngokufakwa kwayo kwangaphambili; okwesibili, kukhona indawo yokugcina izithombe lapho ungalanda khona futhi usebenzise isevisi usebenzisa umyalo owodwa kutheminali. Umqondo wokuthi umsebenzi onjalo kufanele ube khona kakade futhi ngawufuna kanzima. Kodwa iningi lamaphrojekthi engiwatholile ayenzima kakhulu (kwakumele udale isitsha sokugcina idatha unomphela futhi uqalise isiqukathi ngohlelo lokusebenza izikhathi eziningana ngemingcele ehlukene), noma ngaphandle kwemibhalo ehlakaniphile, noma eshiywe ngokuphelele. Ungatholi lutho olwamukelekayo. , ngiqale umsebenzi kuphrojekthi yakho. Bekunobusuku bokungalali ngaphambi kokutadisha amadokhumenti, ikhodi yokubhala kanye nokulungisa iphutha, kodwa ekugcineni isevisi yami yabona ukukhanya kosuku futhi yaqala ukucwazimula ngayo yonke imibala yephaneli ye-LED ye-monochrome yomzila. Ngakho-ke, ngicela ukuthi uthande futhi uthande - I-Docker-OpenVPN. Ngize ngaqhamuka nelogo (ngenhla, ngaphambi kokusikwa), kodwa ungayehluleli ngokuqinile, ngoba angiseyena umklami (angiseyena). Lapho ngiqalisa le phrojekthi, ngenza ijubane lokuthunyelwa libe phambili, okungenani izilungiselelo kanye nezinga elamukelekile lokuphepha. Ngokuzama nangephutha, ngathola ibhalansi efanele yalezi zindlela zokuhlola, nokho, kwezinye izindawo kwakudingeka ngidele isivinini sokuthunyelwa ngenxa yezokuphepha, futhi kwadingeka ngikhokhele ukuphatheka kwezilungiselelo ezimbalwa: ekucushweni kwamanje, a isiqukathi uma sesidaliwe kwenye iseva ayikwazi ukudluliselwa futhi yethulwe kwenye. Isibonelo, zonke izitifiketi zeklayenti nezeseva ziyakhiqizwa uma isevisi iqala futhi lokhu kuzothatha cishe imizuzwana emi-2. Kodwa-ke, ukukhiqizwa kwefayela le-Hellman Defi bekufanele kuthathwe ngesikhathi sokwakha: lidalwe ngesikhathi sokwakhiwa kwesithombe sedokhu futhi lingahlala imizuzu eyi-10. Ngingathanda ngempela ukuthola ukucwaningwa kwezokuphepha kwesixazululo esinjalo esivela emphakathini ohlonishwayo.

Qalisa

Ukuqala isevisi sidinga izinto ezimbalwa:

  1. Iseva: ebonakalayo noma ebonakalayo. Ngokweqile kuyenzeka ukusebenza nge-docker-in-docker mode, kodwa angikayihloli kakhulu le nketho;
  2. Eqinisweni i-Docker. Abahlinzeki abaningi bokusingatha bahlinzeka ngezixazululo ezenziwe ngomumo nge-Docker ebhodini;
  3. Ikheli lasesizindeni se-intanethi.

Uma yonke imininingwane isendaweni, konke okufanele sikwenze ukusebenzisa umyalo olandelayo kukhonsoli yeseva yakho:

docker run --cap-add=NET_ADMIN 
-it -p 1194:1194/udp -p 80:8080/tcp 
-e HOST_ADDR=$(curl -s https://api.ipify.org) 
alekslitvinenk/openvpn

Umfundi oqaphile kungenzeka ukuthi ubonile ukuthi ikheli le-IP leseva linqunywa ngokuzenzakalelayo kusetshenziswa ipify.org. Uma ngesizathu esithile lokhu kungasebenzi, ungakwazi ukucacisa ikheli mathupha. Uma zonke izinyathelo zangaphambilini ziqedwe ngendlela efanele, kufanele sibone okufanayo kukhonsoli:

Sun Jun  9 08:56:11 2019 Initialization Sequence Completed
Sun Jun  9 08:56:12 2019 Client.ovpn file has been generated
Sun Jun  9 08:56:12 2019 Config server started, download your client.ovpn config at http://example.com/
Sun Jun  9 08:56:12 2019 NOTE: After you download you client config, http server will be shut down!

Sesiseduze nomgomo: manje sidinga ukukopisha isibonelo.com (kuwe kuzoba yikheli leseva yakho) futhi ulinamathisele kubha yekheli lesiphequluli sakho. Ngemva kokucindezela u-Enter, ifayela le-client.ovpn lizolandwa, futhi iseva ye-http ngokwayo izonyamalala ilibaleke. Uma lesi sixazululo singabaza, ungasebenzisa iqhinga elilandelayo: sebenzisa umyalo wangaphambilini bese wengeza amafulegi zp kanye nephasiwedi. Manje, uma unamathisela isixhumanisi esikhiqiziwe efasiteleni lesiphequluli, uzothola ingobo yomlando ye-zip enephasiwedi. Uma usunefayela lokumisa leklayenti, ungasebenzisa noma yiliphi iklayenti elifanelekile. Ngisebenzisa i-Tunnelblick ye-Mac.

Isifundo sevidiyo

Lesi sifundo sevidiyo siqukethe imiyalelo enemininingwane yokuphakela isevisi ku-DigitalOcean.

PS Uma uthola le phrojekthi iwusizo, sicela uyinikeze inkanyezi ku-GitHub, ifoloko bese utshela abangani bakho. Abanikeli kanye nokuhlolwa kwezokuphepha nakho kwamukelwa kabanzi.I-PPS Uma lesi sihloko siphela ku-Habr, khona-ke ngihlela ukubhala okulandelayo mayelana nendlela engaqala ngayo i-docker-in-docker kanye ne-docker-in-docker-in-docker, kungani ngikwenzile nokuthi yini eyaphuma kuyo.
I-EDIT1:

  1. Amaphutha alungisiwe ekushicilelweni,
  2. Ngiphendula kumazwana, nginqume ukubeka lolu lwazi lapha: i -fulege elinelungelo liyadingeka ukuze usebenze nama-iptables.

I-EDIT2:

  1. Kuthuthukiswe umyalo wokwethulwa kwesithombe: manje awudingi -ifulegi elinelungelo
  2. Kwengezwe isixhumanisi kumhlahlandlela wevidiyo wolimi lwesi-Russian: youtube.be/A8zvrHsT9A0

Source: www.habr.com

Engeza amazwana