Merge pull request #620 from kylemanna/dev
Fix /etc/openvpn/vars bug for old docker volumes
This commit is contained in:
commit
1228577d45
|
@ -15,8 +15,7 @@ RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/reposi
|
|||
ENV OPENVPN=/etc/openvpn
|
||||
ENV EASYRSA=/usr/share/easy-rsa \
|
||||
EASYRSA_CRL_DAYS=3650 \
|
||||
EASYRSA_PKI=$OPENVPN/pki \
|
||||
EASYRSA_VARS_FILE=$OPENVPN/vars
|
||||
EASYRSA_PKI=$OPENVPN/pki
|
||||
|
||||
VOLUME ["/etc/openvpn"]
|
||||
|
||||
|
|
|
@ -15,7 +15,6 @@ RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community/" >> /etc/apk/reposi
|
|||
ENV OPENVPN /etc/openvpn
|
||||
ENV EASYRSA /usr/share/easy-rsa
|
||||
ENV EASYRSA_PKI $OPENVPN/pki
|
||||
ENV EASYRSA_VARS_FILE $OPENVPN/vars
|
||||
|
||||
# Prevents refused client connection because of an expired CRL
|
||||
ENV EASYRSA_CRL_DAYS 3650
|
||||
|
|
|
@ -31,8 +31,8 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).
|
|||
private key used by the newly generated certificate authority.
|
||||
|
||||
docker volume create --name $OVPN_DATA
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
|
||||
|
||||
* Start OpenVPN server process
|
||||
|
||||
|
@ -40,11 +40,11 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).
|
|||
|
||||
* Generate a client certificate without a passphrase
|
||||
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
|
||||
|
||||
* Retrieve the client configuration with embedded certificates
|
||||
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
|
||||
|
||||
## Next Steps
|
||||
|
||||
|
|
|
@ -1,39 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
#
|
||||
# Import/export EasyRSA default settings
|
||||
#
|
||||
|
||||
if [ "$DEBUG" == "1" ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
set -e
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "No command provided"
|
||||
echo
|
||||
echo "$0 export > /path/to/file"
|
||||
echo "$0 import < /path/to/file"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cmd=$1
|
||||
shift
|
||||
|
||||
case "$cmd" in
|
||||
export)
|
||||
if [ -f "$EASYRSA_VARS_FILE" ]; then
|
||||
cat "$EASYRSA_VARS_FILE"
|
||||
else
|
||||
cat "$EASYRSA/vars.example"
|
||||
fi
|
||||
;;
|
||||
import)
|
||||
cat > "$EASYRSA_VARS_FILE"
|
||||
;;
|
||||
*)
|
||||
echo "Unknown cmd \"$cmd\""
|
||||
exit 2
|
||||
;;
|
||||
esac
|
|
@ -15,10 +15,6 @@ source "$OPENVPN/ovpn_env.sh"
|
|||
# Specify "nopass" as arg[2] to make the CA insecure (not recommended!)
|
||||
nopass=$1
|
||||
|
||||
# EasyRSA 3.0.7 introduced checks for $EASYRSA_VARS_FILE existence
|
||||
# in the init-pki script
|
||||
touch $EASYRSA_VARS_FILE
|
||||
|
||||
# Provides a sufficient warning before erasing pre-existing files
|
||||
easyrsa init-pki
|
||||
|
||||
|
|
Loading…
Reference in New Issue