├── LICENSE
├── README.md
├── backuppc
├── README.md
└── docker-compose.yml
├── chart-museum
├── README.md
└── docker-compose.yml
├── gitlab-runner
├── README.md
└── docker-compose.yml
├── gitlab
├── README.md
└── docker-compose.yml
├── gocd
├── README.md
└── docker-compose.yml
├── jenkins
├── README.md
└── docker-compose.yml
├── nexus3
├── README.md
└── docker-compose.yml
├── openldap
├── README.md
└── docker-compose.yml
├── openvpn-with-ldap
├── Dockerfile
├── README.md
├── config
│ ├── auth-ldap.conf
│ ├── ca.crt
│ ├── client.conf
│ ├── dh2018.pem
│ ├── ipp.txt
│ ├── openvpn_run.sh
│ ├── server.conf
│ ├── server.crt
│ ├── server.key
│ └── ta.key
└── docker-compose.yml
└── openvpn
├── README.md
└── docker-compose.yml
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2018 Trantect
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Collection of common dockerized services for a company.
2 |
3 | 
4 |
5 | 
6 |
7 |
8 | # Components
9 |
10 | * [Gitlab](https://hub.docker.com/r/sameersbn/gitlab/tags/)
11 | web-based Git-repository, you can provide it by docker locally
12 |
13 | * [Gitlab-runner](https://hub.docker.com/r/gitlab/gitlab-runner/tags/)
14 | GitLab Runner is the open source project that is used to run your jobs and send the results back to GitLab.
15 | It is used in conjunction with GitLab CI, the open-source continuous integration service included with GitLab that coordinates the jobs.
16 |
17 | * [GOCD](https://www.gocd.org/)
18 | An open-source Continuous Integration and Continuous Delivery system.
19 |
20 | * [Nexus3](https://hub.docker.com/r/sonatype/nexus3/tags/)
21 | A Dockerfile for Sonatype Nexus Repository Manager 3, based on CentOS. It can be used as cache server (npm, Maven, apt, Nuge, raw packages, docker image) to speed up you CI builds and as repository to store artifacts like: docker image, npm packages and so on.
22 |
23 | * [Jenkins](https://hub.docker.com/r/jenkins/jenkins/)
24 | The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project.
25 | Jenkins is a self-contained, open source automation server which can be used to automate all sorts of tasks related to building, testing, and delivering or deploying software.
26 |
27 | * [Chart-museum](https://hub.docker.com/r/chartmuseum/chartmuseum/tags/)
28 | Helm Chart Repository with support for Amazon S3, Google Cloud Storage, Microsoft Azure Blob Storage, Alibaba Cloud OSS Storage, and Openstack Object Storage.
29 | Works as a valid Helm Chart Repository, and also provides an API for uploading new chart packages to storage etc.
30 |
31 | * [Backuppc](https://backuppc.github.io/backuppc/)
32 | BackupPC is a high-performance, enterprise-grade system for backing up Linux, Windows and macOS PCs and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain.
33 |
34 | * [Openldap](https://www.openldap.org/)
35 | OpenLDAP is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License.
36 |
37 | * [Openvpn](https://openvpn.net/)
38 | OpenVPN is a free and open-source software application that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol[9] that utilizes SSL/TLS for key exchange.
39 |
40 | # Todo
41 | - [ ] create Helm chart for Kubernetes.
42 |
--------------------------------------------------------------------------------
/backuppc/README.md:
--------------------------------------------------------------------------------
1 | # Quick Start
2 |
3 | The quickest way to get start is [docker-compose](https://docs.docker.com/compose/)
4 |
5 | `cd backupppc;docker-compose up -d`
6 |
7 | # More Info:
8 |
9 | https://hub.docker.com/r/adferrand/backuppc/
--------------------------------------------------------------------------------
/backuppc/docker-compose.yml:
--------------------------------------------------------------------------------
1 | backuppc:
2 | restart: always
3 | image: adferrand/backuppc
4 | container_name: backuppc
5 | ports:
6 | - 80:8080
7 | environment:
8 | - TZ=Asia/Toyko
9 | volumes:
10 | - /data/backuppc/data:/data/backuppc
11 | - /data/backuppc/etc:/etc/backuppc
12 | - /data/backuppc/home:/home/backuppc
13 |
--------------------------------------------------------------------------------
/chart-museum/README.md:
--------------------------------------------------------------------------------
1 | # Quick Start
2 |
3 | The quickest way to get start is [docker-compose](https://docs.docker.com/compose/)
4 |
5 | `cd chart-museum;docker-compose up -d`
6 |
7 | # More Info
8 |
9 | https://github.com/helm/chartmuseum
--------------------------------------------------------------------------------
/chart-museum/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | chart-museum:
4 | restart: always
5 | image: chartmuseum/chartmuseum:latest
6 | container_name: chart-museum
7 | volumes:
8 | - ~/.helm/repository/local:/data/charts
9 | ports:
10 | - "80:8080"
11 | environment:
12 | - STORAGE=local
13 | - STORAGE_LOCAL_ROOTDIR=/data/charts
14 | - PORT=8080
--------------------------------------------------------------------------------
/gitlab-runner/README.md:
--------------------------------------------------------------------------------
1 | # Quick Start
2 |
3 | The quickest way to get start is [docker-compose](https://docs.docker.com/compose/)
4 |
5 | `cd gitlab-runner;docker-compose up -d`
6 |
7 | # More Info
8 |
9 | https://docs.gitlab.com/runner/
10 |
--------------------------------------------------------------------------------
/gitlab-runner/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: "2"
2 | services:
3 | gitlab-multi-runner:
4 | image: gitlab/gitlab-runner:alpine
5 | container_name: gitlab-multi-runner
6 | volumes:
7 | - /var/run/docker.sock:/var/run/docker.sock
8 | - $PWD/config:/etc/gitlab-runner
9 | restart: always
--------------------------------------------------------------------------------
/gitlab/README.md:
--------------------------------------------------------------------------------
1 | # Quick Start
2 |
3 | The quickest way to get start is [docker-compose](https://docs.docker.com/compose/)
4 |
5 | `cd gitlab;docker-compose up -d`
6 |
7 | # More Info
8 |
9 | https://github.com/sameersbn/docker-gitlab
10 |
--------------------------------------------------------------------------------
/gitlab/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 |
3 | services:
4 | redis:
5 | restart: always
6 | image: sameersbn/redis:4.0.9-1
7 | command:
8 | - --loglevel warning
9 | volumes:
10 | - /srv/docker/gitlab/redis:/var/lib/redis:Z
11 |
12 | postgresql:
13 | restart: always
14 | image: sameersbn/postgresql:10
15 | volumes:
16 | - /srv/docker/gitlab/postgresql:/var/lib/postgresql:Z
17 | environment:
18 | - DB_USER=gitlab
19 | - DB_PASS=password
20 | - DB_NAME=gitlabhq_production
21 | - DB_EXTENSION=pg_trgm
22 |
23 | gitlab:
24 | restart: always
25 | image: sameersbn/gitlab:11.3.4
26 | depends_on:
27 | - redis
28 | - postgresql
29 | ports:
30 | - "10080:80"
31 | - "10022:22"
32 | volumes:
33 | - /srv/docker/gitlab/gitlab:/home/git/data:Z
34 | environment:
35 | - DEBUG=false
36 |
37 | - DB_ADAPTER=postgresql
38 | - DB_HOST=postgresql
39 | - DB_PORT=5432
40 | - DB_USER=gitlab
41 | - DB_PASS=password
42 | - DB_NAME=gitlabhq_production
43 |
44 | - REDIS_HOST=redis
45 | - REDIS_PORT=6379
46 |
47 | - TZ=Asia/Kolkata
48 | - GITLAB_TIMEZONE=Kolkata
49 |
50 | - GITLAB_HTTPS=false
51 | - SSL_SELF_SIGNED=false
52 |
53 | - GITLAB_HOST=localhost
54 | - GITLAB_PORT=10080
55 | - GITLAB_SSH_PORT=10022
56 | - GITLAB_RELATIVE_URL_ROOT=
57 | - GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string
58 | - GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string
59 | - GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string
60 |
61 | - GITLAB_ROOT_PASSWORD=
62 | - GITLAB_ROOT_EMAIL=
63 |
64 | - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
65 | - GITLAB_NOTIFY_PUSHER=false
66 |
67 | - GITLAB_EMAIL=notifications@example.com
68 | - GITLAB_EMAIL_REPLY_TO=noreply@example.com
69 | - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com
70 |
71 | - GITLAB_BACKUP_SCHEDULE=daily
72 | - GITLAB_BACKUP_TIME=01:00
73 |
74 | - SMTP_ENABLED=false
75 | - SMTP_DOMAIN=www.example.com
76 | - SMTP_HOST=smtp.gmail.com
77 | - SMTP_PORT=587
78 | - SMTP_USER=mailer@example.com
79 | - SMTP_PASS=password
80 | - SMTP_STARTTLS=true
81 | - SMTP_AUTHENTICATION=login
82 |
83 | - IMAP_ENABLED=false
84 | - IMAP_HOST=imap.gmail.com
85 | - IMAP_PORT=993
86 | - IMAP_USER=mailer@example.com
87 | - IMAP_PASS=password
88 | - IMAP_SSL=true
89 | - IMAP_STARTTLS=false
90 |
91 | - OAUTH_ENABLED=false
92 | - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
93 | - OAUTH_ALLOW_SSO=
94 | - OAUTH_BLOCK_AUTO_CREATED_USERS=true
95 | - OAUTH_AUTO_LINK_LDAP_USER=false
96 | - OAUTH_AUTO_LINK_SAML_USER=false
97 | - OAUTH_EXTERNAL_PROVIDERS=
98 |
99 | - OAUTH_CAS3_LABEL=cas3
100 | - OAUTH_CAS3_SERVER=
101 | - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
102 | - OAUTH_CAS3_LOGIN_URL=/cas/login
103 | - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
104 | - OAUTH_CAS3_LOGOUT_URL=/cas/logout
105 |
106 | - OAUTH_GOOGLE_API_KEY=
107 | - OAUTH_GOOGLE_APP_SECRET=
108 | - OAUTH_GOOGLE_RESTRICT_DOMAIN=
109 |
110 | - OAUTH_FACEBOOK_API_KEY=
111 | - OAUTH_FACEBOOK_APP_SECRET=
112 |
113 | - OAUTH_TWITTER_API_KEY=
114 | - OAUTH_TWITTER_APP_SECRET=
115 |
116 | - OAUTH_GITHUB_API_KEY=
117 | - OAUTH_GITHUB_APP_SECRET=
118 | - OAUTH_GITHUB_URL=
119 | - OAUTH_GITHUB_VERIFY_SSL=
120 |
121 | - OAUTH_GITLAB_API_KEY=
122 | - OAUTH_GITLAB_APP_SECRET=
123 |
124 | - OAUTH_BITBUCKET_API_KEY=
125 | - OAUTH_BITBUCKET_APP_SECRET=
126 |
127 | - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
128 | - OAUTH_SAML_IDP_CERT_FINGERPRINT=
129 | - OAUTH_SAML_IDP_SSO_TARGET_URL=
130 | - OAUTH_SAML_ISSUER=
131 | - OAUTH_SAML_LABEL="Our SAML Provider"
132 | - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
133 | - OAUTH_SAML_GROUPS_ATTRIBUTE=
134 | - OAUTH_SAML_EXTERNAL_GROUPS=
135 | - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
136 | - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
137 | - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
138 | - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
139 |
140 | - OAUTH_CROWD_SERVER_URL=
141 | - OAUTH_CROWD_APP_NAME=
142 | - OAUTH_CROWD_APP_PASSWORD=
143 |
144 | - OAUTH_AUTH0_CLIENT_ID=
145 | - OAUTH_AUTH0_CLIENT_SECRET=
146 | - OAUTH_AUTH0_DOMAIN=
147 |
148 | - OAUTH_AZURE_API_KEY=
149 | - OAUTH_AZURE_API_SECRET=
150 | - OAUTH_AZURE_TENANT_ID=
151 |
--------------------------------------------------------------------------------
/gocd/README.md:
--------------------------------------------------------------------------------
1 | # Quick Start
2 |
3 | The quickest way to get start is [docker-compose](https://docs.docker.com/compose/)
4 |
5 | `cd gocd;docker-compose up -d`
6 |
7 | # More Info:
8 |
9 | - https://hub.docker.com/r/gocd/gocd-server
10 | - https://hub.docker.com/r/gocd/gocd-agent-alpine-3.11
11 |
--------------------------------------------------------------------------------
/gocd/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: "3"
2 |
3 | # https://hub.docker.com/r/gocd/gocd-agent-alpine-3.11
4 |
5 | services:
6 | go-server:
7 | restart: always
8 | image: gocd/gocd-server:v20.5.0
9 | container_name: go-server
10 | volumes:
11 | - "/path/to/godata:/godata"
12 | - "/path/to/home-dir:/home/go"
13 | ports:
14 | - "8153:8153"
15 | - "8154:8154"
16 | environment:
17 | - GOCD_PLUGIN_INSTALL_docker-elastic-agents='https://github.com/gocd-contrib/docker-elastic-agents/releases/download/v0.8.0/docker-elastic-agents-0.8.0.jar'
18 | - GOCD_SERVER_JVM_OPTS='-Xmx4096mb -Dfoo=bar'
19 |
20 | go-agent:
21 | restart: always
22 | image: gocd/gocd-agent-alpine-3.11:v20.5.0
23 | container_name: go-agent
24 | volumes:
25 | - "/path/to/godata:/godata"
26 | - "/path/to/home-dir:/home/go"
27 | environment:
28 | - GO_SERVER_URL='http://ip.add.re.ss:8153/go'
29 |
30 |
--------------------------------------------------------------------------------
/jenkins/README.md:
--------------------------------------------------------------------------------
1 | # Quick Start
2 |
3 | The quickest way to get start is [docker-compose](https://docs.docker.com/compose/)
4 |
5 | `cd jenkins;docker-compose up -d`
6 |
7 | # Tips:
8 |
9 | * if you can't start up successfully, sometimes you shoud chown of the mounted dir to `jenkins:jenkins`.
10 | * you can change the docker-compose.yml to mount what you want.
--------------------------------------------------------------------------------
/jenkins/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | jenkins:
4 | restart: always
5 | image: jenkins/jenkins:lts-alpine
6 | container_name: jenkins
7 | user: root
8 | volumes:
9 | - ${PWD}/data:/var/jenkins_home
10 | ports:
11 | - "80:8080"
12 | - "50000:50000"
--------------------------------------------------------------------------------
/nexus3/README.md:
--------------------------------------------------------------------------------
1 | # Quick Start
2 |
3 | The quickest way to get start is [docker-compose](https://docs.docker.com/compose/)
4 |
5 | `cd nexus3;docker-compose up -d`
6 |
7 | # More Info:
8 |
9 | https://hub.docker.com/r/sonatype/nexus3/
--------------------------------------------------------------------------------
/nexus3/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: "2"
2 |
3 | services:
4 | nexus:
5 | image: sonatype/nexus3:latest
6 | container_name: nexus
7 | volumes:
8 | - "/data/nexus-data:/nexus-data"
9 | ports:
10 | - "80:8081"
11 | restart: always
--------------------------------------------------------------------------------
/openldap/README.md:
--------------------------------------------------------------------------------
1 | # Quick Start
2 |
3 | The quickest way to get start is [docker-compose](https://docs.docker.com/compose/)
4 |
5 | `cd openldap;docker-compose up -d`
6 |
7 | **[Apache Directory](https://directory.apache.org/studio/)** is a good GUI for openldap.
8 |
9 |
10 | # More Info:
11 |
12 | https://github.com/gitphill/ldap-alpine
13 |
14 |
--------------------------------------------------------------------------------
/openldap/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | openldap:
4 | container_name: openldap
5 | image: pgarrett/ldap-alpine
6 | restart: always
7 | ports:
8 | - "389:389"
9 | volumes:
10 | - "${PWD}/data/ldif:/ldif"
11 | - "${PWD}/data/openldap:/var/lib/openldap/openldap-data"
12 | environment:
13 | - TLS_VERIFY_CLIENT=never
14 | - ORGANISATION_NAME=Trantect Inc
15 |
--------------------------------------------------------------------------------
/openvpn-with-ldap/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ubuntu
2 |
3 | RUN apt update &&\
4 | export DEBIAN_FRONTEND=noninteractive;apt install -yqq easy-rsa openvpn openvpn-auth-ldap iptables net-tools&&\
5 | rm -rf /tmp/* /var/cache/*
6 |
7 | EXPOSE 1194/udp
8 |
9 | WORKDIR /etc/openvpn
10 |
11 | CMD ["/bin/bash", "/etc/openvpn/openvpn_run.sh"]
--------------------------------------------------------------------------------
/openvpn-with-ldap/README.md:
--------------------------------------------------------------------------------
1 | # openvpn-with-ldap
2 |
3 | ## Get Start
4 |
5 | * Install OpenVpn
6 |
7 | ```
8 | sudo apt-get update
9 | sudo apt-get install openvpn easy-rsa
10 | ```
11 |
12 | * Set Up the CA Directory
13 | ```
14 | make-cadir /tmp/openvpn-ca
15 | cd /tmp/openvpn-ca
16 | ```
17 |
18 | * Configure the CA Variables
19 |
20 | Edit the values to whatever you'd prefer, but do not leave them blank:
21 | `vim vars`
22 | ```
23 | ...
24 | export KEY_COUNTRY="US"
25 | export KEY_PROVINCE="NY"
26 | export KEY_CITY="New York City"
27 | export KEY_ORG="DigitalOcean"
28 | export KEY_EMAIL="admin@example.com"
29 | export KEY_OU="Community"
30 | ...
31 | ```
32 |
33 | * Build the Certificate Authority
34 | ```
35 | cd /tmp/openvpn-ca
36 | source vars
37 | mv openssl-1.0.0.cnf openssl.conf
38 | ./clean-all
39 | ./build-ca
40 | ./build-key-server server
41 | ./build-dh
42 | openvpn --genkey --secret keys/ta.key
43 | sudo cp ca.crt server.crt server.key ta.key dh2048.pem /openvpn-with-ldap/config
44 | ```
45 | ## Reference
46 | https://github.com/ltb-project/
47 | https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
48 |
--------------------------------------------------------------------------------
/openvpn-with-ldap/config/auth-ldap.conf:
--------------------------------------------------------------------------------
1 |
2 | # LDAP server URL
3 | URL ldap://192.168.199.10
4 |
5 | # Bind DN (If your LDAP server doesn't support anonymous binds)
6 | # BindDN uid=Manager,ou=People,dc=example,dc=com
7 |
8 | # Bind Password
9 | # Password SecretPassword
10 |
11 | # Network timeout (in seconds)
12 | Timeout 15
13 |
14 | # Enable Start TLS
15 | #TLSEnable yes
16 |
17 | # Follow LDAP Referrals (anonymously)
18 | FollowReferrals yes
19 |
20 | # TLS CA Certificate File
21 | #TLSCACertFile /usr/local/etc/ssl/ca.pem
22 |
23 | # TLS CA Certificate Directory
24 | #TLSCACertDir /etc/ssl/certs
25 |
26 | # Client Certificate and key
27 | # If TLS client authentication is required
28 | #TLSCertFile /usr/local/etc/ssl/client-cert.pem
29 | #TLSKeyFile /usr/local/etc/ssl/client-key.pem
30 |
31 | # Cipher Suite
32 | # The defaults are usually fine here
33 | # TLSCipherSuite ALL:!ADH:@STRENGTH
34 |
35 |
36 |
37 | # Base DN
38 | #BaseDN "ou=People,dc=example,dc=com"
39 | BaseDN "ou=users,dc=trantect,dc=com"
40 |
41 | # User Search Filter
42 | #SearchFilter "(&(uid=%u)(accountStatus=active))"
43 | SearchFilter "(&(uid=%u)(objectClass=inetOrgPerson))"
44 |
45 | # Require Group Membership
46 | RequireGroup false
47 |
48 | # Add non-group members to a PF table (disabled)
49 | #PFTable ips_vpn_users
50 |
51 |
52 | BaseDN "ou=Groups,dc=example,dc=com"
53 | SearchFilter "(|(cn=developers)(cn=artists))"
54 | MemberAttribute uniqueMember
55 | # Add group members to a PF table (disabled)
56 | #PFTable ips_vpn_eng
57 |
58 |
--------------------------------------------------------------------------------
/openvpn-with-ldap/config/ca.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Trantect/DevOps-Tools/f0d9ca1df72c706e171fe25cefee5b73129cf644/openvpn-with-ldap/config/ca.crt
--------------------------------------------------------------------------------
/openvpn-with-ldap/config/client.conf:
--------------------------------------------------------------------------------
1 |
2 | client
3 | nobind
4 | dev tun
5 | remote cococola.jios.org 1194 udp
6 | resolv-retry infinite
7 | user nobody
8 | group nobody
9 | persist-key
10 | persist-tun
11 |
12 | remote-cert-tls server
13 | cipher AES-256-CBC
14 | auth SHA256
15 | comp-lzo
16 | verb 3
17 | auth-user-pass
18 |
19 |
20 | -----BEGIN CERTIFICATE-----
21 | ......
22 | -----END CERTIFICATE-----
23 |
24 | key-direction 1
25 |
26 | #
27 | # 2048 bit OpenVPN static key
28 | #
29 | -----BEGIN OpenVPN Static key V1-----
30 | ......
31 | -----END OpenVPN Static key V1-----
32 |
33 |
--------------------------------------------------------------------------------
/openvpn-with-ldap/config/dh2018.pem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Trantect/DevOps-Tools/f0d9ca1df72c706e171fe25cefee5b73129cf644/openvpn-with-ldap/config/dh2018.pem
--------------------------------------------------------------------------------
/openvpn-with-ldap/config/ipp.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Trantect/DevOps-Tools/f0d9ca1df72c706e171fe25cefee5b73129cf644/openvpn-with-ldap/config/ipp.txt
--------------------------------------------------------------------------------
/openvpn-with-ldap/config/openvpn_run.sh:
--------------------------------------------------------------------------------
1 | #/bin/bash
2 | # add the iptables rules according to your server.conf,change cidr and eth0 if necessary
3 | iptables -t nat -A POSTROUTING -s 10.20.0.0/24 -o eth0 -j MASQUERADE
4 | /usr/sbin/openvpn --config /etc/openvpn/server.conf --script-security 2
--------------------------------------------------------------------------------
/openvpn-with-ldap/config/server.conf:
--------------------------------------------------------------------------------
1 | port 1194
2 | proto udp
3 | dev tun
4 | tls-server
5 | ca ca.crt
6 | cert server.crt
7 | key server.key
8 | dh dh2048.pem
9 |
10 | server 10.20.0.0 255.255.255.0
11 | ifconfig-pool-persist ipp.txt
12 | push "route 10.20.0.0 255.255.255.0"
13 | ;push "route 192.168.199.0 255.255.255.0"
14 | push "dhcp-option DNS 192.168.199.1"
15 | push "redirect-gateway def1"
16 |
17 |
18 | keepalive 30 120
19 | tls-auth ta.key 0
20 | key-direction 0
21 | cipher AES-256-CBC
22 | auth SHA256
23 |
24 | ;compress lz4-v2
25 | ;push "compress lz4-v2"
26 | comp-lzo yes
27 |
28 | user nobody
29 | group nogroup
30 | persist-tun
31 | persist-key
32 | verb 3
33 |
34 |
35 | plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth-ldap.conf"
36 | verify-client-cert none
37 |
--------------------------------------------------------------------------------
/openvpn-with-ldap/config/server.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Trantect/DevOps-Tools/f0d9ca1df72c706e171fe25cefee5b73129cf644/openvpn-with-ldap/config/server.crt
--------------------------------------------------------------------------------
/openvpn-with-ldap/config/server.key:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Trantect/DevOps-Tools/f0d9ca1df72c706e171fe25cefee5b73129cf644/openvpn-with-ldap/config/server.key
--------------------------------------------------------------------------------
/openvpn-with-ldap/config/ta.key:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Trantect/DevOps-Tools/f0d9ca1df72c706e171fe25cefee5b73129cf644/openvpn-with-ldap/config/ta.key
--------------------------------------------------------------------------------
/openvpn-with-ldap/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '3'
2 |
3 | services:
4 | openvpn:
5 | build:
6 | context: .
7 | container_name: openvpn-with-ldap
8 | image: trantect/openvpn-rpi
9 | cap_add:
10 | - NET_ADMIN
11 | restart: always
12 | ports:
13 | - 1194:1194/udp
14 | devices:
15 | - "/dev/net/tun:/dev/net/tun"
16 | volumes:
17 | - "${PWD}/config:/etc/openvpn"
--------------------------------------------------------------------------------
/openvpn/README.md:
--------------------------------------------------------------------------------
1 | # Quick Start with docker-compose
2 |
3 | * Initialize the configuration files and certificates
4 |
5 | ```bash
6 | docker-compose run --rm openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
7 | docker-compose run --rm openvpn ovpn_initpki
8 | ```
9 |
10 | * Fix ownership (depending on how to handle your backups, this may not be needed)
11 |
12 | ```bash
13 | sudo chown -R $(whoami): ./openvpn-data
14 | ```
15 |
16 | * Start OpenVPN server process
17 |
18 | ```bash
19 | docker-compose up -d openvpn
20 | ```
21 |
22 | * You can access the container logs with
23 |
24 | ```bash
25 | docker-compose logs -f
26 | ```
27 |
28 | * Generate a client certificate
29 |
30 | ```bash
31 | export CLIENTNAME="your_client_name"
32 | # with a passphrase (recommended)
33 | docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME
34 | # without a passphrase (not recommended)
35 | docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME nopass
36 | ```
37 |
38 | * Retrieve the client configuration with embedded certificates
39 |
40 | ```bash
41 | docker-compose run --rm openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn
42 | ```
43 |
44 | * Revoke a client certificate
45 |
46 | ```bash
47 | # Keep the corresponding crt, key and req files.
48 | docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME
49 | # Remove the corresponding crt, key and req files.
50 | docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME remove
51 | ```
52 |
53 | ## Debugging Tips
54 |
55 | * Create an environment variable with the name DEBUG and value of 1 to enable debug output (using "docker -e").
56 |
57 | ```bash
58 | docker-compose run -e DEBUG=1 openvpn
59 | ```
60 |
61 | # More info
62 | https://github.com/kylemanna/docker-openvpn
63 |
64 |
65 | # Todo
66 | - [ ] combine with openldap
--------------------------------------------------------------------------------
/openvpn/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | openvpn:
4 | cap_add:
5 | - NET_ADMIN
6 | image: kylemanna/openvpn
7 | container_name: openvpn
8 | ports:
9 | - "1194:1194/udp"
10 | restart: always
11 | volumes:
12 | - ./openvpn-data/conf:/etc/openvpn
--------------------------------------------------------------------------------