0%

Install Docker-Ce and Images

Angels by @daydreamerro, Romania

Building and deploying new applications is faster with containers.

Docker containers wrap up software and its dependencies into a standardized unit for software development that includes everything it needs to run: code, runtime, system tools and libraries.

This guarantees that your application will always run the same and makes collaboration as simple as sharing a container image.

Install Docker-ce

docker.io is very old, the version is 1.XXX.
docker-ce is newer, the version is 17.XXX or 18.XXX.

1
2
3
4
5
6
7
:~$ sudo apt-get -y install apt-transport-https ca-certificates software-properties-common
:~$ curl -fsSL get.docker.com | sed '/Aliyun/,/;;/{
/;;/a\
Singhua)\
DOWNLOAD_URL="https://mirrors.tuna.tsinghua.edu.cn/docker-ce"\
;;
}' > get-docker.sh && sudo sh get-docker.sh --mirror Singhua

if you want to change the sources.list of docker after installtion

1
2
3
4
# example for raspbian
:~$ echo '#deb [arch=armhf] https://download.docker.com/linux/raspbian stretch stable
deb [arch=armhf] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/raspbian stretch stable
' > /etc/apt/sources.list.d/docker.list

Give the normal user’s ability ro run Docker

1
:~$ sudo usermod -aG docker [user's name]

docker images

ipsec_vpn_server

There are two services running: Libreswan (pluto) for the IPsec VPN, and xl2tpd for L2TP support.

The default IPsec configuration supports:

  • IKEv1 with PSK and XAuth (“Cisco IPsec”)
  • IPsec/L2TP with PSK

The ports that are exposed for this container to work are:

  • 4500/udp and 500/udp for IPsec

Install

For use on Raspberry Pis (ARM architecture), you must first build this Docker image on your RPi using instructions from Build from source code, instead of pulling from Docker Hub.

  • Build from source code
    • if you want to modify the source code:
      1
      2
      3
      4
      :~$ git clone https://github.com/hwdsl2/docker-ipsec-vpn-server.git
      :~$ cd docker-ipsec-vpn-server
      ....
      :~$ sudo docker build -t hwdsl2/ipsec-vpn-server .
    • use this if not modifying the source code:
      1
      :~$ sudo docker build -t hwdsl2/ipsec-vpn-server github.com/hwdsl2/docker-ipsec-vpn-server.git
  • in x86_64 architecture, install with Docker Hub
    1
    2
    3
    :~$ sudo docker search ipsec-vpn-server
    ...
    :~$ sudo docker pull hwdsl2/ipsec-vpn-server

ipsec-vpn-server configuration

Set Environment variables:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
:~$ nano ./vpn.env
# Define your own values for these variables
# - DO NOT put "" or '' around values, or add space around =
# - DO NOT use these special characters within values: \ " '
VPN_IPSEC_PSK=your_ipsec_pre_shared_key
VPN_USER=your_vpn_username
VPN_PASSWORD=your_vpn_password

# (Optional) Define additional VPN users
# - Uncomment and replace with your own values
# - Usernames and passwords must be separated by spaces
VPN_ADDL_USERS="additional_username_1 additional_username_2"
VPN_ADDL_PASSWORDS="additional_password_1 additional_password_2"

# (Optional) Use alternative DNS servers
# - By default, clients are set to use Google Public DNS
# - Example below shows using Cloudflare's DNS service
# VPN_DNS_SRV1=1.1.1.1
# VPN_DNS_SRV2=1.0.0.1

Note: In your env file, DO NOT put “” or ‘’ around values, or add space around =. DO NOT use these special characters within values: \ “ ‘.A secure IPsec PSK should consist of at least 20 random characters.

run ipsec-vpn-server and configure

  1. run the image of docker, bind vpn.env to local file
    1
    2
    3
    4
    5
    6
    7
    8
    9
    :~$ sudo docker run \
    --name ipsec-vpn-server \
    -v "$(pwd)/vpn.env:/opt/src/vpn.env:ro" \
    --restart=always \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -d --privileged \
    hwdsl2/ipsec-vpn-server
    # -v "local file:file in docker:file permission"
  2. Bash shell inside container
    1
    2
    3
    4
    5
    :~$ sudo docker exec -it ipsec-vpn-server env TERM=xterm bash -l
    [email protected]:~$ apt-get update && apt-get -y install nano
    [email protected]:~$ ...some other command
    [email protected]:~$ exit
    :~$ sudo docker restart ipsec-vpn-server
  3. Retrieve VPN login details
  • show the vpn name,password,ipsec-preshare-key
    1
    :~$ sudo docker logs ipsec-vpn-server
  • Check server status
    1
    :~$ sudo docker exec -it ipsec-vpn-server ipsec status
  • display current established VPN connections
    1
    :~$ sudo docker exec -it ipsec-vpn-server ipsec whack --trafficstatus
  • add, edit or remove VPN user accounts
    1. update your env file,
    2. restart the Docker container
      1
      :~$ sudo docker restart ipsec-vpn-server

svn server image

Please See SVN Tutorial


References:
Docker.com
Angles by @daydreamerro
docker-ipsec-vpn-server
docker-svn-server

---- The End Thanks ----
Donate if you like the article.