Docker containers wrap up software and its dependencies into a standardized unit for software development that includes everything it needs to run: code, runtime, system tools and libraries.
This guarantees that your application will always run the same and makes collaboration as simple as sharing a container image.
docker.iois very old, the version is 1.XXX.
docker-ceis newer, the version is 17.XXX or 18.XXX.
:~$ sudo apt-get -y install apt-transport-https ca-certificates software-properties-common
if you want to change the sources.list of docker after installtion
# example for raspbian
:~$ sudo usermod -aG docker [user's name]
After that, re-login system, we will run command
:~$ docker image ls
The network performance loss of docker is mainly caused by the bridged network. Because it does require network address translation (NAT), and “userland-proxy” is created for each port.
If we use the host network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated. For instance, if you run a container which binds to port 80 and you use host networking, the container’s application is available on port 80 on the host’s IP address.
Note: Given that the container does not have its own IP-address when using host mode networking, port-mapping does not take effect, and the
--publish-alloption are ignored, producing a warning instead:
WARNING: Published ports are discarded when using host network mode
nginx container which binds directly to port 80 on the Docker host.
# Method 1
--rm: remove the container once it exits/stops.
-d: start the container detached (in the background).
--network host: use host network.
In China, downloading images from Dockerhub is very slow.
So here we use Dockerhub’s mirror to improve download speed.
|Aliyun (Need login)||https://<your_code>.mirror.aliyuncs.com|
:~$ sudo mkdir -p /etc/docker
Check if the settings take effect
:~$ docker info
There are two services running: Libreswan (pluto) for the IPsec VPN, and xl2tpd for L2TP support.
The default IPsec configuration supports:
- IKEv1 with PSK and XAuth (“Cisco IPsec”)
- IPsec/L2TP with PSK
The ports that are exposed for this container to work are:
- 4500/udp and 500/udp for IPsec
For use on Raspberry Pis (ARM architecture), you must first build this Docker image on your RPi using instructions from Build from source code, instead of pulling from Docker Hub.
- Build from source code
- if you want to modify the source code:
:~$ git clone https://github.com/hwdsl2/docker-ipsec-vpn-server.git
:~$ cd docker-ipsec-vpn-server
:~$ sudo docker build -t hwdsl2/ipsec-vpn-server .
- use this if not modifying the source code:
:~$ sudo docker build -t hwdsl2/ipsec-vpn-server github.com/hwdsl2/docker-ipsec-vpn-server.git
- in x86_64 architecture, install with Docker Hub
:~$ sudo docker search ipsec-vpn-server
:~$ sudo docker pull hwdsl2/ipsec-vpn-server
Set Environment variables:
:~$ nano ./vpn.env
Note: In your env file,
DO NOT put “” or ‘’ around values, or add space around =. DO NOT use these special characters within values: \ “ ‘. A secure IPsec PSK should consist of at least 20 random characters.
- run the image of docker, bind
vpn.envto local file
:~$ sudo docker run \
--name ipsec-vpn-server \
-v "$(pwd)/vpn.env:/opt/src/vpn.env:ro" \
-p 500:500/udp \
-p 4500:4500/udp \
-d --privileged \
# -v "local file:file in docker:file permission"
- Bash shell inside container
- Retrieve VPN login details
- show the vpn name,password,ipsec-preshare-key
:~$ sudo docker logs ipsec-vpn-server
- Check server status
:~$ sudo docker exec -it ipsec-vpn-server ipsec status
- display current established VPN connections
:~$ sudo docker exec -it ipsec-vpn-server ipsec whack --trafficstatus
- add, edit or remove VPN user accounts
- update your
- restart the Docker container
:~$ sudo docker restart ipsec-vpn-server
Please See SVN Tutorial
Please See Transmission-Daemon
Please see Py-KMS