I never tried Docker (looking around now), but the approach is extremely dirty for a few reasons.<p>1. Process supervision should be handled in Docker (or something that is designed to do supervision), not in the `while true` loop. Idea on hanging on *.log files is terrible. Maybe there is a reason to stop the container when application stops?<p>2. There must be a better way to handle docker logs of multiple programs. If not, run both instances in different containers.<p>3. The thing serves configuration files to arbitrary clients that ask for them. It doesn't even log multiple downloads of the same key (though serves the private keys over SSL, which makes it hilarious on the purpose of SSL here).<p>Point 3 is openvpn specific and can be acceptable for example (though I am still lost why bother with SSL). However, points 1 and 2 show how to seriously misuse Docker. Either Docker or the setup is flawed (I suspect the latter).<p>Please do not take this article as an example how to do things in Docker. There must be better way, in more or less every step.
Very nice. I do something most similar.<p>One tiny nitpick: you might want something like: <i>dhcp-option DNS 8.8.8.8</i> to go with your <i>redirect-gateway def1</i> .<p>This is because all of your DNS traffic will be redirected over your VPN as well. If you happened to have been assigned a local only DNS by your home router or cable/dsl provider, DNS will be broken when your VPN connects. Use a globally accessible one like 8.8.8.8 and the dhcp-option to tell openVPN to switch your DNS on connect.
There has been lots of talk re
; docker lately.<p>I don't fully get it, but am trying to follow along. Basically, s small box you can install 1-x s-Linux software apps on, and deploy it on another machine, or inside a VM on that machine.<p>It's not a real box, or hardware, but a small chunk of software that essential is a pre-made .iso with whatever single, or multi-packackaged goody you desire?<p>I don't get, with spinning up a VPS being a few clicks, what is the advantage? Can't you make images of your VPS on amazon, or any of the other cloud providers, and save a snapshot of your config? What is the difference?<p>These are totally posable? Where do they get their real hardware resources from, such as RAM and drive? If I set up a LAMP server in a Docker container, allocate 50GB of memory to Apache, and drop that docker into a micro instance on Amazon, what is going to happen?
This looks fun, but if this is the only thing you are going to be using on your extremely small Joyent VM, why waste time and complexity putting your OpenVPN setup inside Docker? Seems unnecessary.
> Joyent Ubuntu image comes with an “optimized kernel”. It might be optimized, but it doesn’t have AUFS support, so you want to install an official Ubuntu kernel instead<p>Why AUFS?
IPSec is one of the few instances where I have encountered consistent ( irregular ) kernel panics and when a panic ensues from a containerized app.. it is of course the 'host' kernel that is panicking. So all your containers are hosed.<p>I only run VPNs through virtualized kernel instances now; if they fail, the hypervisor restarts them. Nothing else affected.
Just trying to understand Docker and hence the question. How is it different from the HPUX or Solaris Package managers? Maybe this question itself shows my age :)