search

bnhf / openvpn-admin-plus

Docker-based web interface (with golang backend) for monitoring and admin of an OpenVPN TAP/TUN server setup with PiVPN or other OpenVPN server installations. This project has been renamed from pivpn-tap-web-ui, to reflect its new broader scope.
MIT License
141 stars 23 forks source link

Improve the documentation #50

Closed melakhvision closed 1 year ago

melakhvision commented 1 year ago

The documentation of the production deployment should be improved. What are this variables ? ORG, OU, PIVPN_SERVER, PIVPN_CONF. Are they boolean, string or int. At least provide a sample or a documention about those variables.

bnhf commented 1 year ago

@melakhvision

Fair point, I'll add some detail on those.

The first two are EasyRSA values intended to improve the cryptographic strength of generated keys and certificates.

ORG = Organization You can use your company name or make something up if you don't have one.

OU = Organizational Unit A typical value here would be IT (for Information Technology), or again you can make something up.

The second two are PiVPN values, which include the the unique ID PiVPN uses in creating your server certificate. If your look at the /etc/openvpn/server.conf file generated by PiVPN, you'll see it in the cert and key directives in the file. That long string, which starts with the hostname of your OpenVPN server and ends with a .crt or .key is what you want to use.

So on my test system:

PIVPN_SERVER = raspberrypi10_ca8554c5-6025-442f-9d06-25a5cab85a3c

PIVPN_CONF = server.conf (which is the default name created by PiVPN)

bnhf commented 1 year ago

@melakhvision

I added some comments to the docker-compose, and I'll add some to the README as well:

version: '3'
services:
  gui:
    image: bnhf/openvpn-admin-plus:latest
    container_name: openvpn-gui-tap
    environment:
    - OPENVPN_ADMIN_USERNAME=admin # Leave this default as-is and update on first-run
    - OPENVPN_ADMIN_PASSWORD=b3secure # Leave this default as-is and update on first-run
    - COUNTRY=${COUNTRY} # Country, Province, City, Org and OU are used by EasyRSA
    - PROVINCE=${PROVINCE} # Province or State
    - CITY=${CITY}
    - ORG=${ORG} # Organization - Use your company name here or make one up
    - EMAIL=${EMAIL}
    - OU=${OU} # Organizational Unit - Use your company department name or make one up
    - PIVPN_SERVER=${PIVPN_SERVER} # The unique name used for your server's certificate and key. Found in the /etc/openvpn/server.conf file.
    - PIVPN_CONF=${PIVPN_CONF} # Filename for your OpenVPN server configuration - usually server.conf
    - TZ=${TZ} # Your OpenVPN server's timezone
    ports:
     - "8080:8080/tcp"
    restart: always
    volumes:
     - /etc/openvpn:/etc/openvpn
     - ./openvpn-data/db:/opt/openvpn-gui-tap/db
bnhf commented 1 year ago

@melakhvision

I added the same commented environment section to the README, so I think we should be covered. I noticed PIVPN_SERVER and PIVPN_CONF were already discussed there, but of course it doesn't hurt to have some things described multiple times.

ORG and OU definitely needed clarification though. Those values used to be requested during a PiVPN script install of OpenVPN, but I don't think that's the case anymore. They're still used to improve cryptography when available, AFAIK.

I'm closing this one out, but feel free to re-open if needed. Cheers.