Closed maxswjeon closed 3 years ago
I'm unaware of any bugs after #620
Can you explain precisely what things failed when passed by environment. All environment variables can be overridden by docker.
I passed EASYRSA_ALGO=ec
and EASYRSA_CURVE=secp521r1
Environment Variable, and checked with docker-compose run --rm openvpn echo $EASYRSA_ALGO
. ovpn_initpki
did not apply the environment variables and generated RSA 2048 CA (expected ECDSA CA).
If you ran that command as passed then the shell variable was expanded by your local shell and is most likely empty. Try again but escape the variable so it's interpreted in the docker container.
Test with plain old docker since it docker-compose doesn't really matter here:
$ docker run --rm -e 'EASYRSA_ALGO=test1' -it kylemanna/openvpn sh -c 'echo $EASYRSA_ALGO'
test1
$ docker run --rm -e 'EASYRSA_ALGO=test1' -it kylemanna/openvpn echo $EASYRSA_ALGO
I'd recommend running export
instead of echo so that you can see the entire environment and more easily find typos:
$ docker run --rm -e 'EASYRSA_ALGO=test1' -it kylemanna/openvpn env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=ad5bad7d653f
TERM=xterm
EASYRSA_ALGO=test1
OPENVPN=/etc/openvpn
EASYRSA=/usr/share/easy-rsa
EASYRSA_CRL_DAYS=3650
EASYRSA_PKI=/etc/openvpn/pki
HOME=/root
Thanks. My mistake.
Reading and Following docker-compose documentation, I found that easyrsa is not taking environment variables that I have set.
Doing some search, there was some issues with easyrsa ( OpenVPN/easyrsa#111 ) and it was fixed at the latest revision of easyrsa.
Bypassing the bug
vars.example
file to OpenVPN config folder (where host volumes are attached)vars.example
file tovar
, and edit it for your styleexport EASYRSA_VARS_FILE=/etc/openssl/vars
since thevars
file was at the root of the config folder (data/conf/vars
on the host side)ovpn_genconfig
partdocker-openvpn/ovpn_initpki
, run these commands withdocker-compose run --rm openvpn {COMMAND}
/etc/openvpn/easyrsa init-pki
/etc/openvpn/easyrsa build-ca
/etc/openvpn/easyrsa gen-dh
openvpn --genkey --secret /etc/openvpn/pki/ta.key
/etc/openvpn/easyrsa build-server-full "{THE_URL_THAT_YOU_USED_ON_OVPN_GENCONFIG}" nopass
/etc/openvpn/easyrsa gen-crl
docker-compose up -d
Fixing the bug
I'm nearly first to docker so I don't know how to fix it correctly. However, these were essential for fixing the bug.
vars
file for easyrsa