forked from bubuntux/nordvpn
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request bubuntux#2 from azinchen/master
Utilize api.nordvpn.com and filter server list
- Loading branch information
Showing
4 changed files
with
203 additions
and
76 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,23 @@ | ||
| FROM alpine:3.7 | ||
| FROM alpine:latest | ||
|
|
||
| LABEL maintainer="Julio Gutierrez <bubuntux@gmail.com>" | ||
| MAINTAINER Alexander Zinchenko <alexander@zinchenko.com> | ||
|
|
||
| COPY nordVpn.sh /usr/bin | ||
| CMD nordVpn.sh | ||
|
|
||
| HEALTHCHECK --start-period=5s --timeout=15s --interval=60s \ | ||
| CMD curl -fL 'https://api.ipify.org' || exit 1 | ||
| HEALTHCHECK --start-period=15s --timeout=15s --interval=60s \ | ||
| CMD curl -fL 'https://api.ipify.org' || exit 1 | ||
|
|
||
| ENV URL_NORDVPN_API="https://api.nordvpn.com/server" \ | ||
| URL_RECOMMENDED_SERVERS="https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations" \ | ||
| URL_OVPN_FILES="https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip" \ | ||
| MAX_LOAD=70 | ||
|
|
||
| VOLUME ["/vpn/ovpn/"] | ||
|
|
||
| # Install dependencies | ||
| RUN apk --no-cache --no-progress upgrade && \ | ||
| apk --no-cache --no-progress add curl unzip iptables ip6tables jq openvpn && \ | ||
| # Download ovpn files | ||
| curl https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip -o /tmp/ovpn.zip && \ | ||
| unzip -q /tmp/ovpn.zip -d /tmp/ovpn && \ | ||
| mkdir -p /vpn/ovpn/ && \ | ||
| mv /tmp/ovpn/*/*.ovpn /vpn/ovpn/ && \ | ||
| # Cleanup | ||
| rm -rf /tmp/* | ||
| RUN apk --no-cache --no-progress update && \ | ||
| apk --no-cache --no-progress upgrade && \ | ||
| apk --no-cache --no-progress add bash curl unzip iptables ip6tables jq openvpn tini && \ | ||
| mkdir -p /vpn/ovpn/ | ||
|
|
||
| ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/nordVpn.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,22 +1,25 @@ | ||
| FROM resin/armhf-alpine:3.7 | ||
| FROM resin/armhf-alpine:latest | ||
|
|
||
| LABEL maintainer="Julio Gutierrez <bubuntux@gmail.com>" | ||
| MAINTAINER Alexander Zinchenko <alexander@zinchenko.com> | ||
|
|
||
| COPY nordVpn.sh /usr/bin | ||
| CMD nordVpn.sh | ||
|
|
||
| HEALTHCHECK --start-period=5s --timeout=15s --interval=60s \ | ||
| CMD curl -fL 'https://api.ipify.org' || exit 1 | ||
| HEALTHCHECK --start-period=15s --timeout=15s --interval=60s \ | ||
| CMD curl -fL 'https://api.ipify.org' || exit 1 | ||
|
|
||
| ENV URL_NORDVPN_API="https://api.nordvpn.com/server" \ | ||
| URL_RECOMMENDED_SERVERS="https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations" \ | ||
| URL_OVPN_FILES="https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip" \ | ||
| MAX_LOAD=70 | ||
|
|
||
| VOLUME ["/vpn/ovpn/"] | ||
|
|
||
| RUN ["cross-build-start"] | ||
| # Install dependencies | ||
| RUN apk --no-cache --no-progress upgrade && \ | ||
| apk --no-cache --no-progress add curl unzip iptables ip6tables jq openvpn && \ | ||
| # Download ovpn files | ||
| curl https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip -o /tmp/ovpn.zip && \ | ||
| unzip -q /tmp/ovpn.zip -d /tmp/ovpn && \ | ||
| mkdir -p /vpn/ovpn/ && \ | ||
| mv /tmp/ovpn/*/*.ovpn /vpn/ovpn/ && \ | ||
| # Cleanup | ||
| rm -rf /tmp/* | ||
| RUN apk --no-cache --no-progress update && \ | ||
| apk --no-cache --no-progress upgrade && \ | ||
| apk --no-cache --no-progress add bash curl unzip iptables ip6tables jq openvpn tini && \ | ||
| mkdir -p /vpn/ovpn/ | ||
| RUN ["cross-build-end"] | ||
|
|
||
| ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/nordVpn.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,54 +1,48 @@ | ||
| [](https://ref.nordvpn.com/?id=171828599) | ||
| [](https://www.nordvpn.com/) | ||
|
|
||
| # NordVpn | ||
| # NordVPN | ||
|
|
||
| This is an OpenVPN client docker container that use recommended Nordvpn servers. It makes routing containers' | ||
| traffic through OpenVPN easy. | ||
| This is an OpenVPN client docker container that use least loaded NordVPN servers. It makes routing containers' traffic through OpenVPN easy. | ||
|
|
||
| # What is OpenVPN? | ||
|
|
||
| OpenVPN is an open-source software application that implements virtual private | ||
| network (VPN) techniques for creating secure point-to-point or site-to-site | ||
| connections in routed or bridged configurations and remote access facilities. | ||
| It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is | ||
| capable of traversing network address translators (NATs) and firewalls. | ||
| OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. | ||
|
|
||
| # How to use this image | ||
|
|
||
| This container was designed to be started first to provide a connection | ||
| to other containers (using `--net=container:vpn`, see below *Starting an NordVpn | ||
| client instance*). | ||
| This container was designed to be started first to provide a connection to other containers (using `--net=container:vpn`, see below *Starting an NordVPN client instance*). | ||
|
|
||
| **NOTE**: More than the basic privileges are needed for NordVpn. With docker 1.2 | ||
| or newer you can use the `--cap-add=NET_ADMIN` and `--device /dev/net/tun` | ||
| options. Earlier versions, or with fig, and you'll have to run it in privileged | ||
| mode. | ||
| **NOTE**: More than the basic privileges are needed for NordVPN. With docker 1.2 or newer you can use the `--cap-add=NET_ADMIN` and `--device /dev/net/tun` options. Earlier versions, or with fig, and you'll have to run it in privileged mode. | ||
|
|
||
| **NOTE 2**: If you need a template for using this container with | ||
| `docker-compose`, see the example | ||
| [file](https://github.com/dperson/openvpn-client/raw/master/docker-compose.yml). | ||
| **NOTE 2**: If you need a template for using this container with `docker-compose`, see the example [file](https://github.com/dperson/openvpn-client/raw/master/docker-compose.yml). | ||
|
|
||
| ## Starting an NordVpn instance | ||
| ## Starting an NordVPN instance | ||
|
|
||
| docker run -ti --cap-add=NET_ADMIN --device /dev/net/tun --name vpn \ | ||
| -e [email protected] -e PASS=password -d bubuntux/nordvpn | ||
| docker run -ti --cap-add=NET_ADMIN --device /dev/net/tun --name vpn\ | ||
| -e [email protected] -e PASS=password | ||
| -e COUNRTY=country1;country2 -e CATEGORY=category1;category2 \ | ||
| -e PROTOCOL=protocol -d azinchen/nordvpn | ||
|
|
||
| Once it's up other containers can be started using it's network connection: | ||
|
|
||
| docker run -it --net=container:vpn -d some/docker-container | ||
|
|
||
| ## Filter NordVPN servers | ||
|
|
||
| This container selects least loaded server from NordVPN pool. Server list can be filtered by setting `COUNTRY`, `CATEGORY` and/or `PROTOCOL` environment variables. If filtered list is empty, recommended server is selected. | ||
|
|
||
| ## Local Network access to services connecting to the internet through the VPN. | ||
|
|
||
| The environmenta variable NETWORK must be your local network that you would connect to the server running the docker containers on. Running the following on your docker host should give you the correct network: `ip route | awk '!/ (docker0|br-)/ && /src/ {print $1}'` | ||
|
|
||
| docker run -ti --cap-add=NET_ADMIN --device /dev/net/tun --name vpn \ | ||
| -p 8080:80 -e NETWORK=192.168.1.0/24 \ | ||
| -e [email protected] -e PASS=password -d bubuntux/nordvpn | ||
| -e [email protected] -e PASS=password -d azinchen/nordvpn | ||
|
|
||
| Now just create the second container _without_ the `-p` parameter, only inlcude the `--net=container:vpn`, the port should be declare in the vpn container. | ||
|
|
||
| docker run -ti --rm --net=container:vpn -d bubuntux/riot-web | ||
|
|
||
| now the service provided by the second container would be available from the host machine (http://localhost:8080) or anywhere inside the local network (http://192.168.1.xxx:8080). | ||
|
|
||
| ## Local Network access to services connecting to the internet through the VPN using a Web proxy. | ||
|
|
@@ -57,9 +51,7 @@ now the service provided by the second container would be available from the hos | |
| --link vpn:<service_name> -d dperson/nginx \ | ||
| -w "http://<service_name>:<PORT>/<URI>;/<PATH>" | ||
|
|
||
| Which will start a Nginx web server on local ports 80 and 443, and proxy any | ||
| requests under `/<PATH>` to the to `http://<service_name>:<PORT>/<URI>`. To use | ||
| a concrete example: | ||
| Which will start a Nginx web server on local ports 80 and 443, and proxy any requests under `/<PATH>` to the to `http://<service_name>:<PORT>/<URI>`. To use a concrete example: | ||
|
|
||
| docker run -it --name bit --net=container:vpn -d bubundut/nordvpn | ||
| docker run -it --name web -p 80:80 -p 443:443 --link vpn:bit \ | ||
|
|
@@ -76,12 +68,23 @@ For multiple services (non-existant 'foo' used as an example): | |
|
|
||
| ENVIRONMENT VARIABLES (only available with `docker run`) | ||
|
|
||
| * `USER` - User for NordVpn account. | ||
| * `PASS` - Password for NordVpn account. | ||
| * `NETWORK` - CIDR network (IE 192.168.1.0/24), add a route to allows replies once the VPN is up | ||
| * `NETWORK6` - CIDR IPv6 network (IE fe00:d34d:b33f::/64), add a route to allows replies once the VPN is up | ||
| * `COUNTRY` - Use servers from countries in the list (IE Australia;New Zeland). Several countries can be selected using semicolon. | ||
| * `CATEGORY` - Use servers from specific categories (IE P2P;Anti DDoS). Several categories can be selected using semicolon. Allowed categories are: | ||
| * `Anti DDoS` | ||
| * `Dedicated IP servers` | ||
| * `Double VPN` | ||
| * `Obfuscated Servers` | ||
| * `Onion Over VPN` | ||
| * `P2P` | ||
| * `Standard VPN servers` | ||
| * `PROTOCOL` - Specify OpenVPN protocol. Only one protocol can be selected. Allowed protocols are: | ||
| * `openvpn_udp` | ||
| * `openvpn_tcp` | ||
| * `USER` - User for NordVPN account. | ||
| * `PASS` - Password for NordVPN account. | ||
| * `NETWORK` - CIDR network (IE 192.168.1.0/24), add a route to allows replies once the VPN is up. | ||
| * `NETWORK6` - CIDR IPv6 network (IE fe00:d34d:b33f::/64), add a route to allows replies once the VPN is up. | ||
|
|
||
| ## Issues | ||
|
|
||
| If you have any problems with or questions about this image, please contact me | ||
| through a [GitHub issue](https://github.com/bubuntux/nordvpn/issues). | ||
| If you have any problems with or questions about this image, please contact me through a [GitHub issue](https://github.com/azinchen/nordvpn/issues) or [email](mailto:[email protected]). | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters