1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
captainVersion: 4
services:
$$cap_appname:
caproverExtra:
containerHttpPort: $$cap_OPENVPN_PORT_ADMIN
image: linuxserver/openvpn-as:$$cap_OPENVPN_VERSION
hostname: $$cap_appname.$$cap_root_domain
environment:
PUID: $$cap_OPENVPN_PUID
PGID: $$cap_OPENVPN_GUID
TZ: $$cap_OPENVPN_TZ
INTERFACE: $$cap_OPENVPN_INTERFACE
volumes:
- $$cap_appname:/config
ports:
- $$cap_OPENVPN_PORT_TCP:$$cap_OPENVPN_PORT_TCP
- $$cap_OPENVPN_PORT_UDP:$$cap_OPENVPN_PORT_UDP
cap_add:
- NET_ADMIN
caproverOneClickApp:
displayName: OpenVPN Access Server
isOfficial: false
description: Full featured secure network tunneling VPN software.
documentation: https://openvpn.net/index.php/access-server/overview.html
instructions:
start: |-
OpenVPN is a full featured, open-source VPN solution that accommodates a wide range of configurations.
**Important notes:**
- The provider of this image (LinuxServer) has decided to **deprecate** it in favor of WireGuard
- If you are using CapRover version `1.10.1` or older, you will need to **override CapRover's configuration** to use the newer Docker API version `1.4.1` (this can be done manually or by running `echo "{\"dockerApiVersion\":\"v1.41\"}" > /captain/data/config-override.json`)
- You need **access via SSH** to your server after deployment to modify a file (only once)
- You may need to **open the ports** `1194` and `9443` on your firewall
end: |-
OpenVPN has been deployed **successfully**!
Before you can start using it, you need to perform some steps.
You only need to do this once.
**Please screenshot/copy the following instructions before proceeding:**
1. Go to the **HTTP Settings** of your deployment `$$cap_appname` here in CapRover
2. **Enable HTTPS**
3. **Edit Default Nginx Configurations** and search for the line `set $upstream http://<%-s.localDomain%>:<%-s.containerHttpPort%>;` and replace `http://` with `https://`
4. Go to **App Configs** and paste the following snippet into **Service Update Override**: `{ "TaskTemplate": { "ContainerSpec": { "CapabilityAdd": ["CAP_NET_ADMIN"], "Hostname": "$$cap_appname.$$cap_root_domain" } } }`
5. **Save & Update** and wait a minute
6. Go to https://$$cap_appname.$$cap_root_domain/admin and log in using user `admin` and password `password`
7. Navigate to **Configuration** > **Network Settings** and replace the value in **Hostname Or IP Address** with `$$cap_appname.$$cap_root_domain` and update the server (if you get an error just refresh the page, log back in to the admin page (`/admin`) and proceed with the next step)
8. Navigate to **User Management** > **User Permissions** and add **New Username**, set a password, make it an admin and **Save Settings**.
9. Log out and log in as the new user
10. Navigate to **User Management** > **User Permissions** and delete the `admin` account
11. Access via SSH to your server and execute `docker exec -it $(docker ps --filter name=srv-captain--$$cap_appname -q) sed -i '/boot_pam_users.0=admin/c\boot_pam_users.0=abcnonexistentuserxyz' /config/etc/as.conf` to block the `admin` account and prevent its creation during container restart
Enjoy your private VPN!
variables:
- id: $$cap_OPENVPN_VERSION
label: General | Version Tag
description: Check out their valid tags at https://hub.docker.com/r/linuxserver/openvpn-as/tags
defaultValue: 2.9.0-5c5bd120-Ubuntu18-ls124
validRegex: /.{1,}/
- id: $$cap_OPENVPN_TZ
label: General | Timezone
description: Timezone for the application, find yours at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
defaultValue: UTC
validRegex: /.{1,}/
- id: $$cap_OPENVPN_PUID
label: General | User ID
description: User ID that the process uses, run `id $user` on your instance to see the ID.
defaultValue: 1000
validRegex: /.{1,}/
- id: $$cap_OPENVPN_GUID
label: General | Group ID
description: Group ID that the process uses, run `id $user` on your instance to see the ID.
defaultValue: 1000
validRegex: /.{1,}/
- id: $$cap_OPENVPN_PORT_ADMIN
label: Networking | Admin GUI Port
description: Port of the administration interface. Should not be changed.
defaultValue: 943
validRegex: /.{1,}/
- id: $$cap_OPENVPN_PORT_TCP
label: Networking | TCP Port
description: Port of the TCP connections. Should not be changed.
defaultValue: 9443
validRegex: /.{1,}/
- id: $$cap_OPENVPN_PORT_UDP
label: Networking | UDP Port
description: Port of the UDP connections. Should not be changed.
defaultValue: 1194
validRegex: /.{1,}/
- id: $$cap_OPENVPN_INTERFACE
label: Networking | Interface
description: >-
With bridge networking, leave it blank (or enter `eth0`).
If `host` or `macvlan`, set it to your host's network interface, found by running `ifconfig`.
|
