Encapsulating software within a container brings a lot of benefits, such as quicker deployment, easier development and - last but not least - isolation of your host system from the application.
In this blog post I will show you how to install and configure a VPN client directly inside a docker container without a need of installing anything on your host system.
Thanks to that other computers from a VPN network will have access only to that container and not to your host system!
Because a container has it's own VPN IPv6 network, you can also easily move that container to other hosts without changing anything in your system configuration.
I will show you how to do that in a few easy steps...
This example is really basic - we host a simple, static website with Nginx.
You can however threat this example as a reference how to install a VPN client inside a container for your own more, sophisticated projects.
Host System Requirements
The steps mentioned in the following part of the article were tested on the following host system configuration:
If you run your container inside a Virtual Machine, or VPS, make sure your host system has Nested Virtualization enabled.
Eg. on Virtual Box you need to run:
The project is avaialble on GitHub.
Basically, it consists of three files listed bellow:
You could notice that
init-container.sh seems to be long, however mainly due to a rich terminal log. The same result might be achieved in much shorter, but less informative way:
In the last line we provide hostname for a container (whatever you like), and a Join Code - kind of unique access token for a VPN network. In the next sections I will show you where to find it.
After short intro, let's get started!
init-container.sh is executable. If not:
Then build an image:
Execute in a Linux terminal:
HOSTNAME='docker-vpn-1'- is an easy to use hostname, that you can use instead of Husarnet IPv6 addr to access your container over the internet
JOINCODE='fc94:b01d:1803:8dd8:3333:2222:1234:1111/xxxxxxxxxxxxxxxxx'- is an unique Join Code from your Husarnet network.
Get Your VPN Join Code
You will find it at:
https://app.husarnet.com -> choosen network ->
[Add element] button ->
join code tab
-v my-container-1-v:/var/lib/husarnet- you need to make
/var/lib/husarnetas a volume to preserve it's state for example if you would like to update the image your container is based on. If you would like to run multiple containers on your host machine remember to provide unique volume name for each container (in our case
If you also want to modify
index.html file in your IDE, and see changes in your container withour re-executing
docker build command, create a bind mount by adding also this flag in the
docker run command:
remember to provide a full path to your
After running a container you should see a log like this:
At this point any computer that is in the same Husarnet VPN network as your container, can access a webserver by using
docker-vpn-1 hostname or by using a containers IPv6 address as described in a log output from a container above.
You should see something like this 👇
I presented in this article:
- how to write a Dockerfile for creating a container image with pre-installed VPN client
- how to run a simple website with external access only for computers from the same VPN network
I hope you will find this article helpful.