Use VPN in a Docker Container

Dominik Nowak
CTO @ HusarnetEncapsulating software within a container brings a lot of benefits, such as quicker deployment, easier development and - last but not least - isolation of your host system from the application.
In this blog post I will show you how to install and configure a VPN client directly inside a docker container without a need of installing anything on your host system.
Thanks to that other computers from a VPN network will have access only to that container and not to your host system!
Because a container has it's own VPN IPv6 network, you can also easily move that container to other hosts without changing anything in your system configuration.
I will show you how to do that in a few easy steps...
#
AboutThis example is really basic - we host a simple, static website with Nginx.
You can however threat this example as a reference how to install a VPN client inside a container for your own more, sophisticated projects.
Host System Requirements
The steps mentioned in the following part of the article were tested on the following host system configuration:
If you run your container inside a Virtual Machine, or VPS, make sure your host system has Nested Virtualization enabled.
Eg. on Virtual Box you need to run:
The project is avaialble on GitHub.
Basically, it consists of three files listed bellow:
- Dockerfile
- init-container.sh
- src/index.html
You could notice that init-container.sh
seems to be long, however mainly due to a rich terminal log. The same result might be achieved in much shorter, but less informative way:
In the last line we provide hostname for a container (whatever you like), and a Join Code - kind of unique access token for a VPN network. In the next sections I will show you where to find it.
After short intro, let's get started!
#
Running an example#
Getting the code#
Building an imageMake sure init-container.sh
is executable. If not:
Then build an image:
#
Starting a containerExecute in a Linux terminal:
description:
HOSTNAME='docker-vpn-1'
- is an easy to use hostname, that you can use instead of Husarnet IPv6 addr to access your container over the internetJOINCODE='fc94:b01d:1803:8dd8:3333:2222:1234:1111/xxxxxxxxxxxxxxxxx'
- is an unique Join Code from your Husarnet network.
Get Your VPN Join Code
You will find it at:
https://app.husarnet.com -> choosen network -> [Add element]
button -> join code
tab
-v my-container-1-v:/var/lib/husarnet
- you need to make/var/lib/husarnet
as a volume to preserve it's state for example if you would like to update the image your container is based on. If you would like to run multiple containers on your host machine remember to provide unique volume name for each container (in our caseHOSTNAME-v
).
If you also want to modify index.html
file in your IDE, and see changes in your container withour re-executing docker build
command, create a bind mount by adding also this flag in the docker run command
:
remember to provide a full path to your src
folder!
#
ResultsAfter running a container you should see a log like this:
At this point any computer that is in the same Husarnet VPN network as your container, can access a webserver by using docker-vpn-1
hostname or by using a containers IPv6 address as described in a log output from a container above.
You should see something like this ๐
#
SummaryI presented in this article:
- how to write a Dockerfile for creating a container image with pre-installed VPN client
- how to run a simple website with external access only for computers from the same VPN network
I hope you will find this article helpful.
In case of any questions related to this blog post please contact us using Husarnet Community Forum or via email at support@husarnet.com.