2018-02-06 21:57:41 -05:00
# Private Internet Access Docker (OpenVPN, Alpine)
2018-04-15 14:15:58 -04:00
Docker VPN client to private internet access servers using [OpenVPN ](https://openvpn.net/ ) and [Cloudflare DNS 1.1.1.1 over TLS ](https://developers.cloudflare.com/1.1.1.1/dns-over-tls )
Optionally set the protocol (TCP, UDP) and the level of encryption using Docker environment variables.
2018-03-31 20:33:45 -04:00
2018-02-21 11:55:45 -05:00
[](https://hub.docker.com/r/qmcgaw/private-internet-access/)
2018-02-06 21:57:41 -05:00
2018-03-15 12:09:17 -04:00
[](https://travis-ci.org/qdm12/private-internet-access-docker)
2018-04-15 14:15:58 -04:00
[](https://hub.docker.com/r/qmcgaw/private-internet-access)
[](https://github.com/qdm12/private-internet-access-docker/issues)
[](https://github.com/qdm12/private-internet-access-docker/issues)
[](https://github.com/qdm12/private-internet-access-docker/issues)
[](https://hub.docker.com/r/qmcgaw/private-internet-access)
[](https://hub.docker.com/r/qmcgaw/private-internet-access)
[](https://hub.docker.com/r/qmcgaw/private-internet-access)
2018-03-15 12:09:17 -04:00
2018-04-01 13:56:20 -04:00
[](https://microbadger.com/images/qmcgaw/private-internet-access)
[](https://microbadger.com/images/qmcgaw/private-internet-access)
2018-04-01 13:56:56 -04:00
2018-04-01 13:56:20 -04:00
| Download size | Image size | RAM usage | CPU usage |
| --- | --- | --- | --- |
2018-04-15 14:15:58 -04:00
| 5.4MB | 13MB | 11.89MB | Low to Medium |
It is based on:
- [Alpine 3.7 ](https://alpinelinux.org )
- [OpenVPN 2.4.5-r1 ](https://pkgs.alpinelinux.org/package/edge/main/ppc64le/openvpn )
- [Unbound 1.7.0-r2 ](https://pkgs.alpinelinux.org/package/edge/main/aarch64/unbound )
2018-03-31 21:56:18 -04:00
2018-02-06 21:57:41 -05:00
It requires:
2018-03-04 13:44:51 -05:00
- A Private Internet Access **username ** and **password ** - [Sign up ](https://www.privateinternetaccess.com/pages/buy-vpn/ )
2018-02-06 21:57:41 -05:00
- [Docker ](https://docs.docker.com/install/ ) installed on the host
2018-04-13 15:35:31 -04:00
The PIA * .ovpn * configuration files are downloaded from
[the PIA website ](https://www.privateinternetaccess.com/openvpn/openvpn.zip )
2018-04-15 14:15:58 -04:00
when the Docker image is built. You can build the image yourself if you are paranoid.
2018-04-13 15:35:31 -04:00
Cloudflare **DNS 1.1.1.1 over TLS ** is used to connect to any PIA server for multiple reasons:
- Man-in-the-middle (ISP, hacker, government) can't block you from resolving the PIA server domain name.
* For example, `austria.privateinternetaccess.com` maps to `185.216.34.229` *
- Man-in-the-middle (ISP, hacker, government) can't see to which server you connect nor when.
* As the domain name are sent to 1.1.1.1 over TLS, there is no way to examine what domains you are asking to be resolved *
2018-02-06 21:57:41 -05:00
2018-04-15 14:15:58 -04:00
## Setup
2018-02-06 21:57:41 -05:00
2018-04-15 14:15:58 -04:00
1. Run the [**tun.sh** ](https://raw.githubusercontent.com/qdm12/private-internet-access-docker/master/tun.sh ) script on your host machine to ensure you have the `/dev/tun` device setup
2018-02-21 11:55:45 -05:00
2018-02-06 21:57:41 -05:00
```bash
2018-03-31 20:33:45 -04:00
wget https://raw.githubusercontent.com/qdm12/private-internet-access-docker/master/tun.sh
2018-02-06 21:57:41 -05:00
sudo chmod +x tun.sh
./tun.sh
```
2018-04-13 15:35:31 -04:00
1. Create a network to be used by this container and other containers connecting to it with:
```bash
docker network create pianet
```
2018-02-21 11:55:45 -05:00
2018-03-31 20:33:45 -04:00
1. Create a file * auth.conf * in `/yourhostpath` (for example), with:
2018-02-06 21:57:41 -05:00
- On the first line: your PIA username (i.e. `js89ds7` )
- On the second line: your PIA password (i.e. `8fd9s239G` )
2018-04-15 14:15:58 -04:00
2018-03-31 20:33:45 -04:00
### Using Docker only
2018-04-15 14:15:58 -04:00
1. Run the container with (at least change `/yourhostpath` to your actual path):
2018-02-21 11:55:45 -05:00
2018-04-15 14:15:58 -04:00
```bash
docker run -d --restart=always --name=pia --cap-add=NET_ADMIN \
--device=/dev/net/tun --network=pianet \
-v /yourhostpath/auth.conf:/auth.conf:ro \
-e REGION=Germany -e PROTOCOL=udp -e ENCRYPTION=normal \
qmcgaw/private-internet-access
```
2018-02-21 11:55:45 -05:00
2018-04-15 14:15:58 -04:00
Note that you can change `REGION` , `PROTOCOL` and `ENCRYPTION` .
See the [Environment variables section ](#environment-variables )
1. Wait about 5 seconds for it to connect to the PIA server. You can check with:
2018-02-21 11:55:45 -05:00
2018-04-15 14:15:58 -04:00
```bash
docker logs pia
```
2018-02-21 11:55:45 -05:00
2018-04-15 14:15:58 -04:00
1. Follow the [**Testing section** ](#testing )
2018-02-21 11:55:45 -05:00
2018-03-31 20:33:45 -04:00
### Using Docker Compose
1. Download [**docker-compose.yml** ](https://github.com/qdm12/private-internet-access-docker/blob/master/docker-compose.yml )
2018-04-15 14:15:58 -04:00
1. Edit it and change at least `yourpath`
2018-03-31 20:33:45 -04:00
1. Run the container as a daemon in the background with:
```bash
docker-compose up -d
```
2018-04-15 14:15:58 -04:00
Note that you can change `REGION` , `PROTOCOL` and `ENCRYPTION` .
See the [Environment variables section ](#environment-variables )
1. Wait about 5 seconds for it to connect to the PIA server. You can check with:
2018-04-13 15:35:31 -04:00
```bash
docker logs pia
```
2018-04-15 14:15:58 -04:00
1. Follow the [**Testing section** ](#testing )
2018-04-13 15:35:31 -04:00
## Testing
2018-03-31 20:33:45 -04:00
1. Check your host IP address with:
```bash
curl -s ifconfig.co
```
1. Run the **curl ** Docker container using your * pia * container with:
```bash
2018-04-15 14:15:58 -04:00
docker run --rm --network=container:pia byrnedo/alpine-curl ifconfig.co
2018-03-31 20:33:45 -04:00
```
2018-04-13 15:35:31 -04:00
If the displayed IP address appears and is different that your host IP address,
the PIA client should fully work !
2018-02-06 21:57:41 -05:00
2018-04-15 14:15:58 -04:00
## Environment variables
| Environment variable | Default | Description |
| --- | --- | --- |
| `REGION` | `Switzerland` | Any one of the [regions supported by private internet access ](https://www.privateinternetaccess.com/pages/network/ ) |
| `PROTOCOL` | `tcp` | `tcp` or `udp` |
| `ENCRYPTION` | `strong` | `normal` or `strong` |
2018-02-06 21:57:41 -05:00
2018-04-15 14:15:58 -04:00
If you know what you're doing, you can change the container name (`pia` ),
the hostname (`piaclient` ) and the network name (`pianet` ) as well.
2018-02-21 11:55:45 -05:00
2018-04-13 15:35:31 -04:00
## Connect other containers to it
Connect other Docker containers to the PIA VPN connection by adding
`--network=container:pia` when launching them.
2018-04-15 14:15:58 -04:00
---
2018-04-13 15:35:31 -04:00
2018-04-15 14:15:58 -04:00
## EXTRA: Access ports of containers connected to the VPN container
2018-02-21 11:55:45 -05:00
You have to use another container acting as a Reverse Proxy such as Nginx.
**Example**:
2018-04-13 15:35:31 -04:00
- *Deluge* container with name **deluge ** connected to the `pia` container with `--network=container:pia`
- Deluge's WebUI runs on port TCP 8112
2018-02-21 11:55:45 -05:00
2018-04-13 15:35:31 -04:00
1. Create the Nginx configuration file * nginx.conf * :
2018-02-21 11:55:45 -05:00
```
2018-02-21 11:56:42 -05:00
user nginx;
worker_processes 1;
2018-02-21 11:55:45 -05:00
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
2018-02-21 11:56:42 -05:00
http {
2018-02-21 11:55:45 -05:00
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
location / {
proxy_pass http://deluge:8112/;
proxy_set_header X-Deluge-Base "/";
}
}
include /etc/nginx/conf.d/*.conf;
}
```
2018-04-13 15:35:31 -04:00
1. Run the Alpine [Nginx container ](https://hub.docker.com/_/nginx ) with:
2018-02-21 11:55:45 -05:00
```bash
2018-04-13 15:35:31 -04:00
docker -d --restart=always --name=proxypia -p 8000:80 \
--network=pianet --link pia:deluge \
2018-02-21 11:55:45 -05:00
-v /mypathto/nginx.conf:/etc/nginx/nginx.conf:ro nginx:alpine
```
2018-04-13 15:35:31 -04:00
1. Access the WebUI of Deluge at [localhost:8000 ](http://localhost:8000 )
For more containers, add more `--link pia:xxx` and modify * nginx.conf * accordingly
2018-04-15 14:15:58 -04:00
## EXTRA: For the paranoids
- You might want to build the image yourself
- The download and unziping is done at build for the ones not able to download the zip files with their ISPs.
- Checksums for PIA openvpn zip files are not used as these files change often
- You should use strong encryption for the environment variable `ENCRYPTION`
