Setting up an OpenVPN Server with Management UI using Docker

In this comprehensive guide, I will show you how to deploy your own OpenVPN server with an admin UI for easily managing users, configuring certificates, and more. We will use Docker to simplify deployment, and Nginx proxy with Let's Encrypt SSL to securely expose the management interface.

Introduction to OpenVPN

OpenVPN is an open-source VPN software allowing you to create secure point-to-point or site-to-site connections for protecting privacy online, accessing home/organizational resources remotely, and more. The advantages of hosting your own OpenVPN server include:

• Encrypted tunnel for online traffic to enhance privacy
• Secure remote access to your home or office network
• Bypass geographic restrictions to access content
• Safeguard connections when using public WiFi

Overview of Setup Process

At a high-level, these are the steps we will walk through:

1. Install Docker engine to run containers
2. Get OpenVPN container images and configuration files
3. Deploy the OpenVPN server and admin UI containers
4. Retrieve auto-generated admin password for accessing the UI
5. Install Nginx and Certbot to expose UI over the internet
6. Configure Nginx as a reverse proxy and SSL with Let's Encrypt

So let's get started with setting up our secure OpenVPN server!

Automated Setup with Script

To automate the setup process, I've created this simple bash script:

#!/bin/bash

# Check if running with sudo  
if [ "$EUID" -ne 0 ]; then
  echo "Please run this script with sudo. Example: sudo $0"
  exit 1
fi

# Install Docker 
sudo apt update
sudo apt install -y docker.io docker-compose awk

# Clone the OpenVPN configuration
git clone https://github.com/janamkhatiwada/openvpnserver-with-ui.git
cd openvpnserver-with-ui
      
# Run Docker Compose 
docker-compose up -d

# Extract and echo the admin password
admin_password=$(awk '/OPENVPN_ADMIN_PASSWORD/ {print $2}' docker-compose.yml | tr -d '"' | tr -d '\n')  
echo "Password for admin is: $admin_password"

To use it, copy the contents into a new file setup_openvpn.sh and run:

chmod +x setup_openvpn.sh
./setup_openvpn.sh

This will automatically install Docker, clone the config files, deploy the containers and print out the Management UI login password.

And that's it! Your own OpenVPN server with Management UI will be up in just a minute or two.

Additional Setup Considerations

AWS Security Groups:

If deploying the server on AWS, allow UDP 1194 port in the security group:

- Allow Port 1194/UDP in security group 

This opens the port used by OpenVPN traffic.

Modifying Admin Password:

You can change the auto-generated admin password for logging into the Management UI by editing docker-compose.yml:

environment:
  - OPENVPN_ADMIN_PASSWORD=somesecretpassword  

Be sure to update this before initial deployment.

Exposing the Management UI securely over the Internet

By default, the management UI runs on port 8080 and is not encrypted or accessible over the internet. We can expose it securely by putting Nginx reverse proxy in front and using Let's Encrypt for free SSL certificates.

Install Nginx

sudo apt install nginx
sudo systemctl enable nginx

Install Certbot to automatically configure SSL

sudo apt install certbot python3-certbot-nginx

Configure Nginx Virtual Host

Here is a sample Nginx server block configuration:

server {
    listen 80;
    server_name vpn.mydomain.com;

    location / {
        proxy_pass http://localhost:8080; 
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Get SSL Certificate

sudo certbot --nginx -d vpn.mydomain.com

Certbot will automatically configure SSL and redirect HTTP to HTTPS in Nginx.

And that's it! The management UI will now be accessible over the internet at https://vpn.mydomain.com with free SSL certificate from Let's Encrypt.