- Git repo of the unofficial docker image for OpenSPA
- OpenSPA images help you to follow OpenSPA official tutorial easily
docker pull sepaper/openspa-server
docker pull sepaper/openspa-client
- Clone openspa-docker repo and initialize submodules
git clone https://github.com/sepaper/openspa-docker.git cd openspa-docker git submodule init --update cd openspa git checkout master # dev branch is under development go mod init github.com/greenstatic/openspa go mod tidy
- Run build-server.sh to build OpenSPA server
# To build for Linux (amd64) explicitly ./build-server.sh linux amd64 openspa-server 1.0.0 # To build for MacOS (arm64) explicitly ./build-server.sh darwin arm64 openspa-server 1.0.0
- Run build-client.sh to build OpenSPA client
# To build for Linux (amd64) explicitly ./build-client.sh linux amd64 openspa-client 1.0.0 # To build for MacOS (arm64) explicitly ./build-cient.sh darwin arm64 openspa-client 1.0.0
- Run echo ipv4 server in host
# In host docker run --name echoip -d greenstatic/echo-ip # this server returns an echo response like {"success":true,"ip":"172.17.0.3","isIpv6":false,"datetime":"2022-02-02T08:23:15Z","ipDetails":{"remoteIP":"172.17.0.3","forwardedForIP":""},"service":"echo-ip","version":"1.2.0","srcUrl":"https://github.com/greenstatic/echo-ip"}
- Check the built images
# In host docker images - Create directories used by OpenSPA server to store server key pair and client public keys
# In host mkdir server mkdir server/server-keys mkdir server/client-keys # used for user(client) directory service
- Create a directory used by OpenSPA client to store client public key and config
# In host mkdir clients - Copy OpenSPA server public key to the clients directory
# In host cp server/server-keys/server.pub clients/. - Generate OpenSPA server key pair using OpenSSL
# In host openssl genrsa -out server/server-keys/server.key 2048 openssl rsa -in server/server-keys/server.key -outform PEM -pubout -out server/server-keys/server.pub - Run OpenSPA server
# In host # NET_ADMIN capability is necessary to set iptables docker run --name openspa-server --cap-add=NET_ADMIN -v $(pwd)/server/server-keys:/openspa/keys -v $(pwd)/server/client-keys:/openspa/es/public_keys openspa-server:1.0.0 --echo-ipv4-server http://<echo ipv4 server ip>:<port>
- Run OpenSPA client
# In host docker run --name openspa-client -v $(pwd)/clients:/openspa/clients -it openspa-client:1.0.0 /bin/bash
- Generate client key pair and config using OpenSPA tools
# In host docker exec -it openspa-client /bin/bash # In OpenSPA client cd openspa ./openspa-tools gen-client clients/pub -o clients # you can press enter for all to set as default ls clients # find out client device id in a name of created directory
- Register OpenSPA client public key to OpenSPA server
# In host cp clients/0195e956-....-ef2er/0195e956-....-ef2er.pub server/client-keys/. - Send OpenSPA request and ping to OpenSPA server in OpenSPA client
# In OpenSPA client ./openspa-client request clients/0195e956-....-ef2er/client.ospa --protocol icmp -p 1 --echo-ipv4-server http://<echo ipv4 server ip>:<port> --server-ip <OpenSPA server ip> ping <OpenSPA server ip>