For a new project I needed to call an API from within a micro service that was running as Docker container. Usually this would not be a big deal. However, the API is a private API and, therefore, it is only accessible from within a virtual private network (VPN).
I struggled for while to get everything running. So I hope these snippets can help you. You basically just need to install OpenConnect to your image, add a small script to build the connection at start time and run the container as privileged.
Add the following lines to your
Dockerfile (only tested for Debian-based images):
# Define environment variables ENV VPN_SERVER='vpn.your-server.com' ENV VPN_SERVER_CERT='your cert if needed' ENV VPN_LOGIN='your.username' ENV VPN_PASSWORD='YourPassword' # install VPN utils RUN apt-get install -y openvpn openconnect
Create the following bash script that connects the Docker container to the VPN server:
#!/bin/bash if [ -z "$VPN_SERVER_CERT" ] then echo $VPN_PASSWORD |openconnect -u $VPN_LOGIN $VPN_SERVER --passwd-on-stdin -b else echo $VPN_PASSWORD |openconnect -u $VPN_LOGIN $VPN_SERVER --servercert $VPN_SERVER_CERT --passwd-on-stdin -b fi # Wait a little sleep 5 # Print IP curl http://api.ipify.org # Run your regular commands # ...
To start the your container run the following command (
--privileged is required to make it work):
docker run -it \ --privileged \ -e VPN_SERVER=vpn.foo.com \ -e VPN_LOGIN=mylogin \ -e VPN_PASSWORD=mypass \ vpn-docker-img-name /app/start.sh