CF Swarm: End-to-End Coldfusion Pipeline with Cont
  • Preface: Who Is This Guide For?
  • About the Author & License
  • Part 1: What Containers Mean To Web Applications (and You)
  • Part 2: Before You Begin
  • Part 3: Docker in Development
    • Installing Docker: Initial Setup
    • Running Docker: Clone a Working Development Stack
    • docker-compose.yml: A Closer Look
    • nginx.conf: Reverse Proxy to a CF Engine
  • Part 4: Building Images and Container Registries
    • Our First Image: A Sample Build Environment
  • Part 5: Choosing a Cloud Infrastructure Provider
  • Part 6: The Production Network Layout (How Many Instances and What Kind)
    • Your First Instance: Provisioning
    • Your First Instance: Basic Configuration & Security
    • Your First Instance: (Optional) Provider-Level Firewall
    • Your First Instance: Taking A Snapshot
  • Part 7: Production Setup (Outside the Swarm)
    • Pipeline Setup: Instance Prep
    • Pipeline Setup: VPN Server
    • Pipeline Setup: Source Control & Container Registry
    • Pipeline Setup: Database Prep
      • Pipeline Setup: MySQL
    • Pipeline Setup: Microsoft SQL Server
    • Pipeline Setup: Provider Firewall
  • Part 8: Production Setup (The Swarm)
    • Container Strategy
  • Credits & Acknowledgments
Powered by GitBook
On this page
  • OpenVPN: Free, Ubiquitious, Not Quite Plug-and-Play
  • Our Recommendation: Pritunl
  • Configuring Your VPN
  1. Part 7: Production Setup (Outside the Swarm)

Pipeline Setup: VPN Server

PreviousPipeline Setup: Instance PrepNextPipeline Setup: Source Control & Container Registry

Last updated 6 years ago

Whether and to what extent you need a VPN in your production pipeline will depend on how your company network is configured. Out shop is a virtual office, so our developers have to be able to reach our production instances from anywhere. There are a number of ways to solve this problem, and most providers allow some form of console access right from their web-based control panels; but we'd like our own network path to all the services we're going to set up in the cloud and we don't want to have to be messing with firewall rules every time we add or lose a team member. This means a VPN server and VPN clients on all of our droplets.

OpenVPN: Free, Ubiquitious, Not Quite Plug-and-Play

DigitalOcean has an on Ubuntu. It is powerful and flexible and has a medium-sized learning curve.

Aside: Quick 'n Dirty OpenVPN Install

Nyr maintains a "Road Warrior" CLI that will get you up and running faster.

Our Recommendation: Pritunl

There are a number of OpenVPN-derived products that package the same server with accessible management utilities. This is often a trade-off, either in terms of reduced functionality or else paid support, but if you don't have DevOps engineers with dedicated expertise, you'll be well served (as we were) with web-based OpenVPN implementations like , whose free tier is adequate for our needs while offering plenty of bells and whistles if and when you need to scale up.

Configuring Your VPN

For the purposes of this guide, we will assume that you can configure Firewall rules that explicitly allows desirable access over a VPN and denies access to everyone else. The tools you use to accomplish this are up to you and beyond the scope of the guide, but it's trivial to manage even a simple firewall like UFW to allow access to some or all ports over your VPN network interface while blocking access over a public interface.

excellent guide on setting up an OpenVPN Server
OpenVPN installation and management utility
Pritunl