Dev Inside A Docker Container With SSHFS

Many of you may have already discovered Docker, but have been put off using it due to the prospect of it killing your development cycle because you are rebuilding the container after every change.



We are going to address this by mounting the files directly within the container with SSHFS. This will allow us to make changes in our IDE or text editor, and see them take place immediately inside the container, removing the need to keep rebuilding.

Prerequisites

This tutorial assumes you already have a built container (or a way to build one) and a "project" consisting of a codebase, such as a website. It also assumes that your codebase is on a Linux host that you want to share from. I will be using an Ubuntu 14.04 container, but the theory should also apply to other Linux OS types.

If you are a Windows user, you could use Samba to sync to a linux host, and then use that one for this tutorial
    Start your container with the
    --privileged
    flag added to the
    run
    command. I don't know what options/switches you already have, but you just need to add this one to the list.
    Enter the running container. For this I use lxc-attach, but there is also a fantastic tool called docker-enter on github that you can use, which means you don't have to be running LXC for the container engine.
    Run
    apt-get install sshfs -y
    from inside the container.
    Create a folder where you wish to mount your codebase. This may want to replace any existing code that was imported into the container when it was built, in which case remove everything from inside that folder.
    Run the following command:
    sshfs -o allow_other $USER@$IP_OF_CODE_HOST:/full/path/to/codebase /path/to/mount
    The allow_other part is to allow other users within the container, such as www-data to be able to access the files
    That's it! Any changes you make to your codebase are immediately changed in the docker container. This allows you to use docker as an easy/quick way to get a development environment up (like Vagrant)!

OpenVPN - Additional Configurations

If you have just run one of my OpenVPN installation tutorials, there are some more commands that you may wish to run on the server for additional functionality.

After you have finished running the commands you desire, don't forget to restart the OpenVPN service for it to take effect!

Allow Multiple Clients With Same Certificate

If you are extremely lazy like myself, you will run through the installation tutorial and not think twice about creating separate certificates for each user and just provide your computers with the same set of details. If you want to allow two or more of these machines to both be connected at the same time, then you need to run this command.

sed -i "s:;duplicate-cn:duplicate-cn:" /etc/openvpn/server.conf

Allow Clients To See Each Other

If you want the computers connected to the VPN to be able to see and connect to each other (e.g. it's a private VPN rather than a public one), then you need to run the following command:

sed -i "s:;client-to-client:client-to-client:" /etc/openvpn/server.conf

OpenVPN - Create A User With A Static IP

Having a VPN can be a great way to securely run services/servers from your home network, and be able to access them from anywhere in the world. You can think of this as a "dark net" because unless you open up your router, they should only be accessible through the VPN. In order to set up these services, it is much easier if they are assigned a static IP, so that they don't keep "moving about" and you can even assign them your own DNS settings.

Prerequisites

This tutorial assumes that you have already created an OpenVPN server, preferably with one of my OpenVPN installation tutorials.

    On your OpenVPN server, define a directory where the client scripts should be stored.

    mkdir /etc/openvpn/staticclients
    Add this directory as option to your openvpn configfile at the server by replacing the configuration line as shown below:
    editor /etc/openvpn/server.conf
    Now run the following commands, and answer all the questions. Whenver it asks you for a name, you MUST use the same name as specified in the CLIENT_NAME variable.
    DESIRED_STATIC_IP="10.8.x.x"
    CLIENT_NAME="example-user"
    
    echo "ifconfig-push $DESIRED_STATIC_IP 10.8.0.1" > /etc/openvpn/staticclients/$CLIENT_NAME
    cd /etc/openvpn/easy-rsa
    ./vars
    ./build-key $CLIENT_NAME
    
    Copy the
    $CLIENT_NAME.crt
    ,
    $CLIENT_NAME.key
    and the already existing
    ca.crt
    files from the server to your client machine that you are assigning the static IP.
    Remember the full path where you save the files as we are going to use this as
    $CONFIG_FILE_PATH
    in the next step.
    Edit the variable names in the following text, and save it on the client machine as
    client.conf
    .
    ##############################################
    # Sample client-side OpenVPN 2.0 config file #
    # for connecting to multi-client server.     #
    #                                            #
    # This configuration can be used by multiple #
    # clients, however each client should have   #
    # its own cert and key files.                #
    #                                            #
    # On Windows, you might want to rename this  #
    # file so it has a .ovpn extension           #
    ##############################################
    
    # Specify that we are a client and that we
    # will be pulling certain config file directives
    # from the server.
    client
    
    # Use the same setting as you are using on
    # the server.
    # On most systems, the VPN will not function
    # unless you partially or fully disable
    # the firewall for the TUN/TAP interface.
    ;dev tap
    dev tun
    
    # Windows needs the TAP-Win32 adapter name
    # from the Network Connections panel
    # if you have more than one.  On XP SP2,
    # you may need to disable the firewall
    # for the TAP adapter.
    ;dev-node MyTap
    
    # Are we connecting to a TCP or
    # UDP server?  Use the same setting as
    # on the server.
    ;proto tcp
    proto udp
    
    # The hostname/IP and port of the server.
    # You can have multiple remote entries
    # to load balance between the servers.
    remote $VPN_SERVER_IP 1194
    ;remote my-server-2 1194
    
    # Choose a random host from the remote
    # list for load-balancing.  Otherwise
    # try hosts in the order specified.
    ;remote-random
    
    # Keep trying indefinitely to resolve the
    # host name of the OpenVPN server.  Very useful
    # on machines which are not permanently connected
    # to the internet such as laptops.
    resolv-retry infinite
    
    # Most clients don't need to bind to
    # a specific local port number.
    nobind
    
    # Downgrade privileges after initialization (non-Windows only)
    ;user nobody
    ;group nobody
    
    # Try to preserve some state across restarts.
    persist-key
    persist-tun
    
    # If you are connecting through an
    # HTTP proxy to reach the actual OpenVPN
    # server, put the proxy server/IP and
    # port number here.  See the man page
    # if your proxy server requires
    # authentication.
    ;http-proxy-retry # retry on connection failures
    ;http-proxy [proxy server] [proxy port #]
    
    # Wireless networks often produce a lot
    # of duplicate packets.  Set this flag
    # to silence duplicate packet warnings.
    ;mute-replay-warnings
    
    # SSL/TLS parms.
    # See the server config file for more
    # description.  It's best to use
    # a separate .crt/.key file pair
    # for each client.  A single ca
    # file can be used for all clients.
    ca $CONFIG_FILE_PATH/ca.crt
    cert $CONFIG_FILE_PATH/$CLIENT_NAME.crt
    key $CONFIG_FILE_PATH/$CLIENT_NAME.key
    
    # Verify server certificate by checking
    # that the certicate has the nsCertType
    # field set to "server".  This is an
    # important precaution to protect against
    # a potential attack discussed here:
    #  http://openvpn.net/howto.html#mitm
    #
    # To use this feature, you will need to generate
    # your server certificates with the nsCertType
    # field set to "server".  The build-key-server
    # script in the easy-rsa folder will do this.
    ns-cert-type server
    
    # If a tls-auth key is used on the server
    # then every client must also have the key.
    ;tls-auth ta.key 1
    
    # Select a cryptographic cipher.
    # If the cipher option is used on the server
    # then you must also specify it here.
    ;cipher x
    
    # Enable compression on the VPN link.
    # Don't enable this unless it is also
    # enabled in the server config file.
    comp-lzo
    
    # Set log file verbosity.
    verb 3
    
    # Silence repeating messages
    ;mute 20
    

    Start VPN Script

    Create a script with the following contents in the same folder as where you stuck all the configuration files.
    DIR=$(dirname $0)
    sudo openvpn --config $DIR/client.conf --script-security 2
    
    Call the script you just created, with Bash, in order to start the VPN connection

References