While a reverse proxy is good for many server access scenarios, there is no replacement for a full VPN into your server’s network. SpaceInvaderOne has an excellent video tutorial on YouTube, embedded below.
An important point for me was to create an environment variable in the openvpn docker setup: key- INTERFACE, value- br0. Depending on your setup, you may not need to do this, or you may need to set it to something like eth0. Also make sure you are running in host mode (not bridged!).
As you are going through the video above, there are a few steps to ensure your user data doesn’t get lost when you update the docker container in the future:
Before setting admin passwd and add user(s), do the following.
1) stop the container.
2) edit the XML and add a new path where host path is /mnt/cache/openvpn-extra and container path is /opt/extra.
7) exit XML again and add 3 new paths from /mnt/cache/openvpn-extra/passwd to /etc/passwd, /mnt/cache/openvpn-extra/group /etc/group, and /mnt/cache/openvpn-extra/shadw /etc/shadow.
8) restart container. You admin passwd and user(s) will now be preserved outside the container in the /mnt/cache/openvpn-extra diretory. You can also use this directory to hold scripts such as Duo’s openvpn-as.py script for two-factor auth.