62 lines
3.3 KiB
Markdown
62 lines
3.3 KiB
Markdown
# OpenVPN Monitor & Profiler
|
|
|
|
A modern, full-stack management solution for OpenVPN servers. It combines real-time traffic monitoring, historical analytics, and comprehensive user profile/PKI management into a unified web interface. Perfect for both containerized (Docker) and native (Alpine/Debian/Ubuntu) deployments.
|
|
|
|
## 🏗️ Project Architecture
|
|
|
|
The project is modularized into four core microservices, split between **Monitoring (Core)** and **Management (Profiler)**:
|
|
|
|
| Component | Directory | Service Name | Description |
|
|
| :--- | :--- | :--- | :--- |
|
|
| **User Interface** | `APP_UI/` | `ovp-ui` | Vue 3 + Vite SPA + Nginx. Communicates with both APIs. |
|
|
| **Monitoring API** | `APP_CORE/` | `ovp-api` | Flask API for real-time stats, sessions, and bandwidth data. |
|
|
| **Data Gatherer** | `APP_CORE/` | `ovp-gatherer` | Background service for traffic log aggregation & TSDB logic. |
|
|
| **Profiler API** | `APP_PROFILER/` | `ovp-profiler` | FastAPI module for PKI management, User Profiles, and VPN control. |
|
|
|
|
## 📦 Quick Start (Docker)
|
|
|
|
The recommended way to deploy is using Docker Compose:
|
|
|
|
1. **Clone the repository**
|
|
2. **Start all services**:
|
|
```bash
|
|
docker-compose up -d --build
|
|
```
|
|
3. **Access the Dashboard**: Open `http://localhost` (or your server IP) in your browser.
|
|
4. **Initialize PKI**: On the first run, navigate to the **PKI Configuration** page in the UI and click **Initialize PKI**. This sets up the CA and Easy-RSA workspace.
|
|
|
|
## ⚙️ Configuration
|
|
|
|
The system uses a unified configuration approach. Settings can be defined in `config.ini` files or overridden by environment variables following the `OVPMON_{SECTION}_{KEY}` format.
|
|
|
|
### Key Environment Variables
|
|
|
|
| Variable | Description | Default Value |
|
|
| :--- | :--- | :--- |
|
|
| `OVPMON_API_SECRET_KEY` | Unified JWT Secret Key (used by both APIs) | `supersecret` |
|
|
| `OVPMON_PROFILER_DB_PATH` | Path to Profiler (users/pki) SQLite DB | `/app/db/ovpn_profiler.db` |
|
|
| `OVPMON_OPENVPN_MONITOR_DB_PATH` | Path to Monitoring (traffic) SQLite DB | `/app/db/openvpn_monitor.db` |
|
|
| `OVPMON_OPENVPN_MONITOR_LOG_PATH`| Path to OpenVPN status log | `/var/log/openvpn/openvpn-status.log` |
|
|
| `OVPMON_LOGGING_LEVEL` | Logging level (INFO/DEBUG) | `INFO` |
|
|
|
|
## 🛠️ Performance & Environment Awareness
|
|
|
|
- **Container Transparency**: When running in Docker, the Profiler manages OpenVPN directly to bypass cgroups restrictions.
|
|
- **Host Integration**: When running natively on Alpine or Debian/Ubuntu, it automatically switches to `rc-service` or `systemctl`.
|
|
- **Persistent Data**: Logs, Certificates (PKI), and Databases are stored in Docker volumes (`ovp_logs`, `ovp_pki`, `db_data`).
|
|
|
|
## 📚 Development
|
|
|
|
### Component Development
|
|
- **UI**: Uses `composables/useApi.js` to route requests to the appropriate backend service based on URL.
|
|
- **Profiler**: Clean Python/FastAPI code with SQLAlchemy models. Supports "staging" local mode for development without root access.
|
|
- **Core**: Lightweight Flask services focused on high-performance log parsing.
|
|
|
|
---
|
|
|
|
### ⚠️ Important Notes
|
|
|
|
1. **Privileged Mode**: The `ovp-profiler` container requires `NET_ADMIN` capabilities for iptables and TUN management.
|
|
2. **Network Setup**: Ensure `net.ipv4.ip_forward=1` is enabled (handled automatically in the docker-compose `sysctls` section).
|
|
3. **JWT Safety**: Always change the `OVPMON_API_SECRET_KEY` in production.
|