changes added

DockerWU/SetupDockerOVPNTORCACHE.md

@@ -0,0 +1,174 @@
+To set up a Dockerized environment with OpenVPN, Pi-hole, Tor, caching (Squid), and monitoring, follow these steps:
+
+### 1. **Directory Structure**
+Create the following directory structure to organize configurations and data:
+```
+project/
+├── docker-compose.yml
+├── openvpn/
+│   └── openvpn-data/
+├── pihole/
+│   ├── pihole-data/
+│   └── dnsmasq.d/
+├── tor/
+│   └── torrc
+├── squid/
+│   ├── squid.conf
+│   └── cache/
+└── monitoring/
+    └── prometheus.yml
+```
+
+### 2. **Docker Compose File (`docker-compose.yml`)**
+```yaml
+version: '3.8'
+
+services:
+  openvpn:
+    image: kylemanna/openvpn
+    container_name: openvpn
+    cap_add:
+      - NET_ADMIN
+    ports:
+      - "1194:1194/udp"
+    volumes:
+      - ./openvpn/openvpn-data:/etc/openvpn
+    networks:
+      vpn_net:
+        ipv4_address: 172.20.0.10
+    environment:
+      - VPN_DNS=172.20.0.20  # Pi-hole's static IP
+    restart: unless-stopped
+
+  pihole:
+    image: pihole/pihole
+    container_name: pihole
+    networks:
+      vpn_net:
+        ipv4_address: 172.20.0.20
+    environment:
+      TZ: "America/New_York"
+      DNS1: "172.20.0.30#5353"  # Tor's DNS port
+      WEBPASSWORD: "securepassword"
+    volumes:
+      - ./pihole/pihole-data:/etc/pihole
+      - ./pihole/dnsmasq.d:/etc/dnsmasq.d
+    restart: unless-stopped
+    depends_on:
+      - tor
+
+  tor:
+    image: torproject/tor
+    container_name: tor
+    networks:
+      vpn_net:
+        ipv4_address: 172.20.0.30
+    volumes:
+      - ./tor/torrc:/etc/tor/torrc
+    restart: unless-stopped
+
+  squid:
+    image: sameersbn/squid
+    container_name: squid
+    networks:
+      vpn_net:
+        ipv4_address: 172.20.0.40
+    volumes:
+      - ./squid/squid.conf:/etc/squid/squid.conf
+      - ./squid/cache:/var/spool/squid
+    ports:
+      - "3128:3128"
+    restart: unless-stopped
+
+  monitoring:
+    image: prom/prometheus
+    container_name: prometheus
+    networks:
+      - vpn_net
+    ports:
+      - "9090:9090"
+    volumes:
+      - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml
+    restart: unless-stopped
+
+networks:
+  vpn_net:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.20.0.0/24
+```
+
+### 3. **Configuration Files**
+
+- **Tor (`tor/torrc`)**:
+  ```ini
+  DNSPort 0.0.0.0:5353
+  Log notice stdout
+  ```
+
+- **Squid (`squid/squid.conf`)**:
+  ```conf
+  http_port 3128
+  cache_dir ufs /var/spool/squid 1000 16 256
+  access_log stdio:/var/log/squid/access.log
+  cache_log /var/log/squid/cache.log
+  acl localnet src 172.20.0.0/24
+  http_access allow localnet
+  http_access deny all
+  ```
+
+- **Prometheus (`monitoring/prometheus.yml`)**:
+  ```yaml
+  global:
+    scrape_interval: 15s
+
+  scrape_configs:
+    - job_name: 'docker'
+      static_configs:
+        - targets: ['openvpn:1194', 'pihole:53', 'squid:3128']
+  ```
+
+### 4. **Setup Steps**
+
+1. **Initialize OpenVPN**:
+   ```bash
+   docker-compose run --rm openvpn ovpn_genconfig -u udp://VPN.SERVER.IP
+   docker-compose run --rm openvpn ovpn_initpki
+   ```
+   Replace `VPN.SERVER.IP` with your server's public IP.
+
+2. **Start Services**:
+   ```bash
+   docker-compose up -d
+   ```
+
+3. **Configure Clients**:
+   Generate client profiles with:
+   ```bash
+   docker-compose run --rm openvpn easyrsa build-client-full CLIENTNAME nopass
+   docker-compose run --rm openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
+   ```
+   Ensure clients use Pi-hole (`172.20.0.20`) as their DNS.
+
+4. **Verify Services**:
+   - Access Pi-hole admin at `http://SERVER_IP:80/admin` (use the WEBPASSWORD set).
+   - Test Squid by configuring a client to use `SERVER_IP:3128` as a proxy.
+   - Monitor traffic via Prometheus at `http://SERVER_IP:9090`.
+
+### 5. **Monitoring Enhancements**
+- **Grafana**: Add Grafana to visualize Prometheus data.
+- **ntopng**: Use `ntop/ntopng` for real-time traffic analysis.
+- **cAdvisor**: Monitor container resource usage.
+
+### 6. **Security Notes**
+- **Firewall**: Restrict access to OpenVPN, Squid, and monitoring ports.
+- **Updates**: Regularly update Docker images and configurations.
+- **Backups**: Backup volume directories (`openvpn-data`, `pihole-data`, etc.).
+
+### 7. **Troubleshooting**
+- Check logs: `docker-compose logs [service]`.
+- Verify DNS resolution with `dig @172.20.0.20 example.com` from a client.
+- Test Tor DNS with `dig @172.20.0.30 -p 5353 example.com`.
+
+This setup routes client traffic through OpenVPN, uses Pi-hole for DNS (via Tor), caches web traffic with Squid, and monitors the infrastructure. Adjust IPs and ports as needed for your environment.

SUMMARY.md

@@ -38,6 +38,7 @@
 * [Docker Write-ups](docker-write-ups/README.md)
   * [Docker Networking](DockerWU/dockernetworking.md)
   * [Setup Docker Webservice](DockerWU/SettingUpDockerforWebServices.md)
+  * [Setup Docker OPenvpn, Tor, Cache](DockerWU/SetupDockerOVPNTORCACHE.md)
 * [Future Projects](future-projects/README.md)
   * [NIST Agregator](future-projects/nist-agregator.md)
   * [DataViz For the Pacific](future-projects/dataviz-for-the-pacific.md)