Join Log in
Score:0
Steven Venham avatar Server

Docker connect to specific service ports though WAN or VPN

de flag
Steven Venham

Is there a good guide or example for setting up a sort of.. Complex (Public/Private) network with docker?

So going forward, Lets assume:

  1. I have A working reverse proxy setup running in docker. (jwilder/nginx-proxy)
  2. I have a Pihole service running in docker. (Plan to force its use inside the VPN)
  3. I have A VPN Server running in docker. (kylemanna/openvpn)
  4. I have Multiple Servers.

For each Service stack running in docker started with docker compose, I specify 2 networks, frontend and backend

networks:
  frontend:
    external:
      name: reverse_proxy
  backend:
    external:
      name: vpn

Front end specifies that it can be accessed via the reverse proxy Back end specifies it can be accessed via the VPN.

When I create services in docker, regardless of what server it is on, I want to be able to access back end services only though the same VPN.

So for instance if I launch:

services:
  db:
    image: mysql:5.7
    container_name: db.service1.example.com
  service1:
    depends_on:
      - db
    image: wordpress
    container_name: service1.example.com
    environment:
      - VIRTUAL_HOST=service1.example.com
      - LETSENCRYPT_HOST=service1.example.com
      - VIRTUAL_PORT=80
    networks:
      - backend
      - frontend
  adminservice:
    image: phpmyadmin/phpmyadmin
    container_name: admin.service1.example.com
    environment:
      - VIRTUAL_HOST=admin.service1.example.com
      - LETSENCRYPT_HOST=admin.service1.example.com
      - VIRTUAL_PORT=80
    networks:
      - backend
    
networks:
  frontend:
    external:
      name: reverse_proxy
  backend:
    external:
      name: vpn

(Note the above code, does not contain information pertaining to the proper setup of a mysql instance and will not work. this is just an example)

In order to do what I want, I'm assuming that I need a VPN client container connected to the VPN server container (If on the same server as the VPN Server container) and a second Reverse proxy to manage the Routing? I'm not entirely sure. I'm also not sure if instead of client to server connections In the VPN I need Server to Server connections, which I'm not even sure is correct/possible

The end goal is to have http://service1.example.com visible to the open internet. and have http://admin.service1.example.com 404 unless your connected to the VPN.

Am I on the right track?

From what iv seen of accessing services in docker though a VPN, I can only route the entire service and all ports though the VPN. Or have the ports listed in the VPN itself Which which routes the traffic of the container though the VPN but accessing it is not restricted to the VPN.

152
0 + 0
vpn
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.