înregistrare Logare
Puncte:0
Steven Venham avatar Server

Docker connect to specific service ports though WAN or VPN

drapel de
Steven Venham

Is there a good guide or example for setting up a sort of.. Complex (Public/Private) network with docker?

So going forward, Lets assume:

  1. I have A working reverse proxy setup running in docker. (jwilder/nginx-proxy)
  2. I have a Pihole service running in docker. (Plan to force its use inside the VPN)
  3. I have A VPN Server running in docker. (kylemanna/openvpn)
  4. I have Multiple Servers.

For each Service stack running in docker started with docker compose, I specify 2 networks, frontend and backend

networks:
  frontend:
    external:
      name: reverse_proxy
  backend:
    external:
      name: vpn

Front end specifies that it can be accessed via the reverse proxy Back end specifies it can be accessed via the VPN.

When I create services in docker, regardless of what server it is on, I want to be able to access back end services only though the same VPN.

So for instance if I launch:

services:
  db:
    image: mysql:5.7
    container_name: db.service1.example.com
  service1:
    depends_on:
      - db
    image: wordpress
    container_name: service1.example.com
    environment:
      - VIRTUAL_HOST=service1.example.com
      - LETSENCRYPT_HOST=service1.example.com
      - VIRTUAL_PORT=80
    networks:
      - backend
      - frontend
  adminservice:
    image: phpmyadmin/phpmyadmin
    container_name: admin.service1.example.com
    environment:
      - VIRTUAL_HOST=admin.service1.example.com
      - LETSENCRYPT_HOST=admin.service1.example.com
      - VIRTUAL_PORT=80
    networks:
      - backend
    
networks:
  frontend:
    external:
      name: reverse_proxy
  backend:
    external:
      name: vpn

(Note the above code, does not contain information pertaining to the proper setup of a mysql instance and will not work. this is just an example)

In order to do what I want, I'm assuming that I need a VPN client container connected to the VPN server container (If on the same server as the VPN Server container) and a second Reverse proxy to manage the Routing? I'm not entirely sure. I'm also not sure if instead of client to server connections In the VPN I need Server to Server connections, which I'm not even sure is correct/possible

The end goal is to have http://service1.example.com visible to the open internet. and have http://admin.service1.example.com 404 unless your connected to the VPN.

Am I on the right track?

From what iv seen of accessing services in docker though a VPN, I can only route the entire service and all ports though the VPN. Or have the ports listed in the VPN itself Which which routes the traffic of the container though the VPN but accessing it is not restricted to the VPN.

152
0 + 0
drapel romania
SEF 777
întrebarea această in alte limbi:

Postează un răspuns

Majoritatea oamenilor nu înțeleg că a pune multe întrebări deblochează învățarea și îmbunătățește legătura interpersonală. În studiile lui Alison, de exemplu, deși oamenii își puteau aminti cu exactitate câte întrebări au fost puse în conversațiile lor, ei nu au intuit legătura dintre întrebări și apreciere. În patru studii, în care participanții au fost implicați în conversații ei înșiși sau au citit transcrieri ale conversațiilor altora, oamenii au avut tendința să nu realizeze că întrebarea ar influența – sau ar fi influențat – nivelul de prietenie dintre conversatori.