Accessing Container Ports/Services Behind VPN Docker Network From Local Network (container:gluetun)

General
1

Hi All,

I’m using docker-compose to set up a container using Gluetun VPN (qmcgaw/gluetun:latest) and am trying to use this container as the gateway for all other containers in the same docker network.

https://hub.docker.com/r/qmcgaw/gluetun

I’ve tested everything in bridge network mode, however when I change to network_mode: “container:gluetun”, I can no longer access the web portals for the containers inside the docker network (behind the VPN).

I’ve learnt from one post, I need to list all the ports for all the services on the “container:gluetun” port listing, however I’m uncertain how I’m meant to connect to the services inside the VPN’d docker environment.

How do I access the http://transmission:9091 service from the local network? Do I have to set up a route to the 172.28.10.0/24 network as it is no longer bridged via docker, but by the VPN container?

I’ve watched the demo video on Gluetun page, but can’t figure out ingress / egress connections.

https://forums.docker.com/t/docker-compose-connecting-networks/104490

docker-compose.yaml:

version: "3.5"

networks:
  media_network:
    name: ${NET_NAME}
    driver: bridge
    ipam:
      driver: default
      config:
      - subnet: ${DOCKER_SUBNET}

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: Gluetun
    restart: always
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - "8888:8888/tcp"    # HTTP proxy
      - "8388:8388/tcp"    # Shadowsocks
      - "8388:8388/udp"    # Shadowsocks
      - ${WEBUI_PORT_TRANSMISSION}:9091         # WebUI Portal
      - 51413:51413/tcp   # Torrent Port TCP
      - 51413:51413/udp   # Torrent Port UDP
    volumes:
      - ${FOLDER_FOR_DOCKER}/gluetun/data:/gluetun
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TIMEZONE}
      - VPN_SERVICE_PROVIDER=${VPN_PROVIDER}
      - OPENVPN_USER=${VPN_USERNAME}
      - OPENVPN_PASSWORD=${VPN_PASSWORD}
      - SERVER_REGIONS=${VPN_REGION}
      - FIREWALL_OUTBOUND_SUBNETS=${LOCAL_SUBNET}
      - HTTPPROXY=on
      - SHADOWSOCKS=on
      # Wireguard:
      # - WIREGUARD_PRIVATE_KEY=${WIREGUARD_KEY}
      # - WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESSES}
    networks:
      - ${NET_NAME}

  transmission:
    image: linuxserver/transmission:latest
    container_name: Transmission
    restart: unless-stopped
    depends_on:
      - "gluetun"
#    ports:
#      - ${WEBUI_PORT_TRANSMISSION}:9091         # WebUI Portal
#      - 51413:51413/tcp   # Torrent Port TCP
#      - 51413:51413/udp   # Torrent Port UDP
    volumes:
      - ${FOLDER_FOR_DOCKER}/transmission/config:/config
      - ${FOLDER_FOR_TRANSMISSION}/downloads:/downloads
      - ${FOLDER_FOR_TRANSMISSION}/watch:/watch
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - UMASK=${UMASK}
      - TZ=${TIMEZONE}
#      - TRANSMISSION_WEB_HOME=/combustion-release/ #optional
#      - USER=${PORTAL_USERNAME}  # Optional for WebUI Authentication
#      - PASS=${PORTAL_PASSWORD}  # Optional for WebUI Authentication
#      - WHITELIST=iplist    # Optional
#      - PEERPORT=peerport   # Optional
#      - HOST_WHITELIST=dnsname list   # Optional
#    networks:
#      - ${NET_NAME}
    network_mode: "container:gluetun"

docker-compose.env:

NET_NAME=media_network
DOCKER_SUBNET=172.28.10.0/24
LOCAL_SUBNET=192.168.1.0/24
FOLDER_FOR_DOCKER=/volume1/docker
FOLDER_FOR_MEDIA=/volume1/media
FOLDER_FOR_TRANSMISSION=/volume1/media/transmission

PUID=1000
PGID=1000
UMASK=022
TIMEZONE=Europe/London
VPN_PROVIDER=<REDACTED>
VPN_USERNAME=<REDACTED>
VPN_PASSWORD=<REDACTED>
VPN_REGION=London

PORTAL_USERNAME=<REDACTED>
PORTAL_PASSWORD=<REDACTED>

WEBUI_PORT_TRANSMISSION=9091

Any assistance is greatly appreciated.

TIA

2

So I figured this out in the end.

I needed to use “service:gluetun” and not “container:gluetun” as the network mode, as both services are in the same docker-compose.yaml file at time of creating the stack.

If gluetun was already existing when I created the transmission container, then I’m supposed to use “container:gluetun”.

1 Like
3

Thanks for coming back and sharing your solution!

Sometimes we don’t have time when a topic is created and we forget about that later.

In a Docker Compose file you define services, not containers. Each service will have at least one container, but you can scale that up to run multiple containers in a service.

For example the service name is “gluetun”, but the actual container names could be

  • projectname_gluetun_1
  • projectname_gluetun_2
  • projectname_gluetun_3

In your case you changed the default container name to Gluetun with an upper case G, so you could refer to that container as:

network_mode: "container:Gluetun"

But it is better to use the service name as you did.

4

I am having this issue but not using docker-compose

5

Since the question in this topic was solved and it was related to Docker Compose, could you create a new topic where you explain your issue in details including config files, commands and the error message?

1 Like