Docker-compose: VPN with some encapsulated server processes


years ago, I built a single image that contained several applications: A VPN client (l2tp) and a mqtt server and an httpd that could only be addressed via the VPN IP. There is no communication from mqtt and httpd to the host.

Now I want to switch to several containers using docker-compose. Well, docker-compose is starting the containers, but how can I connect mqtt and httpd to the (fixed) IP that I get via VPN? Very important: neither httpd nor mqtt may not be reached from the host (for “normal” users).

Thanks for any hint!