Docker Community Forums

Share and learn in the Docker community.

Docker (mediawiki) container not accessible when logged to VPN


#1

Hey everyone! I just started learning UNIX-based systems and docker itself, but I have a major issue with somewhat a simple set-up. Before you read the thread - I have no idea if this is the right place to describe my problem. If you know another forum which is more appropriate, please suggest it :)There’s the situation:
I have 3 machines:

  1. Ubuntu server 18.04.1 LTS
  2. A FreeNAS server (version doesn’t matter)
  3. A client machine (any OS, windows, linux etc.)

The original idea is to have an OpenVPN server on the Server machine which protects other services installed on it. So for example, i want to have a mediawiki container that is only accessible for clients logged in to the VPN.

On my Ubuntu server I installed and configured an OpenVPN server (directly, not with docker) with, let’s say a 10.9.0.0/24 internal network. I created a ufw rule:
sudo ufw allow openvpn

I tested the tun connection by connecting from a client machine and it works - the IP of the client is masqueraded and the client can access the internet.

Then, on the server I installed docker and run a mediawiki container. Installed it, seems fine, I can access it via the internet (port mapping is 80:80).

Then, I blocked port 80 with UFW:
sudo ufw deny 80
sudo ufw reload

Now, when a client logs in to VPN, it has access to the internet, but not the wikimedia container.
I spent the last couple of days trying hundreds of ufw rule combinations and none of them work.
Is such setup possible or do i have to use docker networks with specific iptables rules?

Please forgive me my noobish-ness.

Ubuntu server:

    Distributor ID: Ubuntu
    Description:    Ubuntu 18.04.1 LTS
    Release:        18.04
    Codename:       bionic

Docker:

    Client:
     Version:           18.09.1
     API version:       1.39
     Go version:        go1.10.6
     Git commit:        4c52b90
     Built:             Wed Jan  9 19:35:31 2019
     OS/Arch:           linux/amd64
     Experimental:      false

    Server: Docker Engine - Community
     Engine:
      Version:          18.09.1
      API version:      1.39 (minimum version 1.12)
      Go version:       go1.10.6
      Git commit:       4c52b90
      Built:            Wed Jan  9 19:02:44 2019
      OS/Arch:          linux/amd64
      Experimental:     false