Hello everyone,
I’m newbie in docker but I need a to “develop” a complex situation and I would like to know if docker can help me.
On a virtual server I need to create up to 17 docker containers and each container must change its IP connecting to a VPN service.
The question is, if I connected to a VPN server inside a docker container, I would change the IP of the container, or I would change the physical server IP?
I mean can I have a situation where each docker container has different IP using a VPN service but the physical machine keep using its public IP?
That sounds pretty complicated. Hopefully you know your goal well enough to design the most simple solve.
Generally a VPN server is configured with DHCP to hand out IPs from a pool which are configured by the routing to connect to the private network you’re connecting into. For example, my laptop has an IP from my home router which can access the internet, and when I connect to a VPN there is a virtual network adapter which gets an IP from the VPN server. Effectively my laptop has two NICs, and all traffic goes to the NIC that has the destination IP (google.com goes through the physical NIC, VPN IP goes through VPN virtual NIC). The server does not change its IP, it simply hands out IP to the client.
That said, if you want your hosts to hold VPN servers in Docker containers (I’d look up OpenVPN for this perhaps), I would think you’d need the host to not change its IP, but to hand out an IP to whatever the client is. If, however, you mean for the hosts to have some sort of VPN client inside a container, then the container would have the two NIC situation and you’d presumably need to get your IPtables configured for whatever complex routing you think you need.
This seems like a network solution. If you are using docker-compose, networking is rather simple when orchestrating that many machines. You may want to look into implementing an nginx-proxy container to manage the access and url scheme. Please let me know if this helps.
@cincitech@mrvnmchm Thank you very much for your help.
You cleared me many things.
Just to avoid misuderstanding.
I would use an external VPN service such as nordVPN and different docker containers connect to different nordvpn service.
If I had a situation like (for example):
physical server with public IP: a.b.c.d
2 docker containers with IP: a.b.c.d1 and a.b.c.d2
One docker container connect to NordVPN server 1 and another docker container connect to NordVPN server 2 by OpenVPN
I can still ping (from outside the system) physical server through a.b.c.d IP but not able to ping docker containers through a.b.c.d1 and a.b.c.d2 because they have different IPs?
I aplogize if I am too long with the description of the situation I would ike to have, but I would really use the docker technology where I work but I have to prove it works because my bosses give me the approving
That actually makes it more clear. No worries about being too long, the purpose is to help and sometimes it takes a bit of explanation. Let me see if I can explain what I think you are saying, with the solution I believe you are looking for.
The vision:
Physical server w/ public IP: Server A
2 containers running on Server A, with a bridged network and specified IPs: Container A & Container B
NordVPN 1 & NordVPN 2 are hosted elsewhere with public IP’s
Container A connects to NordVPN 1 and Container B connects to NordVPN 2
The solution:
Physical server w/ public IP: Server A
2 containers running on Server A, with a bridged network and specified IPs: Container A & Container B
An NGINX proxy server that accepts request for Server A, and doesn’t allow direct access to Container A or Container B addresses
NordVPN 1 & NordVPN 2 are hosted elsewhere with public IP’s
Container A connects to NordVPN 1 and Container B connects to NordVPN 2
Let me know if this helps. ou may also look into this link to see how to configure NGINX