Hi,

I created a docker-compose file like this:

version '2'
  nextcloud18:
    build.
    container_name: nextcloud18
    ports:
       - "127.0.0.1:8080:80"
       - "127.0.0.1:443:443"
    volumes:
       - ${PWD}/www/:/var/www/html
    links:
       - "coturn"
    networks:
    back:
      ipv4_address: 10.8.0.2
 coturn:
   image: instrumentisto/coturn
   container_name: coturn
   ports:
     - "127.0.0.1:5349:5349"
     - "127.0.0.1:3478:3478"
   volumes:
     - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf
   networks:
   back:
     ipv4_address: 10.8.0.3
vpn:
  image: kylemanna/openvpn
  container_name: vpn
  cap_add:
    - NET_ADMIN
  volumes:
    - "${PWD}/vpn-data:/etc/openvpn"
  ports:
    - "0.0.0.0:1194:1194/udp"
    - "0.0.0.0:1194:1194/tcp"
  networks:
    back:
      ipv4_address: 10.8.0.4
networks:
  back:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 10.8.0.0/24
        gateway: 10.8.0.1
  frontend:
    driver: nextcloud18-driver

I want that my container in the back network are only available through my vpn container.
Basicly the only internet accesible container will be the vpn.
But i don’t currently found the solution on internet.

My container always have the bridge network assign to them.
So when i tried to set the listen address to restric the listening. For nextcloud18 (example), ip in back network is 10.8.0.2. So if set “ports” of “netxcloud18” to “10.8.0.2:8080:80” but i receive an error that say that a service is already listening on the port 80. The only solution I found is to set:
“127.0.0.1:8080:80” instead of

Is anyone has a solution ? Thank you very much for help.