How to connect from a local machine to the ip:port of a container that has network_mode: "container:pia"
Opened this issue · 2 comments
If I use network_mode: "container:pia"
or network_mode: "service:pia"
to route a container through the pia container, I can no longer connect to the routed container using ip:port
from other machines on the local network.
If I add the port of the routed container to the pia container, I am then able to connect to the routed container from the host machine using localhost:port
but still not from other machines on the network.
In the rutorrent
example in ymlfiles/pia.yml
, is it possible to connect to rutorrent from other machines on the network using ip:port
. If so, how? Thanks.
Edit: I realise what's happening now. The pia container has traefik labels for rutorrent and I can now connect from the local network using ip:port.
A few further questions;
- Is there any other way to achieve the same thing but leave the traefik labels in the same block as their container in the compose file, just for ease of maintenance and readability?
- If not, is it advisable, in the pia container, to add further traefik labels for other containers that use
network_mode: "service:pia"
or should I use separate pia containers for each other service?
You've got the right idea. When the pia
container starts, it creates the container's network, exposing the ports and showing it's labels to the traefik
container. This happens when the container is started, so any other containers which you want to use that network need to have the ports/labels already defined.
- Because they need to be read at runtime, I don't think there's a way. Sometimes having them in the same compose file can be helpful, where you can use things like
depends_on:
and bring them up in a certain order. I've been using the containermarkusmcnugen/qbittorrentvpn
which is the only service I really use with VPN. - It looks like PIA allows up to 10 connections if that link is still accurate, while others may be lower. I think it depends on your setup/workflow and what is most convenient. I don't see a benefit to having a separate pia container for each service vs having a vpn container running that you connect to, other than convenience.
Another note: I've found that connecting using network_mode:
and ip:port
works with openvpn setups. When I try to use wireguard in the same way I'm not able to connect.
- Because they need to be read at runtime, I don't think there's a way.
Thanks. My current setup is a single compose file using depends_on
in 4 containers going through the vpn container. This all works at runtime but if the vpn container reconnects or restarts or watchtower updates the vpn, the 4 depends_on
containers become inaccessible because like you say, depends_on
is only read at runtime. I'm currently trying out the following label to mitigate the failure when watchtower updates the vpn;
- "com.centurylinklabs.watchtower.depends-on=jackett,deemix,lidarr-amd,xteve"
Still waiting for the vpn container I'm using to be updated to see if it works.
I wonder if your setup, declaring all the labels in the vpn container will also stop this happening. What happens if you just restart your vpn container? Do the apps running through it continue to work when the vpn comes back up?