[HELP] How does this exactly work? How can I access services behind VPN?
goliath888 opened this issue · 4 comments
I just deployed the example docker-compose file in my server and I want to access to pyload from my computer (in the same lan network) but I cannot access.
I can see in logs that "VPN is running and healthy" and pyload too.
I think that my problem is that I am missing something or do not undernstand how does work. I try to access to pyload with MY-SERVER-IP:8000 or something like that but nothing seems to work.
If I ssh into my server and try the same thing, I get the same result. Only If I login into docker console, then I can see that pyload is running and accesible, but only inside the docker container. How can I access from the outside?
I got it to work for myself by changing the docker-compose
expose:
- XXXX
to
ports:
- XXXX:XXXX
I'm not quite sure why the template uses expose instead of ports, since expose only allows the ports to be accessed from within the docker network, but not for the outside AFAIK
if you change the part of the docker-compose.yaml file it should afterwards be accessible under YOUR.HOST.IP.ADDRESS:XXXX which could look something like 192.168.0.2:8000
Ok, that worked, partially.
I only can access the service if vpn is not connected (for example, bad login credentials). As soon as VPN is running and healthy, then I cannot access.
This is a sample docker-compose I am using for testing:
version: '3.4'
services:
protonvpn:
container_name: protonvpn
environment:
# Credentials
PROTONVPN_USERNAME: XXXXXXXX
PROTONVPN_PASSWORD: XXXXXXXX
# Override these where applicable
PROTONVPN_SERVER: NL
PROTONVPN_TIER: 0
# Always use semver tags, avoid using tag latest!
image: ghcr.io/tprasadtp/protonvpn:latest
restart: unless-stopped
networks:
- internet
- proxy
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
# Expose pyload container's port here!
ports:
- 6767:6767
bazarr:
depends_on:
- protonvpn
container_name: bazarr
image: linuxserver/bazarr:latest
userns_mode: host
network_mode: service:protonvpn
bazarr2:
depends_on:
- protonvpn
container_name: bazarr2
image: linuxserver/bazarr:latest
userns_mode: host
network_mode: bridge
ports:
- 6768:6767
networks:
internet:
proxy:
internal: true
SERVER-IP:6768 it is always running, it is ok.
SERVER-IP:6767 only works if VPN is not connected. If it connects, the that url becames inaccessible.
so this is a docker compose for bazarr and proton which I just deployed with absolutely zero issues
version: '3.4'
services:
help_vpn:
image: ghcr.io/tprasadtp/protonvpn:latest
container_name: help_vpn
cap_add:
- NET_ADMIN
environment:
PROTONVPN_SERVER: CH
PROTONVPN_USERNAME: NOT_YOUR_NORMAL_PROTON_CREDENTIALS+f2
PROTONVPN_PASSWORD: CHECK_THE_WEBSITE_FOR_OPEN_VPN_CREDENTIALS
PROTONVPN_TIER: 3
PROTONVPN_EXCLUDE_CIDRS: EXCLUDE.YOUR.HOME.NET #(e.g., 192.168.1.0/24)
PROTONVPN_FAIL_THRESHOLD: 999 #(u don't have to use that, I just currently do bc of issue #104)
devices:
- /dev/net/tun:/dev/net/tun
networks:
- internet
ports:
- 6767:6767
restart: unless-stopped
help_bazarr:
image: lscr.io/linuxserver/bazarr
container_name: help_bazarr
environment:
PUID: XXXX #check for user UID and GID that u want to assign
PGID: XXX
TZ: Europe/Vienna
#userns_mode: host #I have no clue what this does so I removed it and it still works, so...*shrug*
network_mode: service:help_vpn
volumes:
- /volume1/path/to/config:/config
- /volume1/path/to/media:/media
depends_on:
- help_vpn
restart: unless-stopped
networks:
internet:
honestly though, why do you even want to have bazarr behind a vpn? prowlarr and torrent or nzb I understand, but bazarr is gonna produce more issures bc of captchas and stuff...
IMPORTANT: make sure you allow connections from the docker net (usually 127.XX.0.0/16) through your host firewall, bc to your host the docker is 'outside' AFAIK
maybe just turn it off, restart your containers and see if that fixes things, then you know it's a firewall issue
that's all I can think off
but it's all just guessing since you haven't posted any logs (maybe do that if it's still not fixed?)
Ok, with your compose file is working perfecty, thanks!
Bazarr was just the first cointaner I found to try it, nothing special hahaha