search

dperson / openvpn-client

GNU Affero General Public License v3.0
1.06k stars 587 forks source link

A django project can't connect vpn protected database #424

Closed Vitaee closed 1 year ago

Vitaee commented 1 year ago

I have simple django project which have some functions that connects databases ( one of them MSSQL and the other one is MySQL ) protected by vpn. The default database of django project is sqlite.

Here is my compose file:

version: "3.8"

services:
  vpn:
    image: dperson/openvpn-client
    cap_add:
      - net_admin
    volumes:
      - ./vpn-config:/vpn:rw
      -  /dev/net/tun:/dev/net/tun:rw
    networks:
      - default
    restart: unless-stopped
    security_opt:
      - label:disable
    stdin_open: true
    tty: true

  api:
    build:
      context: .
      dockerfile: compose/django/Dockerfile.dev
    restart: unless-stopped
    container_name: api
    depends_on:
      - vpn
    env_file:
      - ./envs/.env.dev  
    network_mode: "service:vpn"
    stdin_open: true
    tty: true
    tmpfs:
      - /run
      - /tmp
    volumes:
      - .:/app

  nginx:
    image: dperson/nginx
    ports:
      - "70:80"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - ./media:/app/media 
    links:
      - vpn:api
    depends_on:
      - api
    networks:
      - default
    tmpfs:
      - /run
      - /tmp
      - /var/cache/nginx
    restart: unless-stopped
    stdin_open: true
    tty: true

networks:
   default:

docker ps output:

    CONTAINER ID   IMAGE                     COMMAND                  CREATED         STATUS                            PORTS                                                                                                                                      NAMES
4b3e0f202cb9   dperson/nginx             "/sbin/tini -- /usr/…"   4 minutes ago   Up 4 minutes (unhealthy)          443/tcp, 0.0.0.0:70->80/tcp, :::70->80/tcp                                 nginx-1

b2b004630146   api   "./entrypoint.sh"        4 minutes ago   Up 4 minutes                                                                                                                                                                api

54aa39e2956c   dperson/openvpn-client    "/sbin/tini -- /usr/…"   4 minutes ago   Up 4 minutes (health: unheathy)                                                                                                                                     vpn

The dockerfile.dev:

# syntax=docker/dockerfile:1
FROM python:3 as base

# Set Environment Variable
ENV PYTHONUNBUFFERED 1
ENV C_FORCE_ROOT true
ENV PYTHONDONTWRITEBYTECODE 1

WORKDIR /app

COPY . .

# mssql dependency (Debian 11)
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
RUN curl https://packages.microsoft.com/config/debian/11/prod.list > /etc/apt/sources.list.d/mssql-release.list
RUN apt-get update

RUN ACCEPT_EULA=Y apt-get install msodbcsql17 -y
RUN apt-get install unixodbc-dev unixodbc -y
RUN apt-get install --no-install-recommends -y  \
    gcc \  
    python3-dev \ 
    musl-dev \
    zlib1g \
    libjpeg-dev \
    libffi-dev \
    openssl \
    default-libmysqlclient-dev

RUN pip install --no-cache-dir --upgrade -r requirements.txt

# removing temporary packages from docker and removing cache 
RUN apt-get clean && \
    find -type d -name __pycache__ -prune -exec rm -rf {} \; && \
    rm -rf ~/.cache/pip

# run entrypoint.sh
ENTRYPOINT ["./entrypoint.sh"]

the entrypoint.sh file contains:

#!/bin/sh

sleep 20

python manage.py wait_for_db
#python manage.py collectstatic --noinput

#python manage.py makemigrations
#python manage.py migrate

python manage.py runserver 0.0.0.0:8000

exec "$@"

i can access my swagger ui with ``http:127.0.0.1:70/api/v1/swagger/``` I have endpoints which accesses vpn protected databases and returns some data. But currently i got connection timeout errors. For example i have simple script which connects vpn protected mssql database and this was the error of that script:

pyodbc.OperationalError: ('HYT00', '[HYT00] [Microsoft][ODBC Driver 18 for SQL Server]Login timeout expired (0) (SQLDriverConnect)

I am using same script which i tested manually. I am using ubuntu 20.04.

- Docker version 24.0.5, build ced0996
- Docker Compose version v2.17.2

and my vpn is connects successfully. I mean i don't get any error logs about dperson/vpn. Do i have some issue in my docker system?

Vitaee commented 1 year ago

I guess i had some problem with my compose file. Here is my updated compose file and wih this configurations i am able to connect vpn protected databases from my django project. I hope this solution may help someone.

version: "3.8"

services:

  vpn:
    image: dperson/openvpn-client
    cap_add:
      - net_admin
    volumes:
      - /dev/net/tun:/dev/net/tun      
      - ./vpn-config:/vpn:rw
    networks:
      - default
    restart: unless-stopped
    security_opt:
      - label:disable
    stdin_open: true
    tty: true
    read_only: true
    tmpfs:
      - /run
      - /tmp

  api:
    build:
      context: .
      dockerfile: compose/django/Dockerfile.dev
    restart: unless-stopped
    container_name: api
    depends_on:
      - vpn
    env_file:
      - ./envs/.env.dev  
    network_mode: "service:vpn"
    stdin_open: true
    tty: true
    volumes:
      - /srv/api:/var/lib/api:Z
      - ./:/app

  web:
    image: dperson/nginx
    ports:
      - "80:80"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - ./media:/app/media 
    links:
      - vpn:api
    depends_on:
      - api
    networks:
      - default
    tmpfs:
      - /run
      - /tmp
      - /var/cache/nginx
    restart: unless-stopped
    stdin_open: true
    tty: true

networks:
  default:
    driver: bridge