Handling ports intended for connected containers Doesn't work.

[xky0007]

I tried to access the nginx server that in a same docker stack with open-vpn. Below is my docker-compose.yml. I cannot open nginx page via http://localhost:8001. But I checked listening ports, 8001 is LISTEN. Is there any config I missed?

Thanks.

version: '3'
services:
  openvpn-client:
    image: ghcr.io/wfg/openvpn-client
    container_name: openvpn-client
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - /home/ubuntu/open-vpn docker/config:/data/vpn 
    restart: unless-stopped
    ports:
    - "8001:80"
    environment:
    - KILL_SWITCH=off

  nginx:
    image: nginx
    container_name: nginx_test
    network_mode: service:openvpn-client

[wfg]

My first thought is that localhost isn't the correct address. Are you actually running the container on localhost? Can you try the server's IP address?

[xky0007]

My first thought is that localhost isn't the correct address. Are you actually running the container on localhost? Can you try the server's IP address?

I'm not sure what is meaning of running the container on localhost. I also tried to access it via serverPublicIP:8001 and it still not accessable.

In addition, since the open-vpn container has a internal VPN ip, I tried to access it via internalVPNIP:8001, got the same result.

Thanks.

[wfg]

Is the container running on your local network or on a machine somewhere else?

Where is the machine that you're running curl on? Is it the same machine?

[Brillynt]

I am having the same issue. I have the port defined on the vpn container. If I attach to the connected container and curl ifconfig.io I see the vpn ipaddress. And I can not connect to the connected container via the published port. If I change the connected container away from the vpn container and add the port back I can connect to the container. Any idea of how to test from the vpn container back to the connected container?

[wfg]

Try adding the IP address of the host that your trying to access the container from to SUBNETS.

[Brillynt]

So a little more info. If I am on the machine running docker with the vpn and connected container, I can curl localhost and port or docker network ip of the vpn container and see the output from the connected container. If I try to connect from another machine to the host:port of the connected container I get nothing. Runnning docker on ubuntu 18.04. So it looks like ubuntu or docker is not routing it to the docker network for some reason. Though other containers not using the vpn container work fine.

Thanks for the previous assistance.

[wfg]

Do you use SUBNETS? https://github.com/wfg/docker-openvpn-client/blob/master/data/scripts/entry.sh#L160-L161

[Brillynt]

Oh, I thought you were talking about docker subnets. Once I added the SUBNETS environment variable it is working. Thank you for all of your assistance. Greatly appreciated

[xky0007]

Is the container running on your local network or on a machine somewhere else?

Where is the machine that you're running curl on? Is it the same machine?

Sorry for late reply.

The container is running in a cloud server.

I ran the curl command from the cloud server bash.

I drew a simple graph to describe my question. If I map ports 8001:80 in the OpenVPN container, how to set up the container to make it available to access the nginx server via OpenVPN internal IP from my windows browser - http://10.16.0.1:8001. I can ping 10.16.0.1 from my windows PC as it has 10.16.0.2 VPN IP.

Thanks for your help.