使用 vpn 时的 docker 容器网络访问
[英]docker container network access when using vpn
问题描述
Expected Result:
预期结果:
Container can access each other thru hostname or hostcomputer ip.容器可以通过主机名或主机 ip 相互访问。
Actual Result:实际结果:
When using network_mode I can't make any changes as static ip or links to other containers.使用network_mode 时,我无法对静态 ip 或其他容器的链接进行任何更改。
Description:描述:
I've a couple of containers all using --net (network_mode) to a openvpn.我有几个容器都使用 --net (network_mode) 到 openvpn。 As single instances they work and with nginx proxy I can access each from any computer.作为单个实例,它们可以使用 nginx 代理,我可以从任何计算机访问每个实例。
However the containers can't find each other except with local ip (172.19.0.x).但是,除了本地 ip (172.19.0.x) 之外,容器无法相互找到。 I could use that but what happens on host reboot.我可以使用它,但是在主机重新启动时会发生什么。 Will the ip addresses change? ip地址会变吗?
docker-compose.yml docker-compose.yml
version: '3.4'
services:
vpn:
image: dperson/openvpn-client
container_name: vpn
cap_add:
- net_admin
networks:
- default
tmpfs:
- /tmp
restart: unless-stopped
security_opt:
- label:disable
stdin_open: true
tty: true
volumes:
- ../openvpn:/vpn
- /dev/net:/dev/net:z
environment:
- DNS='8.8.4.4 8.8.8.8'
- FIREWALL="1"
- TZ='Europe/Stockholm'
command: -f ""
networks:
- default
proxy:
image: nginx
container_name: proxy
environment:
TZ: 'Europe/Stockholm'
ports:
- "6003:8989" # sonarr
- "6004:7878" # radarr
- "6001:8112" # deluge
- "6002:9117" # jackett
depends_on:
- sonarr
- radarr
- deluge
- jackett
links:
- vpn:sonarr
- vpn:radarr
- vpn:deluge
- vpn:jackett
networks:
- default
volumes:
- ../nginx/default.conf:/etc/nginx/conf.d/default.conf
restart: always
command: "nginx -g 'daemon off;'"
sonarr:
image: linuxserver/sonarr
container_name: sonarr
volumes:
- ../sonarr:/config
- /etc/localtime:/etc/localtime:ro
- /media/megadrive/Media/Series:/tv
- /media/megadrive/Media/tmp/completed:/downloads
env_file: ../uidgid.env
network_mode: "service:vpn"
environment:
- TZ='Europe/Stockholm'
cap_add:
- net_admin
depends_on:
- vpn
restart: always
radarr:
image: linuxserver/radarr
container_name: radarr
volumes:
- ../radarr:/config
- /media/megadrive/Media/Movies:/movies
- /media/megadrive/Media/tmp/completed:/downloads
- /etc/localtime:/etc/localtime:ro
env_file: ../uidgid.env
network_mode: "service:vpn"
environment:
- TZ='Europe/Stockholm'
cap_add:
- net_admin
depends_on:
- vpn
restart: always
deluge:
image: linuxserver/deluge
container_name: deluge
depends_on:
- vpn
network_mode: "service:vpn"
volumes:
- ../deluge:/config
- /media/megadrive/Media/tmp/:/downloads
- /etc/localtime:/etc/localtime:ro
restart: always
env_file: ../uidgid.env
environment:
- TZ='Europe/Stockholm'
jackett:
container_name: jackett
image: linuxserver/jackett
restart: unless-stopped
network_mode: "service:vpn"
env_file: ../uidgid.env
environment:
- TZ='Europe/Stockholm'
volumes:
- ../jackett:/config
- /media/megadrive/Media/tmp/blackhole:/downloads
networks:
default:
2 个解决方案
解决方案1
0 2018-05-26 16:41:32
It seems that letting vpn service use host instead of bridge (default).似乎让 vpn 服务使用主机而不是网桥(默认)。 Will solve a couple of things.将解决一些事情。
- Allow everything to work on host computer ip.允许一切在主机 ip 上工作。 As long as every service is on its own port this is okay.只要每个服务都在自己的端口上,就可以了。
- Services still seems to be following openvpn rules服务似乎仍然遵循 openvpn 规则
no more need for nginx for proxy to the webgui
不再需要 nginx 来代理 webguivpn: image: dperson/openvpn-client container_name: vpn cap_add: - net_admin tmpfs: - /tmp restart: unless-stopped security_opt: - label:disable stdin_open: true tty: true volumes: - ../openvpn:/vpn - /dev/net:/dev/net:z environment: - DNS='8.8.4.4 8.8.8.8' - FIREWALL="1" - TZ='Europe/Stockholm' command: -f "" network_mode: "host"
解决方案2
0 2021-02-23 16:22:47
The other option is that the services in the vpn use localhost to access each other.另一种选择是vpn中的服务使用localhost相互访问。 Since they share the network stack of the vpn container they are accessed as if they were the same host.由于它们共享 vpn 容器的网络堆栈,因此可以像访问同一台主机一样访问它们。 This one had me stumped for a while this week.这周让我难住了一段时间。
One comment, you've got net_admin on all your containers, you only need it on the vpn一条评论,您在所有容器上都有 net_admin,您只需要在 vpn 上使用它
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.