In the example is used the network_mode: service:[name] option for docker-compose which is not supported by resin.
Is there any other what to route traffic from one container to another that is supported by resin? Any other idea on how to connect to the vpn and let other containers us it.
FWIW, my team would also like support for network_mode: service:[name]. We currently have some workaround, but it would be simpler and more reliable support for this network mode would much simplify the solution.
now any container that you want to be able to communicate through the vpn should be on that network, with a static ip and the vpn also has to be on that network, e.g.
vpn:
container_name: vpn
....
cap_add:
- NET_ADMIN
networks:
vpnbr:
ipv4_address: 176.16.238.2
webserver:
container_name: webserver
cap_add:
- NET_ADMIN
networks:
# NB if a service is on multiple networks,
# https://github.com/balena-io/balena-supervisor/issues/824, balena may
# constantly restart it if the networks are not in a 'particular' order
vpnbr:
ipv4_address: 176.16.238.3
default: # if containers other than vpn need to communicate with this container, however it can't be resolved by the hostname webserver. A fix for this has been merged to balena supervisor but it is not in balenaos yet
now … lets say you have another device on your vpn and you want it to talk to webserver container
you need to route traffic from the vpn container to the webserver container. theres a few ways to do this (e.g. nginx, or ip tables)
with ip tables, add the rule as part of the vpn container startup, e.g.
traffic from any client on your vpn would now reach the webserver container, by forwarding packets destined for 443 on the vpn containers external vpn ip to the webserver container’s ip on the vpn network you created in docker-compose
if you need traffic to go back… you need routes to your webserver container so that vpn traffic is routed back through the vpn container