what I try to achieve is following:
Start 1-n VPNs clients on one host machine inside a docker container with this project: https://hub.docker.com/r/qmcgaw/private-internet-access/. Host machine has VPN turned off. Then connecting 1-N distinct python applications, which are also running in containers, each python app is using one of the VPNs as connection to the outer world, while writing into the hosts postgresql database.
Actually, what does work is
- Connection of the VPN container ( tests with https://ipinfo.io )
- Using the VPN container as network container for the python application
# create VPN docker and start it
docker run -d --init --name=pia --cap-add=NET_ADMIN --device=/dev/net/tun -e REGION="someregion" -e USER=username -e PASSWORD='password' qmcgaw/private-internet-access
# run python application with VPN IP
docker run --rm --name python_app --network=container:pia mypythonappimage
What is not working
- Connection of the python docker container to the hosts database while preventing this container to use the hosts internet connection
# Errors returned from python app
could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
could not connect to server: Cannot assign requested address
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?
What I tried to do
- If I specify --net=host for the python container I can write into the hosts database but I'm missing the VPN connection here
Created a second docker hostonly network and connect the python container already attached to the pia-network also to that hostonly network:
docker network create -d bridge --internal hostonly docker create --name python_app --network=container:pia mypythonappimage docker network connect hostonly python_app docker start python_app
Adding
--add-host
to the python_app container is not allowed while using the--network
keyword
But also here, same error as above.
Assumptions
I can see the pia container inside the standard docker bridge network. Maybe I have to create some own bridge network and configure that? Or I have to route the IP for my host machine inside the VPN container so any container using the same network stack as the VPN can connect to the host ( while preventing using hosts external IP). But where and how do I route that IP correctly?
Furthermore, I assume I have to configure the postgresql.conf and g_hba.conf. For test purposes I've trusted 127.17.0.0/24 as host connection inside the pg_hba.conf and listen_addresses = '*'. But what is the correct (and save) configuration here?
Is it even a reasonable approach I'm taking here? Just started to use docker yesterday really. I could imagine using a dockerized postgresql database could work too ( while binding it to a static volumne ). But for now using the hosts postgresql database is sufficient.
Any help is really appreciated!