Hi there, I hope somebody can help me out with this, because I’ve done some research already but either I have come across dead links or I haven’t understood what I was reading.

I have a bunch of docker containers running behind Nginx Proxy Manager and I have pi-hole with unbound set up as dns server for ad-blocking and also to resolve “mydomain.tld” to my local server ip (I have a hard time remembering ips/ports).

Some containers are publicly available for convenience, the rest aren’t but I’d still like to have some or all of them behind a VPN so I can access them from outside my local network and it would be great if I could also set the pi-hole as the dns server for the VPN.

Long story short, I don’t want to route all of the traffic behind the VPN, just specific containers.

All of them are running on ubuntu server with no VMs, it’s a small homelab, nothing fancy.

How can I do this?

  • Proximus88@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Install wireguard, easy to install with pivpn or docker container.

    Then just change these settings in the client config.

    Let’s assume your pi hole ip is 192.168.1.10

    DNS servers:
    192.168.1.10
    
    Allowed IPs
    192.168.0.0/16
    

    So only your local IPs will go through the VPN. The DNS will be like you are on your LAN and you can access all your domain.tld services without exposing them to the internet.

  • NikStalwart@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Look into Docker Networks.

    You just create a VPN Network, and then attach containers to that network that need to go through that VPN.

    With VPN containers things can be more funky, where you don’t so much use a Network but rather you use “network mode” to copy the network mode of the VPN container, but you get the picture.

    • Heas_Heartfire@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Hey, thanks for your input. I tried doing that but couldn’t get it working this way, probably because I’m not really sure of what I’m doing. Please take a look at my edit.

  • tquinnelly@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I did just this for a while.

    Use a docker image that has a VPN built into it like `binhex-privoxyvpn`

    Once that container is up and running, tell your new container to use that as it’s network.

    docker run --network=container:privoxyvpn blah, blah.