问题
Some apps we have depend on being connected to our VPN to connect to different (not-yet dockerized)solutions.
What is the 'docker way' of doing this? In my mind adding OpenVPN to an existing image is against the docker philosophy.
From where I'm standing I feel that creating a docker VPN client container makes the most sense. But what would that look like? I use docker compose, so there would definitely be a
myContainer
- links: myVPNClient
but would I then have to forward ports? Or what would have to happen to enable myContainer to connect through the openVPN container.
回答1:
Another option would be to ask Jess Frazelle (jfrazelle), who is in the habit of containerizing everything.
Sure enough, she has a jfrazelle/dockerfiles/openvpn project which exposes it directly to the host:
vpn:
build: .
volumes:
- .:/etc/openvpn
net: host
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
It uses a TUN (not TAP) interface.
回答2:
Probably the easiest solution would be to configure any containers that need the vpn to use the network namespace of the vpn container. That is, your docker-compose.yml would include something like:
vpn:
image: myvpn_image
app1:
image: app1_image
net: container:vpn
With this configuration, the vpn container and the app1 container see the same network evironment.
来源:https://stackoverflow.com/questions/34913840/best-practice-for-connecting-to-a-vpn-though-docker