Sometimes you need an OpenVPN tunnel between your docker hosts and some other environment. I needed this to provide connectivity between swarm-deployed services like Home Assistant, and my IOT devices within my home LAN.
I am wondering if it is possible to spin up an openvpn per stack where needed to connect outside resources over the traefik reverse proxy… What do you think is this possible?
Adjust the traefik.yml like this:
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 8080
published: 8080
protocol: tcp
- target: 1194
published: 1194
protocol: udp
and for example in the nextcloud stack something like:
openvpn:
image: openvpn
networks:
- internal
- traefik_public
deploy:
labels:
- traefik.frontend.rule=Host:vpnx.example.com
- traefik.docker.network=traefik_public
- traefik.port=1194
ports:
- target: 1194
published: 1194
protocol: udp
mode: host
restart: always
volumes:
- /var/data/docker/nextcloud/data:/var/www/html/data
AFAIK, we need NET_ADMIN cap in order to use openvpn. Which doesn’t (yet) work in swarm 