Docker VPN isolation (Docker container in two networks)

Hello Level1!

New to the forum. I hope I am posting this in the right place. I have been working on a docker compose file with the goal of having three container.

  1. Gluetun.
  2. Lidarr - connected in the same network as gluetun to use the vpn for external access
  3. qbittorrent - using the default docker network for external access BUT still be reachable by Lidarr. Lidarr needs to send download requests to this torrent. I have tried to put this container in the network with gluetun but the performance is very poor. Therefore. I want to exclude it but be accessible by Lidarr.

Could someone help me with this or point me in the right direction?

Here’s my docker compose file.

version: "3.9"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 7878:7878 # radarr
      - 8686:8686 # lidarr

    volumes:
      - /home/dockersrv1/docker/production/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=private internet access
      - OPENVPN_USER=XXXXXX
      - OPENVPN_PASSWORD=YYYYY
      - SERVER_REGIONS=Netherlands
      - DOT=OFF
    networks:
      gluetun_network:
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=3000
      - PGID=1000
      - TZ=Europe/Amsterdam
      - WEBUI_PORT=8088
    volumes:
      - /home/dockersrv1/docker/production/qbittorrent/config:/config
      - /home/dockersrv1/media/torrent/:/media/torrent
    ports:
      - 8088:8088
      - 6881:6881
      - 6881:6881/udp
    restart: unless-stopped
    networks:
      shared:
        aliases:
          - qbittorrent
        
  lidarr:
    image: lscr.io/linuxserver/lidarr:latest
    container_name: lidarr
    environment:
      - PUID=3000
      - PGID=1000
      - TZ=Europe/Amsterdam
    volumes:
      - /home/dockersrv1/media:/media
      - /home/dockersrv1/docker/production/lidarr/config:/config
    restart: unless-stopped
    networks:
      - gluetun_network
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    ports:
      - 9443:9443
    volumes:
      - data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped
volumes:
  data:

networks:
  gluetun_network:
    external: true
  shared:

a Lidarr container which is connected in the name network as the Gluetun (a VPN solution) container and uses that for external access

1 Like

Checkout the networks part of the docker-compose more closely.

Every network you define at top level is a bridge, and every container ends up having a veth towards each bridge/network you specify (can have multiple).

Containers get to talk to each other over these bridge connected veth interfaces.

Docker will handle assigning IPs and routes for each container, you can control most of the assignments and routes through the compose file

If in doubt, you can always docker exec -it container_name sh and look around what was set up for you.

1 Like