I’m planning on setting up Servarr containers and I want to put my VPN in a separate Docker compose file so that I can use the same VPN container for other services I wanna setup in the future.
When I tried to put my PIA VPN in a separate file from my Servarr services, I get this error message:
service "qbittorrent" depends on undefined service "pia": invalid compose object
put my VPN in a separate Docker compose file so that I can use the same VPN container
From the Docker Compose Spec, you should be able to split your compose into multiple files and then reference them using -f
flag.
Unfortunately, this will not solve what you want. The reuse here happens at the definition
level, i.e. only the description of a service (how to start it, with what parameters, etc.) is reused, but not the container itself. AFAIK, in docker compose, there is no way to reference an existing container, started from another compose stack or by some other means.
So, you’ll need to find another way of ordering your services after the VPN is up.
IMO, it would be better to manage the VPN service on the system level, like systemd
Just add your container network mode by adding: network_mode: “container:pia”
.
services:
name: #name your container
image: yourimagename:latest #your image
container_name: name #name your container
network_mode: "container:pia"
environment:
This will make all the information route through your application, if the pia container is down, qbittorrent will not have access the internet thus negating the need for dependency of pia container to start first. This way, it will act as a kill switch in case some error happens with your container pia, cutting off all communication if the VPN is down.
Let us know if that worked.
1 Like
This one worked
I also stumbled onto “networks”, which apparently is more flexible, but I haven’t tried that yet
Is there a way to make sure traffic doesn’t leak out of the container?
The PIA container seems to work, but it seems to just stop blocking outgoing traffic to the local network randomly
I have another server that’s using service
, but it seems that one is more stable since I never noticed traffic leaking there.
1 Like
services
has to be used in a stack (your 2 services in the same docker-compose.yml file) vs container
can be used by multiple containers to use as networking.
I don’t use the container PIA but I use the image for qmcgaw/gluetun for my VPN use case. It can handle everything and if the container is goes down, you will loose network access to those containers going through it.
if you want to check if a docker container is still using PIA or Gluetun, use the following command: docker exec -it name-of-the-service-to-test curl ifconfig.io
this should give you a different IP address than your local one. If you have an error OCI runtime exec failed: exec failed: unable to start container process: exec: “curl”: executable file not found in $PATH: unknown
, it just means that curl is not installed in the container but it can be by using the following command docker exec -it name-of-the-service-to-test apk add curl
. Once that is done, you can retry the first command.
P.M. me if this doesn’t work.