Search code examples
pythonpostgresqldockeropenvpndocker-network

How to use containerized VPN and write into hosts PostgreSQL database from docker python application

what I try to achieve is following:

Start 1-n VPNs clients on one host machine inside a docker container with this project: https://hub.docker.com/r/qmcgaw/private-internet-access/. Host machine has VPN turned off. Then connecting 1-N distinct python applications, which are also running in containers, each python app is using one of the VPNs as connection to the outer world, while writing into the hosts postgresql database.

Actually, what does work is

  1. Connection of the VPN container ( tests with https://ipinfo.io )
  2. Using the VPN container as network container for the python application
# create VPN docker and start it
docker run -d --init --name=pia --cap-add=NET_ADMIN --device=/dev/net/tun -e REGION="someregion" -e USER=username -e PASSWORD='password' qmcgaw/private-internet-access

# run python application with VPN IP
docker run --rm --name python_app --network=container:pia mypythonappimage

What is not working

  1. Connection of the python docker container to the hosts database while preventing this container to use the hosts internet connection
# Errors returned from python app
could not connect to server: Connection refused
        Is the server running on host "localhost" (127.0.0.1) and accepting
        TCP/IP connections on port 5432?
could not connect to server: Cannot assign requested address
        Is the server running on host "localhost" (::1) and accepting
        TCP/IP connections on port 5432?

What I tried to do

  1. If I specify --net=host for the python container I can write into the hosts database but I'm missing the VPN connection here

  2. Created a second docker hostonly network and connect the python container already attached to the pia-network also to that hostonly network:

    docker network create -d bridge --internal hostonly
docker create --name python_app --network=container:pia mypythonappimage
docker network connect hostonly python_app
docker start python_app

  3. Adding --add-host to the python_app container is not allowed while using the --network keyword

But also here, same error as above.

Assumptions

I can see the pia container inside the standard docker bridge network. Maybe I have to create some own bridge network and configure that? Or I have to route the IP for my host machine inside the VPN container so any container using the same network stack as the VPN can connect to the host ( while preventing using hosts external IP). But where and how do I route that IP correctly?

Furthermore, I assume I have to configure the postgresql.conf and g_hba.conf. For test purposes I've trusted 127.17.0.0/24 as host connection inside the pg_hba.conf and listen_addresses = '*'. But what is the correct (and save) configuration here?

Is it even a reasonable approach I'm taking here? Just started to use docker yesterday really. I could imagine using a dockerized postgresql database could work too ( while binding it to a static volumne ). But for now using the hosts postgresql database is sufficient.

Any help is really appreciated!

Solution

  • Okay, just really was that simple as commented by larsks. I'm on linux, ip a gave me the docker0 interface, took that IP for database connection and everything works perfectly fine. Thank you.