科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>Rails app on Docker compose with wireguard VPN, how dows that work? - Stack Overflow

    Rails app on Docker compose with wireguard VPN, how dows that work? - Stack Overflow

    programmeradmin2浏览0评论

    We have this Wireguard VPN which we use to connect to AWS RDS database and perform some operations there through our rails API: I set the API to run with correct environment variables for the database, and also run the VPN on my network. Then I run the rails console and boom: the app that I am running locally has access to the database through that VPN.

    The problem now is that I am trying to to that but using docker compose. I have the docker compose set up as follows:

    version: '2'

services:
  app:
    build: .
    command: make run
    depends_on:
      - wireguard
    network_mode: "service:wireguard"
    volumes:
      - .:/usr/src/app
      - bundle-data:/usr/src/bundle
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - WEBUI_PORT=3000
    volumes:
      - /etc/wireguard
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped




volumes:
  bundle-data:
    driver: local

    My /etc/wireguard/wg.0.conf

    PrivateKey = <I think this is confidential info>
Address = <I think this is confidential info>
DNS = <I think this is confidential info>
PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route add $HOMENET3 via $DROUTE;ip route add $HOMENET2 via $DROUTE; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT;iptables -A OUTPUT -d $HOMENET2 -j ACCEPT; iptables -A OUTPUT -d $HOMENET3 -j ACCEPT;  iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route del $HOMENET3 via $DROUTE;ip route del $HOMENET2 via $DROUTE; ip route del $HOMENET via $DROUTE; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT; iptables -D OUTPUT -d $HOMENET2 -j ACCEPT; iptables -D OUTPUT -d $HOMENET3 -j ACCEPT

[Peer]
PublicKey = <I think this is confidential info>
PresharedKey = <I think this is confidential info>
Endpoint = <I think this is confidential info>
AllowedIPs = 0.0.0.0/0,::/0

    Still, while the docker compose build goes well, I cant make the app to connect to the database through the DB Host URL that I set, since that only works if one's network (in this case, the container network) requests get resolved through the VPN that is set. So I have this questions:

    1. Must I have the VPN enabled locally (as I normally do when accessing the DB) or that makes no difference in regards to the VPN that is being set on the docker container?
    2. How do I make sure that the VPN is working?

    We have this Wireguard VPN which we use to connect to AWS RDS database and perform some operations there through our rails API: I set the API to run with correct environment variables for the database, and also run the VPN on my network. Then I run the rails console and boom: the app that I am running locally has access to the database through that VPN.

    The problem now is that I am trying to to that but using docker compose. I have the docker compose set up as follows:

    version: '2'

services:
  app:
    build: .
    command: make run
    depends_on:
      - wireguard
    network_mode: "service:wireguard"
    volumes:
      - .:/usr/src/app
      - bundle-data:/usr/src/bundle
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - WEBUI_PORT=3000
    volumes:
      - /etc/wireguard
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped




volumes:
  bundle-data:
    driver: local

    My /etc/wireguard/wg.0.conf

    PrivateKey = <I think this is confidential info>
Address = <I think this is confidential info>
DNS = <I think this is confidential info>
PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route add $HOMENET3 via $DROUTE;ip route add $HOMENET2 via $DROUTE; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT;iptables -A OUTPUT -d $HOMENET2 -j ACCEPT; iptables -A OUTPUT -d $HOMENET3 -j ACCEPT;  iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route del $HOMENET3 via $DROUTE;ip route del $HOMENET2 via $DROUTE; ip route del $HOMENET via $DROUTE; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT; iptables -D OUTPUT -d $HOMENET2 -j ACCEPT; iptables -D OUTPUT -d $HOMENET3 -j ACCEPT

[Peer]
PublicKey = <I think this is confidential info>
PresharedKey = <I think this is confidential info>
Endpoint = <I think this is confidential info>
AllowedIPs = 0.0.0.0/0,::/0

    Still, while the docker compose build goes well, I cant make the app to connect to the database through the DB Host URL that I set, since that only works if one's network (in this case, the container network) requests get resolved through the VPN that is set. So I have this questions:

    1. Must I have the VPN enabled locally (as I normally do when accessing the DB) or that makes no difference in regards to the VPN that is being set on the docker container?
    2. How do I make sure that the VPN is working?
    • ruby-on-rails
    • docker
    • docker-compose
    • vpn
    • wireguard
    Share Improve this question asked Mar 16 at 16:04 Roger PeixotoRoger Peixoto 3782 gold badges5 silver badges18 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    I am using the VPN connect to database

    in docker-compose.yml

      db:
    container_name: app_db
    image: postgres:15-alpine
    ports:
      - "5433:5432"
    env_file:
      - ./env/.app.env
      - "./env/.${ENV:-local}.env"
    volumes:
      - pgdata:/var/lib/postgresql/data
    networks:
      - app_network

    config/database.config

    development:
  <<: *default
  username: <%= ENV['DB_USER']%>
  password: <%= ENV['DB_PASS'] %>
  host: <%= ENV['DB_HOST'] %>
  database: <%= ENV['DB_NAME'] %>
  port: <%= ENV['DB_PORT'] || 5432 %>

    in env folder you can setup as below

    env/.app.env: Use both local and staging. EX: AWS_KEY, ...

    env/.local.env

    DB_HOST=db
DB_NAME=any
DB_USER=postgres
DB_PASS=any
DB_POST=5433 or default: 5432

    env/.staging.env

    DB_HOST=staging_db
DB_NAME=staging_any
DB_USER=postgres
DB_PASS=staging_any
DB_POST=5433 or default: 5432

    When you run app: ENV=staging docker-compose up, default: ENV=local

    Don't fet turn on the VPN before run staging env

    Hopefully for you!

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论