marten-cz · June 10, 2021 09:15
diff --git a/docker-compose.yml b/docker-compose.yml
 version: "3"

 services:
  php:
    build:
      context: ./
      dockerfile: Dockerfile
    depends_on:
      - vpn
    # This container can access services which are in VPN
    network_mode: "service:vpn"

  vpn:
    image: dperson/openvpn-client
    # cap_add, security_opt, and volume required for the image to function
    cap_add:
      - net_admin
    read_only: true
    tmpfs:
      - /run
      - /tmp
    #restart: unless-stopped
    security_opt:
      - label:disable
    stdin_open: true
    tty: true
    volumes:
      - /dev/net:/dev/net:z
      # Put .ovpn configuration file in the /vpn directory
      - ./vpn:/vpn
    extra_hosts:
      - "sql:192.168.1.1"
    networks:
      - proxy
      - internal
    ports:
      # Bind MySQL database behind VPN to localhost:3306, accessible from host
      - 3306
    labels:
      - traefik.enable=true
      - traefik.docker.network=proxy
      - traefik.web1.backend=vpn-web
      - traefik.web1.frontend.rule=Host:web.vcap.me
      - traefik.web1.port=81
      - traefik.web2.backend=vpn-web2
      - traefik.web2.frontend.rule=Host:web2.vcap.me
      - traefik.web2.port=82
      - traefik.live.backend=woodler-smtphp-live
      - traefik.live.frontend.rule=Host:admin.vcap.me
      - traefik.live.port=81
    command:
      - /bin/sh
      - -c
      - |
        # Web behind proxy
        iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to 192.168.1.1:80
        iptables -t nat -A OUTPUT -p tcp --dport 81 -j DNAT --to-destination 192.168.1.1:80
        # Second web behind proxy
        iptables -t nat -A PREROUTING -p tcp --dport 82 -j DNAT --to 192.168.1.2:80
        iptables -t nat -A OUTPUT -p tcp --dport 82 -j DNAT --to-destination 192.168.1.2:80
        # MySQL
        iptables -t nat -A PREROUTING -p tcp --dport 13389 -j DNAT --to 192.168.1.1:3306
        iptables -t nat -A OUTPUT -p tcp --dport 13389 -j DNAT --to-destination 192.168.1.1:3306
        iptables -t nat -A POSTROUTING -j MASQUERADE
        /sbin/tini -- /usr/bin/openvpn.sh

 networks:
  proxy:
    external: true
  internal:
    external: false
	version: "3"

	services:
	php:
	build:
	context: ./
	dockerfile: Dockerfile
	depends_on:
	- vpn
	# This container can access services which are in VPN
	network_mode: "service:vpn"

	vpn:
	image: dperson/openvpn-client
	# cap_add, security_opt, and volume required for the image to function
	cap_add:
	- net_admin
	read_only: true
	tmpfs:
	- /run
	- /tmp
	#restart: unless-stopped
	security_opt:
	- label:disable
	stdin_open: true
	tty: true
	volumes:
	- /dev/net:/dev/net:z
	# Put .ovpn configuration file in the /vpn directory
	- ./vpn:/vpn
	extra_hosts:
	- "sql:192.168.1.1"
	networks:
	- proxy
	- internal
	ports:
	# Bind MySQL database behind VPN to localhost:3306, accessible from host
	- 3306
	labels:
	- traefik.enable=true
	- traefik.docker.network=proxy
	- traefik.web1.backend=vpn-web
	- traefik.web1.frontend.rule=Host:web.vcap.me
	- traefik.web1.port=81
	- traefik.web2.backend=vpn-web2
	- traefik.web2.frontend.rule=Host:web2.vcap.me
	- traefik.web2.port=82
	- traefik.live.backend=woodler-smtphp-live
	- traefik.live.frontend.rule=Host:admin.vcap.me
	- traefik.live.port=81
	command:
	- /bin/sh
	- -c
	- \|
	# Web behind proxy
	iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to 192.168.1.1:80
	iptables -t nat -A OUTPUT -p tcp --dport 81 -j DNAT --to-destination 192.168.1.1:80
	# Second web behind proxy
	iptables -t nat -A PREROUTING -p tcp --dport 82 -j DNAT --to 192.168.1.2:80
	iptables -t nat -A OUTPUT -p tcp --dport 82 -j DNAT --to-destination 192.168.1.2:80
	# MySQL
	iptables -t nat -A PREROUTING -p tcp --dport 13389 -j DNAT --to 192.168.1.1:3306
	iptables -t nat -A OUTPUT -p tcp --dport 13389 -j DNAT --to-destination 192.168.1.1:3306
	iptables -t nat -A POSTROUTING -j MASQUERADE
	/sbin/tini -- /usr/bin/openvpn.sh

	networks:
	proxy:
	external: true
	internal:
	external: false