From charlesreid1

todo

Experiment with idea #1 - eliminating the vpn in the middle. (If that works, maybe the host net on blackbeard and the host net on krash aren't configured correctly.)

If idea #1 does not work... cross that bridge when we get there.

blackbeard

set up to publicly listen at blackbeard ip


update

finished the connection, the problem was (a) http instead of https, and no http rules set up, which was causing the infinite redirect loop, and (b) vpn settings.

we were able to connect the two containers over the public internet, so we have the reverse proxy set up okay.

now the current challenge is to connect these two services over a VPN. we ran into a snag here, because a container apparently cannot connect to multiple networks if one of those networks is the host network.

if a container is connected to the host network, it should use port forwarding to forward traffic on to other containers.

socat

next step is to set up socat, a container that performs port forwarding. it forwards traffic from a port on the host to a port on the container.

we have a host machine connected to the vpn. the host machine runs a socat docker container, which binds to the host network. it can now access the vpn device, but it cannot connect to the docker network running the rest of the containers (including the nginx container that needs to receive requests from the VPN).

to get requests from the VPN into the nginx container, the socat container connects a port in the container to a port in the nginx container. for example, tinc VPN runs on port 655 by default, so one end of socat would bind to the host network, and listen on IP address 10.5.0.1 and on port 655 for incoming requests. the other end of socat would connect to the nginx on port 7443 (for example). The server block in the nginx container that handles the subdomain requests and forwards them


just a sec- revise this.

have a host that is connected to a vpn, then socat can bind to the host network connect one end of its communications channel to the host network (the only network it is allowed to connect to),