How to publish Docker containers using Reverse VPN?

Good day!
Situation: have a home NAS behind a NAT and VPS server. Both servers are on Linux, deployed all sorts of interesting things in docker containers using docker-compose.

And now need to make some containers for home NAS available from the Internet to integrate with external services to configure webcam. But there's a problem with the network configuration of Docker containers.

Deployed OpenVPN on a VPS and nginx, each in their own container but in one docker-compose the file. Each other can see perfectly inside the grid raised docker-compose-ohms.
The NAS deployed the OpenVPN client and useful services, too, in separate containers in a single docker-compose each other see.

But the servers do not see each other, though VPN channel sort is selected (when doing proxy_pass in nginx on the host name of the NAS container with nginx get error saying no such host (host not found in upstream "myusefulhost" in /etc/nginx/sites-enabled/default-ssl.conf:39)).

What am I doing wrong?

Configs:
VPS docker-compose:
webnginx:
 image: richarvey/nginx-php-fpm:latest
 restart: always
 hostname: webnginx
 container_name: webnginx
environment:
 WEBROOT: /var/www/html/src
 DOMAIN: mydomain
volumes:
 - ./nginx-site-ssl.conf:/etc/nginx/sites-enabled/default-ssl.conf
 - ./certs/:/etc/letsencrypt/live/
 - ./clientcert/ca.crt:/etc/nginx/clientca/ca.crt:ro
links:
 - openvpn
openvpn:
 image: kylemanna/openvpn
cap_add:
 - NET_ADMIN
 restart: always
 hostname: openvpn
 container_name: openvpn
volumes:
 - ./vpn:/etc/openvpn
ports:
 - "XXXX:1194/udp"

nginx on VPS:
location / {
 if ($ssl_client_verify != SUCCESS){
 return 403;
}
 proxy_pass http://myusefulhost:8123; # the host name of the NAS container
 }


on the NAS:
myusefulhost:
# network_mode: "container:openvpn"
 container_name: myusefulhost
 hostname: myusefulhost
 image: ...
ports:
 - 80:8123/tcp # for access from your local network
volumes:
 - /opt/homeassistant/hass-config:/config
 - /etc/localtime:/etc/localtime:ro
environment:
 - TZ=Europe/Moscow
# depends_on:
# - openvpn
openvpn:
 build: ./vpn
cap_add:
 - NET_ADMIN
devices:
 /dev/net/tun 
 restart: always
 hostname: openvpn
 container_name: openvpn
volumes:
 - ...
# this thing will link with the first host but not to publish
second-useful-host:
links:
 - myusefulhost
# network_mode: "container:openvpn"
 container_name: second-useful-host
 hostname: second-useful-host
 image: acockburn/appdaemon:latest
environment:
...
volumes:
....
depends_on:
 - myusefulhost


As I understand VPN is established only between openvpn containers, as it would share the whole docker-compose the grid?

To put the openvpn client on the entire system I don't want TK I only need opalennye containers, and the same transmission to drive through a VPN makes no sense
June 8th 19 at 16:39
1 answer
June 8th 19 at 16:41
Might be worth a look at the ssh-tunnel? Enough to forward the ports to an external server.

As an example: localhost.run

Find more questions by tags DockerNginxVPN