AirVPN help on docker

Hello forum!

I’m helping a friend setup a node at his place. He’s in uni, and cannot open ports, which is why he already has a VPN subscription with AirVPN.

So far so good.

I’ve created, authenticated and validated a node for him at home, and am trying to adapt my docker-compose.yaml file to fit the VPN. Here’s where I run into issues.

• The Storagenode part of my dockerfile works fine on my home network (of course, with the address and ports section changed)
• The gluetun part of my setup works standalone. I verify that the port is open using port-checker tool (see bottom of dockerfile)
• When running the node together with the VPN solution, I keep getting either timeouts or denies, which I don’t understand.

docker-compose.yaml ↓

version: '3.3'

services:
    gluetun:
        image: 'qmcgaw/gluetun:latest'
        container_name: 'gluetun'
        stdin_open: true
        tty: true
        cap_add:
            - NET_ADMIN
        environment:
            - VPN_SERVICE_PROVIDER=custom
            - OPENVPN_CUSTOM_CONFIG=/gluetun/custom.conf
            - FIREWALL_VPN_INPUT_PORTS=17479
        ports:
            - '17479:28967/tcp'
            - '17479:28967/udp'
        volumes:
            - './vpn/custom.conf:/gluetun/custom.conf:ro'
            - './gluetun:/gluetun'
        restart: unless-stopped
        devices:
            - /dev/net/tun
        
    storagenode:
        image: 'storjlabs/storagenode:latest'
        restart: unless-stopped
        environment:
            - WALLET=0xWalletAddress
            - EMAIL=abc@mail.com
            - 'ADDRESS=185.156.xxx.xxx:17479'
            - 'STORAGE=500GB'
        volumes:
            - './IdentityBackup:/app/identity'
            - './Data:/app/config'
        container_name: storagenode
        network_mode: 'service:gluetun'

Verify port is open:

sudo docker exec -it gluetun /bin/sh
wget -qO port-checker https://github.com/qdm12/port-checker/releases/download/v0.3.0/port-hecker_0.3.0_linux_amd64
chmod +x port-checker
./port-checker -port 17479
# and then visit the IP from docker-compose file on requested pord

Thank you for the help with correct category @nerdatwork

I’m pretty sure it’s against terms of service of his university’s internet connection to host services. Otherwise he could have just asked admins to forward ports to him.

His uni -for whatever reason- allows port forwards on standard ports. 80 is good, 443 is bueno, and even the fabeled port 25 is good. We’re good - but thank you for the consideration

Then why not host the node at port 80, 443, or 25? Unnecessary roundtrip through vpn will add latency and complexity.

Port 80, 443 and 25 are in use. He want to utilize the VPN; this is what this post is about

I get that. But I have a strong feeling it’s an xy problem.

Port 25 is smpt. Your friend hosts web server, and mailseriver too, at his university internet? And web server for both http and https? Why? Let him redirect to https at CDN level, he’ll free up port 80 and run node there.

The whole gluetun and all that jazz is way too complex. Complex solutions are inferior to simple ones.

But I’ll show myself out, it’s clearly none of my business.

Did anyone have any good ideas for this one?

Is your setup, which is running, also on AirVPN? If not, you could try running a VPS (oracle or similar). I’m running a Storjnode via Docker through a VPS, which is working fine. It maybe the issue, that AirVPN doesnt allow incoming traffic thorugh a spefic port. On my VPS I had to add IP-tables, so it would be redirected to my node at home.

My own setup is not using AirVPN (or any VPN) or a VPS. I am just running my own ports on my own addresses - I must admint, I don’t have much experience with all the VPNnning

And you likely shouldn’t, because your IP is available for the customers anyway.