How to correctly port forward through a vpn? (student dorm)

Node Operators
,
1

I am trying to get a node up and running while not being able to port forward through the local router because it is not mine. Thus, I am using Private Internet Access VPN which allows me to get a public open port (e.g. 50254). I use the gluetun docker image for this purpose and want to connect my storj docker to it using the " --net=container:gluetun" variable, which works fine.

The problem is the following: I am starting up my VPN container and then get assigned a random port. But because the storagenode container is using the network of the vpn container, I cannot use the “-p 50254:28967” variable which makes total sense. Is there an alternative way to route the random public port into the storj container that allows for port “remapping” in between?

Hope you can understand my problem :slight_smile:

1 Like
2

How is that?

3

Well no, not really. I want to use PIAs random port for storj. So i need to assign storj the random port. This tutorial is about accessing some services HTTP server, although the main traffic is using the VPN. I am already doing this to look at the localhost:14002 status page. This is different though. I am talking about the port thats usually 28967 and needs to be routed into the random port to reach the internet.

4

I kind of wanna use PIA and port forwarding like a reverse proxy. Similar to this: https://support.storj.io/hc/en-us/articles/360026892971-Running-a-V3-Storage-Node-with-PIA-VPN-
but using docker and not a system wide VPN.

5

But you need to add some scripting to configure your ADDRESS environment variable with that port.
But it’s not a main problem. The main problem that you cannot use -p option to forward that port to the storagenode container, at least it would be useless.
You need to bind the storagenode to the 0.0.0.0:<PIA_PORT>. You can do that in the config.yaml in the server.address: parameter or with the --server.address option, i.e.

storagenode run --identity-dir identity --config-dir config --server.address 0.0.0.0:$(cat /tmp/gluetun/forwarded_PIA_port)

But you need to use a volume in the gluetun container and share it with the storagenode container and mount it to the /tmp/gluetun/forwarded_PIA_port.

It could work only if you inject storagenode to the gluetun container.
So, you need to build your own image.

There is not exactly working setup, just an idea:
Dockerfile:

FROM storjlabs/storagenode as addon
FROM qmcgaw/gluetun
COPY --from=addon /app/ /app/
COPY --from=addon /entrypoint /app/entrypoint
COPY ./entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
WORKDIR /app
ENTRYPOINT ["/entrypoint.sh"]

entrypoint.sh

#!/bin/sh
/entrypoint &
if [ -f ${PUBLICIP_FILE} ] && [ -f ${PORT_FORWARDING_STATUS_FILE} ]; then
    export ADDRESS=$(cat ${PUBLICIP_FILE}):$(cat ${PORT_FORWARDING_STATUS_FILE})
    /app/entrypoint --server.address=0.0.0.0:$(cat ${PORT_FORWARDING_STATUS_FILE}) "$@"
elif [[ -z "`jobs`" ]]; then
    echo "gluetun died" 1>&2
    exit 1
else
    sleep 10
fi

docker-compose.yaml:

version: '3'
services:
  storagenode:
    image: gluetun-storagenode
    build: .
    container_name: storagenode
    cap_add:
      - NET_ADMIN
    environment:
      - OPENVPN_USER=js89ds7
      - OPENVPN_PASSWORD=8fd9s239G
      - REGION=AU Melbourne
      - PORT_FORWARDING=on
      - WALLET=0x....
      - EMAIL=a@bc.com
      - STORAGE=20TB
    ports:
      - "14002:14002"
    volumes:
      - type: bind
        source: /mnt/storj/storagenode/identity
        destination: /app/identity
      - type: bind
        source: /mnt/storj/storagenode/
        destination: /app/config

Unfortunately the watchtower cannot update the custom build image.
To update you would need to do:

docker-compose build --pull
docker-compose up -d
1 Like