Connect to gluetun and another service not using gluetun in same compose?

[SteveNikkola]

Say I have 3 services named: postgres, gluetun and html-monitor-api, with a docker-compose.yml roughly like this:

version: '3.8'
services:
  postgres:
    image: postgres
    container_name: postgres
    restart: always
    ports:
      - 5432:5432
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    network_mode: bridge
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8000:8000/tcp # Built-in HTTP control server
      - "5000:5000" # for html-monitor-api
    volumes:
      - ./glueten:/gluetun
    environment:
      VPNSP: ${VPNSP}
      TZ: ${TZ}
      OPENVPN_USER: ${OPENVPN_USER}
      OPENVPN_PASSWORD: ${OPENVPN_PASSWORD}
    restart: always
  html-monitor-api:
    image: python:3.8
    container_name: html-monitor-api
    network_mode: "service:gluetun"
    entrypoint: /html-monitor/entrypoint.sh
    restart: always
    environment:
      DATABASE_URI: ${DATABASE_URI}
    volumes:
      - ./html-monitor:/html-monitor

I would like the following behavior from the html-monitor-api:

• Use the gluetun network to make calls through VPN to websites. This is currently working
• Store data from this call ^ in postgres. This is not working

Before adding gluetun, and setting html-monitor-api to use the gluetun network, I was able to reach out externally to websites (but not behind VPN of course), and then save data to postgres, using a connection string similar to the following:
postgresql://username:pw@postgres:5432/database

Now, however I get the following error: could not translate host name "postgres" to address: Name or service not known

I do not know much about docker networking. Is there a way I can have html-monitor-api use gluetun to hit external websites through VPN, but still be able to connect to postgres via service name or other reference? I don't want to put postgres on the gluetun network, as that wouldn't make sense, and in my real docker-compose.yml, other services in my stack connect to postgres that do not use the gluetun network.

[qdm12]

It's because it uses Unbound with DNS over tls through the vpn. Unbound is not aware of the Docker hostnames such as postgres. You might want to subscribe to the issue #281 for that. It will eventually be resolved but don't expect it too soon either. You can disable DOT and use KEEP_NAMESERVER so gluetun uses the Docker DNS but then all your DNS requests will leak out of the VPN and in plaintext if you did not configure some dns server on your LAN (like github.com/qdm12/dns). The viable alternative is to set a fixed IP address to postgres using docker-compose and use IP address to connect to it for now.

[SteveNikkola]

thanks for the quick response and workaround options! I'll keep an eye on #281 as well