version: '3.4'

services:
  vpn:
    image: dperson/openvpn-client
    # cap_add, security_opt, and volume required for the image to function
    cap_add:
      - net_admin
    environment:
      TZ: 'EST5EDT'
    networks:
      - default
    # if using '-d' or 'DNS' you can't enable the `read_only: true` option
    read_only: true
    tmpfs:
      - /run
      - /tmp
    restart: unless-stopped
    security_opt:
      - label:disable
    stdin_open: true
    tty: true
    volumes:
      - /dev/net:/dev/net:z
    # Put .ovpn configuration file in the /vpn directory (in "volumes:" above or
    # launch using the command line arguments, IE pick one:
    #  - ./vpn:/vpn
    # command: 'server;user;password[;port]'

  # Replace "service1" with and image with an actual service you want to run
  service1:
    image: docker_hub_user/container_name
    depends_on:
      - vpn
    environment:
      TZ: 'EST5EDT'
    network_mode: "service:vpn"
    restart: unless-stopped
    stdin_open: true
    tty: true
    volumes:
      - /srv/service1:/var/lib/service1:Z

  web:
    image: dperson/nginx
    depends_on:
      - service1
    environment:
      TZ: 'EST5EDT'
    links:
      - vpn:service1
    networks:
      - default
    ports:
      - "80:80"
      - "443:443"
    read_only: true
    tmpfs:
      - /run
      - /tmp
      - /var/cache/nginx
    restart: unless-stopped
    stdin_open: true
    tty: true
    command: -w "http://service1:8888;/service1"
    # service1 shares the network stack of vpn. The service can by reached using
    # the name of the service as a hostname.

networks:
  default: