Nginx

How to publish Docker containers via Reverse VPN?

Good afternoon!
Situation: there is a home NAS behind NAT and a VPS server. Both servers are on Linux, all sorts of interesting things are deployed there in docker containers via docker-compose.
And so it took to make some containers on the home NAS available from the Internet in order to configure integration with external services via webhooks. But there were difficulties with setting up a network from Docker containers.
OpenVPN is deployed on the VPS, and nginx, each in its own container, but in one docker-compose file. They see each other perfectly inside the grid raised by docker-compose.
An OpenVPN client and useful services are also deployed on the NAS in separate containers in the same docker-compose, they see each other.
But the servers do not see each other, although the VPN channel seems to be installed (when I do proxy_pass in nginx to the host name of the container with the NAS, I get an nginx error saying that there is no such host (host not found in upstream "myusefulhost" in /etc/nginx/sites-enabled /default-ssl.conf:39)).
What am I doing wrong?
Configs:
VPS docker-compose:

webnginx:
    image: richarvey/nginx-php-fpm:latest
    restart: always
    hostname: webnginx
    container_name: webnginx
    environment:
      WEBROOT: /var/www/html/src
      DOMAIN: mydomain
    volumes:
      - ./nginx-site-ssl.conf:/etc/nginx/sites-enabled/default-ssl.conf
      - ./certs/:/etc/letsencrypt/live/
      - ./clientcert/ca.crt:/etc/nginx/clientca/ca.crt:ro
    links:
      - openvpn
openvpn:
    image: kylemanna/openvpn
    cap_add:
      - NET_ADMIN
    restart: always
    hostname: openvpn
    container_name: openvpn
    volumes:
      - ./vpn:/etc/openvpn
    ports:
       - "XXXX:1194/udp"

nginx on VPS:

location / {
                if ($ssl_client_verify != SUCCESS){
                    return 403;
                }
                proxy_pass http://myusefulhost:8123; # имя хоста контейнера из NAS
        }

on NAS:

myusefulhost:
#    network_mode: "container:openvpn"
    container_name: myusefulhost
    hostname: myusefulhost
    image: ...
    ports:
      - 80:8123/tcp # для доступа из локальной сети используется
    volumes:
      - /opt/homeassistant/hass-config:/config
      - /etc/localtime:/etc/localtime:ro
    environment:
      - TZ=Europe/Moscow
#    depends_on:
#      - openvpn
  openvpn:
    build: ./vpn
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun 
    restart: always
    hostname: openvpn
    container_name: openvpn
    volumes:
      - ...
# вот эта штука линкуется с первым хостом но ее можно не публиковать
  second-useful-host:
    links:
      - myusefulhost
#    network_mode: "container:openvpn"
    container_name: second-useful-host
    hostname: second-useful-host
    image: acockburn/appdaemon:latest
    environment:
        ...
    volumes:
      ....
    depends_on:
      - myusefulhost

As I understand it, the VPN is installed only between openvpn containers, how would it be shared on the entire docker-compose grid?
I don’t want to install an openvpn client on the entire system because I only need certain containers, and it makes no sense to drive the same transmission through VPN