Links
- Wiki (github.com)
- Common Errors (github.com)
- Discussions (github.com)
- Fix the Unraid template (github.com)
- Create an issue (github.com)
- Want to add a VPN provider? check the development page (github.com) and add a provider page (github.com)
Features
- Based on Alpine 3.18 for a small Docker image of 35.6MB
- Supports: AirVPN, Cyberghost, ExpressVPN, FastestVPN, HideMyAss, IPVanish, IVPN, Mullvad, NordVPN, Perfect Privacy, Privado, Private Internet Access, PrivateVPN, ProtonVPN, PureVPN, SlickVPN, Surfshark, TorGuard, VPNSecure.me, VPNUnlimited, Vyprvpn, WeVPN, Windscribe servers
- Supports OpenVPN for all providers listed
- Supports Wireguard both kernelspace and userspace
- For AirVPN, Ivpn, Mullvad, NordVPN, Surfshark and Windscribe
- For ProtonVPN, PureVPN, Torguard, VPN Unlimited and WeVPN using the custom provider (github.com)
- For custom Wireguard configurations using the custom provider (github.com)
- More in progress, see #134 (github.com)
- DNS over TLS baked in with service provider(s) of your choice
- DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours
- Choose the vpn network protocol,
udportcp - Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
- Built in Shadowsocks proxy (protocol based on SOCKS5 with an encryption layer, tunnels TCP+UDP)
- Built in HTTP proxy (tunnels HTTP and HTTPS through TCP)
- Connect other containers to it (github.com)
- Connect LAN devices to it (github.com)
- Compatible with amd64, i686 (32 bit), ARM 64 bit, ARM 32 bit v6 and v7, and even ppc64le 🎆
- Custom VPN server side port forwarding for Private Internet Access (github.com)
- Possibility of split horizon DNS by selecting multiple DNS over TLS providers
- Unbound subprogram drops root privileges once launched
- Can work as a Kubernetes sidecar container, thanks @rorph
Setup
There are now instructions specific to each VPN provider with examples (github.com) to help you get started as quickly as possible!
Here's a docker-compose.yml for the laziest (github.com)
Example
Remember to change the volumes to whatever paths you want to use
version: "3"
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
environment:
- FIREWALL_OUTBOUND_SUBNETS=192.168.1.0/24
- HTTPPROXY=on
- HTTPPROXY_LOG=on
- HTTPPROXY_STEALTH=on
- BLOCK_MALICIOUS=off
- BLOCK_SURVEILLANCE=off
- BLOCK_ADS=off
- DOT=on
- VPN_SERVICE_PROVIDER=protonvpn
- OPENVPN_USER=
- OPENVPN_PASSWORD=
- SERVER_COUNTRIES="United States"
- TZ=America/Detroit
ports:
- 8888:8888 # http proxy
- 8900:8000 # http control
- 8111:8080 # qbittorrent
- 6881:6881 # qbittorrent
- 6881:6881/udp # qbittorrent
- 9117:9117 # jackett
volumes:
- ./gluetun:/gluetun
network_mode: bridge
restart: unless-stopped
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=America/Detroit
- WEBUI_PORT=8080
volumes:
- ./qbittorrent/config:/config
- ./qbittorrent/downloads:/downloads
network_mode: 'service:gluetun'
restart: unless-stopped
depends_on:
- gluetun
jackett:
image: lscr.io/linuxserver/jackett:latest
container_name: jackett
environment:
- PUID=1000
- PGID=1000
- TZ=America/Detroit
volumes:
- ./jackett/config:/config
- ./qbittorrent/downloads:/downloads
network_mode: 'service:gluetun'
restart: unless-stopped
depends_on:
- gluetun
Image also available as ghcr.io/qdm12/gluetun
## Links
- [Wiki](https://github.com/qdm12/gluetun-wiki)
- [Common Errors](https://github.com/qdm12/gluetun-wiki/tree/main/errors)
- [Discussions](https://github.com/qdm12/gluetun/discussions)
- [Fix the Unraid template](https://github.com/qdm12/gluetun/discussions/550)
- [Create an issue](https://github.com/qdm12/gluetun/issues)
- **Want to add a VPN provider?** check [the development page](https://github.com/qdm12/gluetun-wiki/blob/main/contributing/development.md) and [add a provider page](https://github.com/qdm12/gluetun-wiki/blob/main/contributing/add-a-provider.md)
## Features
- Based on Alpine 3.18 for a small Docker image of 35.6MB
- Supports: **AirVPN**, **Cyberghost**, **ExpressVPN**, **FastestVPN**, **HideMyAss**, **IPVanish**, **IVPN**, **Mullvad**, **NordVPN**, **Perfect Privacy**, **Privado**, **Private Internet Access**, **PrivateVPN**, **ProtonVPN**, **PureVPN**, **SlickVPN**, **Surfshark**, **TorGuard**, **VPNSecure.me**, **VPNUnlimited**, **Vyprvpn**, **WeVPN**, **Windscribe** servers
- Supports OpenVPN for all providers listed
- Supports Wireguard both kernelspace and userspace
- For **AirVPN**, **Ivpn**, **Mullvad**, **NordVPN**, **Surfshark** and **Windscribe**
- For **ProtonVPN**, **PureVPN**, **Torguard**, **VPN Unlimited** and **WeVPN** using [the custom provider](https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/custom.md)
- For custom Wireguard configurations using [the custom provider](https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/custom.md)
- More in progress, see [#134](https://github.com/qdm12/gluetun/issues/134)
- DNS over TLS baked in with service provider(s) of your choice
- DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours
- Choose the vpn network protocol, `udp` or `tcp`
- Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
- Built in Shadowsocks proxy (protocol based on SOCKS5 with an encryption layer, tunnels TCP+UDP)
- Built in HTTP proxy (tunnels HTTP and HTTPS through TCP)
- [Connect other containers to it](https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md)
- [Connect LAN devices to it](https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-lan-device-to-gluetun.md)
- Compatible with amd64, i686 (32 bit), **ARM** 64 bit, ARM 32 bit v6 and v7, and even ppc64le 🎆
- [Custom VPN server side port forwarding for Private Internet Access](https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/private-internet-access.md#vpn-server-port-forwarding)
- Possibility of split horizon DNS by selecting multiple DNS over TLS providers
- Unbound subprogram drops root privileges once launched
- Can work as a Kubernetes sidecar container, thanks @rorph
## Setup
There are now [instructions specific to each VPN provider with examples](https://github.com/qdm12/gluetun-wiki/tree/main/setup/providers) to help you get started as quickly as possible!
[Here's a docker-compose.yml for the laziest](https://github.com/qdm12/gluetun/blob/master/README.md#setup)
## Example
Remember to change the volumes to whatever paths you want to use
```
version: "3"
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
environment:
- FIREWALL_OUTBOUND_SUBNETS=192.168.1.0/24
- HTTPPROXY=on
- HTTPPROXY_LOG=on
- HTTPPROXY_STEALTH=on
- BLOCK_MALICIOUS=off
- BLOCK_SURVEILLANCE=off
- BLOCK_ADS=off
- DOT=on
- VPN_SERVICE_PROVIDER=protonvpn
- OPENVPN_USER=
- OPENVPN_PASSWORD=
- SERVER_COUNTRIES="United States"
- TZ=America/Detroit
ports:
- 8888:8888 # http proxy
- 8900:8000 # http control
- 8111:8080 # qbittorrent
- 6881:6881 # qbittorrent
- 6881:6881/udp # qbittorrent
- 9117:9117 # jackett
volumes:
- ./gluetun:/gluetun
network_mode: bridge
restart: unless-stopped
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=America/Detroit
- WEBUI_PORT=8080
volumes:
- ./qbittorrent/config:/config
- ./qbittorrent/downloads:/downloads
network_mode: 'service:gluetun'
restart: unless-stopped
depends_on:
- gluetun
jackett:
image: lscr.io/linuxserver/jackett:latest
container_name: jackett
environment:
- PUID=1000
- PGID=1000
- TZ=America/Detroit
volumes:
- ./jackett/config:/config
- ./qbittorrent/downloads:/downloads
network_mode: 'service:gluetun'
restart: unless-stopped
depends_on:
- gluetun
```
Image also available as `ghcr.io/qdm12/gluetun`
(post is archived)