Skip to main content
Sean’s Tech Notes
  1. Posts/

Gluetun VPN

Vpn Docker-Compose Privacy Networking Self-Hosted Security
Table of Contents

My Gluetun Setup
#

This setup uses qmcgaw/gluetun in Docker to route traffic through a secure VPN tunnel. It also enables an HTTP proxy and Shadowsocks, which gives you flexible options for private networking across your self-hosted services.

My Docker Compose Configuration
#

The first example below is a focused Gluetun-only setup.

services:
  gluetun:
    container_name: gluetun # Container name
    image: qmcgaw/gluetun # Gluetun image
    cap_add:
      - NET_ADMIN # Required to manage VPN networking
    ports:
      - "8888:8888/tcp" # HTTP proxy
      - "8388:8388/tcp" # Shadowsocks
      - "8388:8388/udp" # Shadowsocks
    volumes:
      - /home/server1/gluetun_vpn/config:/gluetun # Persistent Gluetun configuration
    environment:
      - HTTPPROXY=on # Enable built-in HTTP proxy
      - VPN_SERVICE_PROVIDER=protonvpn # VPN provider name
      - VPN_TYPE=wireguard # VPN protocol
      - WIREGUARD_PRIVATE_KEY=your_private_key_here # WireGuard private key
      - SERVER_COUNTRIES=Germany # VPN endpoint country filter
      - PORT_FORWARD_ONLY=on # Require servers that support port forwarding
      - VPN_PORT_FORWARDING=on # Enable VPN port forwarding
    restart: unless-stopped # Restart unless stopped manually

The next example shows a combined stack where Gluetun is used alongside qBittorrent and SABnzbd.

services:
  gluetun:
    container_name: gluetun
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks    
      - 8080:8080 # sabnzbd Webui
      - 8443:8443 # Qbittorrent Webui
    volumes:
      - /home/server1/gluetun_vpn/config:/gluetun
    environment:
      - HTTPPROXY=on
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=your_private_key_here
      - SERVER_COUNTRIES=Germany
      - PORT_FORWARD_ONLY=on
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_UP_COMMAND=/bin/sh -c 'wget -O- --retry-connrefused --post-data "json={\"listen_port\":{{PORTS}}}" http://127.0.0.1:8443/api/v2/app/setPreferences 2>&1' # Push forwarded port to qBittorrent
    restart: unless-stopped

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - WEBUI_PORT=8443
    volumes:
      - /home/server1/qbittorrent/config:/config
      - /home/server1/downloads:/downloads
    network_mode: "service:gluetun"
    restart: unless-stopped
    depends_on:
      - gluetun

  sabnzbd:
    image: lscr.io/linuxserver/sabnzbd:latest
    container_name: sabnzbd
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /home/server1/sabnzbd/config:/config
      - /home/server1/downloads:/downloads #optional
    network_mode: "service:gluetun"
    restart: unless-stopped
    depends_on:
      - gluetun

Prepare the Downloads Folder
#

If you are using the combined stack above, create the downloads folder before starting the containers.

sudo mkdir -p /home/server1/downloads
sudo chown -R 1000:1000 /home/server1/downloads

Using Docker Secrets for Environment Variables
#

You can load environment variables from files by prefixing the variable name with FILE__.

For example:

FILE__MYVAR=/run/secrets/mysecretvariable