2.2 KiB
2.2 KiB
Gluetun (VPN Gateway)
VPN gateway container using Mullvad via WireGuard. Acts as a network proxy for other containers or clients that need to route traffic through the VPN.
Access
- HTTP Control Server:
http://192.168.2.114:8001(Gluetun management API) - HTTP Proxy:
http://192.168.2.114:8888 - Shadowsocks:
192.168.2.114:8388(TCP + UDP)
Containers
| Container | Image | Role |
|---|---|---|
gluetun |
qmcgaw/gluetun:v3 |
VPN gateway |
No Tailscale sidecar — this stack is accessed directly on the LAN.
Compose File
Path: /home/artanis/DockerFiles/gluetun-qbittorent/docker-compose.yaml
services:
gluetun:
image: qmcgaw/gluetun:v3
container_name: gluetun
restart: unless-stopped
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8001:8000/tcp # HTTP Control Server
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
volumes:
- /home/artanis/DockerFiles/ArrSuite/gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=mullvad
- VPN_TYPE=wireguard
- HTTPPROXY=on
- WIREGUARD_PRIVATE_KEY=<redacted>
- WIREGUARD_ADDRESSES=10.74.136.96/32
- TZ=UTC-06
- SERVER_COUNTRIES=Canada,USA
- DNS_ADDRESS=192.168.2.112
- HTTP_CONTROL_SERVER_ADDRESS=:8000
- FIREWALL_OUTBOUND_SUBNETS=192.168.2.0/24
- UPDATER_PERIOD=24h
Notes
- VPN Provider: Mullvad, WireGuard protocol
- VPN IP:
10.74.136.96/32(assigned Mullvad address) - Server regions: Canada and USA
- DNS: Routes DNS through
192.168.2.112(likely the LAN Pihole) FIREWALL_OUTBOUND_SUBNETS=192.168.2.0/24allows containers using Gluetun as their network to still reach the local LANUPDATER_PERIOD=24h— Gluetun automatically refreshes its Mullvad server list every 24 hours- The stack name is
gluetun-qbittorent, suggesting qBittorrent was originally planned to run behind this VPN. The qBittorrent service is not currently deployed (only Gluetun is running) - Config data is bind-mounted to
/home/artanis/DockerFiles/ArrSuite/gluetun(note:ArrSuitedirectory, suggesting future *arr apps may be planned)