Gluetun

Gluetun is a Docker container that acts as a VPN client and allows other containers to route their traffic through a VPN connection.

mkdir gluetun
cd gluetun
mkdir data
touch docker-compose.yml

.../gluetun/docker-compose.yml

services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    restart: always
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    # ports:
    #   - 8888:8888/tcp # HTTP proxy
    #   - 8388:8388/tcp # Shadowsocks
    #   - 8388:8388/udp # Shadowsocks
    volumes:
      - ./data:/gluetun
      - ./wireguard.conf:/gluetun/wireguard/wg0.conf
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - TZ=Europe/Berlin
      # OpenVPN:
      # - OPENVPN_USER=
      # - OPENVPN_PASSWORD=
      # Wireguard:
      # - WIREGUARD_PRIVATE_KEY=
      # - WIREGUARD_ADDRESSES=

For your own VPN, you need to create a configuration file wireguard.conf. This can be generated and downloaded from wg-easy, for example.

Caution

The endpoint in the configuration file must be an IP address and not a domain. This may need to be adjusted manually if necessary.

Other VPN providers can also be used.

Connecting to Other Containers

Other containers can access the Gluetun container using network_mode.

.../other/docker-compose.yml

services:
  myservice:
    image: myimage
    network_mode: container:gluetun

If both are in the same docker-compose file, the service name can be used.

.../gluetun/docker-compose.yml

services:
  gluetun: ...
  myservice:
    image: myimage
    network_mode: service:gluetun