Skip to main content

Gluetun Docker Container

Gluetun is a lightweight, open-source VPN client Docker container designed to provide secure and private internet access for other containers running on the same Docker network. It acts as a network proxy that routes traffic through various VPN providers, ensuring that all data transmitted by connected containers is encrypted and anonymized.

Purpose and Use Cases

Gluetun is commonly used in media entertainment stacks, such as the Arr stack (Sonarr, Radarr, Lidarr, Readarr, Prowlarr), to secure and anonymize traffic when downloading content via BitTorrent or Usenet. By running Gluetun as a VPN gateway container, all download clients and related services can route their traffic through the VPN, protecting user privacy and bypassing geo-restrictions or ISP throttling.

Key Features

  • Supports multiple VPN providers including NordVPN, PIA, Mullvad, and more.
  • DNS over TLS support for enhanced privacy.
  • Automatic kill switch to prevent IP leaks if the VPN connection drops.
  • Configurable firewall rules to restrict traffic to VPN only.
  • Lightweight and easy to deploy as a Docker container.
  • Supports OpenVPN and WireGuard protocols.

Integration with Media Entertainment Stacks

In an Arr stack setup, Gluetun is typically deployed as a standalone container on the Docker network. Download clients like qBittorrent or NZBGet are configured to use the Gluetun container as their network gateway. This setup ensures that all download traffic is routed securely through the VPN without requiring individual VPN configurations on each container.

Basic Usage

A typical Docker run command for Gluetun might look like this:

docker run -d \
  --name=gluetun \
  --cap-add=NET_ADMIN \
  -e VPN_SERVICE_PROVIDER=nordvpn \
  -e VPN_USERNAME=yourusername \
  -e VPN_PASSWORD=yourpassword \
  -e TZ=Europe/London \
  -p 8888:8888 \
  -v /path/to/config:/gluetun \
  qmcgaw/gluetun

This command starts the Gluetun container with NordVPN credentials, sets the timezone, and exposes the necessary ports. Other containers can then be connected to the same Docker network and configured to route traffic through Gluetun.

This setup enhances privacy and security for media downloading and streaming applications by leveraging VPN technology in a containerized environment.

Architecture Overview

Docker Compose

/volume2/docker/arr/docker-compose.yaml
gluetun:
  image: qmcgaw/gluetun
  container_name: gluetun
  restart: unless-stopped
  volumes:
    - ${ARRPATH}Gluetun:/gluetun
  ports:
    - 9696:9696 #prowlarr
    - 7878:7878 #radarr
    - 8989:8989 #sonarr
    # - 6767:6767 #bazarr
    - 8686:8686 #lidarr
    - 8787:8787 #readarr
    - 8080:8080 #qbittorrent
    - 6881:6881 #qbittorrent
    - 6881:6881/udp #qbittorrent
  cap_add:
    - NET_ADMIN
  devices:
    - /dev/net/tun:/dev/net/tun
  environment:
    - VPN_SERVICE_PROVIDER=nordvpn
    - VPN_TYPE=openvpn # or wireguard
  env_file:
    - '.env'
    - '.secrets_gluetun.env'