wompmacho/docs-public
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4379fb2d9aa54c4a80efe037ad415d0fcbfe9ad7
docs-public/projects/gluetun/index.md
wompmacho 7ca240981b
All checks were successful
deploy-docs / build-and-deploy (push) Successful in 1m49s
Details
adding projects for gluetun, lidar notes, navidrome, nicotine and qtorrent changes, also updating the homelab infra doc
2026-04-28 00:47:59 +00:00

61 lines
2.4 KiB
Markdown
Raw Blame History

---
title: Gluetun
description: VPN client in a Docker container
showHero: false
author: wompmacho
date: '2026-04-27'
lastmod: '2026-04-27'
tags: ['vpn', 'gluetun', 'networking', 'self-hosted']
---
## What is Gluetun?
`Gluetun` is a lightweight Swiss-army-knife Docker container to connect to VPN servers. I use it as a central VPN gateway for other containers like qBittorrent and Nicotine. By routing other containers through Gluetun, they share its VPN connection and benefit from its killswitch, ensuring no traffic leaks if the VPN drops.
## Docker Compose Example
```yaml
{{% include "/srv/configs/docker_compose/gluetun/docker-compose.yaml" %}}
```
## Utilizing Ports in Docker Compose
When using Gluetun as a network stack for other containers (via `network_mode: "container:gluetun"`), all port mappings must be defined in the **Gluetun service itself**, not in the service being routed.
### Why define ports in Gluetun?
Containers sharing Gluetun's network namespace effectively share its "localhost." Since the routed container has no network stack of its own, Docker cannot map ports directly to it. Gluetun must listen on those ports and pass the traffic through to the shared network namespace.
### How to add a new port:
1. **Define the mapping in Gluetun**: Add the desired port to the `ports` section of the `gluetun` service.
```yaml
services:
gluetun:
ports:
- '8080:8080' # Example: Web UI for a routed app
```
2. **Use Variables**: It is recommended to use variables in a `.env` file for cleaner management, as seen in my setup:
```yaml
ports:
- '${TORRENT_WEBUI_PORT}'
```
3. **No ports in routed containers**: Ensure the container using `network_mode: "container:gluetun"` does **not** have a `ports` section, as it will cause an error or be ignored.
### Local Network Access (Firewall)
By default, Gluetun's killswitch might block access to the container's Web UI from your local network. To fix this, you must define your local subnet in the environment:
```yaml
environment:
- FIREWALL_OUTBOUND_SUBNETS=10.0.0.0/24 # Adjust to match your LAN
```
This allows traffic from your local network to bypass the VPN tunnel, enabling you to access Web interfaces (like qBittorrent) while the VPN is active.
## Routing other containers
To route a container through Gluetun, add the following to its `docker-compose.yaml`:
```yaml
services:
my-app:
network_mode: "container:gluetun"
```
Reference in New Issue View Git Blame Copy Permalink