What is Gluetun?
Gluetun is a lightweight and secure VPN client that runs inside a Docker container, supporting multiple VPN providers including TorGuard. It's designed to be easy to use and configure, offering robust privacy features without the overhead of traditional VPN setups.
Gluetun can route other Docker containers' internet traffic through the VPN tunnel, encrypting your data and masking your IP address, ensuring your online activities remain private and secure.
Why Use Gluetun and WireGuard in Docker?
🔒 Enhanced Security
Running your VPN in a Docker container isolates the VPN client from your host system, adding an extra layer of security and reducing the risk of leaks.
📦 Simplicity & Portability
Docker containers are portable and easy to deploy. Quickly set up and tear down your VPN environment, ideal for testing and development.
🔄 Automated & Consistent
Docker ensures your VPN setup is consistent across different environments with automated deployment of your VPN configuration.
⚡ High Performance
WireGuard is known for its high performance and low overhead, making it perfect for a containerized VPN solution.
Prerequisites
- ✓ Active TorGuard VPN subscription with WireGuard access
- ✓ Docker installed on your system (Ubuntu, Windows, or macOS)
- ✓ Basic knowledge of Docker and command line
Step 1: Install Docker
We're using Ubuntu Desktop in this tutorial, but Windows users can install Docker Desktop and run the same commands in PowerShell.
For Ubuntu/Linux Users:
Open a terminal and run the following commands to use the Docker install script:
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.shNext, install Docker Compose:
sudo apt install docker-composeFor Windows Users:
Download and install Docker Desktop from the official website. Once installed, you can use PowerShell to run the same commands.
Step 2: Add Your WireGuard Configuration
First, create a directory for your Docker Compose and WireGuard config files:
mkdir gluetun
cd gluetunImportant: Head over to the TorGuard members area and use the WireGuard config generator to download the latest WireGuard config file for the server you wish to connect to.
In the gluetun folder, create a new file called wg0.conf:
nano wg0.confPaste the entire contents of the TorGuard config file you generated, then save the file.
Step 3: Create Your Docker Compose File
Create a new file called docker-compose.yml:
nano docker-compose.ymlBasic Configuration (Gluetun + qBittorrent):
Paste the following contents into the file:
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard
ports:
- "8080:8080/tcp" # Qbittorrent Web UI
volumes:
- /etc/localtime:/etc/localtime:ro
- ./wg0.conf:/gluetun/wireguard/wg0.conf
restart: unless-stopped
qbittorrent:
image: linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- WEBUI_PORT=8080
- TORRENTING_PORT=6881
volumes:
- ./config:/config
- ./downloads:/downloads
network_mode: "service:gluetun"
depends_on:
- gluetun
restart: unless-stoppedAdvanced Configuration (Multiple Containers):
You can add additional containers to the configuration. For example, adding Webtop alongside qBittorrent:
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard
ports:
- "8080:8080/tcp" # Qbittorrent Web UI
- "3000:3000/tcp" # Webtop
- "3001:3001/tcp" # Webtop
volumes:
- /etc/localtime:/etc/localtime:ro
- ./wg0.conf:/gluetun/wireguard/wg0.conf
restart: unless-stopped
qbittorrent:
image: linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- WEBUI_PORT=8080
volumes:
- ./config:/config
- ./downloads:/downloads
network_mode: "service:gluetun"
depends_on:
- gluetun
restart: unless-stopped
webtop:
image: lscr.io/linuxserver/webtop:latest
container_name: webtop
security_opt:
- seccomp:unconfined # optional
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- SUBFOLDER=/ # optional
- TITLE=Webtop # optional
volumes:
- /path/to/data:/config
- /var/run/docker.sock:/var/run/docker.sock # optional
network_mode: "service:gluetun"
devices:
- /dev/dri:/dev/dri # optional
shm_size: "1gb" # optional
depends_on:
- gluetun
restart: unless-stopped
Note: The network_mode: "service:gluetun" directive ensures that all traffic from the containers is routed through the Gluetun VPN tunnel.
Step 4: Start Your Containers
To start your containers, run:
docker-compose up -dThis will download and run your Gluetun and qBittorrent Docker containers. Once complete, verify that the VPN is running correctly:
docker logs gluetunTo obtain your temporary qBittorrent password, run:
docker logs qbittorrent
Success! You can now open qBittorrent in a web browser at http://localhost:8080/ and use TorGuard's torrent IP check tool to verify the container's IP address is the VPN.
Troubleshooting Tips
Container won't start?
Check your WireGuard config file is correctly formatted and in the right location. Run docker logs gluetun for detailed error messages.
Can't access web interfaces?
Ensure the ports are correctly mapped in the Gluetun service section of your docker-compose.yml file.
VPN not connecting?
Verify your WireGuard credentials are correct and that you've generated a fresh config from the TorGuard members area.
Conclusion
Containerizing your WireGuard connection with Gluetun and Docker opens up a wide range of possibilities for isolating containers behind a VPN connection or self-hosting containerized applications in Docker using a dedicated WireGuard server. This setup ensures enhanced security, simplicity, and performance, making it an ideal choice for those looking to protect their online activities in a containerized environment.