When running applications that require VPN protection or secure network routing, Gluten Docker has become a go-to solution among self-hosters and privacy enthusiasts. Gluten is one of the most lightweight, open-source VPN client containers that runs inside Docker, allowing you to route other containers.
Using Docker Compose, setting up and managing Gluetun Docker becomes quite fast and increasingly customizable. Whether you are building an ARR stack with Docker Compose and Gluetun or simply want to hide your network traffic, Gluetun provides an easy and automated way to protect your apps.
In this guide, we will walk through what Gluetun Docker is and how they work together to set up a secure VPN proxy container.
How Gluetun Works in Docker
Gluetun acts as a secure VPN proxy layer inside Docker. It is a containerized VPN client that automatically routes the network traffic of other containers through an encrypted tunnel. This ensures that your applications run securely behind a VPN without exposing your real IP address.
At its core, Gluten connects to your VPN providers (like NordVPN, Mullvad, or ProtonVPN) using OpenVPN or WireGuard protocols. Once active, it creates a private virtual network in Docker. Other containers can then connect to the Gluetun network using –network=container:gluetun, meaning all their traffic passes through Gluetun’s VPN connection.
This setup separates traffic, provides DNS leak protection, and ensures that even if the VPN drops, network activity halts completely, keeping the system secure.
Get exclusive access to all things tech-savvy, and be the first to receive
the latest updates directly in your inbox.
Setting Up Gluetun with Docker Compose
Using Docker Compose simplifies Gluetun’s configuration and management. You can set up your VPN settings, provider, and network structure in a single YAML file and launch it with a single command:
Here’s an example docker-compose.yml setup for Gluetun Docker Compose:
version: “3.8”
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
– NET_ADMIN
ports:
– 8888:8888 # HTTP Proxy
– 8388:8388 # Shadowsocks
– 9091:9091 # Example torrent client port
volumes:
– /your/config/path:/gluetun
environment:
– VPN_SERVICE_PROVIDER=nordvpn
– VPN_TYPE=openvpn
– OPENVPN_USER=yourusername
– OPENVPN_PASSWORD=yourpassword
– SERVER_COUNTRIES=Netherlands
restart: unless-stopped
After saving this file, run:
docker compose up -d
Gluetun will automatically connect to your specified VPN provider, securing all outbound traffic.
Integrating Gluetun in an ARR Stack
The ARR Stack, consisting of Radarr, Sonarr, Lidarr, and qBittorrent is a popular choice for media automation. To enhance privacy, you can route all of these containers through Gluetun using Docker Compose.
Here’s how to integrate ARR stack Docker Compose with Gluetun:
version: “3.8”
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
– NET_ADMIN
ports:
– 6881:6881
– 6881:6881/udp
– 8080:8080
environment:
– VPN_SERVICE_PROVIDER=protonvpn
– VPN_TYPE=wireguard
– WIREGUARD_PRIVATE_KEY=your_private_key
– SERVER_COUNTRIES=Netherlands
restart: unless-stopped
qbittorrent:
image: linuxserver/qbittorrent
container_name: qbittorrent
network_mode: “container:gluetun”
environment:
– WEBUI_PORT=8080
volumes:
– /your/downloads:/downloads
– /your/config/qbittorrent:/config
restart: unless-stopped
radarr:
image: linuxserver/radarr
container_name: radarr
ports:
– 7878:7878
volumes:
– /your/movies:/movies
– /your/config/radarr:/config
environment:
– PUID=1000
– PGID=1000
restart: unless-stopped
In this setup:
- Gluetun runs as the VPN gateway.
- qBittorrent routes traffic directly through Gluetun (network_mode: container:gluetun).
- Radarr and Sonarr communicate with qBittorrent’s web UI while staying outside the VPN container.
This makes sure that the downloads are securely used while keeping the rest of the media management stack fast and responsive.
Testing and Managing Your Gluetun Container
Once the Gluetun Docker is set up and running effectively, it is essential to test and verify your VPN connection is working properly. This ensures that all outbound traffic from the connected containers remains private and secure.
- Check VPN Connection and IP
You can confirm your external IP using:
docker exec -it gluetun curl ifconfig.me
If the IP shown matches your VPN location, Gluten is working properly.
- Monitor Logs
To view detailed connection logs:
docker logs -f gluetun
This will list information like VPN provider, connection success, DNS settings, and reconnections.
- Restart and Updates
If you change the VPN credentials or update the stack:
docker compose restart gluetun
For image updates:
docker compose pull && docker compose up -d
Regularly restarting stable VPN connections and applying the latest security patches.
Docker Gluetun Security Best Practices
Using Gluetun with Docker adds a strong privacy layer, but you can further harden the setup by following all these best practices.
- Stick to reputable VPNs like Mullvad, ProtonVPN, or NordVPN for consistent uptime and verified privacy policies.
- Gluetun automatically routes the DNS through secure servers, but verify it by running:
docker exec -it gluetun dig google.com - Only containers that need VPN access should share Gluetun’s networks (network_mode: container:gluetun). Keep others on a separate bridge network.
- Gluetun has built-in fail-safe mechanisms that cut traffic if the VPN drops, preventing data leaks. Make sure you use the latest version to keep it active.
- Changing default web and proxy ports reduces the risk of accidents, mainly when you are mapping ports for torrenting or remote access.
Advanced Configuration
For users who need to completely control Gluetun Docker Compose allows you with several advanced options.
- Custom VPN Configuration
You can override default OpenVPN or WireGuard settings by mounting the config files:
volumes:
– /your/custom/config:/gluetun/openvpn
- Multiple Containers Through Gluetun
You can route multiple apps using the Gluetun Docker by attaching them to the network.
network_mode: “container:gluetun”
- DNS Customization
Set the required DNS provider:
environment:
– DOT_PROVIDERS=cloudflare
This routes DNS requests through encrypted DNS-over-TLS.
- Web UI and Health Checks
Enable Gluetun Docker’s control server for easy management and monitoring.
environment:
– HTTP_CONTROL_SERVER_ADDRESS=:8000
You can query it via REST API to verify connection health and stats.
Conclusion
Gluetun Docker is one powerful, privacy-focused solution for routing container traffic through a secure VPN connection. By integrating it with Docker Compose, you can create a flexible and automated setup that protects the data without complex manual configuration.
FAQs
Is Gluetun safe to use?
Yes. Gluetun enhances security by using OpenVPN or WireGuard protocols, regularly updated base images, and container-level isolation.
What VPN providers does Gluetun support?
Gluetun supports multiple VPN providers, including NordVPN, Mullvad, Private Internet Access (PIA), Surfshark, and ProtonVPN, among others.
How do I check if Gluetun is working?
You can verify connectivity by running curl ifconfig.io within a connected container to ensure your public IP matches your VPN provider’s location.
