explaingit

qdm12/gluetun

14,208GoAudience · ops devopsComplexity · 3/5Setup · moderate

TLDR

Gluetun is a tiny Docker container that connects to any of 20+ VPN providers and acts as a shared network gateway so other containers route all their traffic through the VPN automatically.

Mindmap

mindmap
  root((gluetun))
    What it does
      VPN gateway container
      Network kill switch
      DNS over TLS
    VPN support
      20+ providers
      OpenVPN and WireGuard
    Extra features
      Ad and malware blocklist
      HTTP proxy
      Shadowsocks proxy
    Deployment
      Docker and Docker Compose
      Kubernetes sidecar
      Raspberry Pi ARM
    Audience
      Home server users
      Privacy-focused developers
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Route all traffic from a torrent client container through a VPN without configuring each container separately

USE CASE 2

Block ads, malware, and tracking domains across your home server using the built-in auto-updating blocklist

USE CASE 3

Provide an HTTP or Shadowsocks proxy to devices that cannot run a VPN client directly

USE CASE 4

Run on a Raspberry Pi or other ARM device as a VPN and encrypted DNS gateway for a home network

Tech stack

GoDockerAlpine LinuxOpenVPNWireGuard

Getting it running

Difficulty · moderate Time to first run · 30min

Requires a paid subscription to one of the 20+ supported VPN providers and your provider's credentials passed as environment variables.

In plain English

Gluetun is a VPN client packaged as a small Docker container. You give it your VPN provider credentials, and it connects to that VPN and routes internet traffic through it. The main use case in self-hosted setups is running Gluetun as a shared network gateway so that other containers (a torrent client, for example) can have all their traffic go through the VPN without each one needing its own VPN setup. The container supports more than twenty VPN providers, including NordVPN, Mullvad, ProtonVPN, Private Internet Access, ExpressVPN, Surfshark, and others. Both OpenVPN and WireGuard connection protocols are supported. A built-in kill switch blocks all internet traffic if the VPN connection drops, preventing any accidental exposure of unencrypted traffic. The container image is 43 megabytes and is built on Alpine Linux. Beyond the VPN tunnel itself, Gluetun includes DNS over TLS, which encrypts DNS lookups so your internet provider cannot see which domain names you are resolving. It also includes a built-in blocklist for ads, malicious sites, and tracking domains, which updates automatically every 24 hours. Two proxy servers are built in as well: a standard HTTP proxy and a Shadowsocks proxy, which can be used to route traffic from devices or applications that cannot themselves run a VPN. The container runs on x86 machines, 32-bit and 64-bit ARM boards such as the Raspberry Pi, and other architectures. It can also run as a sidecar container in Kubernetes clusters. Configuration is done through environment variables passed into the container. Setup documentation lives on a separate wiki repository, and each supported VPN provider has its own setup page there with example configuration files.

Copy-paste prompts

Prompt 1
Write me a docker-compose.yml that runs Gluetun connected to NordVPN using WireGuard and routes a qBittorrent container through it.
Prompt 2
My Gluetun container connects to ProtonVPN but other containers using its network can't reach the internet. What environment variables should I check first?
Prompt 3
Show me the Kubernetes sidecar configuration to run Gluetun alongside my main app container so only that pod's traffic goes through the VPN.
Prompt 4
How do I configure Gluetun's built-in DNS-over-TLS and enable the ad-blocking list for a Mullvad VPN connection?
Prompt 5
What environment variables does Gluetun need for ExpressVPN with OpenVPN protocol, and how do I pass them in docker-compose?
Open on GitHub → Explain another repo

← qdm12 on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.