search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.04k stars 371 forks source link

Bug: Dockerswarm does not support network_node:service #2107

Open Apadgett879 opened 9 months ago

Apadgett879 commented 9 months ago

Is this urgent?

Yes

Host OS

Linuyx Mint

CPU arch

x86_64

VPN service provider

Private Internet Access

What are you using to run the container

docker-compose

What is the version of Gluetun

Running latest docker image as of 02/10/2024

What's the problem 🤔

Docker swarm does not appear to support naming containers, or much more importantly Network_Mode

Share your logs (at least 10 lines)

Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:29Z INFO [openvpn] UID set to nonrootuser
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:29Z INFO [openvpn] Initialization Sequence Completed
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:29Z INFO [dns] downloading DNS over TLS cryptographic files
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:30Z INFO [dns] downloading hostnames and IP block lists
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:30Z INFO [healthcheck] healthy!
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:33Z INFO [dns] init module 0: validator
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:33Z INFO [dns] init module 1: iterator
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:33Z INFO [dns] start of service (unbound 1.17.1).
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:33Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:34Z INFO [dns] ready
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:34Z INFO [ip getter] Public IP address is 66.115.145.218 (Canada, Ontario, Toronto)
Arr-Setup_gluetun.1.pnyj04gej6mv@Vivian    | 2024-02-11T02:10:34Z INFO [vpn] You are running on the bleeding edge of latest!

Share your configuration

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8080:8080 # Sabnzbget
      - 8989:8989 # sonarr
      - 9696:9696 # prowlarr
      - 7878:7878 # radarr
      - 9091:9091   #Transmission
      - 51413:51413  #Transmission
      - 51413:51413/udp  #Transmission
    volumes:
      - /yourpath:/gluetun
    environment:
      # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
      - VPN_SERVICE_PROVIDER="private internet access"
      - VPN_TYPE=openvpn
      # OpenVPN:
      - OPENVPN_USER=REDACTED
      - OPENVPN_PASSWORD=REDACTED
      # Wireguard:
      # - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU=
      # - WIREGUARD_ADDRESSES=10.64.222.21/32
      # Timezone for accurate log times
      - TZ=
      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=
      - SERVER_REGIONS=CA Ontario

  sabnzbd:
    image: lscr.io/linuxserver/sabnzbd:latest
    container_name: sabnzbd
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /path/to/sabnzbd/config:/config
      - REDACTED:/mnt/Media #optional    
    network_mode: "service:Arr-Setup_gluetun"
    restart: unless-stopped

  transmission:
    image: lscr.io/linuxserver/transmission:latest
    container_name: transmission
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - TRANSMISSION_WEB_HOME= #optional
      - USER= #optional
      - PASS= #optional
      - WHITELIST= #optional
      - PEERPORT= #optional
      - HOST_WHITELIST= #optional
    volumes:
      - /path/to/data:/config
      - REDACTED:/mnt/Media
    network_mode: "service:Arr-Setup_gluetun"
    restart: unless-stopped

  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    container_name: prowlarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - REDACTED/prowlarr/config:/config
    network_mode: "service:Arr-Setup_gluetun"
    restart: unless-stopped

  sonarr:
    image: lscr.io/linuxserver/sonarr:latest
    container_name: sonarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /REDACTED/sonarr/config:/config
      - /REDACTED:/mnt/Media #optional
    network_mode: "service:Arr-Setup_gluetun"
    restart: unless-stopped

  radarr:
    image: lscr.io/linuxserver/radarr:latest
    container_name: radarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /REDACTED/radarr/config:/config
      - /REDACTED:/mnt/Media #optional
    network_mode: "service:Arr-Setup_gluetun"
    restart: unless-stopped
Apadgett879 commented 9 months ago

I have run this via portainer and it works with no issues once removed from a swarm setup

crchauffe commented 8 months ago

I'm trying to do something pretty similar. This would be my ideal docker-compose file:

version: '3.8'
services:
  gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    secrets:
      - openvpn_user
      - openvpn_password
    environment:
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_PORT_FORWARDING=on
      - SERVER_COUNTRIES=United States

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    network_mode: "service:gluetun"
    environment:
      - WEBUI_PORT=9001
      - TORRENTING_PORT=6881
    volumes:
      - ./container_configs/qbittorrent/config:/config
      - ./container_state/qbittorrent/downloads:/downloads
    ports:
      - 9001:9001
      - 6881:6881
      - 6881:6881/udp

secrets:
  openvpn_user:
    external: true
  openvpn_password:
    external: true

Some of the things I have been reading are saying that due to the nature of Docker Swarm nodes, the various nodes could potentially be running on separate machines on the network. You could potentially have a node running the gluetun service on one node and whichever service you want to use the VPN on a different node. I haven't played around with running multiple nodes in a Docker Swarm just yet. Mainly due to another lesson learned that the initial manager node should be running on a device that's running a plain Docker Engine and not Docker Desktop. I only have Windows machines and Docker Engine must be run on Linux machines... but I digress.

The main reason Docker Swarm was looking good to me was for the secret management. Gluetun supports how Docker Swarm does secret management by allowing you to not specify your secret in the environment variable and instead reading the secret from secret files under /run/secrets/ which are added by Docker Swarm upon service start up... bit I digress again.

All of that to say this might not be the fault of gluetun. Docker Swarm might not be mature enough yet to support what we're wanting. I might have to fallback on some bad secret management practices and use the plain Docker Compose functionality instead until Docker Swarm adds support for network: "service:<service_name>".

Here is another thread I found that is related: https://forums.docker.com/t/routing-network-traffic-from-one-service-to-another/117816/10

lhns commented 2 weeks ago

I've managed to get gluetun working pretty well on docker swarm by using swarm launcher mentioned in this comment and something i have developed for the last few days. It doesn't require a special network_mode so it works pretty well with traefik or exposed ports.