# # ============================================================================= # GENERAL CONFIGURATION # ============================================================================= # APP_NAME = name of application for use in scripts # COMPOSE_FILE = default for no app_name in docker-compose file name, app if there is # BACKUP = if true, include this application in backup operations # HEALTHCHECK = if true, default docker health checks for that container will be enabled # AUTHELIA = if true, use Authelia authentication, if false turned off. # HEADSCALE = options : false, local, remote (see general config). e.g false or local,remote # MONITORING = if true, export this app's metrics to Prometheus + Grafana (needs both apps installed) # CFG_GLUETUN_APP_NAME=gluetun CFG_GLUETUN_BACKUP=true CFG_GLUETUN_COMPOSE_FILE=default CFG_GLUETUN_HEALTHCHECK=true CFG_GLUETUN_AUTHELIA=false CFG_GLUETUN_HEADSCALE=false CFG_GLUETUN_MONITORING=false # # ============================================================================= # APPLICATION CONFIGURATION # ============================================================================= # VPN_SERVICE_PROVIDER = VPN provider name (mullvad, nordvpn, protonvpn, surfshark, expressvpn, etc.) # VPN_TYPE = wireguard or openvpn # VPN_COUNTRIES = comma-separated country list (e.g. "Switzerland,Sweden") or empty for any # OPENVPN_USER = OpenVPN account username (only when VPN_TYPE=openvpn) # OPENVPN_PASSWORD = OpenVPN account password (only when VPN_TYPE=openvpn) # WIREGUARD_PRIVATE_KEY = WireGuard private key (only when VPN_TYPE=wireguard) # WIREGUARD_ADDRESSES = WireGuard interface address (e.g. "10.64.0.2/32") # CONTROL_SERVER_API_KEY = API key for the gluetun HTTP control server, blank to disable auth # CFG_GLUETUN_VPN_SERVICE_PROVIDER=mullvad CFG_GLUETUN_VPN_TYPE=wireguard CFG_GLUETUN_VPN_COUNTRIES= CFG_GLUETUN_OPENVPN_USER= CFG_GLUETUN_OPENVPN_PASSWORD= CFG_GLUETUN_WIREGUARD_PRIVATE_KEY= CFG_GLUETUN_WIREGUARD_ADDRESSES= CFG_GLUETUN_CONTROL_SERVER_API_KEY=RANDOMIZEDPASSWORD1 # HEALTH_TARGETS = comma-separated host:port list pinged over HTTPS to # confirm the VPN tunnel is healthy. Defaults are privacy-respecting # (Mullvad — your VPN provider; EFF — privacy non-profit). Override # with your own targets if you want to check different sites. # HEALTH_ICMP_IPS = comma-separated IPv4 list pinged over ICMP for the # small recurring health check. Default Quad9 (Swiss non-profit DNS, # no logging). # CFG_GLUETUN_HEALTH_TARGETS="mullvad.net:443,eff.org:443" CFG_GLUETUN_HEALTH_ICMP_IPS="9.9.9.9" # # ============================================================================= # METADATA # ============================================================================= # CATEGORY = application category for grouping # TITLE = display name for the application # DESCRIPTION = short description of the application # LONG_DESCRIPTION = detailed description of the application # URL = source repository or documentation URL # ACTIONS = available actions for this application # CFG_GLUETUN_CATEGORY="networking,recommended" CFG_GLUETUN_TITLE="Gluetun" CFG_GLUETUN_DESCRIPTION="VPN Container Router" CFG_GLUETUN_LONG_DESCRIPTION="Run all of your containers through a VPN provider. Supports 30+ providers over WireGuard and OpenVPN with a built-in kill-switch, DNS-over-TLS, port forwarding, and an HTTP control server." CFG_GLUETUN_URL="https://github.com/qdm12/gluetun" CFG_GLUETUN_ACTIONS="configure|install|restart|shutdown|uninstall" # # ============================================================================= # NETWORK CONFIGURATION # ============================================================================= # DOMAIN = number of domain from the general config, useful when using multiple domains # HOST_NAME = subdomain name e.g test is the name for test.website.com # WHITELIST = if true only allow whitelisted ips on traefik, if false allow all # CFG_GLUETUN_DOMAIN=1 CFG_GLUETUN_WHITELIST=false CFG_GLUETUN_HOST_NAME=gluetun CFG_GLUETUN_NETWORK=default # # ============================================================================= # PORT CONFIGURATION # ============================================================================= # PORT_ = port configuration: app|name|external:internal|access|protocol|login|traefik|webui|description # - app: application name # - name: service identifier (webui, api, ssh, etc.) # - external:internal: port mapping (external can be 'random' for auto-allocation) # - access: 'public' (internet accessible), 'private' (local network only), 'disabled' (not running) # - protocol: 'tcp' or 'udp' # - login: if true, this port requires basic-auth via Traefik (only meaningful when traefik=true) # - traefik: if true, Traefik handles this port (reverse proxy) # - webui: if true, this port serves the main web interface # - description: human-readable description of the service # CFG_GLUETUN_PORT_1="gluetun-service|control|random:8000|private|tcp|false|false|false|HTTP Server|" CFG_GLUETUN_PORT_2="gluetun-exporter|metrics|8090:8090|disabled|tcp|false|false|false|Metrics Exporter (sidecar, docker-network only)|"