LibrePortal/containers/gluetun/gluetun.config
librelad 875a60f90f LibrePortal v0.1.0 — initial release
A free, open, self-hosted app platform (GNU AGPLv3): one-click app deploys,
Traefik reverse proxy with automatic SSL, rootless Docker support, gluetun
VPN routing, and a web dashboard to manage it all.

Free & open forever to self-host; optional paid hosted services fund it.
See PROMISE.md.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-21 20:37:54 +01:00

97 lines
5.0 KiB
Plaintext

#
# =============================================================================
# GENERAL CONFIGURATION
# =============================================================================
# APP_NAME = name of application for use in scripts
# COMPOSE_FILE = default for no app_name in docker-compose file name, app if there is
# BACKUP = if true, include this application in backup operations
# HEALTHCHECK = if true, default docker health checks for that container will be enabled
# AUTHELIA = if true, use Authelia authentication, if false turned off.
# HEADSCALE = options : false, local, remote (see general config). e.g false or local,remote
# MONITORING = if true, export this app's metrics to Prometheus + Grafana (needs both apps installed)
#
CFG_GLUETUN_APP_NAME=gluetun
CFG_GLUETUN_BACKUP=true
CFG_GLUETUN_COMPOSE_FILE=default
CFG_GLUETUN_HEALTHCHECK=true
CFG_GLUETUN_AUTHELIA=false
CFG_GLUETUN_HEADSCALE=false
CFG_GLUETUN_MONITORING=false
#
# =============================================================================
# APPLICATION CONFIGURATION
# =============================================================================
# VPN_SERVICE_PROVIDER = VPN provider name (mullvad, nordvpn, protonvpn, surfshark, expressvpn, etc.)
# VPN_TYPE = wireguard or openvpn
# VPN_COUNTRIES = comma-separated country list (e.g. "Switzerland,Sweden") or empty for any
# OPENVPN_USER = OpenVPN account username (only when VPN_TYPE=openvpn)
# OPENVPN_PASSWORD = OpenVPN account password (only when VPN_TYPE=openvpn)
# WIREGUARD_PRIVATE_KEY = WireGuard private key (only when VPN_TYPE=wireguard)
# WIREGUARD_ADDRESSES = WireGuard interface address (e.g. "10.64.0.2/32")
# CONTROL_SERVER_API_KEY = API key for the gluetun HTTP control server, blank to disable auth
#
CFG_GLUETUN_VPN_SERVICE_PROVIDER=mullvad
CFG_GLUETUN_VPN_TYPE=wireguard
CFG_GLUETUN_VPN_COUNTRIES=
CFG_GLUETUN_OPENVPN_USER=
CFG_GLUETUN_OPENVPN_PASSWORD=
CFG_GLUETUN_WIREGUARD_PRIVATE_KEY=
CFG_GLUETUN_WIREGUARD_ADDRESSES=
CFG_GLUETUN_CONTROL_SERVER_API_KEY=RANDOMIZEDPASSWORD1
# HEALTH_TARGETS = comma-separated host:port list pinged over HTTPS to
# confirm the VPN tunnel is healthy. Defaults are privacy-respecting
# (Mullvad — your VPN provider; EFF — privacy non-profit). Override
# with your own targets if you want to check different sites.
# HEALTH_ICMP_IPS = comma-separated IPv4 list pinged over ICMP for the
# small recurring health check. Default Quad9 (Swiss non-profit DNS,
# no logging).
#
CFG_GLUETUN_HEALTH_TARGETS="mullvad.net:443,eff.org:443"
CFG_GLUETUN_HEALTH_ICMP_IPS="9.9.9.9"
#
# =============================================================================
# METADATA
# =============================================================================
# CATEGORY = application category for grouping
# TITLE = display name for the application
# DESCRIPTION = short description of the application
# LONG_DESCRIPTION = detailed description of the application
# URL = source repository or documentation URL
# ACTIONS = available actions for this application
#
CFG_GLUETUN_CATEGORY="networking,recommended"
CFG_GLUETUN_TITLE="Gluetun"
CFG_GLUETUN_DESCRIPTION="VPN Container Router"
CFG_GLUETUN_LONG_DESCRIPTION="Run all of your containers through a VPN provider. Supports 30+ providers over WireGuard and OpenVPN with a built-in kill-switch, DNS-over-TLS, port forwarding, and an HTTP control server."
CFG_GLUETUN_URL="https://github.com/qdm12/gluetun"
CFG_GLUETUN_ACTIONS="configure|install|restart|shutdown|uninstall"
#
# =============================================================================
# NETWORK CONFIGURATION
# =============================================================================
# DOMAIN = number of domain from the general config, useful when using multiple domains
# HOST_NAME = subdomain name e.g test is the name for test.website.com
# WHITELIST = if true only allow whitelisted ips on traefik, if false allow all
#
CFG_GLUETUN_DOMAIN=1
CFG_GLUETUN_WHITELIST=false
CFG_GLUETUN_HOST_NAME=gluetun
CFG_GLUETUN_NETWORK=default
#
# =============================================================================
# PORT CONFIGURATION
# =============================================================================
# PORT_ = port configuration: app|name|external:internal|access|protocol|login|traefik|webui|description
# - app: application name
# - name: service identifier (webui, api, ssh, etc.)
# - external:internal: port mapping (external can be 'random' for auto-allocation)
# - access: 'public' (internet accessible), 'private' (local network only), 'disabled' (not running)
# - protocol: 'tcp' or 'udp'
# - login: if true, this port requires basic-auth via Traefik (only meaningful when traefik=true)
# - traefik: if true, Traefik handles this port (reverse proxy)
# - webui: if true, this port serves the main web interface
# - description: human-readable description of the service
#
CFG_GLUETUN_PORT_1="gluetun-service|control|random:8000|private|tcp|false|false|false|HTTP Server|"
CFG_GLUETUN_PORT_2="gluetun-exporter|metrics|8090:8090|disabled|tcp|false|false|false|Metrics Exporter (sidecar, docker-network only)|"