https://github.com/qdm12/gluetun-wiki https://www.youtube.com/watch?v=0F6I03LQcI4 # all services in this project will make use of the gluetun VPN # project name: gluetun-bw Create user and group --------------------- Credentials -> Local Users -> Add Full Name: gluetun Username: gluetun Disable Password: Email: UID: 3029 Create New Primary Group: Create Home Directory: Samba Authentication: Save Check Credentials -> Local Groups for GID Name: gluetun GID: 3028 gluetun UID: 3029 gluetun GID: 3028 Create datasets --------------- # In Truenas shell: # list datasets zfs list | grep -i "docker.*gluetun-bw" # create following datasets if not present zfs create SSD1/docker/data/gluetun-bw zfs create SSD1/docker/data/gluetun-bw/appdata chown -R gluetun:gluetun /mnt/SSD1/docker/data/gluetun-bw Create folder ------------- # In Truenas shell: mkdir -p /mnt/SSD1/docker/stacks/gluetun-bw/secrets Copy folder to docker stacks ---------------------------- # In Windows cmd shell in gluetun-bw folder, enter: ./cp2nas # or pscp -P 22 -r stacks/*.* root@192.168.2.2:/mnt/SSD1/docker/stacks/gluetun-bw/ # This should copy gluetun-bw stacks folder to /mnt/SSD1/docker/stacks/gluetun-bw Creating secrets ---------------- In Truenas shell: cd /mnt/SSD1/docker/stacks/gluetun-bw/secrets echo -n 'nordvpn private key' > wireguard_private_key cd /mnt/SSD1/docker/stacks/gluetun-bw chown -R gluetun:gluetun secrets/ chmod -R 400 secrets/ Creating user password hash strings for user authorisation using traefik basic-auth ----------------------------------------------------------------------------------- # If not installed, install htpasswd: jlmkr shell docker apt update & apt install apache2-utils # The user credentials can be applied as a label entry in the compose.yml file or as a line entry in a text file # When used as a label entry, all '$' needs to be escaped with a second '$'; sed can be used for this purpose: # To create user list textfile line item echo $(htpasswd -nB admin) > /opt/stacks/traefik/users/.txt # To create string to be used in compose file label echo $(htpasswd -nB admin) | sed -e s/\\$/\\$\\$/g # See traefik_jm.txt for more detailed instructions Check gluetun ip ---------------- # Exec into any of the apps' container using gluetun docker exec -it sh # Check remote ip curl ifconfig.me # or curl http://whatismyip.akamai.com Update .env and compose.yml for app ----------------------------------- # The gluetun .env file requires the following entries for each app using the gluetun VPN, e.g. for firefox: FIREFOX_APP=firefox FIREFOX_PORT=3000 # The gluetun compose.yml file requires the following label entries for each app using the gluetun VPN, e.g. for firefox: #- "traefik.http.middlewares.${FIREFOX_APP}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}" # uncomment to use common credentials #- "traefik.http.middlewares.${FIREFOX_APP}-auth.basicauth.usersfile=/mnt/users/${FIREFOX_APP}.txt" # uncomment to use credentials stored in /opt/stacks/traefik/users/.txt - "traefik.http.services.${FIREFOX_APP}-gt-svc.loadbalancer.server.port=${FIREFOX_PORT}" - "traefik.http.routers.${FIREFOX_APP}.entrypoints=web" - "traefik.http.routers.${FIREFOX_APP}.rule=Host(`${FIREFOX_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${FIREFOX_APP}-secure.entrypoints=websecure" - "traefik.http.routers.${FIREFOX_APP}-secure.rule=Host(`${FIREFOX_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${FIREFOX_APP}-secure.tls=true" - "traefik.http.routers.${FIREFOX_APP}-secure.tls.certresolver=sthomeresolver" #- "traefik.http.routers.${FIREFOX_APP}-secure.middlewares=${FIREFOX_APP}-auth" # uncomment to use basic-auth; requires one or both of above basicauth middlewares to be uncommented - "traefik.http.routers.${FIREFOX_APP}-secure.service=${FIREFOX_APP}-gt-svc" Troubleshooting --------------- If dockge / docker compose up complains about "parsing /opt/stacks/.../compose.yml: yaml: line ##: did not find expected '-' indicator", where ## is the "labels:" line number in compose.yml: - look for missing trailing '"' amongst the labels