A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
It's not a "normal" vpn client. It allows you to create a network in your server using a variety of vpn providers so other containers can use it to connect to the internet. You use tailscale to connect to your server from outside home, but you use gluetun for your containers to connect to the outside world without exposing your real IP.
So yes, tailscale and gluetun are compatible and can live together (I use both on my homeserver)
What's gluetun? Seems like it's a VPN client? What's special about it?
Gluetun can connect to multitude of VPNs, but most importantly it can be used to force other containers to use only the gluetun network, meaning if you disconnect from VPN for whatever reason, the other containers don't suddenly send data over non-VPN network.
So if you're torrenting and use gluetun to provide internet to the qBittorrent container, you won't accidentally reveal your real IP if your provider's server goes down for a few seconds.
How do you use it in your setup?
Configure it to connect to my VPN, create a file with the public port it uses, configure qBittorrent to only use gluetun for network and some script which reads the file with public port and changes it in qBittorrent.
Do I need to know about this if I use Tailscale on the host for connecting to my VPN?
Depends. I like having everything container related in the containers. Sometimes I need to do something without VPN, this would limit me. Also, if you don't configure disconnect on VPN connection loss in a different way (interface binding), you risk revealing your IP.
Would gluetun allow me to use an additional VPN provider for certain apps without messing with the host Tailscale?
Yes. Though you would be double VPNed: App -> gluetun -> host VPN -> target server. That would probably add some latency.
I'd seen gluetun mentioned but didn't know what it was for until a moment ago.
I've heard of tailscale and at least know what that does but never used it.
I personally have a mullvad subscription. I have a container connected to that with wireguard, and then for services I want to use that VPN I just configure them to use the network stack from that container.
I'm not suggesting that my way is the best but it's worked well for several years now.
That is essentially what gluetun does. It is a little simpler to set up given that it is all preinstalled and you just select your provider and details and it is done. And again, you just specify the network for other containers to use the gluetun service and it is done. Very simple, easy for using many services through one VPN connection, and available on things like CasaOS with simple setup.
I just configure them to use the network stack from that container.
Can you explain how you do this (or link to a guide that you found useful)? Thanks
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent
container_name: qbittorrent
environment:
- PUID=888
- PGID=888
- TZ=Australia/Perth
- WEBUI_PORT=8080
volumes:
- ./config:/config
- /srv/downloads:/downloads
restart: unless-stopped
network_mode: "container:wg_out"
this is my compose.yml for a qbittorrent instance.
the part you're interested in is the final line. There's another container with the wireguard instance called "wg_out". This network mode attaches this qbittorrent container to that wireguard container's network stack.
Ah, docker compose makes it easy! Thanks.
How do you use it in you setup?
Others explained what it is. To implement it, I basically followed this guide: https://drfrankenstein.co.uk/qbittorrent-with-gluetun-vpn-in-container-manager-on-a-synology-nas/
It’s like a vpn app but for containers instead. I personally use it for invidious-companion which I route to Albania so google doesn’t block it.
I also use Albania for my VPN, only because it's the first country in the server list
I have a torrent client in a docker container thats hooked up to it. Makes it so its not possible for your real IP to leak. If the VPN disconnects the torrent container loses internet.
It works with containers so I can create a setup where requests sent from the container goes through the VPN. I use it for my Redlib setup to bypass rate limiting by rotating its IP regularly. Unless you have your host to route all traffic through a certain node, it should work independently from Tailscale.