Using a VPN container and then routing other containers through it

jgeorge1983 · March 11, 2025, 1:46pm

Wonder if someone can help me with this. I think I am set, but just want to check in case something isnt right.

I have my VPN set up through a container:

services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: vpn-unlimited
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=vpn unlimited
      - OPENVPN_USER=PASSWORD
      - OPENVPN_PASSWORD=USERNAME
      - SERVER_COUNTRIES=France
    volumes:
      - ./gluetun:/gluetun
    ports:
      - 9696:9696
      - 9091:9091
      - 51413:51413
      - 51413:51413/udp

The top port is prowlarr, the bottom 3 are transmission:

Prowlarr

services:
  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    container_name: prowlarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    network_mode: container:vpn-unlimited
    volumes:
      - /home/pi/docker/prowlarr/data:/config
    restart: unless-stopped

Transmission

services:
  transmission:
    image: lscr.io/linuxserver/transmission:latest
    container_name: transmission
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - USER=USERNAME
      - PASS=PASSWORD
    network_mode: container:vpn-unlimited
    volumes:
      - /home/pi/docker/transmission/data:/config
      - /home/pi/nas/Downloads to move:/downloads
    restart: unless-stopped

This seems to work, I can browse to the GUI for Prowlarr and Transmission, and indexers all have green ticks.

Just want a sanity check really, as i have cobbled this together from various resources using this as my base point https://github.com/qdm12/gluetun

Thanks in advance

ST_Lawson · March 11, 2025, 1:46pm

Looks decent. Something I’ve added to mine is a require:vpn-container (can’t remember the exact syntax offhand) added to the non-vpn containers. It ensures that they won’t start up unless the vpn container is successfully running. Helps prevent leaks.

Edit: looks like it’s depends_on

J4N4ND · March 11, 2025, 1:46pm

You can also check the external IP of your container with something like this:

docker exec -it transmission curl https://ipv4.ipleak.net/json/

atlchris · March 11, 2025, 1:46pm

Looks good to me. If you want to check your IP from a torrent perspective, check out TorGuard. It is a magnet torrent that shows your IP. Leave it running all the time to constantly have an eye on your IP.

https://torguard.net/checkmytorrentipaddress.php

sshwifty · March 11, 2025, 1:46pm

Run a browser with novnc or guacamole behind the VPN with the same settings and check your IP that way. Also works as a VPN always on browser if you want to log into services and keep a session active.

Something like https://hub.docker.com/r/jlesage/firefox

JrdnRgrs · March 11, 2025, 1:46pm

Looks good to me. Is there anything you were worried about?

Makese-sama · March 11, 2025, 1:46pm

You can always just do

docker exec -it prowlarr curl ifconfig.io

jgeorge1983 · March 11, 2025, 1:46pm

thanks, i did a “depends_on” hook and it didnt work, but maybe I did it wrong, i’ll have another play with that one. thanks!!

jgeorge1983 · March 11, 2025, 1:46pm

Yes that works like a charm, thanks

jgeorge1983 · March 11, 2025, 1:46pm

Great, I was thinking something like that would be a good way to check. I’ll look into it tomorrow when I’m back on the computer. So do you connect to this browser through your current browser? Sounds like a browser within a browser to break the internet!

jgeorge1983 · March 11, 2025, 1:46pm

Nope, just when you cobble pieces from here and there it’s easy to worry. Thanks for the reassurance and happy cake day!!

jgeorge1983 · March 11, 2025, 1:46pm

so I added the depends_on:

services:

prowlarr:

image: lscr.io/linuxserver/prowlarr:latest

container_name: prowlarr

environment:

- PUID=1000

- PGID=1000

- TZ=Europe/London

network_mode: container:vpn-unlimited

depends_on:

- vpn-unlimited

volumes:

- /home/pi/docker/prowlarr/data:/config

restart: unless-stopped

and get the error:

ERROR: Service ‘prowlarr’ depends on service ‘vpn-unlimited’ which is undefined.

I havent touched the vpn-unlimited compose file from the OG post

SP3NGL3R · March 11, 2025, 1:46pm

If your VPN gives you a static LAN IP (another reason why I love WireGuard VPNs) you can even bind transmission to that IP so it doesn’t work unless it’s active.

sshwifty · March 11, 2025, 1:46pm

Yep! You go to the address:port and there is a “desktop” with just the browser. The best part, imo, is that it stays running so you can keep tabs open forever, accessible from other devices.

JrdnRgrs · March 11, 2025, 1:46pm

If you use something like portainer you can make the management of these stacks a bit easier if you’d like, just a recommendation

J4N4ND · March 11, 2025, 1:46pm

You will need to put all services in one docker-compose file.

bradsour · March 11, 2025, 1:46pm

Can’t remember for sure, but don’t you use the service name in the depends on?

jgeorge1983 · March 11, 2025, 1:46pm

done, and its behind the firewall, perfect. thanks buddy!!

jgeorge1983 · March 11, 2025, 1:46pm

I do have portainer running in a container. But I only use it for a bit of monitoring and restarts. I really need to get into some tutorials on it.

jgeorge1983 · March 11, 2025, 1:46pm

Got it, sorted and working. Thanks