admin/gluetun

Fork 0

Go to file

Quentin McGaw 07dc509e6f Updated RAM usage and CPU usage, fixed docker-compose

2018-04-13 17:51:22 -04:00

readme

Delete dockerhub.png

2018-02-21 12:04:02 -05:00

.dockerignore

Added Cloudflare 1.1.1.1 DNS over TLS

2018-04-13 15:35:31 -04:00

.travis.yml

Added docker badges

2018-04-01 13:56:20 -04:00

docker-compose.yml

Updated RAM usage and CPU usage, fixed docker-compose

2018-04-13 17:51:22 -04:00

Dockerfile

Updated RAM usage and CPU usage, fixed docker-compose

2018-04-13 17:51:22 -04:00

README.md

Updated RAM usage and CPU usage, fixed docker-compose

2018-04-13 17:51:22 -04:00

tun.sh

Initial commit

2018-02-06 21:57:41 -05:00

unbound.conf

Added Cloudflare 1.1.1.1 DNS over TLS

2018-04-13 15:35:31 -04:00

README.md

Private Internet Access Docker (OpenVPN, Alpine)

Docker VPN client to private internet access servers based on Alpine Linux using OpenVPN and Unbound to connect to Cloudflare DNS 1.1.1.1 over TLS

Download size	Image size	RAM usage	CPU usage
5.4MB	12.9MB	11.89MB	Low to Medium

It requires:

A Private Internet Access username and password - Sign up
Docker installed on the host

The PIA .ovpn configuration files are downloaded from the PIA website when the Docker image is built.

Cloudflare DNS 1.1.1.1 over TLS is used to connect to any PIA server for multiple reasons:

Man-in-the-middle (ISP, hacker, government) can't block you from resolving the PIA server domain name. For example, austria.privateinternetaccess.com maps to 185.216.34.229
Man-in-the-middle (ISP, hacker, government) can't see to which server you connect nor when. As the domain name are sent to 1.1.1.1 over TLS, there is no way to examine what domains you are asking to be resolved
Lower latency than other DNS such as Google DNS, Open DNS or your ISP DNS.

Installation & Testing

Run the tun.sh script on your host machine to ensure you have the tun device setup

wget https://raw.githubusercontent.com/qdm12/private-internet-access-docker/master/tun.sh
sudo chmod +x tun.sh
./tun.sh

Create a network to be used by this container and other containers connecting to it with:
```
docker network create pianet
```
Create a file auth.conf in /yourhostpath (for example), with:
- On the first line: your PIA username (i.e. js89ds7)
- On the second line: your PIA password (i.e. 8fd9s239G)

Using Docker only

Run the container with (change /yourhostpath to your actual path, and optionally Germany):

docker run -d --restart=always --name=pia --cap-add=NET_ADMIN \
--device=/dev/net/tun --network=pianet \
-e REGION=Germany -v /yourhostpath/auth.conf:/auth.conf:ro \
qmcgaw/private-internet-access

Wait about 5 seconds for it to connect to the PIA server. You can check with:

docker logs pia

You should now check it works following the Testing section

Using Docker Compose

Download docker-compose.yml
Edit it and change yourpath
Run the container as a daemon in the background with:
```
 docker-compose up -d
```
Wait about 5 seconds for it to connect to the PIA server. You can check with:
```
docker logs pia
```
You should now check it works following the Testing section

Testing

Check your host IP address with:
```
curl -s ifconfig.co
```
Run the curl Docker container using your pia container with:
```
docker run --rm --network=container:pia tutum/curl curl -s ifconfig.co
```
If the displayed IP address appears and is different that your host IP address, the PIA client should fully work !

Container launch parameters

You can change the REGION environment variable to one of the regions supported by private internet access
If you know what you're doing, you can change the container name (pia), the hostname (piaclient) and the network name (pianet)

Connect other containers to it

Connect other Docker containers to the PIA VPN connection by adding --network=container:pia when launching them.

Access ports of containers connected to the VPN container

You have to use another container acting as a Reverse Proxy such as Nginx.

Example:

Deluge container with name deluge connected to the pia container with --network=container:pia
Deluge's WebUI runs on port TCP 8112

Create the Nginx configuration file nginx.conf:

user  nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen 80;
        location / {
            proxy_pass http://deluge:8112/;
            proxy_set_header X-Deluge-Base "/";
        }
    }
    include /etc/nginx/conf.d/*.conf;
}

Run the Alpine Nginx container with:

docker -d --restart=always --name=proxypia -p 8000:80 \
--network=pianet --link pia:deluge \
-v /mypathto/nginx.conf:/etc/nginx/nginx.conf:ro nginx:alpine

Access the WebUI of Deluge at localhost:8000

For more containers, add more --link pia:xxx and modify nginx.conf accordingly

Description

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.

alpine cyberghost dns-over-tls docker golang http-proxy mullvad nordvpn openvpn pia privado private-internet-access purevpn shadowsocks surfshark vpn-client vyprvpn windscribe wireguard

Readme MIT 33 MiB