Thanks, for your support 😊 glad it worked for you.

Great to hear!

You're welcome 😁

You're welcome 😁

Thanks, really appreciate the feedback

@@Jims-Garage You're welcome.

Thanks, that's useful to know.

Do we need to add the new container's port to gluetun compose file and then redeploy gluetun?

​@@jims888 yes, those step are the same

@@xanzut Thanks

Thanks! I totally agree with you on the dark mode 😂

That's awesome, thank you for the feedback 🙂

@@Jims-Garage Long shot question- have you had any experience getting Nord meshnet running in a container to give remote access to local hosts?

@@Evakron no, unfortunately not. I'll have a look asap

That could be an improvement, I'm not sure if healthy means it has a valid connection though? I would make sure I use my firewall in front of the container as well.

I tried this but it seems like depends_on is no longer supported. Did you have any luck?

Thanks!

I will come onto LXCs soon. Might not be the best idea to be downloading torrents on an LXC though due to security (they share the host's Kernel and it's not always guaranteed what you're downloading...)

@@Jims-Garagedoesn’t doing this in unprivileged fix that host issue? Or maybe I got that wrong concept

You're welcome 😁

Glad it helped you 😀

@@mattb7895 docker VM for the added security. The r730 has a ton of capacity so the minimal gains of an LXC are not worth it IMO

Thanks, noted and fixed already in later videos.

@@Jims-Garage that's good to know, cheers!

It's on a VM. You mount your pool to the VM, then map to the container.

Good spot, thanks, let me double check :) I sometimes end up tweaking the config afterwards so always refer to the current file in GitHub

@@cyrilpinto418 yes, the mount will look something like that. Essentially it's wherever you choose to mount it. You do not need to port forward, the VPN connection is a bidirectional tunnel.

Thanks. You should be able to use an external Traefik service

@@Jims-GarageA video about how to do it would be great. Also, access by domain instead port would be even better.

@@AngelCerveraClaudio I'll try to remember to update it. You should be able to copy and amend the Traefik labels off most of my other videos.

For me everything worked when I added networks: - proxy to glueten config in docker-compose file and then at the end of docker-compose networks: proxy: external: true Of course traefik lables must in place and network "proxy" already created

@@johnhiggins2696 you can proxy any container through gluetun by adding the network part. I don't know of any easy way to route non container traffic but imagine it's possible

You can run them all on single Docker host. I've tried my best to manage port conflicts but I could have missed something. That should be all you'll ever need to change.

@@Jims-Garage nice one thanks

@@demiroth make sure your outbound rules allow the VPN and also the VPN allows inbound. I always have the firewall icon and it works fine.

You're welcome 😁

Should do as it's the only network route. You could also add a firewall rule on top to help.

@@Jims-Garage got it. Do you have a video on firewall? recently discovered your channel and going to go through lot of content from it now. would be great if you can point that out. Thanks!

@@Andy15792 yes, look for Sophos XG and OPNSense

@@etech838 only if your VPN supports port forwarding, most don't.

@@Jims-Garage Thank you very much for your quick response. Surfshark doesn't seem to support port forwarding. Can you tell me whether only porwlarr and qbittorrent need the VPN connection or whether sonarr and radarr also need it? I'm not sure about the last two. Thank you in advance.

Thanks, good spot. I think you're right 👍 I'll check later

For me everything worked when I added networks: - proxy to glueten config in docker-compose file and then at the end of docker-compose networks: proxy: external: true Of course traefik lables must in place and network "proxy" already created

Lynx is WireGuard with another name. Use UDP if you don't want to use lynx. It'll be just as quick.

Yes, you are able to.

Pin it behind your firewall to restrict to the VPN IP range, that should help

@@Jims-Garage Thank you!

Have you tested that your SMB is mounted correctly first?

@@Jims-GarageYes, I'm able to read and write from outside the containers with no problem (again thank you for your other guide!) My problem is that QB does not write on the NAS. Should I change this: " - /home/ubuntu/docker/arr-stack/qbittorrent/downloads:/downloads" to this " - /media/share/downloads:/downloads" ? I was trying it but seems not enough, do I need to add other parameters to the containers? 🙏

You can, just replicate the part in the container yaml that references Gluetun as the network. That will send all traffic through it.

@@Jims-Garage i’ve tried but encountered some error. Related to kvm network. Im not very good with docker so right now i just give up😅

You want to install Docker on a machine or VM (that's the host, I have a video on it). Once you've done that copy over the docker compose file (this is the configuration file for all of the apps, the containers). You use the command sudo docker compose up -d to launch the containers. You can load the compose into Portainer and do it that way, but I prefer to explain to people exactly what it's doing. Plus, compose is faster as you don't need a gui.

@@Jims-Garage I think this is really just useless. Why am I downloading a .yml file? I just don't understand it. I have docker desktop installed. Why is .yml filetype not associated with docker executable file? I just don't get it. Why does this app even exist if we are using command lines and poorly formatted text file configurations. I tried to force docker desktop to open the .yml file by manually associating the file type. That doesn't do anything. It should. Beyond the general issue that I still have no idea what my docker compose location is. All I know is I got docker desktop to run. I had to disable legacy command prompt. I can even have it pull apps. It downloads them somewhere (no desirable clue where that somewhere is), and it gives me zero ability to edit the configuration files.

Yes, setup the VPN then edit the existing stacks to use that network. I wouldn't trust a free VPN, I don't know of any.

No, simply add a WireGuard container as well and connect to it via that. Check my WireGuard video out.

​@@Jims-Garage, thanks for the suggestion. In this case, it is not viable option for me. My users are used to having access directly by using FQDN that available over the internet, getting them to install a VPN client would be too much right now.

@@dirgosalga you can still expose normally. Gluetun is only sending outbound over the VPN (hence how you can access locally)

Put the IP instead of localhost.

@@ChaseSmith-g9j don't add it to the gluetun network

@@Jims-Garage Thank you for the quick reply! I only have gluetun and qbit in the stack. I was just assuming that Plex is suing the vpn ip. Could it be another issue?

@@ChaseSmith-g9j Plex uses your internet IP address

@@Jims-Garage What do you think is the cause for no remote access

@@ChaseSmith-g9j you need a port forward on your firewall pointing to your docker container (e.g. port forward 32400 to your docker IP)

You'll access the services locally by going to dockerIP:ServicePort

Never mind, I restarted qT after the whole stack has started and managed to get it work.

Awesome, thanks for the response. Sometimes the container order can be a little iffy.

@@Jims-Garage Thanks again mate! This has worked great for me. I've only got 2 minor issues: One is I can't go to the terminal/console of each container in this stack. Portainer keeps saying "Error: Unable to retrieve image details". Secondly, I tried to map a volume from a shared folder on my local NAS to store the downloads here but QBT doesn't seem to be able to read this mapped folder inside the container. I use CIFS volume mount directly on Portainer. Any hints, please?

@@NguyenCungHoaHien in Portainer change the drop-down to /bin/sh and see if that works. Not sure why you can't see the mount, it should just be a folder. Likely a permissions problem.

This routes traffic out over a VPN, it's not a VPN to connect remotely from. You'd likley want to have WireGuard or something similar if you want to access local services remotely.

​@@Jims-Garage I was confused. Couldn't tell the error since the containers kept restarting. I ran the same docker-compose.yml on another machine and it worked with no problems! 👍

Make sure that they're on the same network.

I couldn't connect sonar or radarr as i'd need to give them and external IP as they're directed through the vpn. However I reconfigured plex to update the library when changes to folder directories were detected so problem solved

Volumes should be dynamically created.

@@Jims-Garage Thank you so much! This has been the best tutorial I've found yet and I watched so many. I finally got it working!

@@XerkoGames you're welcome 😁

How are you trying to access it? IP:Port or through a reverse proxy?

Mount a share into the container. Might need to create a share first.

@@Jims-Garage And this is done from adding it under volumes: part in configuration file?. sorry i am a real beginner in this container/docker stuff :)

@@AndersBergwall Correct. Left of the colon : is the host location, right of the colon is where it's mounted inside the container (you typically never change the right hand side)

@@Jims-Garage ⭐⭐⭐⭐⭐

If you have time for stupid questions then here is one for you :) I have managed to follow this guide and everything is working :) However, when using the qbittorrent download AND i THINK when i use the unrar once completed option, the /tmp folder of my QNAP gets filled.. this space is only 400mb (why?) maybe its something i configured when i first setup the nas (but i dont think so)... so any suggestions? my guess is that unrar stores temporary in the /TMP folder, i tried move /tmp to another drive or location but.. yeah.. not successful (or dont know if i should).

You can’t torrent with the free tier of protonvpn

Yes, you can github.com/qdm12/gluetun-wiki/blob/main/setup/openvpn-configuration-file.md

@@Jims-Garage thanks Jim! I'll try this out

Why would you need to? Cron can do this though.

@@Jims-Garage If my Zimaboard does a reboot (for whatever reason) now I need to manually SSH into the board and run docker compose up... not a big problem but still

@@ronsone8373 change the restart policy to always.

Check out my Docker Compose -> Kubernetes migration video and have a go. One thing to consider is that you don't want to download to your longhorn or replicated storage (that will drastically increase wear).

It's almost certainly a permissions issue. It might be worth running as root to check things first, then reintroducing proper accounts. I'm guessing you've checked the host can access the nfs?

@@Jims-GarageI think it was. i spun up a fresh ubuntu server since I had done some tinkering on the first one and went step by step and setup autofs and bingo it was fine. downloads to the share fine. the one last little thing you might know is when using wireguard (surfshark) the portainer logs show it being good as far as i can tell but QBT doesnt see any trackers so nothing downloads (im not a torrent power user) If i use the pertinent gluetun settings for OpenVPN it works just fine. its much faster than the windows VM i was using. Thanks Jim! I subscribed

Have a try at adding yourself, it's the same as all of the other containers. Jump on Discord if you're stuck.

Yes, but worth limiting egress with a firewall rule as well. Limit it to only the VPN IP address space.

@@Jims-Garage thanks! Would running iptables or ufw on the vm I hosted the dockers on be sufficient?

@@Liam.s yes, that's helpful.

@@Jims-Garage you’re amazing man! Thank you!

@@Liam.s you're welcome. Hop on Discord if you haven't already (and hit the sub please 😉)

Configure your compose, hit return

Glad to hear it, thank you

ttech has it 'proxmox ve helper-scripts' > Docker LXC

Yes, I have a docker installation video earlier on.

Yea, this could run in Kubernetes. Trickier but doable.

​@@Jims-Garage That would be really swell to have some tips on that front.

I would use your firewall. Restrict outbound traffic specially to an IP address associated with the VPN.

Port forwarding shouldn't be necessary as the VPN will do that their end and send the traffic back down the tunnel. I would check gluetun logs to ensure that it has connected.

Correct 😁

@@deanshaw3844 thanks! It's difficult to diagnose without logs etc but it's very likely to be an incorrect mount location or permission issue

Thanks for the reply. I worked thru 3 of your guides, culminating with the ARR-Stack. When spinning it up, I got errors about Network Tun, directory not existing. Discovered the network node was not available on unpriv lxc, so found some instructions from another youtuber to add these commands into my lxc.conf file. lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net dev/net none bind create=dir When I added the above lines below the lines added in your gpu passthru video, the lxc would not boot. I compared his commands to yours, and discovered that the command 'optional' was not there, so I added that command in between bind and create, which made it like the following: lxc.mount.entry: /dev/net dev/net none bind,optional,create=dir After adding 'optional' I found the lxc booted correctly once more, and the net folder was passed thru to the lxc, and tun was available for use. Then I was able to spin up your docker compose file for the ARR-Stack With the defualt /home paths, qBittorrent works fine, but if I change the path in the docker compose yaml to the path I can type from shell and access my nas shares, I get instant error. the path I used was - /mnt/nas/Download/qBittorent not sure if that is correct syntax? From proxmox shell, if I type ls /mnt/nas I see all my shares on the nas. I can create folders, add files.delete files etc. Only thing I think I did different, is other youtuber suggested not using 'root' with lxc, so advised to adduser, and then add that user to sudo group. I think when I installed docker and portainer following your guide, that I installed it using that user name and not looged in as root. Not sure if that makes a difference. I seem to be able to access the mounted NAS shares when logged in as root or the added user.

The other youtuber has a stack he calls the Ultimate Docker Media Server. (UDMS) I started following his vide, but apart from installing ubuntu lxc, nothing else is his vids I could get working. Then after finding your channel, I followed 3 of your tutorials, and got all three working, which is kind of a miracle for this newbie. Previously I was using the truecharts catalog inside TrueNAS scale, and was using qBittorent with gluetun. Then when truecharts support was pulled in latest Truenas update, I setup the native Truenas scale qbittorrent, and tried to link it to gluetun unsuccessfully. Then I happed across your docker guides, and jellyfin and gpu passthru, and NAs shares on lxc. It seemed a great alternative to once having it all work in TrueNAS Scale, without having to know much of anything. (it just worked) (grin) I got pretty close tho, thanks to you!, but must have done something stupid. I have read tho that qBittorent has some kind of issue accessing NAS shares, so thought that was interesting. Thanks again for your wonderful videos.

Sorry about all the typos in above replies. (bit tired) I missed out an 'r' in qbittorrent.

Got it working!. the default PUID and GUID were 1000. I changed them both to 10000. I changed the path to /mnt/nas/Download/qBitorrent:/downloads Then in qBittorent set the download path to /downloads I can see the downloaded files from linux side, and it has created another folder in qBittorent called download. However, from Windows, when I go to the SMB share, the folder and files are invisible, but the original SMB share of same name is there, and empty. Guess I have to change some permissions inside TrueNAS now? Making progress tho. I apologize for all the postings.

You would need to mount a network share to the host machine, then amend the volume mount to use the share.

You should be able to add any container behind gluetun.

Create a thread in discord, I imagine you'll have some help

Having it in a VM as opposed to an LXC is a worthwhile security buffer IMO. Should be possible in an LXC though.

@@Jims-Garage Thanks Jim. I followed Don's guide to get an openwrt router lxc set up and running a VPN client....but now my test sonarr lxc is on a different network when using that as my bridge haha. The complexity of mounting NFS shares to my TrueNAS is making my brain hurt. Maybe I'll just leave the arr stack in docker on a Ubuntu server VM with gluetun. It's nice and contained and I don't really have system resource limitations.

Glad you enjoyed it

Do you have any logs from the gluetun container? Could be as simple as wrong credentials

@@Jims-Garagewell I think it somehow resolved itself. After repeatedly taking it down and then going back to check if anything was copied incorrectly and bringing it back up it would still do the same thing. Until I left it alone and gluetun would keep retrying the connection. After about several retries I guess it finally made the connection and it gives me a healthy status. I know it gives off the warning as well that timeouts are a sign that wireguard might not be working correctly but when the logs shows the ip address, it’s using the one given from my vpn somewhere in Canada. (I’m not in Canada)

It should be using the IP address of the virtual machine

@@Jims-Garage I managed to fix it. It turned out that qbittorrent uses localip: port instead of https. Probably a silly thing I overlooked. Thanks for the video though. Although there are lots of useful docs out there having a video of someone doing it is really helpful reference.

I would run this on Docker in a Proxmox VM. You can then mount a NAS network share into the Docker Torrent container, best of both worlds IMO.

@@Jims-Garage oh ok so your running everything on in this series that evolves docker through proxmox then doing network shares that’s just where I was lost following the series now I can start this journey just waiting on a motherboard then I can start the firewall stuff first. Then go into the nas then all the trafic network stuff.

All my config files are on my GitHub, check the link in the description.

@@Jims-Garage nice one, found it thanks

It's in the comments on files on GitHub

Thanks for replying, but I think I need a whole video on this I've been at it for 2 days and still no joy 😂

when I go into my qbittorent.log file, I see "WebAPI login failure" 10 times, and after 5 times the reason changes from invalid credentials to IP has been banned

The end part is the qbittorrent gui, use your credentials specified or leave blank for the default (I think)

@@Jims-Garage but where do i need to access this from? Within the ubuntu machine or on my host machine? Does it not matter? Also how do I link my qbittorent to my surfshark that is within the container, to only work when it’s on? If this is too much trouble to answer, any guidance towards a community that could assist would be greatly appreciated!!!

@@BabyJesusBro you access it through any machine's web browser (e.g. gaming PC) as long as it has access (if it's on the same network you're fine). I don't use surf shark but I believe that gluetun supports it, their documentation will help you out. Consider joining my discord and creating a help thread, there's loads of great people on there.

It isn't officially supported but this script should help you. gist.github.com/bluewalk/7b3db071c488c82c604baf76a42eaad3

@@Jims-Garage would you happen to be able to do a setup for VPN Unlimited?

No, openvpn is free to download and use. I recommend using UDP over WireGuard for NordVPN (or use nordlynx)

@@Jims-GarageIf I were to use nordlynx how should I change the docker compose info?

@@rexhavoc376 I don't know if gluetun supports it. You'll need to check their documentation.

@@Jims-GarageAlright. How do I know what my openvpn_user and openvpn_password is? Do I need to set up openvpn in another container first? Thanks again for all your help

@@rexhavoc376 log in to your NordVPN account and find the credentials for manual config

localhost:port

@@xVarga i have a similar problem and i've typed every IP i got... portainer says 127... IPs while my localnet is 192.168... i feel like i'm missing an easy step. haha

@@blakestandal8294 for me it is 192.168.x.x:8085 this is one of the ports of gluetun, it is for wireguard, just try all of them. Idk what else to say unfortunately.

I think you can change the ports either with environment variables or just in the config.