Comments (2)
You would have to make a frontend for gluetun config or a gotty container and then you would still have to restart the gluetun container after the credentials were added, meaning the frontend would need access to docker.sock. Also every app you want tunneled through you would need to make edits to their compose files.
Your best bet is to add a service to the main umbrel compose at ${UMBREL_ROOT}/docker-compose.yml, for example:
vpn:
container_name: vpn
image: qdm12/gluetun
cap_add:
- net_admin
devices:
- /dev/net/tun:/dev/net/tun
# No ipv6 for Mullvad
#sysctls:
#- net.ipv6.conf.all.disable_ipv6=0
environment:
#- OPENVPN_IPV6=on
- VPN_SERVICE_PROVIDER=mullvad
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=
- WIREGUARD_ADDRESSES=
- SERVER_COUNTRIES=USA
- SERVER_CITIES=Los Angeles CA
- FIREWALL_VPN_INPUT_PORTS=
- UPDATER_PERIOD=24h
ports:
- 6380:6380
- 4443:4443
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 51413:51413 # Transmission
- 51413:51413/udp # Transmission
restart: unless-stopped
volumes:
- ${PWD}/gluetun:/gluetun
networks:
default:
add the ports for the apps you want tunneled like I listed for Transmission.
Then edit the transmission compose file at app-data/transmission/docker-compose.yml so it looks like this:
version: "3.7"
services:
app_proxy:
environment:
APP_HOST: transmission_server_1
APP_PORT: 9091
server:
image: linuxserver/transmission:version-3.00-r5@sha256:f0b885f211dd6fde7b64f0d6b9e5931929cfc2331fb83d6f3171e412f22b3f87
environment:
- PUID=1000
- PGID=1000
- PEERPORT=51413
volumes:
- ${APP_DATA_DIR}/data/config:/config
- ${UMBREL_ROOT}/data/storage/downloads:/downloads
#ports:
# - 51413:51413
# - 51413:51413/udp
restart: on-failure
network_mode: "service:vpn"
depends_on:
- vpn
If your using Mullvad you can get a port from them and then update the ports for transmission otherwise you will be able to download but no one will be able to connect to you i.e. can't seed.
Also It's possible you'll leak your IP as Transmission doesn't let you specifically set your Network Interface to Tun
You can check this using:
https://ipleak.net/
This would all be erased with an umbrel update or Transmission update.
Tbh, if you really wanted to torrent from your Umbrel I would just use qbit and a quick and dirty way would be to replace transmissions compose file with this:
version: "3.7"
services:
services:
app_proxy:
environment:
APP_HOST: transmission_server_1
APP_PORT: 9091
server:
image: linuxserver/qbittorrent:latest
stop_grace_period: 1m
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- WEBUI_PORT=9091
volumes:
- ${APP_DATA_DIR}/data/config:/config
- ${UMBREL_ROOT}/data/storage/downloads:/downloads
#ports:
# - 51413:51413
# - 51413:51413/udp
restart: unless-stopped
network_mode: "service:vpn"
depends_on:
- vpn
Then under Advanced tab in qbit setting set Network Interface to Tun0
, in order to make sure you don't leak your IP and under the Connections tab set your port to 51413
unless your acquired one from your VPN so you can seed properly and also editted the vpn container ports
Or setup glutun on it's own docker network outside of the umbrel stack, then do this for each app you want to add:
docker network connect --alias vpn_gateway gluetun_network transmission_server_1
docker exec -it transmission_server_1 bash
ip route del default
ip route add default via vpn_gateway
FYI, I haven't tried any of this but it should work.
from umbrel-apps.
What is the correct way to allow users to set secrets to be passed to the app via env variables? In this case users need to set VPN credentials that are passed to the container via env variables.
from umbrel-apps.
Related Issues (20)
- Update documentation on how to test and deploy umbrel apps on umbrelOS 1.0 HOT 2
- [App Request] LibreTranslate
- [Bug] Docker-Compose for LNbits is missing value true for proxy_trust_upstream
- Add an app for paperless-ngx HOT 2
- [BUG] Bluewallet: name of container in docker-compose file doesn't match with the actual name of the container HOT 2
- ignore
- Update BTCPay Server HOT 1
- Update Plex HOT 6
- Request to update homeassistant HOT 2
- Add Forgejo HOT 11
- public pool - no update in blockheight/ work template HOT 2
- Bitcoin - enable v2transport=1 HOT 1
- [App Request] njump (Nostr) HOT 2
- [App Request] Can you add ollama-webui? HOT 1
- FreshRSS /api/* should not be behind proxy HOT 2
- [App Request] - LNDK
- [App Request] TxStreet (mempool visualizer) HOT 1
- App Request - HestiaCP
- [App Request] — Technitium DNS Server HOT 4
- [App Request] — memos HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from umbrel-apps.