Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How to put docker behind vpn not using privoxy?

Featured Replies

Hi,

 

I would like to put some containers behind a vpn that do not have a proxy option (like radarr,sonarr etc)

 

I have binhex-privoxy running which is great for those dockers but not for all.

 

I have a private internet access account available to me and use it for binhex-privoxy and some vm's but do not want to put everything behind a vpn just some dockers

 

I have pfsense running on another unraid server available to me but could not work out how to setup a VLAN, is this still my best option or is there another way?

 

Thanks in advance!

Radarr and Sonarr have proxy option (Settings -> General).

So what are the "etc"?

  • Author

I did not explain that very well, I mean radarr and sonarr etc do have a proxy option and I can pass them through privoxy, other dockers do not have this option and I would like to pass them through a VPN and looking for the best way to do this.

 

Thanks

You can install the OpenVPN plugin that would put your entire server behind VPN.

Otherwise, you have to do it on your router (e.g. have each docker with its own IP and control the VPN access from the router) and/or router VM.

 

I used to have a VM that is connected to VPN and serves as a gateway for some dockers to route traffic through. I don't do that any more since I found it rather cumbersome.

 

Generally the dockers that I need to be behind VPN already have a "+VPN" version available on the app store.

  • Author

Hi @testdasi,

 

Thanks so much for your time!

 

I think I "hopefully" am close! 

 

I have installed a VM running ubuntu server running as a virtual vpn server and it works great to devices that I can specify an IP/Gateway on, how did you route your dockers through a different gateway then you used to do that?

 

Thanks again

16 minutes ago, mbc0 said:

I have installed a VM running ubuntu server running as a virtual vpn server and it works great to devices that I can specify an IP/Gateway on, how did you route your dockers through a different gateway then you used to do that?

I used pipework docker (details below).

There is the proper Limetech-recommended method using docker native functionalities which I found too troublesome to even try since pipework just worked and took me less than 5 minutes to set up.

 

Nevertheless, I have now completely transitioned away from custom IP and into using +VPN dockers and VPN proxy dockers.

There isn't any docker that I want to be behind VPN which doesn't have either of those 2 options available.

 

Pipework docker.

 

Edited by testdasi

  • Author

perfect! thank you so much 🙂

 

All working now!

FYI you can put "--net=container:foo" in the extra params to make any docker container reuse the network of an existing container (example here is that "foo" is the docker container connected to the VPN).  the recently released 6.8.3 makes this work again without the need for workarounds.

  • Author
On 3/8/2020 at 3:08 PM, bling said:

FYI you can put "--net=container:foo" in the extra params to make any docker container reuse the network of an existing container (example here is that "foo" is the docker container connected to the VPN).  the recently released 6.8.3 makes this work again without the need for workarounds.

Hi,

 

Do you mean instead of or as well as?

 

--net=container:foo

 

-e 'pipework_cmd=br0 @CONTAINER_NAME@ 192.168.0.138/[email protected]'

On 3/11/2020 at 7:11 PM, mbc0 said:

Hi,

 

Do you mean instead of or as well as?

 

--net=container:foo

 

-e 'pipework_cmd=br0 @CONTAINER_NAME@ 192.168.0.138/[email protected]'

instead of.

using --net replaces any existing method for achieving this.  you don't need to set up proxies or anything because any "child containers" will reuse the network of the parent.  so all you need to do is find a docker container (there are tons) that do openvpn + a kill switch as the parent and you're good.

  • Author

Hi, @blingsorry for the delay in thanking/getting back to you! I have just tried this and it unfortunately fails?

 

This is the docker I wanted to use that uses a vpn and killswitch

 

image.png.9f123bc0fbfc6cf6940e34ec5888cfb0.png

 

These are the extra parameters I put in

 

--net=container:binhex-delugevpn

 

and this is the error I get?

 

/usr/bin/docker: Error response from daemon: Container cannot be connected to network endpoints: container:binhex-delugevpn, host.
See '/usr/bin/docker run --help'.
The command failed.

 

Am I missing something obvious?

 

Thank you

 

 

 

 

Edited by mbc0

1 hour ago, mbc0 said:

Hi, @blingsorry for the delay in thanking/getting back to you! I have just tried this and it unfortunately fails?

 

This is the docker I wanted to use that uses a vpn and killswitch

 

image.png.9f123bc0fbfc6cf6940e34ec5888cfb0.png

 

These are the extra parameters I put in

 

--net=container:binhex-delugevpn

 

and this is the error I get?

 

/usr/bin/docker: Error response from daemon: Container cannot be connected to network endpoints: container:binhex-delugevpn, host.
See '/usr/bin/docker run --help'.
The command failed.

 

Am I missing something obvious?

 

Thank you

 

 

 

 

you need to set the network type to 'none', so that the --net in the extra params will work.  also, if your child container has a port exposed you need this defined on the parent container instead otherwise you can't access it.

  • Author

Thanks for the reply, I set network type to none at first but had no joy so tried all possible options, the error is probably because as you say "if your child container has a port exposed you need this defined on the parent container instead otherwise you can't access it." but unfortunately I have no idea what that means! 😞

I am in no way an expert, I've only been using unraid a few days, but if you edit the settings of the binhex-deluge container, there's an option at the bottom to add extra parameters/ports etc.

Think you need to do this, name it the name of the container which will be using it and the port it uses.

I'd maybe wait for someone else to confirm before you change anything based on what I've said though lol

Sent from my ONEPLUS A6003 using Tapatalk

  • Author

Hi,

 

Thanks for your reply, I have been searching but cannot find a way to add a docker using the method you are talking about (adding extra parameter) ?

  • Author

ah!  just found this, so I know it won't work unfortunately as binhex himself said so 

 

  On 1/10/2020 at 6:04 AM, alturismo said:

i saw some readme´s about the --net=container:<vpn_dockername>

im not sure where you saw that but its not in any readme's for these vpn docker images as this will not work due to the highly tied down configuration using iptables. 

Just now, mbc0 said:

ah!  just found this, so I know it won't work unfortunately as binhex himself said so 

That's one of the reasons why I used pipework instead of the various official methods with dockers.

Pipework works in a transparent easy-to-understand way i.e. just like how you would set something up in your OS network settings.

  • 4 weeks later...
  • Author

you are a legend @SpaceInvaderOne I had already looked for a video from you but it never existed until now! thank you so much! 🙂 

Space Invader, thank you for the great videos.

 

Gotta a question. Your video shows how to use the "curl ifconfig.io" command. I tried this command when bashing into delugevpn container and got an ip that represents my vpn working (ie looks like I am in France). I followed one of your older videos showing how to proxy sonarr and radarr (i am using linuxserver io) and have those proxy to port 8118 with my server IP. They work fine, but when I bashed into the container and tried the curl command, I am getting my real ip address. What am I doing wrong, or does this feature no longer work. This is true for sonarr, radarr and jacket.

 

Thanks for the help.

Sorry. I am an idiot..It works for http(s) so when I checked the proxy with a web browser., it is perfect...That explains why the curl command wouldnt reply with the vpn'd ip address. Sorry to bother you with stupid questions..Just goes to show, drag a fool to water and give him enough time, he may learn to drink on his own...lol

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.