admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fb2ca3cc1aa91a774ab7307016c0650243234b45
gluetun/README.md

317 lines
15 KiB
Markdown
Raw Normal View History

Restarts on fail; DNS over TLS only when connected to VPN; readme update
2018-09-21 16:39:08 +02:00
# Private Internet Access Client (OpenVPN+Iptables+DNS over TLS on Alpine Linux)
Initial commit
2018-02-06 21:57:41 -05:00
Reworked project overall
2018-11-06 14:55:11 +01:00
*Lightweight VPN client to tunnel to private internet access servers*
Killswitch added with firewall, fixes #3
2018-06-06 22:44:11 -04:00
Update README.md
2018-02-21 11:55:45 -05:00
[![PIA Docker OpenVPN](https://github.com/qdm12/private-internet-access-docker/raw/master/readme/title.png)](https://hub.docker.com/r/qmcgaw/private-internet-access/)
Initial commit
2018-02-06 21:57:41 -05:00
Added Travis CI
2018-03-15 12:09:17 -04:00
[![Build Status](https://travis-ci.org/qdm12/private-internet-access-docker.svg?branch=master)](https://travis-ci.org/qdm12/private-internet-access-docker)
Added choice of UDP/TCP and level of encryption. Reworked readme and Dockerfile
2018-04-15 14:15:58 -04:00
[![Docker Build Status](https://img.shields.io/docker/build/qmcgaw/private-internet-access.svg)](https://hub.docker.com/r/qmcgaw/private-internet-access)
[![GitHub last commit](https://img.shields.io/github/last-commit/qdm12/private-internet-access-docker.svg)](https://github.com/qdm12/private-internet-access-docker/issues)
[![GitHub commit activity](https://img.shields.io/github/commit-activity/y/qdm12/private-internet-access-docker.svg)](https://github.com/qdm12/private-internet-access-docker/issues)
[![GitHub issues](https://img.shields.io/github/issues/qdm12/private-internet-access-docker.svg)](https://github.com/qdm12/private-internet-access-docker/issues)
[![Docker Pulls](https://img.shields.io/docker/pulls/qmcgaw/private-internet-access.svg)](https://hub.docker.com/r/qmcgaw/private-internet-access)
[![Docker Stars](https://img.shields.io/docker/stars/qmcgaw/private-internet-access.svg)](https://hub.docker.com/r/qmcgaw/private-internet-access)
[![Docker Automated](https://img.shields.io/docker/automated/qmcgaw/private-internet-access.svg)](https://hub.docker.com/r/qmcgaw/private-internet-access)
Added Travis CI
2018-03-15 12:09:17 -04:00
Reworked labels, readme and added License
2018-10-29 16:32:11 +01:00
[![Image size](https://images.microbadger.com/badges/image/qmcgaw/private-internet-access.svg)](https://microbadger.com/images/qmcgaw/private-internet-access)
[![Image version](https://images.microbadger.com/badges/version/qmcgaw/private-internet-access.svg)](https://microbadger.com/images/qmcgaw/private-internet-access)
Fixed readme
2018-04-01 13:56:56 -04:00
Added Paypal donate link
2019-01-14 14:14:40 +01:00
[![Donate PayPal](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://paypal.me/qdm12)
Reworked labels, readme and added License
2018-10-29 16:32:11 +01:00
| Image size | RAM usage | CPU usage |
| --- | --- | --- |
Small fixes
2019-09-09 13:56:50 -04:00
| 23.3MB | 14MB to 80MB | Low to Medium |
Added ARM images for 32 bit v6 (Rasberry Pi) and 64 bit v8
2019-01-14 09:55:46 +01:00
Collapsible content in readme
2019-02-01 08:30:10 +01:00
<details><summary>Click to show base components</summary><p>
Reworked labels, readme and added License
2018-10-29 16:32:11 +01:00
Updated packages and Alpine to 3.10
2019-06-26 17:23:24 +02:00
- [Alpine 3.10](https://alpinelinux.org) for a tiny image
- [OpenVPN 2.4.7](https://pkgs.alpinelinux.org/package/v3.10/main/x86_64/openvpn) to tunnel to PIA servers
- [IPtables 1.8.3](https://pkgs.alpinelinux.org/package/v3.10/main/x86_64/iptables) enforces the container to communicate only through the VPN or with other containers in its virtual network (acts as a killswitch)
- [Unbound 1.9.1](https://pkgs.alpinelinux.org/package/v3.10/main/x86_64/unbound) configured with Cloudflare's [1.1.1.1](https://1.1.1.1) DNS over TLS
Splitted `BLOCK_MALICIOUS` with `BLOCK_NSA` and `UNBLOCK` env variable
2019-04-23 10:29:44 +02:00
- [Files and blocking lists built periodically](https://github.com/qdm12/updated/tree/master/files) used with Unbound (see `BLOCK_MALICIOUS` and `BLOCK_NSA` environment variables)
Added web HTTP proxy
2019-06-27 13:12:03 +02:00
- [TinyProxy 1.10.0](https://pkgs.alpinelinux.org/package/v3.10/main/x86_64/tinyproxy)
Reworked labels, readme and added License
2018-10-29 16:32:11 +01:00
Collapsible content in readme
2019-02-01 08:30:10 +01:00
</p></details>
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
## Features
- <details><summary>Configure everything with environment variables</summary><p>
- [Destination region](https://www.privateinternetaccess.com/pages/network)
- Internet protocol
- Level of encryption
More modularity and reworked readme - Docker's init added to avoid zombie processes (i.e. Unbound) - Added environment variables to enable or disable features: `DOT`, `FIREWALL` - Reworked readme
2019-06-27 13:10:51 +02:00
- PIA Username and password
- DNS over TLS
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
- Malicious DNS blocking
More modularity and reworked readme - Docker's init added to avoid zombie processes (i.e. Unbound) - Added environment variables to enable or disable features: `DOT`, `FIREWALL` - Reworked readme
2019-06-27 13:10:51 +02:00
- Internal firewall
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
- Web HTTP proxy
More modularity and reworked readme - Docker's init added to avoid zombie processes (i.e. Unbound) - Added environment variables to enable or disable features: `DOT`, `FIREWALL` - Reworked readme
2019-06-27 13:10:51 +02:00
- Run openvpn without root
Updated README - Fixed ARM instructions - More collapsibles - Added all-in-one docker-compose example from issue 21
2019-05-22 09:34:33 +02:00
</p></details>
Updated documentation
2019-06-26 17:23:42 +02:00
- Connect other containers to it, [see this](https://github.com/qdm12/private-internet-access-docker#connect-to-it)
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
- **ARM** compatible
- Port forwarding
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
- The *iptables* firewall allows traffic only with needed PIA servers (IP addresses, port, protocol) combinations
Updated documentation
2019-06-26 17:23:42 +02:00
- OpenVPN reconnects automatically on failure
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
- Docker healthcheck pings the DNS 1.1.1.1 to verify the connection is up
Updated documentation
2019-06-26 17:23:42 +02:00
- Unbound DNS runs *without root*
- OpenVPN can run *without root* but this disallows OpenVPN reconnecting, it can be set with `NONROOT=yes`
Shadowsocks proxy built-in, fixes #30 (#46) * Added ShadowSocks proxy to container * Updated docker-compose.yml example * Updated readme with new instructions for Shadowsocks proxy
2019-09-09 20:39:47 -04:00
- Connect your LAN devices
- HTTP Web proxy *tinyproxy*
- SOCKS5 proxy *shadowsocks*
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
Added choice of UDP/TCP and level of encryption. Reworked readme and Dockerfile
2018-04-15 14:15:58 -04:00
## Setup
Initial commit
2018-02-06 21:57:41 -05:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
1. <details><summary>Requirements</summary><p>
Reverted back to creating tun device manually
2018-06-01 14:38:27 -04:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
- A Private Internet Access **username** and **password** - [Sign up](https://www.privateinternetaccess.com/pages/buy-vpn/)
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
- External firewall requirements, if you have one
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
- Allow outbound TCP 853 to 1.1.1.1 to allow Unbound to resolve the PIA domain name at start. You can then block it once the container is started.
- For UDP strong encryption, allow outbound UDP 1197
- For UDP normal encryption, allow outbound UDP 1198
- For TCP strong encryption, allow outbound TCP 501
- For TCP normal encryption, allow outbound TCP 502
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
- For the built-in web HTTP proxy, allow inbound TCP 8888
Shadowsocks proxy built-in, fixes #30 (#46) * Added ShadowSocks proxy to container * Updated docker-compose.yml example * Updated readme with new instructions for Shadowsocks proxy
2019-09-09 20:39:47 -04:00
- For the built-in SOCKS5 proxy, allow inbound TCP 8388 and UDP 8388
Fixes #35 not working docker-compose.yml
2019-07-28 18:18:59 -04:00
- Docker API 1.25 to support `init`
- If you use Docker Compose, docker-compose >= 1.22.0, to support `init: true`
Removed Unbound from image Better use it in another Docker container, it caused quite some problems with my firewall so I thought it would be better to only
2018-09-20 20:35:29 +02:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
</p></details>
Removed Unbound from image Better use it in another Docker container, it caused quite some problems with my firewall so I thought it would be better to only
2018-09-20 20:35:29 +02:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
1. Ensure `/dev/net/tun` is setup on your host with either:
```sh
insmod /lib/modules/tun.ko
# or...
Multiple additions and fixes #12 - Unbound ran as `nonrootuser` - Readme updated - auth.conf replaced by `USER` and `PASSWORD` env variables - Removed Nginx section from readme for now - Reworked entrypoint with more checks - Malicious IPs and hostnames building is done at Docker build to gain time at launch - docker-compose updated to reflect changes
2018-11-14 14:38:10 +02:00
modprobe tun
Added Cloudflare 1.1.1.1 DNS over TLS
2018-04-13 15:35:31 -04:00
```
Update README.md
2018-02-21 11:55:45 -05:00
Updated README - Fixed ARM instructions - More collapsibles - Added all-in-one docker-compose example from issue 21
2019-05-22 09:34:33 +02:00
1. <details><summary>CLICK IF YOU HAVE AN ARM DEVICE</summary><p>
- If you have a ARM 32 bit v6 architecture
```sh
Fixed readme typos
2019-05-22 22:47:13 +02:00
docker build -t qmcgaw/private-internet-access \
Updated README - Fixed ARM instructions - More collapsibles - Added all-in-one docker-compose example from issue 21
2019-05-22 09:34:33 +02:00
--build-arg BASE_IMAGE=arm32v6/alpine \
https://github.com/qdm12/private-internet-access-docker.git
```
- If you have a ARM 32 bit v7 architecture
```sh
Fixed readme typos
2019-05-22 22:47:13 +02:00
docker build -t qmcgaw/private-internet-access \
Updated README - Fixed ARM instructions - More collapsibles - Added all-in-one docker-compose example from issue 21
2019-05-22 09:34:33 +02:00
--build-arg BASE_IMAGE=arm32v7/alpine \
https://github.com/qdm12/private-internet-access-docker.git
```
- If you have a ARM 64 bit v8 architecture
```sh
Fixed readme typos
2019-05-22 22:47:13 +02:00
docker build -t qmcgaw/private-internet-access \
Updated README - Fixed ARM instructions - More collapsibles - Added all-in-one docker-compose example from issue 21
2019-05-22 09:34:33 +02:00
--build-arg BASE_IMAGE=arm64v8/alpine \
https://github.com/qdm12/private-internet-access-docker.git
```
</p></details>
Updated readme for ARM devices and DNS leak tests
2019-04-03 19:21:49 +02:00
Reworked labels, readme and added License
2018-10-29 16:32:11 +01:00
1. Launch the container with:
Update README.md
2018-02-21 11:55:45 -05:00
Added choice of UDP/TCP and level of encryption. Reworked readme and Dockerfile
2018-04-15 14:15:58 -04:00
```bash
More modularity and reworked readme - Docker's init added to avoid zombie processes (i.e. Unbound) - Added environment variables to enable or disable features: `DOT`, `FIREWALL` - Reworked readme
2019-06-27 13:10:51 +02:00
docker run -d --init --name=pia --cap-add=NET_ADMIN --device=/dev/net/tun \
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
-e REGION="CA Montreal" -e USER=js89ds7 -e PASSWORD=8fd9s239G \
Added choice of UDP/TCP and level of encryption. Reworked readme and Dockerfile
2018-04-15 14:15:58 -04:00
qmcgaw/private-internet-access
```
Update README.md
2018-02-21 11:55:45 -05:00
Reworked labels, readme and added License
2018-10-29 16:32:11 +01:00
or use [docker-compose.yml](https://github.com/qdm12/private-internet-access-docker/blob/master/docker-compose.yml) with:
Updated repo
2018-03-31 20:33:45 -04:00
Removed Unbound from image Better use it in another Docker container, it caused quite some problems with my firewall so I thought it would be better to only
2018-09-20 20:35:29 +02:00
```bash
Updated repo
2018-03-31 20:33:45 -04:00
docker-compose up -d
```
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
Note that you can:
- Change the many [environment variables](#environment-variables) available
- Use `-p 8888:8888/tcp` to access the HTTP web proxy (and put your LAN in `EXTRA_SUBNETS` environment variable)
Shadowsocks proxy built-in, fixes #30 (#46) * Added ShadowSocks proxy to container * Updated docker-compose.yml example * Updated readme with new instructions for Shadowsocks proxy
2019-09-09 20:39:47 -04:00
- Use `-p 8388:8388/tcp -p 8388:8388/udp` to access the SOCKS5 proxy (and put your LAN in `EXTRA_SUBNETS` environment variable)
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
- Pass additional arguments to *openvpn* using Docker's command function (commands after the image name)
Added web HTTP proxy
2019-06-27 13:12:03 +02:00
Added Cloudflare 1.1.1.1 DNS over TLS
2018-04-13 15:35:31 -04:00
## Testing
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
Check the PIA IP address matches your expectations
Updated repo
2018-03-31 20:33:45 -04:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
```sh
Updated packages and Alpine to 3.10
2019-06-26 17:23:24 +02:00
docker run --rm --network=container:pia alpine:3.10 wget -qO- https://ipinfo.io
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
```
Initial commit
2018-02-06 21:57:41 -05:00
Added choice of UDP/TCP and level of encryption. Reworked readme and Dockerfile
2018-04-15 14:15:58 -04:00
## Environment variables
| Environment variable | Default | Description |
| --- | --- | --- |
Multiple additions and fixes #12 - Unbound ran as `nonrootuser` - Readme updated - auth.conf replaced by `USER` and `PASSWORD` env variables - Removed Nginx section from readme for now - Reworked entrypoint with more checks - Malicious IPs and hostnames building is done at Docker build to gain time at launch - docker-compose updated to reflect changes
2018-11-14 14:38:10 +02:00
| `REGION` | `CA Montreal` | One of the [PIA regions](https://www.privateinternetaccess.com/pages/network/) |
Reworked labels, readme and added License
2018-10-29 16:32:11 +01:00
| `PROTOCOL` | `udp` | `tcp` or `udp` |
Added choice of UDP/TCP and level of encryption. Reworked readme and Dockerfile
2018-04-15 14:15:58 -04:00
| `ENCRYPTION` | `strong` | `normal` or `strong` |
Removed empty ticks from readme table
2019-01-14 09:55:14 +01:00
| `USER` | | Your PIA username |
| `PASSWORD` | | Your PIA password |
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
| `NONROOT` | `no` | Run OpenVPN without root, `yes` or `no` |
More modularity and reworked readme - Docker's init added to avoid zombie processes (i.e. Unbound) - Added environment variables to enable or disable features: `DOT`, `FIREWALL` - Reworked readme
2019-06-27 13:10:51 +02:00
| `DOT` | `on` | `on` or `off`, to activate DNS over TLS to 1.1.1.1 |
Splitted `BLOCK_MALICIOUS` with `BLOCK_NSA` and `UNBLOCK` env variable
2019-04-23 10:29:44 +02:00
| `BLOCK_MALICIOUS` | `off` | `on` or `off`, blocks malicious hostnames and IPs |
| `BLOCK_NSA` | `off` | `on` or `off`, blocks NSA hostnames |
| `UNBLOCK` | | comma separated string (i.e. `web.com,web2.ca`) to unblock hostnames |
More modularity and reworked readme - Docker's init added to avoid zombie processes (i.e. Unbound) - Added environment variables to enable or disable features: `DOT`, `FIREWALL` - Reworked readme
2019-06-27 13:10:51 +02:00
| `EXTRA_SUBNETS` | | comma separated subnets allowed in the container firewall (i.e. `192.168.1.0/24,192.168.10.121,10.0.0.5/28`) |
Additional port forwarding parameters checks in entrypoint
2019-09-09 12:34:05 -04:00
| `PORT_FORWARDING` | `off` | Set to `on` to forward a port on PIA server |
| `PORT_FORWARDING_STATUS_FILE` | `/forwarded_port` | File path to store the forwarded port number |
Tinyproxy variables renamed
2019-09-09 12:40:00 -04:00
| `TINYPROXY` | `on` | `on` or `off`, to enable the internal HTTP proxy tinyproxy |
| `TINYPROXY_LOG` | `Critical` | `Info`, `Warning`, `Error` or `Critical` |
| `TINYPROXY_PORT` | `8888` | `1024` to `65535` internal port for HTTP proxy |
| `TINYPROXY_USER` | | Username to use to connect to the HTTP proxy |
| `TINYPROXY_PASSWORD` | | Passsword to use to connect to the HTTP proxy |
Shadowsocks proxy built-in, fixes #30 (#46) * Added ShadowSocks proxy to container * Updated docker-compose.yml example * Updated readme with new instructions for Shadowsocks proxy
2019-09-09 20:39:47 -04:00
| `SHADOWSOCKS` | `on` | `on` or `off`, to enable the internal SOCKS5 proxy Shadowsocks |
| `SHADOWSOCKS_LOG` | `on` | `on` or `off` to enable logging for Shadowsocks |
| `SHADOWSOCKS_PORT` | `8388` | `1024` to `65535` internal port for SOCKS5 proxy |
| `SHADOWSOCKS_PASSWORD` | | Passsword to use to connect to the SOCKS5 proxy |
Update README.md
2018-02-21 11:55:45 -05:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
## Connect to it
Added choice of UDP/TCP and level of encryption. Reworked readme and Dockerfile
2018-04-15 14:15:58 -04:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
There are various ways to achieve this, depending on your use case.
Re-added section on publishing ports of containers connected to PIA
2018-11-18 19:31:09 +02:00
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
- <details><summary>Connect containers in the same docker-compose.yml as PIA</summary><p>
Add `network_mode: "service:pia"` to your *docker-compose.yml* (no need for `depends_on`)
</p></details>
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
- <details><summary>Connect other containers to PIA</summary><p>
Added section on docker-compose services to publish ports
2018-11-20 09:27:10 +02:00
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
Add `--network=container:pia` when launching the container, provided PIA is already running
Re-added section on publishing ports of containers connected to PIA
2018-11-18 19:31:09 +02:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
</p></details>
- <details><summary>Connect containers from another docker-compose.yml</summary><p>
Readme update and typo fixes
2019-04-26 21:43:26 +02:00
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
Add `network_mode: "container:pia"` to your *docker-compose.yml*, provided PIA is already running
Readme update and typo fixes
2019-04-26 21:43:26 +02:00
Reworked readme to connect containers to PIA and access their ports
2019-06-22 18:00:17 +02:00
</p></details>
Shadowsocks proxy built-in, fixes #30 (#46) * Added ShadowSocks proxy to container * Updated docker-compose.yml example * Updated readme with new instructions for Shadowsocks proxy
2019-09-09 20:39:47 -04:00
- <details><summary>Connect LAN devices through the built-in HTTP proxy *Tinyproxy* (i.e. with Chrome, Kodi, etc.)</summary><p>
Reworked readme to connect containers to PIA and access their ports
2019-06-22 18:00:17 +02:00
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
1. Setup a HTTP proxy client, such as [SwitchyOmega for Chrome](https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif?hl=en)
1. Ensure the PIA container is launched with:
Shadowsocks proxy built-in, fixes #30 (#46) * Added ShadowSocks proxy to container * Updated docker-compose.yml example * Updated readme with new instructions for Shadowsocks proxy
2019-09-09 20:39:47 -04:00
- port `8888` published `-p 8888:8888/tcp`
- your LAN subnet, i.e. `192.168.1.0/24`, set as `-e EXTRA_SUBNETS=192.168.1.0/24`
1. With your HTTP proxy client, connect to the Docker host (i.e. `192.168.1.10`) on port `8888`. You need to enter your credentials if you set them with `TINYPROXY_USER` and `TINYPROXY_PASSWORD`.
Fixes several small bugs regarding #48 - Proxies are `off` by default so `SHADOWSOCKS_PASSWORD` is not required - Documentation fixed and clarified - `PORT_FORWARDING` should be `on` or `off` only now (although it's backward compatible with `false` and `true`)
2019-09-10 09:05:49 -04:00
1. If you set `TINYPROXY_LOG` to `Info`, more information will be logged in the Docker logs, merged with the OpenVPN logs.
Shadowsocks proxy built-in, fixes #30 (#46) * Added ShadowSocks proxy to container * Updated docker-compose.yml example * Updated readme with new instructions for Shadowsocks proxy
2019-09-09 20:39:47 -04:00
`TINYPROXY_LOG` defaults to `Critical` to avoid logging everything, for privacy purposes.
</p></details>
- <details><summary>Connect LAN devices through the built-in SOCKS5 proxy *Shadowsocks* (per app, system wide, etc.)</summary><p>
1. Setup a SOCKS5 proxy client, there is a list of [ShadowSocks clients for **all platforms**](https://shadowsocks.org/en/download/clients.html)
Updated readme regarding UDP tunneling with Shadowsocks, see #30
2019-09-11 16:36:00 -04:00
- **note** that some clients do not tunnel UDP so your DNS queries will be done locally and not through PIA and its built in DNS over TLS
Shadowsocks proxy built-in, fixes #30 (#46) * Added ShadowSocks proxy to container * Updated docker-compose.yml example * Updated readme with new instructions for Shadowsocks proxy
2019-09-09 20:39:47 -04:00
1. Ensure the PIA container is launched with:
- port `8388` published `-p 8388:8388/tcp -p 8388:8388/udp`
- your LAN subnet, i.e. `192.168.1.0/24`, set as `-e EXTRA_SUBNETS=192.168.1.0/24`
1. With your SOCKS5 proxy client, connect to the Docker host (i.e. `192.168.1.10`) on port `8388`, using the password you have set with `SHADOWSOCKS_PASSWORD`.
Fixes several small bugs regarding #48 - Proxies are `off` by default so `SHADOWSOCKS_PASSWORD` is not required - Documentation fixed and clarified - `PORT_FORWARDING` should be `on` or `off` only now (although it's backward compatible with `false` and `true`)
2019-09-10 09:05:49 -04:00
1. If you set `SHADOWSOCKS_LOG` to `on`, more information will be logged in the Docker logs, merged with the OpenVPN logs.
Reworked readme to connect containers to PIA and access their ports
2019-06-22 18:00:17 +02:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
</p></details>
- <details><summary>Access ports of containers connected to PIA</summary><p>
Re-added section on publishing ports of containers connected to PIA
2018-11-18 19:31:09 +02:00
Removed old unnecessary reverse proxy instructions
2019-06-29 17:20:10 +02:00
In example, to access port `8000` of container `xyz` and `9000` of container `abc` connected to PIA,
publish ports `8000` and `9000` for the PIA container and access them as you would with any other container
Re-added section on publishing ports of containers connected to PIA
2018-11-18 19:31:09 +02:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
</p></details>
Reworked readme to connect containers to PIA and access their ports
2019-06-22 18:00:17 +02:00
- <details><summary>Access ports of containers connected to PIA, all in the same docker-compose.yml</summary><p>
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
In example, to access port `8000` of container `xyz` and `9000` of container `abc` connected to PIA, publish port `8000` and `9000` for the PIA container.
The docker-compose.yml file would look like:
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
```yml
Fixes #35 not working docker-compose.yml
2019-07-28 18:18:59 -04:00
version: '3.7'
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
services:
Reworked readme to connect containers to PIA and access their ports
2019-06-22 18:00:17 +02:00
pia:
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
image: qmcgaw/private-internet-access
container_name: pia
Fixes #35 not working docker-compose.yml
2019-07-28 18:18:59 -04:00
init: true
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
cap_add:
Reworked readme to connect containers to PIA and access their ports
2019-06-22 18:00:17 +02:00
- NET_ADMIN
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
devices:
Reworked readme to connect containers to PIA and access their ports
2019-06-22 18:00:17 +02:00
- /dev/net/tun
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
environment:
Reworked readme to connect containers to PIA and access their ports
2019-06-22 18:00:17 +02:00
- USER=js89ds7
- PASSWORD=8fd9s239G
ports:
- 8000:8000/tcp
- 9000:9000/tcp
abc:
image: abc
container_name: abc
network_mode: "service:pia"
xyz:
image: xyz
container_name: xyz
network_mode: "service:pia"
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
```
Added section on docker-compose services to publish ports
2018-11-20 09:27:10 +02:00
Full rework of readme with simplified instructions and collapsibles
2019-05-23 11:58:52 +02:00
</p></details>
Adding QEMU static arm binary to build ARM images
2019-04-26 16:02:14 +02:00
Added port forwarding, fixes #14
2019-06-26 17:24:10 +02:00
## Port forwarding
Fixes several small bugs regarding #48 - Proxies are `off` by default so `SHADOWSOCKS_PASSWORD` is not required - Documentation fixed and clarified - `PORT_FORWARDING` should be `on` or `off` only now (although it's backward compatible with `false` and `true`)
2019-09-10 09:05:49 -04:00
By setting `PORT_FORWARDING` environment variable to `on`, the forwarded port will be read and written to the file specified in `PORT_FORWARDING_STATUS_FILE` (by default, this is set to `/forwarded_port`). If the location for this file does not exist, it will be created automatically.
Fix/improve port forwarding handling
2019-07-15 22:02:40 +02:00
You can mount this file as a volume to read it from other containers.
Added port forwarding, fixes #14
2019-06-26 17:24:10 +02:00
Note that not all regions support port forwarding.
Multiple additions and fixes #12 - Unbound ran as `nonrootuser` - Readme updated - auth.conf replaced by `USER` and `PASSWORD` env variables - Removed Nginx section from readme for now - Reworked entrypoint with more checks - Malicious IPs and hostnames building is done at Docker build to gain time at launch - docker-compose updated to reflect changes
2018-11-14 14:38:10 +02:00
## For the paranoids
Update README.md
2018-02-21 11:55:45 -05:00
Updated README - Fixed ARM instructions - More collapsibles - Added all-in-one docker-compose example from issue 21
2019-05-22 09:34:33 +02:00
- You can review the code which essential consists in the [Dockerfile](https://github.com/qdm12/private-internet-access-docker/blob/master/Dockerfile) and [entrypoint.sh](https://github.com/qdm12/private-internet-access-docker/blob/master/entrypoint.sh)
Multiple additions and fixes #12 - Unbound ran as `nonrootuser` - Readme updated - auth.conf replaced by `USER` and `PASSWORD` env variables - Removed Nginx section from readme for now - Reworked entrypoint with more checks - Malicious IPs and hostnames building is done at Docker build to gain time at launch - docker-compose updated to reflect changes
2018-11-14 14:38:10 +02:00
- Build the images yourself:
Updated readme with more on Extra section
2018-06-03 18:05:10 -04:00
Removed Unbound from image Better use it in another Docker container, it caused quite some problems with my firewall so I thought it would be better to only
2018-09-20 20:35:29 +02:00
```bash
Multiple additions and fixes #12 - Unbound ran as `nonrootuser` - Readme updated - auth.conf replaced by `USER` and `PASSWORD` env variables - Removed Nginx section from readme for now - Reworked entrypoint with more checks - Malicious IPs and hostnames building is done at Docker build to gain time at launch - docker-compose updated to reflect changes
2018-11-14 14:38:10 +02:00
docker build -t qmcgaw/private-internet-access https://github.com/qdm12/private-internet-access-docker.git
Removed Unbound from image Better use it in another Docker container, it caused quite some problems with my firewall so I thought it would be better to only
2018-09-20 20:35:29 +02:00
```
Updated readme with more on Extra section
2018-06-03 18:05:10 -04:00
Multiple additions and fixes #12 - Unbound ran as `nonrootuser` - Readme updated - auth.conf replaced by `USER` and `PASSWORD` env variables - Removed Nginx section from readme for now - Reworked entrypoint with more checks - Malicious IPs and hostnames building is done at Docker build to gain time at launch - docker-compose updated to reflect changes
2018-11-14 14:38:10 +02:00
- The download and unziping of PIA openvpn files is done at build for the ones not able to download the zip files
- Checksums for PIA openvpn zip files are not used as these files change often (but HTTPS is used)
- Use `-e ENCRYPTION=strong -e BLOCK_MALICIOUS=on`
Updated readme regarding UDP tunneling with Shadowsocks, see #30
2019-09-11 16:36:00 -04:00
- You can test DNSSEC using [internet.nl/connection](https://www.internet.nl/connection/)
- Check DNS leak tests with [https://www.dnsleaktest.com](https://www.dnsleaktest.com)
Updated readme for ARM devices and DNS leak tests
2019-04-03 19:21:49 +02:00
- DNS Leaks tests might not work because of [this](https://github.com/qdm12/cloudflare-dns-server#verify-dns-connection) (*TLDR*: DNS server is a local caching intermediary)
Re-added Unbound DNS over TLS It turns out you can't use a local DNS server once connected with the VPN, so running the DNS over TLS in the PIA container is the best.
2018-09-21 11:28:23 +02:00
Fixes #38 by warning user to escape characters for passwords
2019-09-02 11:33:56 -04:00
## Troubleshooting
- Password problems `AUTH: Received control message: AUTH_FAILED`
- Your password may contain a special character such as `$`.
You need to escape it with `\` in your run command or docker-compose.yml.
For example you would set `-e PASSWORD=mypa\$\$word`.
Fixes several small bugs regarding #48 - Proxies are `off` by default so `SHADOWSOCKS_PASSWORD` is not required - Documentation fixed and clarified - `PORT_FORWARDING` should be `on` or `off` only now (although it's backward compatible with `false` and `true`)
2019-09-10 09:05:49 -04:00
- Fallback to a previous version
1. Clone the repository on your machine
```sh
git clone https://github.com/qdm12/private-internet-access-docker.git pia
cd pia
```
1. Look up which commit you want to go back to [here](https://github.com/qdm12/private-internet-access-docker/commits/master), i.e. `942cc7d4d10545b6f5f89c907b7dd1dbc39368e0`
1. Revert to this commit locally
```sh
git reset --hard 942cc7d4d10545b6f5f89c907b7dd1dbc39368e0
```
1. Build the Docker image
```sh
docker build -t qmcgaw/private-internet-access .
```
Fixes #38 by warning user to escape characters for passwords
2019-09-02 11:33:56 -04:00
Reworked labels, readme and added License
2018-10-29 16:32:11 +01:00
## TODOs
Shadowsocks proxy built-in, fixes #30 (#46) * Added ShadowSocks proxy to container * Updated docker-compose.yml example * Updated readme with new instructions for Shadowsocks proxy
2019-09-09 20:39:47 -04:00
- Shadowsocks
- Get logs from file and merge with docker stdout
- Mix Logs of Unbound
Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command
2019-06-29 13:42:44 +02:00
- Maybe use `--inactive 3600 --ping 10 --ping-exit 60` as default behavior
- Try without tun
Updated Readme, proxy is not working yet
2019-06-29 00:42:30 +02:00
Reworked labels, readme and added License
2018-10-29 16:32:11 +01:00
## License
Re-added Unbound DNS over TLS It turns out you can't use a local DNS server once connected with the VPN, so running the DNS over TLS in the PIA container is the best.
2018-09-21 11:28:23 +02:00
Readme update
2018-10-29 17:03:24 +01:00
This repository is under an [MIT license](https://github.com/qdm12/private-internet-access-docker/master/license)
Reference in New Issue Copy Permalink