Documentation: readme sections moved to Wiki

2020-12-31 04:40:04 +00:00
parent 23c0334f68
commit f7a842e4ee
1 changed files with 14 additions and 340 deletions
--- a/README.md
+++ b/README.md
@@ -45,8 +45,8 @@ Mullvad, Windscribe, Surfshark Cyberghost, VyprVPN, NordVPN, PureVPN and Privado
 - Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
 - Built in Shadowsocks proxy (protocol based on SOCKS5 with an encryption layer, tunnels TCP+UDP)
 - Built in HTTP proxy (tunnels HTTP and HTTPS through TCP)
- [Connect other containers to it](https://github.com/qdm12/gluetun#connect-to-it)
+- [Connect other containers to it](https://github.com/qdm12/gluetun/wiki/Connect-to-gluetun)
- [Connect LAN devices to it](https://github.com/qdm12/gluetun#connect-to-it)
+- [Connect LAN devices to it](https://github.com/qdm12/gluetun/wiki/Connect-to-gluetun)
 - Compatible with amd64, i686 (32 bit), **ARM** 64 bit, ARM 32 bit v6 and v7 🎆
 - VPN server side port forwarding for Private Internet Access and Vyprvpn
 - Possibility of split horizon DNS by selecting multiple DNS over TLS providers
@@ -76,350 +76,25 @@ Mullvad, Windscribe, Surfshark Cyberghost, VyprVPN, NordVPN, PureVPN and Privado
    docker-compose up -d
    ```
-    Note that you can:
+1. Note that you can:
-    - Change the many [environment variables](#environment-variables) available
+    - Change the many [environment variables](https://github.com/qdm12/gluetun/wiki/Environment-variables) available
    - Use `-p 8888:8888/tcp` to access the HTTP web proxy
    - Use `-p 8388:8388/tcp -p 8388:8388/udp` to access the Shadowsocks proxy
-    - Use `-p 8000:8000/tcp` to access the [HTTP control server](#HTTP-control-server) built-in
+    - Use `-p 8000:8000/tcp` to access the [HTTP control server](https://github.com/qdm12/gluetun/wiki/HTTP-Control-server) built-in
-    - Use [Docker secrets](#Docker-secrets) to read your credentials instead of environment variables
+    - Use [Docker secrets](https://github.com/qdm12/gluetun/wiki/Docker-secrets) to read your credentials instead of environment variables
-    **If you encounter an issue with the tun device not being available, see [the FAQ](https://github.com/qdm12/gluetun/blob/master/doc/faq.md#how-to-fix-openvpn-failing-to-start)**
+1. (Optional) [Test your setup](https://github.com/qdm12/gluetun/wiki/Test-your-setup)
 1. [How to connect other containers and devices to Gluetun](https://github.com/qdm12/gluetun/wiki/Connect-to-gluetun)
 1. [VPN server side port forwarding](https://github.com/qdm12/gluetun/wiki/Port-forwarding)
 1. [HTTP control server](https://github.com/qdm12/gluetun/wiki/HTTP-Control-server) to automate things, restart Openvpn etc.
 1. You can update the image with `docker pull qmcgaw/gluetun:latest`. See the [Wiki](https://github.com/qdm12/gluetun/wiki/Docker-image-tags) for Docker tags available.
-1. You can update the image with `docker pull qmcgaw/gluetun:latest`. See the [wiki](https://github.com/qdm12/gluetun/wiki/Common-issues#use-a-release-tag) for more information on other tags available.
+## Development
-## Testing
+- 💻 [Contribute with code](https://github.com/qdm12/gluetun/wiki/Developement) ([existing contributors 👍](https://github.com/qdm12/gluetun/blob/master/.github/CONTRIBUTING.md#Contributors))
 Check the VPN IP address matches your expectations
 ```sh
 docker run --rm --network=container:gluetun alpine:3.12 wget -qO- https://ipinfo.io
 ```
 ▶ [Testing Wiki page](https://github.com/qdm12/gluetun/wiki/Testing-the-setup)
 ## Environment variables
 **TLDR**; only set the 🏁 marked environment variables to get started.
 💡 For all server filtering options such as `REGION`, you can have multiple values separated by a comma, i.e. `REGION=Germany,Singapore`
 ### VPN
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | 🏁 `VPNSP` | `private internet access` | `private internet access`, `mullvad`, `windscribe`, `surfshark`, `vyprvpn`, `nordvpn`, `purevpn`, `privado` | VPN Service Provider |
 | `PUBLICIP_FILE` | `/tmp/gluetun/ip` | Any filepath | Filepath to store the public IP address assigned |
 | `PROTOCOL` | `udp` | `udp` or `tcp` | Network protocol to use |
 | `OPENVPN_VERBOSITY` | `1` | `0` to `6` | Openvpn verbosity level |
 | `OPENVPN_ROOT` | `no` | `yes` or `no` | Run OpenVPN as root |
 | `OPENVPN_TARGET_IP` | | Valid IP address | Specify a target VPN IP address to use |
 | `OPENVPN_CIPHER` | | i.e. `aes-256-gcm` | Specify a custom cipher to use. It will also set `ncp-disable` if using AES GCM for PIA |
 | `OPENVPN_AUTH` | | i.e. `sha256` | Specify a custom auth algorithm to use |
 | `OPENVPN_IPV6` | `off` | `on`, `off` | Enable tunneling of IPv6 (only for Mullvad) |
 *For all providers below, server location parameters are all optional. By default a random server is picked using the filter settings provided.*
 - Private Internet Access
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `OPENVPN_USER` | | | Your username |
    | 🏁 `OPENVPN_PASSWORD` | | | Your password |
    | `REGION` | | One of the [PIA regions](https://www.privateinternetaccess.com/pages/network/) | VPN server region |
    | `PIA_ENCRYPTION` | `strong` | `normal`, `strong` | Encryption preset |
    | `PORT_FORWARDING` | `off` | `on`, `off` | Enable port forwarding on the VPN server |
    | `PORT_FORWARDING_STATUS_FILE` | `/tmp/gluetun/forwarded_port` | Any filepath | Filepath to store the forwarded port number |
 - Mullvad
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `OPENVPN_USER` | | | Your user ID |
    | `COUNTRY` | | One of the [Mullvad countries](https://mullvad.net/en/servers/#openvpn) | VPN server country |
    | `CITY` | | One of the [Mullvad cities](https://mullvad.net/en/servers/#openvpn) | VPN server city |
    | `ISP` | | One of the [Mullvad ISP](https://mullvad.net/en/servers/#openvpn) | VPN server ISP |
    | `PORT` | | `80`, `443` or `1401` for TCP; `53`, `1194`, `1195`, `1196`, `1197`, `1300`, `1301`, `1302`, `1303` or `1400` for UDP. Defaults to TCP `443` and UDP `1194` | Custom VPN port to use |
    | `OWNED` | `no` | `yes` or `no` | If the VPN server is owned by Mullvad |
    💡 [Mullvad IPv6 Wiki page](https://github.com/qdm12/gluetun/wiki/Mullvad-IPv6)
    For **port forwarding**, obtain a port from [here](https://mullvad.net/en/account/#/ports) and add it to `FIREWALL_VPN_INPUT_PORTS`
 - Windscribe (see [this](https://github.com/qdm12/gluetun/blob/master/internal/constants/windscribe.go#L43) for the choices of regions, cities and hostnames)
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `OPENVPN_USER` | | | Your username |
    | 🏁 `OPENVPN_PASSWORD` | | | Your password |
    | `REGION` | | | Comma separated list of regions to choose the VPN server |
    | `CITY` | | | Comma separated list of cities to choose the VPN server |
    | `HOSTNAME` | | | Comma separated list of hostnames to choose the VPN server |
    | `PORT` | | One from the [this list of ports](https://windscribe.com/getconfig/openvpn) | Custom VPN port to use |
 - Surfshark
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `OPENVPN_USER` | | | Your **service** username, found at the bottom of the [manual setup page](https://account.surfshark.com/setup/manual) |
    | 🏁 `OPENVPN_PASSWORD` | | | Your **service** password |
    | `REGION` | | One of the [Surfshark regions](https://github.com/qdm12/gluetun/wiki/Surfshark-Servers) | VPN server region |
 - Cyberghost
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `OPENVPN_USER` | | | Your username |
    | 🏁 `OPENVPN_PASSWORD` | | | Your password |
    | 🏁 | | | **See additional setup steps below** |
    | `REGION` | | One of the Cyberghost regions, [Wiki page](https://github.com/qdm12/gluetun/wiki/Cyberghost-Servers) | VPN server country |
    | `CYBERGHOST_GROUP` | `Premium UDP Europe` | One of the server groups (see above Wiki page) | Server group |
    **Additional setup steps**: If you use docker Swarm or docker-compose, you should use the [Docker secrets](#Docker-secrets) `openvpn_clientkey` and `openvpn_clientcrt`.
    Otherwise, bind mount your `client.key` and `client.crt` files with, for example:
    ```sh
    -v /yourpath/client.key:/gluetun/client.key:ro -v /yourpath/client.crt:/gluetun/client.crt:ro
    ```
 - Vyprvpn
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `OPENVPN_USER` | | | Your username |
    | 🏁 `OPENVPN_PASSWORD` | | | Your password |
    | `REGION` | | One of the [VyprVPN regions](https://www.vyprvpn.com/server-locations) | VPN server region |
    For **port forwarding**, add a port you want to be accessible to `FIREWALL_VPN_INPUT_PORTS`
 - NordVPN
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `OPENVPN_USER` | | | Your username |
    | 🏁 `OPENVPN_PASSWORD` | | | Your password |
    | `REGION` | | One of the NordVPN server country, i.e. `Switzerland` | VPN server country |
    | `SERVER_NUMBER` | | Server integer number | Optional server number. For example `251` for `Italy #251` |
 - PureVPN
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `OPENVPN_USER` | | | Your username |
    | 🏁 `OPENVPN_PASSWORD` | | | Your password |
    | `REGION` | | One of the [PureVPN regions](https://support.purevpn.com/vpn-servers) | VPN server region |
    | `COUNTRY` | | One of the [PureVPN countries](https://support.purevpn.com/vpn-servers) | VPN server country |
    | `CITY` | | One of the [PureVPN cities](https://support.purevpn.com/vpn-servers) | VPN server city |
 - Privado
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `OPENVPN_USER` | | | Your username |
    | 🏁 `OPENVPN_PASSWORD` | | | Your password |
    | `HOSTNAME` | | [One of the Privado hostname](internal/constants/privado.go#L26), i.e. `ams-001.vpn.privado.io` | VPN server hostname |
 ### DNS over TLS
 None of the following values are required.
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `DOT` | `on` | `on`, `off` | Activate DNS over TLS with Unbound |
 | `DOT_PROVIDERS` | `cloudflare` | `cloudflare`, `google`, `quad9`, `quadrant`, `cleanbrowsing`, `securedns`, `libredns` | Comma delimited list of DNS over TLS providers |
 | `DOT_CACHING` | `on` | `on`, `off` | Unbound caching |
 | `DOT_IPV6` | `off` | `on`, `off` | DNS IPv6 resolution |
 | `DOT_PRIVATE_ADDRESS` | All private CIDRs ranges | | Comma separated list of CIDRs or single IP addresses Unbound won't resolve to. Note that the default setting prevents DNS rebinding |
 | `DOT_VERBOSITY` | `1` | `0` to `5` | Unbound verbosity level |
 | `DOT_VERBOSITY_DETAILS` | `0` | `0` to `4` | Unbound details verbosity level |
 | `DOT_VALIDATION_LOGLEVEL` | `0` | `0` to `2` | Unbound validation log level |
 | `DNS_UPDATE_PERIOD` | `24h` | i.e. `0`, `30s`, `5m`, `24h` | Period to update block lists and cryptographic files and restart Unbound. Set to `0` to deactivate updates |
 | `BLOCK_MALICIOUS` | `on` | `on`, `off` | Block malicious hostnames and IPs with Unbound |
 | `BLOCK_SURVEILLANCE` | `off` | `on`, `off` | Block surveillance hostnames and IPs with Unbound |
 | `BLOCK_ADS` | `off` | `on`, `off` | Block ads hostnames and IPs with Unbound |
 | `UNBLOCK` | |i.e. `domain1.com,x.domain2.co.uk` | Comma separated list of domain names to leave unblocked with Unbound |
 | `DNS_PLAINTEXT_ADDRESS` | `1.1.1.1` | Any IP address | IP address to use as DNS resolver if `DOT` is `off` |
 | `DNS_KEEP_NAMESERVER` | `off` | `on` or `off` | Keep the nameservers in /etc/resolv.conf untouched, but disabled DNS blocking features |
 ### Firewall and routing
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `FIREWALL` | `on` | `on` or `off` | Turn on or off the container built-in firewall. You should use it for **debugging purposes** only. |
 | `FIREWALL_VPN_INPUT_PORTS` | | i.e. `1000,8080` | Comma separated list of ports to allow from the VPN server side (useful for **vyprvpn** port forwarding) |
 | `FIREWALL_INPUT_PORTS` | | i.e. `1000,8000` | Comma separated list of ports to allow through the default interface. This seems needed for Kubernetes sidecars. |
 | `FIREWALL_DEBUG` | `off` | `on` or `off` | Prints every firewall related command. You should use it for **debugging purposes** only. |
 | `FIREWALL_OUTBOUND_SUBNETS` | | i.e. `192.168.1.0/24,192.168.10.121,10.0.0.5/28` | Comma separated subnets that Gluetun and the containers sharing its network stack are allowed to access. This involves firewall and routing modifications. |
 ### Shadowsocks
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `SHADOWSOCKS` | `off` | `on`, `off` | Enable the internal Shadowsocks proxy |
 | `SHADOWSOCKS_LOG` | `off` | `on`, `off` | Enable logging |
 | `SHADOWSOCKS_PORT` | `8388` | `1024` to `65535` | Internal port number for Shadowsocks to listen on |
 | `SHADOWSOCKS_PASSWORD` | |  | Password to use to connect to Shadowsocks |
 | `SHADOWSOCKS_METHOD` | `chacha20-ietf-poly1305` | `chacha20-ietf-poly1305`, `aes-128-gcm`, `aes-256-gcm` | Method to use for Shadowsocks |
 ### HTTP proxy
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `HTTPPROXY` | `off` | `on`, `off` | Enable the internal HTTP proxy |
 | `HTTPPROXY_LOG` | `off` | `on` or `off` | Logs every tunnel requests |
 | `HTTPPROXY_PORT` | `8888` | `1024` to `65535` | Internal port number for the HTTP proxy to listen on |
 | `HTTPPROXY_USER` | | | Username to use to connect to the HTTP proxy |
 | `HTTPPROXY_PASSWORD` | | | Password to use to connect to the HTTP proxy |
 | `HTTPPROXY_STEALTH` | `off` | `on` or `off` | Stealth mode means HTTP proxy headers are not added to your requests |
 ### System
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `TZ` | | i.e. `Europe/London` | Specify a timezone to use to have correct log times |
 | `PUID` | `1000` | | User ID to run as non root and for ownership of files written |
 | `PGID` | `1000` | | Group ID to run as non root and for ownership of files written |
 ### HTTP Control server
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `HTTP_CONTROL_SERVER_PORT` | `8000` | `1` to `65535` | Listening port for the HTTP control server |
 | `HTTP_CONTROL_SERVER_LOG` | `on` | `on` or `off` | Enable logging of HTTP requests |
 ### Other
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `PUBLICIP_PERIOD` | `12h` | Valid duration | Period to check for public IP address. Set to `0` to disable. |
 | `VERSION_INFORMATION` | `on` | `on`, `off` | Logs a message indicating if a newer version is available once the VPN is connected |
 | `UPDATER_PERIOD` | `0` | Valid duration string such as `24h` | Period to update all VPN servers information in memory and to /gluetun/servers.json. Set to `0` to disable. This does a burst of DNS over TLS requests, which may be blocked if you set `BLOCK_MALICIOUS=on` for example. |
 ## Docker secrets
 If you use Docker Compose or Docker Swarm, you can optionally use [Docker secret files](https://docs.docker.com/engine/swarm/secrets/) for all sensitive values such as your Openvpn credentials, instead of using environment variables.
 The following secrets can be used:
 - `openvpn_user`
 - `openvpn_password`
 - `openvpn_clientkey`
 - `openvpn_clientcrt`
 - `httpproxy_username`
 - `httpproxy_password`
 - `shadowsocks_password`
 By default, `openvpn_user` and `openvpn_password` are set in [docker-compose.yml](docker-compose.yml)
 Note that you can change the secret file path in the container by changing the environment variable in the form `<capitalizedSecretName>_SECRETFILE`.
 For example, `OPENVPN_PASSWORD_SECRETFILE` defaults to `/run/secrets/openvpn_password` which you can change.
 ## Connect to it
 There are various ways to achieve this, depending on your use case.
 - <details><summary>Connect containers in the same docker-compose.yml as Gluetun</summary><p>
    Add `network_mode: "service:gluetun"` to your *docker-compose.yml* (no need for `depends_on`)
    </p></details>
 - <details><summary>Connect other containers to Gluetun</summary><p>
    Add `--network=container:gluetun` when launching the container, provided Gluetun is already running
    </p></details>
 - <details><summary>Connect containers from another docker-compose.yml</summary><p>
    Add `network_mode: "container:gluetun"` to your *docker-compose.yml*, provided Gluetun is already running
    </p></details>
 - <details><summary>Connect LAN devices through the built-in HTTP proxy (i.e. with Chrome, Kodi, etc.)</summary><p>
    ⚠️ You might want to use Shadowsocks instead which tunnels UDP as well as TCP and does not leak your credentials.
    The HTTP proxy will not encrypt your username and password every time you send a request to the HTTP proxy server.
    1. Setup an HTTP proxy client, such as [SwitchyOmega for Chrome](https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif?hl=en)
    1. Ensure the Gluetun container is launched with:
        - port `8888` published `-p 8888:8888/tcp`
    1. With your HTTP proxy client, connect to the Docker host (i.e. `192.168.1.10`) on port `8888`. You need to enter your credentials if you set them with `HTTPPROXY_USER` and `HTTPPROXY_PASSWORD`. Note that Chrome does not support authentication.
    1. If you set `HTTPPROXY_LOG` to `on`, more information will be logged in the Docker logs
    </p></details>
 - <details><summary>Connect LAN devices through the built-in *Shadowsocks* proxy (per app, system wide, etc.)</summary><p>
    1. Setup a Shadowsocks proxy client, there is a list of [ShadowSocks clients for **all platforms**](https://shadowsocks.org/en/download/clients.html)
        - **note** some clients do not tunnel UDP so your DNS queries will be done locally and not through Gluetun and its built in DNS over TLS
        - Clients that support such UDP tunneling are, as far as I know:
            - iOS: Potatso Lite
            - OSX: ShadowsocksX
            - Android: Shadowsocks by Max Lv
    1. Ensure the Gluetun container is launched with:
        - port `8388` published `-p 8388:8388/tcp -p 8388:8388/udp`
    1. With your Shadowsocks proxy client
        - Enter the Docker host (i.e. `192.168.1.10`) as the server IP
        - Enter port TCP (and UDP, if available) `8388` as the server port
        - Use the password you have set with `SHADOWSOCKS_PASSWORD`
        - Choose the encryption method/algorithm to the method you specified in `SHADOWSOCKS_METHOD`
    1. If you set `SHADOWSOCKS_LOG` to `on`, (a lot) more information will be logged in the Docker logs
    </p></details>
 - <details><summary>Access ports of containers connected to Gluetun</summary><p>
    In example, to access port `8000` of container `xyz`  and `9000` of container `abc` connected to Gluetun,
    publish ports `8000` and `9000` for the Gluetun container and access them as you would with any other container
    </p></details>
 - <details><summary>Access ports of containers connected to Gluetun, all in the same docker-compose.yml</summary><p>
    In example, to access port `8000` of container `xyz`  and `9000` of container `abc` connected to Gluetun, publish port `8000` and `9000` for the Gluetun container.
    The docker-compose.yml file would look like:
    ```yml
    version: '3.7'
    services:
      gluetun:
        image: qmcgaw/gluetun
        container_name: gluetun
        cap_add:
          - NET_ADMIN
        environment:
          - OPENVPN_USER=js89ds7
          - OPENVPN_PASSWORD=8fd9s239G
        ports:
          - 8000:8000/tcp
          - 9000:9000/tcp
      abc:
        image: abc
        container_name: abc
        network_mode: "service:gluetun"
      xyz:
        image: xyz
        container_name: xyz
        network_mode: "service:gluetun"
    ```
    </p></details>
 ## Private Internet Access port forwarding
 When `PORT_FORWARDING=on`, a port will be forwarded on the VPN server side and written to the file specified by `PORT_FORWARDING_STATUS_FILE=/tmp/gluetun/forwarded_port`.
 It can be useful to mount this file as a volume to read it from other containers, for example to configure a torrenting client.
 For `VPNSP=private internet access` (default), you will keep the same forwarded port for 60 days as long as you bind mount the `/gluetun` directory.
 You can also use the HTTP control server (see below) to get the port forwarded.
 ## HTTP control server
 [Wiki page](https://github.com/qdm12/gluetun/wiki/HTTP-Control-server)
 ## Development and contributing
 - Contribute with code: start with [this Wiki page](https://github.com/qdm12/gluetun/wiki/Developement-setup)
 - [The list of existing contributors 👍](https://github.com/qdm12/gluetun/blob/master/.github/CONTRIBUTING.md#Contributors)
 - [Github workflows](https://github.com/qdm12/gluetun/actions) to know what's building
 - [List of issues and feature requests](https://github.com/qdm12/gluetun/issues)
 - [Kanban board](https://github.com/qdm12/gluetun/projects/1)
 ## License
@@ -432,7 +107,6 @@ You can also use the HTTP control server (see below) to get the port forwarded.
  [![https://github.com/sponsors/qdm12](https://raw.githubusercontent.com/qdm12/gluetun/master/doc/sponsors.jpg)](https://github.com/sponsors/qdm12)
  [![https://www.paypal.me/qmcgaw](https://raw.githubusercontent.com/qdm12/gluetun/master/doc/paypal.jpg)](https://www.paypal.me/qmcgaw)
 - Have a look at [the Kanban board](https://github.com/qdm12/gluetun/projects/1) and [contribute](#Development-and-contributing) to the code
 - Contribute to the issues and discussions on Github
 - Many thanks to @Frepke, @Ralph521, G. Mendez, M. Otmar Weber, J. Perez, A. Cooper and **others** for supporting me financially 🥇👍