Recently I had to scratch my head for a few hours to get all this to work together in Portainer stacks, so I thought I’d list my process here for anyone else having trouble.
This guide assumes that you have
- An Airvpn account
- Docker and Docker Compose installed
- I used Portainer stacks for the YAML files listed below
Go to: https://airvpn.org/generator/
Under Protocols, choose Wireguard UDP
Select your options, the click “Generate” at the bottom of the page.
Your system will download a .conf filed called something like: AirVPN_Canada_UDP-1637.conf
Open this file in a text editor.
It’s going to look something like this:
[Interface]
Address = 10.111.111.111/32, 1234:1234:1234:1234:1234:1234:1234:123a/128
PrivateKey = dGhpcyBpcyB5b3VyIHByaXZhdGUga2V5Cg==
DNS = 10.111.0.1, g3g3:67ff:g96g:b993::1
[Peer]
PublicKey = dGhpcyBpcyB5b3VyIHB1YmxpYyBrZXk=
PresharedKey = dGhpcyBpcyB5b3VyIHByZXNoYXJlZCBrZXkK=
Endpoint = ca.vpn.airdns.org:1638
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 15
For your docker compose yaml file you will need:
- The first part of Address before the comma on line 2 (10.111.111.111/32)
- The PrivateKey
- The PresharedKey
Your gluetun Docker Compose file will look something like this:
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun_wireguard #change this if needed
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp
- 8388:8388/tcp
- 8388:8388/udp
- 8100:8000 # Remote Control VPN
- 7979:7979 # qbittorrent
- 8080:8080 # sabnzbd
volumes:
- /path/to/your/folder:/gluetun #change this if needed
environment:
- SERVER_COUNTRIES=Canada #change this if needed
- VPN_SERVICE_PROVIDER=airvpn
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=dGhpcyBpcyB5b3VyIHByaXZhdGUga2V5Cg== # this comes from your downloaded .conf file
- WIREGUARD_PRESHARED_KEY=dGhpcyBpcyB5b3VyIHByZXNoYXJlZCBrZXkK= # this comes from your downloaded .conf file
- WIREGUARD_ADDRESSES=10.111.111.111/32 # this comes from your downloaded .conf file
- FIREWALL_VPN_INPUT_PORTS=8888
- TZ=America/Detroit #change this if needed
Next up are your qBittorrent and SABnzbd Docker Compose files.
The primary difference between these and “non-gluetun” compose yamls is that “ports:” are not used in the yaml.
(I’ve left them in the yaml files below, but they are commented out.)
That is handled by the gluetun yaml file shown above like this:
- 7979:7979 # qbittorrent
- 8080:8080 # sabnzbd
qBittorrent YAML
version: "2.1"
services:
qbittorrent:
image: ghcr.io/linuxserver/qbittorrent
network_mode: "container:gluetun_wireguard"
container_name: qbittorrent-gluetun # change this if you'd like
environment:
- PUID=1000 # type "id" without quotes at the command line to find your own
- PGID=1000 # type "id" without quotes at the command line to find your own
- TZ=America/Detroit # change this if you'd like
- WEBUI_PORT=7979
- UMASK_SET=002
volumes:
- /home/pi/docker/qbittorrent:/config # you will probably need to change all these volumes
- /mnt/OMV-Download/Finished-Downloads:/downloads
- /mnt/OMV-Download/Incomplete-Downloads:/downloads/incomplete
- /mnt/OMV-Download/Finished-Torrents:/downloads/finished-torrents
- /mnt/OMV-Download/Torrent-Watch:/downloads/watch
- /home/pi/docker/shared:/shared
# ports:
# - 7979:7979
# - 6881:6881/udp
# - 6881:6881
restart: unless-stopped
SABnzbd YAML
version: "2.1"
services:
sabnzbd:
image: ghcr.io/linuxserver/sabnzbd
network_mode: "container:gluetun_wireguard"
container_name: sabnzbd-gluetun # change this if you'd like
environment:
- PUID=1000 # type "id" without quotes at the command line to find your own
- PGID=1000 # type "id" without quotes at the command line to find your own
- TZ=America/Detroit
volumes:
- /home/pi/docker/sabnzbd:/config # you will probably need to change all these volumes
- /home/pi/docker/shared:/shared
- /home/pi/docker/sabnzbd/scripts:/scripts
- /mnt/OMV-Download/Finished-Downloads:/downloads
- /home/pi/docker/sabnzbd/incomplete_downloads:/incomplete-downloads
- /mnt/OMV-Download/Torrent-Watch:/watch
- /mnt/OMV-Media:/categories
- /mnt/OMV-Media/Movies:/movies
- /mnt/OMV-Media/Television:/television
# ports:
# - 8080:8080
restart: always