This is not a requirement, but recommended to run with transmission
This is a headless VPN, there is not a UI associated with this container
NordVPN - NordLynx
NordVPN is a common vpn client/server solution that utilizes OpenVPN and Wireguard. This implementation is setup to use NordLynx, which is specifically for the Wireguard implementation. Wireguard is 2x-3x faster than OpenVPN.
Comment out the VPN block if you don't need it, or if you want to use your own solution.
Token and subscription to NordVPN Is needed to use this.
See here for configuring/retrieving your TOKEN.
Note that transmission's ports are configured to be used through the VPN. Simply remove the network_mode: service:vpn from the dockerfile and uncomment the ports if you remove the vpn connection from this dockerfile.
You must explicitly configure the network_mode to pass the containers through the VPN connection (if required like for transmission), otherwise they are exposed on the Docker host and your public IP will be exposed!
- Just NordVPN Commands
| Type | Command |
|---|---|
| Start | docker compose up vpn -d |
| Shutdown | docker compose down vpn |
| Support | bubuntux/nordvpn(Github) |
NordLynx and NordVPN Example Docker Compose
NordVPN (Newer) with NordLynx capabilities inside it
services:
vpn:
container_name: ${VPN_CONTAINER_NAME}
image: ghcr.io/bubuntux/nordvpn
cap_add:
- NET_ADMIN # Required
- NET_RAW # Required
- SYS_MODULE
environment: # Review https://github.com/bubuntux/nordvpn#environment-variables
- TOKEN=${TOKEN} # Required
- CONNECT=${NORD_CONNECT_AREA} # if none provided you will connect to the recommended server
- DNS=${VPN_DNS}
- TZ=${TIMEZONE}
- TECHNOLOGY=${NORD_TECHNOLOGY} # NordLynx or OpenVPN - NordLynx is Wireguard and supposedly 3x-5x faster
- ALLOWED_IPS=${VPN_ALLOWED_IPS}
- NETWORK=${VPN_NET_LOCAL} # So it can be accessed within the local network
- NET_LOCAL=${VPN_NET_LOCAL} # So it can be accessed within the local network
ports:
- ${TRANSMISSION_HOST_PORT}:9091 # webui for Transmission - it is exposed via the docker service network internally
- ${TRANSMISSION_SEED_DISCOVERY_PORT_TCP}:51413 # for seed discovery - greatly improves performance even if not seeding
- ${TRANSMISSION_SEED_DISCOVERY_PORT_UDP}:51413/udp
- ${DUPLICATI_HOST_PORT}:8200
volumes:
- /lib/modules:/lib/modules:ro # Required to install wireguard module
sysctls:
- net.ipv6.conf.all.disable_ipv6=1 # Recomended if using ipv4 only
networks:
- homelab
restart: unless-stopped
profiles:
- all
- vpn
NordLynx (Legacy Config - use NordVPN if possible)
services:
### NORD VPN WITH WIREGUARD (NordLynx)
vpn_old:
container_name: ${VPN_CONTAINER_NAME}
image: ghcr.io/bubuntux/nordlynx
cap_add:
- NET_ADMIN #required
- NET_RAW # Required
- SYS_MODULE
security_opt:
- no-new-privileges:true
sysctls:
- net.ipv6.conf.all.disable_ipv6=1 # Recommended if using ipv4 only
environment:
- PRIVATE_KEY=${PRIVATE_KEY}= #required
- DNS=${VPN_DNS}
- ALLOWED_IPS=${VPN_ALLOWED_IPS}
- NET_LOCAL=${VPN_NET_LOCAL}
- TZ=${TIMEZONE}
ports:
- ${TRANSMISSION_HOST_PORT}:9091 # webui for Transmission - it is exposed via the docker service network internally
- ${TRANSMISSION_SEED_DISCOVERY_PORT_TCP}:51413 # for seed discovery - greatly improves performance even if not seeding
- ${TRANSMISSION_SEED_DISCOVERY_PORT_UDP}:51413/udp
- ${DUPLICATI_HOST_PORT}:8200
volumes:
- /lib/modules:/lib/modules:ro # Required to install wireguard module
restart: unless-stopped
networks:
- homelab
profiles:
- vpn_old
Nord VPN Example .env file (For both compose options)
## NORDVPN SPECIFIC VARIABLES
VPN_CONTAINER_NAME="vpn"
TOKEN=11111111111223123123123123asdba123 #CHANGE_ME - i am not used in this docker compose but if you need me i am here
PRIVATE_KEY=sdlfkabakjhslkdgjadlfkjasdfhaskdjhagsdg #CHANGE_ME - i am used
NORD_TECHNOLOGY=NordLynx # NordLynx or OpenVPN
NORD_CONNECT_AREA=United_States
NORD_CYBER_SEC=true
VPN_DNS="8.8.8.8,8.8.4.4" #CHANGE_ME - this is google's DNS if that works for you
VPN_ALLOWED_IPS="0.0.0.0/0" #CHANGE_ME - this allows all IPs
VPN_NET_LOCAL="172.16.0.0/12,192.168.0.0/16" #CHANGE_ME if your network doesn't fit this schema