gluetrans
This image brings together Gluetun, Transmission, and VPN Peer Ports (for PIAVPN and ProtonVPN).
10K+
This image updates Transmission peer port with the one received from VPN via Gluetun.
Please see the github page for detailed usage and documentation.
Supported VPN Providers:
Supported Gluetun Versions: v3.35 through v3.41.0+ (and minor versions)
AMD64 and ARM64 platforms are supported.
latest: Latest stable release (currently v0.3.8)vX.Y.Z: Specific version tags for pinning (e.g., v0.3.8, v0.3.7, v0.3.6). See Releases for details.dev: Development builds from active branches - expect issues, use for testing only🔒 Security Feature: Starting from v0.3.7, sensitive credentials (API keys, usernames, passwords) are automatically removed from the container environment after startup. They remain functional in memory but are not visible via
docker execor container inspection. SetDEBUG=1to keep credentials visible for troubleshooting.
Note: Gluetun v3.41.0 introduced new Control Server HTTP API endpoints. Gluetrans v0.3.6+ automatically detects and uses the correct endpoints:
- Gluetun v3.41.0+: Uses new API (
/v1/portforward,/v1/vpn/status)- Gluetun v3.40.0 and older: Uses old API (
/v1/openvpn/portforwarded,/v1/openvpn/status)The script automatically tries the new endpoint first and falls back to the old one if needed. However, your
config.tomlmust match your Gluetun version (see below).
Warning: Starting from gluetun 3.40.0+ versions, control server requires authentication.
Gluetrans, from version 0.3.5 and above provides support for this change, but an API key must be provided.Quick setup:
- Set
GLUETUN_CONTROL_API_KEYin your environment variables- Create a role in gluetun's
config.tomlwith the same API key- Map
config.tomlto gluetun container- Set the same API key in gluetrans' environment variables
docker run \
-e GLUETUN_CONTROL_ENDPOINT=http://gluetun:8000 \
-e GLUETUN_CONTROL_API_KEY=your-secret-api-key \
-e GLUETUN_HEALTH_ENDPOINT=http://gluetun:9999 \
-e TRANSMISSION_ENDPOINT=http://transmission:9091/transmission/rpc \
-e TRANSMISSION_USER=transmission \
-e TRANSMISSION_PASS=transmission \
miklosbagi/gluetrans:latest
services:
gluetun:
image: qmcgaw/gluetun:v3.41.0
cap_add:
- NET_ADMIN
ports:
- 8000:8000 # Control server
- 9091:9091 # Transmission UI
environment:
VPN_SERVICE_PROVIDER: "protonvpn" # or "private internet access"
OPENVPN_USER: My OpenVPN Username
OPENVPN_PASSWORD: My OpenVPN Password
SERVER_COUNTRIES: "Romania,Poland,Netherlands" # or SERVER_REGIONS for PIA
VPN_PORT_FORWARDING: on
VPN_PORT_FORWARDING_PROVIDER: "protonvpn"
volumes:
- ./data/gluetun:/gluetun
- ./gluetun-config/config.toml:/gluetun/auth/config.toml # Required for v3.40.0+
devices:
- /dev/net/tun:/dev/net/tun
restart: unless-stopped
transmission:
image: linuxserver/transmission:4.0.6
environment:
USER: My Transmission Username
PASS: My Transmission Password
volumes:
- ./data/transmission:/config
- ./data/transmission_downloads:/downloads
network_mode: "service:gluetun"
restart: unless-stopped
depends_on:
- gluetun
gluetrans:
image: miklosbagi/gluetrans:latest
environment:
GLUETUN_CONTROL_ENDPOINT: http://localhost:8000
GLUETUN_HEALTH_ENDPOINT: http://localhost:9999
GLUETUN_CONTROL_API_KEY: "secret-apikey-for-gluetrans"
TRANSMISSION_ENDPOINT: http://localhost:9091/transmission/rpc
TRANSMISSION_USER: My Transmission Username
TRANSMISSION_PASS: My Transmission Password
PEERPORT_CHECK_INTERVAL: 30 # optional, default: 15
GLUETUN_PICK_NEW_SERVER_AFTER: 15 # optional, default: 10
FORCED_COUNTRY_JUMP: 0 # optional, 0=disabled, e.g. 120=every 2 hours
network_mode: "service:gluetun"
depends_on:
- gluetun
For control server authentication, config.toml is required to allow gluetrans to send authenticated requests to gluetun.
Choose the config that matches YOUR Gluetun version:
[[roles]]
name = "gluetrans"
routes = ["GET /v1/portforward", "GET /v1/vpn/status", "PUT /v1/vpn/status"]
auth = "apikey"
apikey = "secret-apikey-for-gluetrans"
[[roles]]
name = "gluetrans"
routes = ["GET /v1/openvpn/portforwarded", "GET /v1/openvpn/status", "PUT /v1/openvpn/status"]
auth = "apikey"
apikey = "secret-apikey-for-gluetrans"
Why separate configs? Gluetun validates routes at startup and will reject routes that don't exist in that version. The gluetrans script automatically handles the API differences.
Mandatory:
GLUETUN_CONTROL_ENDPOINT: Control Server URL, e.g. http://gluetun:8000GLUETUN_CONTROL_API_KEY: API key for control server (required for v3.40.0+)GLUETUN_HEALTH_ENDPOINT: Health check URL, e.g. http://gluetun:9999TRANSMISSION_ENDPOINT: Transmission RPC URL, e.g. http://transmission:9091/transmission/rpcTRANSMISSION_USER: Transmission RPC usernameTRANSMISSION_PASS: Transmission RPC passwordOptional:
PEERPORT_CHECK_INTERVAL: Validation interval in seconds (default: 15)GLUETUN_PICK_NEW_SERVER_AFTER: Max retry failures before switching servers (default: 10)FORCED_COUNTRY_JUMP: Minutes between forced country changes, 0=disabled (default: 0)SANITIZE_LOGS: Omit sensitive info from logs, 0=disabled (default: 0)DEBUG: Keep credentials visible in environment for debugging, 0=disabled (default: 0)It keeps trying until you have a working peer port!
Check logs: docker logs -f gluetrans
Ideal output shows:
security: sensitive environment variables removed from environment (stored in memory only) (v0.3.7+)security: verified - sensitive vars are not accessible in main process environment (v0.3.7+)gluetun is active, country details: ...port change detected: ... updating...success: transmission port updated successfullyheartbeat: gluetun & transmission ports match (XXXXX), Port is open: YesDebug Mode: Set DEBUG=1 to keep credentials visible and see debug: DEBUG=1, keeping sensitive environment variables visible
Current Release: v0.3.8
Previous Release: v0.3.7
v0.3.6:
See Release Notes for full changelog.
Content type
Image
Digest
sha256:820dddea8…
Size
8.7 MB
Last updated
2 months ago
docker pull miklosbagi/gluetrans:dev