This page covers common configuration steps for Gluetun deployments and adds a practical minimal production baseline.
Gluetun is typically configured through environment variables in Docker Compose or container runtime.
Typical locations:
/opt/gluetun/.env
docker-compose.yml
# Provider
VPN_SERVICE_PROVIDER=custom
VPN_TYPE=wireguard
# WireGuard credentials/settings
WIREGUARD_PRIVATE_KEY=replace-with-private-key
WIREGUARD_ADDRESSES=10.64.222.21/32
WIREGUARD_PUBLIC_KEY=replace-with-server-public-key
WIREGUARD_ENDPOINT_IP=203.0.113.10
WIREGUARD_ENDPOINT_PORT=51820
# Optional provider region/server filters
SERVER_COUNTRIES=Germany
# DNS and firewall
DNS_ADDRESS=1.1.1.1
FIREWALL=on
# Logging
LOG_LEVEL=info
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
env_file:
- .env
ports:
- "8080:8080" # Example app behind Gluetun
restart: unless-stopped
VPN_SERVICE_PROVIDER, VPN_TYPE)WIREGUARD_* or OpenVPN credentials)FIREWALL, DNS)SERVER_COUNTRIES, region filters)LOG_LEVEL)NET_ADMIN and /dev/net/tun available..env/secret store, not in committed files.Restart the service after env/config changes:
docker compose up -d
For standalone container:
docker restart gluetun
Check container status and logs:
docker compose ps
docker logs --tail=100 gluetun
Validate outbound IP from inside container:
docker exec -it gluetun sh -c 'wget -qO- ifconfig.io || curl -s ifconfig.io'
Confirm DNS behavior:
docker exec -it gluetun sh -c 'nslookup example.com'
.env and Compose definition in secure storage.