Giter VIP home page Giter VIP logo

nordvpn's Introduction


Official NordVPN client in a docker container; it makes routing traffic through the NordVPN network easy.

How to use this image

This container was designed to be started first to provide a connection to other containers (using --net=container:vpn, see below Starting an NordVPN client instance).

NOTE: More than the basic privileges are needed for NordVPN. With docker 1.2 or newer you can use the --cap-add=NET_ADMIN option. Earlier versions, or with fig, and you'll have to run it in privileged mode.

Starting an NordVPN instance

docker run -ti --cap-add=NET_ADMIN --name vpn \
           -e [email protected] -e PASS='pas$word' \
           -e TECHNOLOGY=NordLynx -d ghcr.io/bubuntux/nordvpn

Once it's up other containers can be started using its network connection:

docker run -it --net=container:vpn -d some/docker-container

docker-compose example

version: "3"
services:
  vpn:
    image: ghcr.io/bubuntux/nordvpn
    cap_add:
      - NET_ADMIN               # Required
    environment:                # Review https://github.com/bubuntux/nordvpn#environment-variables
      - [email protected]     # Required
      - "PASS=pas$word"         # Required
      - CONNECT=United_States
      - TECHNOLOGY=NordLynx
      - NETWORK=192.168.1.0/24  # So it can be accessed withinh the local network
    ulimits:                    # Recommended for High bandwidth scenarios
      memlock:
        soft: -1
        hard: -1
    ports:
      - 8080:8080
  torrent:
    image: ghcr.io/linuxserver/qbittorren
    network_mode: service:vpn
    depends_on:
      - vpn
      
# The torrent service would be available at https://localhost:8080/ or anywhere inside the local network http://192.168.1.xxx:8080

docker-compose example using reverse proxy

version: "3"
services:
  proxy:
    image: traefik:v2.4         # Review traefik documentation https://doc.traefik.io/traefik/ 
    container_name: traefik
    command:
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
    ports:
      - 80:80
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped
  vpn:
    image: ghcr.io/bubuntux/nordvpn
    cap_add:
      - NET_ADMIN               # Required
    environment:                # Review https://github.com/bubuntux/nordvpn#environment-variables
      - [email protected]     # Required
      - "PASS=pas$word"         # Required
      - CONNECT=United_States
      - TECHNOLOGY=NordLynx
    ulimits:                    # Recommended for High bandwidth scenarios
      memlock:
        soft: -1
        hard: -1
    ports:
      - 8080:8080
  torrent:
    image: ghcr.io/linuxserver/qbittorren
    network_mode: service:vpn
    labels:
      - traefik.enable=true
      - traefik.http.services.torrent.loadbalancer.server.port=8080
      - traefik.http.routers.torrent.rule=Host(`custom-host`)
    depends_on:
      - vpn
      
# Make sure that custom-host resolves to the ip address of the server 
# for example /etc/hosts contains 127.0.0.1  custom-host
# the torrent service would be available at http://custom-host

docker-compose example using reverse proxy with TLS

version: "3"
services:
  proxy:
    image: traefik:v2.4             # Review traefik documentation https://doc.traefik.io/traefik/ 
    container_name: traefik
    command:
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls.certresolver=letsencrypt
      - --certificatesresolvers.letsencrypt.acme.tlschallenge=true
      - [email protected]
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - ./letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped
  domain:
    image: ghcr.io/linuxserver/duckdns   # Review duckdns documentation https://github.com/linuxserver/docker-duckdns
    container_name: duckdns
    environment:
      - TOKEN=ABCDFEG                    # Required
      - SUBDOMAINS=domain1,domain2       # Required
    restart: unless-stopped
  media:
    image: ghcr.io/linuxserver/plex
    container_name: plex
    labels:
      - traefik.enable=true
      - traefik.http.services.media.loadbalancer.server.port=32400
      - traefik.http.routers.media.rule=Host(`myplex.duckdns.org`)   # Replace with your domain
    devices:
      - /dev/dri:/dev/dri
    restart: unless-stopped
  vpn:
    image: ghcr.io/bubuntux/nordvpn
    container_name: nordvpn
    cap_add:
      - NET_ADMIN               # Required
    environment:                # Review https://github.com/bubuntux/nordvpn#environment-variables
      - [email protected]     # Required
      - "PASS=pas$word"         # Required
      - CONNECT=United_States
      - TECHNOLOGY=NordLynx
      - WHITELIST=showrss.info,rarbg.to,yts.mx
    ulimits:                    # Recommended for High bandwidth scenarios
      memlock:
        soft: -1
        hard: -1
    restart: unless-stopped
  torrent:
    image: ghcr.io/linuxserver/qbittorrent
    container_name: qbittorrent
    network_mode: service:vpn
    depends_on:
      - vpn
    labels:
      - traefik.enable=true
      - traefik.http.services.torrent.loadbalancer.server.port=8080
      - traefik.http.routers.torrent.rule=Host(`mytorrent.duckdns.org`)  # Replace with your domain
    restart: unless-stopped
    
# Make sure that you can access your server from the internet
# for example configure dmz on your router
# the torrent service would be available at https://mytorrent.duckdns.org

ENVIRONMENT VARIABLES

  • USER - User for NordVPN account.
  • PASS - Password for NordVPN account, surrounding the password in single quotes will prevent issues with special characters such as $.
  • CONNECT - [country]/[server]/[country_code]/[city]/[group] or [country] [city], if none provide you will connect to the recommended server.
    • Provide a [country] argument to connect to a specific country. For example: Australia , Use docker run --rm ghcr.io/bubuntux/nordvpn countries to get the list of countries.
    • Provide a [server] argument to connect to a specific server. For example: jp35 , Full List
    • Provide a [country_code] argument to connect to a specific country. For example: us
    • Provide a [city] argument to connect to a specific city. For example: 'Hungary Budapest' , Use docker run --rm ghcr.io/bubuntux/nordvpn cities [country] to get the list of cities.
    • Provide a [group] argument to connect to a specific servers group. For example: P2P , Use docker run --rm ghcr.io/bubuntux/nordvpn n_groups to get the full list.
    • --group value, -g value Specify a server group to connect to. For example: 'us -g p2p'
  • CYBER_SEC - Enable or Disable. When enabled, the CyberSec feature will automatically block suspicious websites so that no malware or other cyber threats can infect your device. Additionally, no flashy ads will come into your sight. More information on how it works: https://nordvpn.com/features/cybersec/.
  • DNS - Can set up to 3 DNS servers. For example 1.1.1.1,8.8.8.8 or Disable, Setting DNS disables CyberSec.
  • FIREWALL - Enable or Disable.
  • KILLSWITCH - Enable or Disable. (Enabled by default using iptables) This security feature blocks your device from accessing the Internet while not connected to the VPN or in case connection with a VPN server is lost.
  • OBFUSCATE - Enable or Disable. When enabled, this feature allows to bypass network traffic sensors which aim to detect usage of the protocol and log, throttle or block it (only valid when using OpenVpn).
  • PROTOCOL - TCP or UDP (only valid when using OpenVPN).
  • TECHNOLOGY - Specify Technology to use:
    • OpenVPN - Traditional connection.
    • NordLynx - NordVpn wireguard implementation (3x-5x times faster).
  • WHITELIST - List of domains that are going to be accessible outside vpn (IE rarbg.to,yts.mx).
  • NETWORK - CIDR networks (IE 192.168.1.0/24), add a route to allows replies once the VPN is up.
  • NETWORK6 - CIDR IPv6 networks (IE fe00:d34d:b33f::/64), add a route to allows replies once the VPN is up.
  • PORTS - Semicolon delimited list of ports to whitelist for both UDP and TCP. For example '- PORTS=9091;9095'
  • PORT_RANGE - Port range to whitelist for both UDP and TCP. For example '- PORT_RANGE=9091 9095'
  • RECONNECT - Time in seconds to check connection and reconnect if need it. (300 by default) For example '- RECONNECT=600'
  • DEBUG - Set to 'on' for troubleshooting (User and Pass would be logged).

Issues

If you have any problems with or questions about this image, please contact me through a GitHub issue.

nordvpn's People

Contributors

azinchen avatar bachp avatar bjeanes avatar cnwilkin avatar dependabot[bot] avatar devyukine avatar fredericrous avatar gabrielsturtevant avatar jackwilsdon avatar jpflouret avatar mrsiejas avatar mstaack avatar slothcroissant avatar therealklanni avatar wgorczyca avatar

Stargazers

 avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.