Routing your Docker Containers through NordVPN

In this tutorial, we will show you how to route your Docker containers through NordVPN.

NordVPN Docker Container

NordVPN is one of the most popular VPN providers, known for its speed, privacy, and reliability.

Using a VPN allows you to route your internet connection through another location, helping mask your presence online. In some cases, it can also prevent people from snooping on your internet activity.

One neat way to use a VPN like NordVPN is to run your Docker containers through it. Docker actually makes using a service like NordVPN a relatively easy process, as all we need to do is set up a Docker container that runs NordVPN and tell other containers to use it for their networking.

In the following steps, we will walk you through setting up a Docker container for NordVPN and routing another container, such as Deluge, through it.

Of course, to be able to do this, you will require an active NordVPN account (Affiliate Link).

Setting up and using a NordVPN Docker Container

In the following sections, we will walk you through the process of setting up a NordVPN Docker container and show you how to route your other Docker containers through this VPN.

Getting your NordVPN Token ID

1. To set up the NordVPN Docker container, you must have an active account.

If you haven’t signed up already, you can follow our link to sign up for NordVPN (Affiliate Link) with a discount.

2. Once you are logged into your account, navigate to the NordVPN dashboard and look for the “Set up NordVPN manually” button.

At the time of writing, this button was located under the “Manual setup” heading.

3. After entering the “Manual Setup” screen, you will want to click the “Generate new token” button under the “Access Token” heading.

This token will allow you to authenticate your Docker container to the NordVPN network.

Once generated, the token should look something like the one shown below. We have blanked out our code.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Preparing your System

4. Before installing and running the NordVPN Docker container on your Linux device you will need to install Docker itself.

If you don’t have Docker installed, we highly recommend our guide. These steps should work on almost any Linux distribution and will have Docker set up in a way our tutorial expects it to work.

https://pimylifeup.com/linux-docker-install/

5. Once you have installed Docker, let us create a directory to store the Compose file for our NordVPN container.

You can store this anywhere, but we like to keep all Compose files stored within folders in the “/opt/stacks/” directory. It also means you can easily start using software like Dockge to manage your Docker containers easier down the track.

To create this directory, we will use the mkdir command and the “-p” option. The option allows the command to create all missing parts of the directory.

sudo mkdir -p /opt/stacks/nordvpn

6. Now that you have created a directory to store the Compose file in, let us change into it by using the cd command.

cd /opt/stacks/nordvpn

Setting up your Docker Compose Stack

7. By running the following command, we can now begin to write the Docker Compose stack using the Nano text editor.

You can use whatever text editor you feel comfortable with; we just find Nano easier to use.

sudo nano compose.yaml

Setting up the NordVPN Docker Container

8. You will want to start the Compose file with the following lines. These lines define the VPN service through which we will route other Docker containers.

  • <TOKEN>: You must replace this token with the one you generated through the NordVPN web interface.

    This token will allow the Docker container to establish a connection with the wider NordVPN network.
  • <COUNTRYORSERVER>: The Docker container we use several different ways to specify what country, city, or specific server you want to connect to.
    • Selecting a specific server from the NordVPN server tools page is the easiest method. If you are using a value from this list, you want the value at the start of the URL.

      For example, to connect to Australia, you could use “au658“.
    • Alternatively, you can also specify a country here instead. If you want the United States, you would use “UNITED_STATES“.

      If you want to connect to Australia, you will use “Australia“. This option also supports two-letter country codes such as “us” and “au“.
    • Finally, this container also allows you to pick specific cities. Typically, this is written as “Country City“. So, if you wanted to connect to NordVPN’s Sydney server, you would use “Australia Sydney“.

      Just be sure the city you specify is part of NordVPN’s network.
  • NETWORK: With this environment variable, we are setting our local subnet so that this traffic will bypass the VPN. This will allow you to access software such as the qBittorrent web interface.
  • ports: Under the ports heading you will specify any of the ports you want exposed from your Docker containers.

    Since we are routing your other containers through this one, you will need to expose there ports here. With this example, we are exposing port 8080.
services:
  vpn:
    image: ghcr.io/bubuntux/nordvpn
    cap_add:
      - NET_ADMIN
      - NET_RAW
    environment:
      - TOKEN=<TOKEN>
      - CONNECT=<COUNTRYORSERVER>
      - TECHNOLOGY=NordLynx
      - NETWORK=192.168.0.0/24  # So it can be accessed within the local network
    ports:
      - 8080:8080
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1

Routing a Docker Container through NordVPN

9. With the NordVPN Docker container now set up and configured, we will want to route other containers through it.

As mentioned earlier in this guide, Docker allows you to easily route one container through another. We achieve this by setting the “network_mode” option to “service:vpn“.

Basically, we are telling the network of this container to route through the Docker container named “vpn“.

network_mode: service:vpn

For example, if we were to set up a simple qBittorrent container and have it routed through our “vpn” container the code would look a bit like what we have shown below.

Since we rely on the “vpn” container for the network, it is also a good idea to use the “depends_on” option to only allow the container to start if the VPN has started.

This is just an example, but it shows how easy it is to route your Docker containers through NordVPN.

  torrent:
    image: ghcr.io/linuxserver/qbittorrent
    network_mode: service:vpn
    depends_on:
      - vpn

Example of a Configured VPN

10. Below you can see an example of what a Docker Compose stack would look like with the NordVPN service defined as well as a torrent one that will be routed through the VPN.

services:
  vpn:
    image: ghcr.io/bubuntux/nordvpn
    cap_add:
      - NET_ADMIN
      - NET_RAW
    environment:
      - TOKEN=<TOKEN>
      - CONNECT=<COUNTRYORSERVER>
      - TECHNOLOGY=NordLynx
      - NETWORK=192.168.0.0/24
    ports:
      - 8080:8080
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1
  torrent:
    image: ghcr.io/linuxserver/qbittorrent
    network_mode: service:vpn
    depends_on:
      - vpn

11. Once you are done, you can save and exit out of Nano by pressing CTRL + X, Y, and then ENTER.

Starting up the NordVPN Docker Container Stack

12. Now that you have written your NordVPN Docker Compose stack, our next step is to start up the containers.

All you need to do is run the following command. This command will download the latest version of all your containers and proceed to start them.

docker compose up -d

13. At this point all of your containers up and running and routing through the NordVPN VPN network.

Conclusion

Hopefully, at this stage, you will have learned how to set up a NordVPN Docker container and how to route your containers through that VPN container.

Please feel free to post a comment below if you have had any issues running your containers through NordVPN.

If you found this tutorial to be helpful, we recommend that you explore and check out our many other Docker tutorials.

Leave a Reply

Your email address will not be published. Required fields are marked *