From 8d925787560bb2459ec58bf4c4aa45c2807f96e9 Mon Sep 17 00:00:00 2001
From: MickLesk <mickey.leskowitz@gmail.com>
Date: Tue, 10 Mar 2026 18:48:35 +0100
Subject: [PATCH] add gluetun

---
 frontend/public/json/gluetun.json | 52 +++++++++++++++++++
 install/gluetun-install.sh        | 84 +++++++++++++++++++++++++++++++
 2 files changed, 136 insertions(+)
 create mode 100644 frontend/public/json/gluetun.json
 create mode 100644 install/gluetun-install.sh

diff --git a/frontend/public/json/gluetun.json b/frontend/public/json/gluetun.json
new file mode 100644
index 000000000..33987562a
--- /dev/null
+++ b/frontend/public/json/gluetun.json
@@ -0,0 +1,52 @@
+{
+    "name": "Gluetun",
+    "slug": "gluetun",
+    "categories": [
+        4
+    ],
+    "date_created": "2026-03-10",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": 8000,
+    "documentation": "https://github.com/qdm12/gluetun-wiki",
+    "config_path": "/opt/gluetun-data/.env",
+    "website": "https://github.com/qdm12/gluetun",
+    "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/gluetun.webp",
+    "description": "Gluetun is a lightweight VPN client supporting multiple providers (Mullvad, NordVPN, PIA, ProtonVPN, Surfshark, etc.) with OpenVPN and WireGuard, built-in DNS over TLS, firewall kill switch, HTTP proxy, and Shadowsocks proxy.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/gluetun.sh",
+            "resources": {
+                "cpu": 2,
+                "ram": 2048,
+                "hdd": 8,
+                "os": "Debian",
+                "version": "13"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "You must configure your VPN provider credentials in /opt/gluetun-data/.env before the service will connect",
+            "type": "warning"
+        },
+        {
+            "text": "TUN device support is required and enabled by default during container creation",
+            "type": "info"
+        },
+        {
+            "text": "Port 8000 provides the HTTP control server API",
+            "type": "info"
+        },
+        {
+            "text": "Supports 30+ VPN providers - see https://github.com/qdm12/gluetun-wiki for provider-specific setup",
+            "type": "info"
+        }
+    ]
+}
diff --git a/install/gluetun-install.sh b/install/gluetun-install.sh
new file mode 100644
index 000000000..a1cc0d40b
--- /dev/null
+++ b/install/gluetun-install.sh
@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
+# Source: https://github.com/qdm12/gluetun
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  openvpn \
+  wireguard-tools \
+  iptables
+msg_ok "Installed Dependencies"
+
+msg_info "Configuring iptables"
+$STD update-alternatives --set iptables /usr/sbin/iptables-legacy
+$STD update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+ln -sf /usr/sbin/openvpn /usr/sbin/openvpn2.6
+msg_ok "Configured iptables"
+
+setup_go
+
+fetch_and_deploy_gh_release "gluetun" "qdm12/gluetun" "tarball"
+
+msg_info "Building Gluetun"
+cd /opt/gluetun
+CGO_ENABLED=0 $STD go build -trimpath -ldflags="-s -w" -o /usr/local/bin/gluetun cmd/gluetun/main.go
+msg_ok "Built Gluetun"
+
+msg_info "Configuring Gluetun"
+mkdir -p /opt/gluetun-data
+cat <<EOF >/opt/gluetun-data/.env
+VPN_SERVICE_PROVIDER=custom
+VPN_TYPE=openvpn
+OPENVPN_CUSTOM_CONFIG=/opt/gluetun-data/custom.ovpn
+OPENVPN_USER=
+OPENVPN_PASSWORD=
+HTTP_CONTROL_SERVER_ADDRESS=:8000
+HTTPPROXY=off
+SHADOWSOCKS=off
+FIREWALL_ENABLED_DISABLING_IT_SHOOTS_YOU_IN_YOUR_FOOT=on
+HEALTH_SERVER_ADDRESS=127.0.0.1:9999
+DNS_UPSTREAM_RESOLVERS=cloudflare
+LOG_LEVEL=info
+STORAGE_FILEPATH=/opt/gluetun-data/servers.json
+PUBLICIP_FILE=/opt/gluetun-data/ip
+VPN_PORT_FORWARDING_STATUS_FILE=/opt/gluetun-data/forwarded_port
+TZ=UTC
+EOF
+msg_ok "Configured Gluetun"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/gluetun.service
+[Unit]
+Description=Gluetun VPN Client
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/gluetun-data
+EnvironmentFile=/opt/gluetun-data/.env
+ExecStart=/usr/local/bin/gluetun
+Restart=on-failure
+RestartSec=5
+AmbientCapabilities=CAP_NET_ADMIN
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now gluetun
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc