Docker Usage

onetun is designed to work well in containerized environments. It runs as a non-root user (UID 1000) inside the container.

Basic Example

docker run --rm --name onetun \
  -p 8080:8080 \
  -e ONETUN_ENDPOINT_ADDR=140.30.3.182:51820 \
  -e ONETUN_ENDPOINT_PUBLIC_KEY='<SERVER_PUB_KEY>' \
  -e ONETUN_PRIVATE_KEY='<CLIENT_PRIV_KEY>' \
  -e ONETUN_SOURCE_PEER_IP=192.168.4.3 \
  aramperes/onetun \
  0.0.0.0:8080:192.168.4.2:80

Note: When running in Docker, you usually want to bind the src_host to 0.0.0.0 so that the port is accessible from outside the container (via the Docker -p flag).

Using Environment Variables for Configuration

For cleaner docker-compose files or run commands, you can define port forwards via environment variables instead of command arguments.

version: '3'
services:
  onetun:
    image: aramperes/onetun
    ports:
      - "8080:8080"
    environment:
      ONETUN_ENDPOINT_ADDR: "140.30.3.182:51820"
      ONETUN_ENDPOINT_PUBLIC_KEY: "..."
      ONETUN_PRIVATE_KEY: "..."
      ONETUN_SOURCE_PEER_IP: "192.168.4.3"
      ONETUN_PORT_FORWARD_1: "0.0.0.0:8080:192.168.4.2:80"

Security Best Practice

Avoid passing private keys directly in the command line or environment variables if possible. Instead, mount a file containing the key and use ONETUN_PRIVATE_KEY_FILE.

docker run --rm \
  -v $(pwd)/wg-private.key:/etc/onetun/private.key:ro \
  -e ONETUN_PRIVATE_KEY_FILE=/etc/onetun/private.key \
  ... other args ...