🔍 Free tool — Generate Ready to run Docker vpn, .env and docker-compose.yml Get Armor →
Free Tool — No account required for manual mode

Docker VPN
Setup Generator

Generate a ready-to-run docker-compose.yml for gluetun + qBittorrent in under 2 minutes. Paste your WireGuard config manually, or log in with Armor to auto-fill everything.

docker-compose.yml .env with ports pre-filled wg0.conf ready to use Step-by-step deploy guide
Your PC / Server
WireGuard VPN
Gluetun (VPN container)
Port Forward
qBittorrent (torrent container)

Choose Your Setup Method

Both methods generate identical, production-ready files

1
Login
2
Location
3
Options
4
Download

Sign in to Armor

Your credentials stay in your browser only

Don't have Armor yet? Get Armor from $9.99/mo →

Select VPN Location

Pick the server location you want to route through

Loading your locations…

Configure Options

Customize how your containers will be set up

Gluetun + qBittorrent

Full VPN kill-switch via gluetun. Best for seeding with port forwarding.

qBittorrent only

Just the qBittorrent container with env vars. Use if you manage WireGuard separately.

Port to access the qBittorrent web interface

Where to store persistent data on your host

Leave as 1.1.1.1 unless you have a reason to change

Container timezone (affects log timestamps)

Deploy in 3 Steps

Once you've downloaded your files, you're minutes away from a running setup

1

Place your files

Create a folder (e.g. ~/vpn-stack) and drop in your docker-compose.yml, .env, and wg0.conf.

mkdir ~/vpn-stack
cd ~/vpn-stack
# place your files here
2

Start the stack

Run one command. Docker will pull the images and start both containers automatically.

docker compose up -d

# check logs
docker compose logs -f
3

Open qBittorrent

Navigate to http://localhost:8080 in your browser. Default login is admin / adminadmin. Your ports are pre-configured.

# open browser
http://localhost:8080

# change password first!
Docker Engine 20.10+
Docker Compose v2
Linux, Windows (WSL2), macOS
Works on unRAID, TrueNAS, Synology DSM 7

Common Questions

Is my WireGuard private key safe to paste here?
Yes. This tool runs entirely in your browser — your WireGuard config and credentials are never sent to any server. All generation happens client-side in JavaScript. You can verify this by checking the page source or running it offline.
What is FIREWALL_VPN_INPUT_PORTS and why does it matter?
Gluetun blocks all inbound traffic by default (that's the kill-switch). FIREWALL_VPN_INPUT_PORTS tells gluetun to allow inbound connections on specific ports — the ones your VPN has forwarded. Without this, peers cannot connect to seed from you. This is why a proper port-forwarding VPN like TorSentinel Armor is essential for good upload speeds.
Does this work on a Synology NAS or unRAID?
Yes, the generated docker-compose.yml works anywhere Docker Compose v2 runs — Synology DSM 7+ (Container Manager), unRAID, TrueNAS Scale, Proxmox, or any Linux server. On unRAID you can also import the compose via the Community App Store compose manager.
My VPN doesn't offer port forwarding — what do I do?
You can still use this tool — just leave the forwarded ports empty. Your setup will work for downloading but upload speeds (seeding) will be severely limited because remote peers can't initiate connections to you. For serious seeding, you need a VPN with dedicated port forwarding like TorSentinel Armor, which assigns fixed ports across all 8 server locations.

Get Port Forwarding That Just Works

TorSentinel Armor gives you 8 WireGuard VPN locations with fixed port forwards pre-configured on every server — no manual config, no guessing, no reconfigurations.

Get Armor — Port Forwarding Included Learn More →
Copied!