Servarr Stack - Gluetun VPN Troubleshooting#

Historical note: This session was conducted on a machine at 192.168.1.30 (hostname possibly “Varda” at the time, directory ~/home/nbkelley/docker/servarr). The current production Servarr stack lives on the servarr VM at 192.168.1.112, directory /docker/servarr/. See Servarr - Media Automation Stack for current configuration. The troubleshooting patterns documented here remain applicable.

What Was Established#

This session documents the deployment and troubleshooting of the Servarr media automation stack (Sonarr, Prowlarr, qBittorrent) behind a Gluetun VPN container. The stack relies on network_mode: service:gluetun to route all container traffic through AirVPN.

Key Decisions#

• Network Mode: All Servarr containers use network_mode: "service:gluetun" to share the VPN network namespace.
• DNS Resolution: Docker’s internal DNS does not resolve container names inside the shared Gluetun namespace. Indexer URLs must use localhost or the container’s internal IP (e.g., 172.39.0.2).
• VPN Provider: AirVPN (WireGuard/OpenVPN) used for torrent traffic. Server selection is critical as many public trackers block specific exit nodes.

Historical Configuration#

Host & Environment#

• Host: Ubuntu VM at 192.168.1.30 (historical)
• Current deployment: servarr VM at 192.168.1.112, /docker/servarr/
• Docker Compose Pattern: Shared network namespace via Gluetun.

Gluetun (VPN Gateway)#

• Image: qmcgaw/gluetun
• Ports: 8080 (qBittorrent WebUI), 8388 (SOCKS5 proxy)
• Environment Variables:
  • VPN_SERVICE_PROVIDER=airvpn
  • VPN_TYPE=wireguard (or openvpn)
  • WIREGUARD_ADDRESSES=<IP>/32 (must include /32 subnet mask)
  • DNS_PLAINTEXT_ADDRESS=1.1.1.1 (fixes initial DNS resolution failures)
  • HEALTH_SERVER_ADDRESS=disabled (optional, suppresses obsolete warnings)

qBittorrent#

• WebUI Port: 8080 (mapped to host)
• Network: network_mode: "service:gluetun"
• Note: Browser cache can serve stale pages (e.g., old Nginx welcome page). Use Ctrl+F5 or curl to verify actual service state.

Sonarr & Prowlarr#

• Prowlarr Port: 9696 (internal IP 172.39.0.2)
• Sonarr Port: 8989
• Indexer Configuration: URLs must point to http://localhost:9696 or http://172.39.0.2:9696 due to DNS limitations in the shared namespace.

Historical Notes#

• DNS Failures: Initial Gluetun startup failed with i/o timeout during health checks. Resolved by explicitly setting DNS_PLAINTEXT_ADDRESS=1.1.1.1.
• WireGuard I/O Timeout: Caused by malformed WIREGUARD_ADDRESSES (missing /32). Fixed by correcting the subnet mask and switching to a functional AirVPN server.
• Indexer Timeouts: Prowlarr logs showed Http request timed out and 429 TooManyRequests when connecting to trackers (BitSearch, The Pirate Bay, LimeTorrents). This indicates VPN exit node blocking or rate limiting.
• Container Name Resolution: docker exec sonarr curl -v http://prowlarr:9696 failed with Could not resolve host. Switching to IP or localhost resolved connectivity.
• Health Check Warnings: HEALTH_VPN_DURATION_INITIAL is obsolete is a safe-to-ignore deprecation warning in newer Gluetun versions.

Open Questions#

• Does the current AirVPN server location consistently support torrent traffic, or will server rotation be required?
• Should Prowlarr request timeouts be increased to mitigate transient 429 errors from rate-limited indexers?
• Is network_mode: service:gluetun sufficient for long-term stability, or should a custom Docker bridge network with proxy routing be implemented?

Related Pages#

• Servarr - Media Automation Stack: Current production stack at 192.168.1.112
• Servarr Docker Compose Reference: Full current compose file
• Gluetun VPN Service: Detailed Gluetun setup patterns
• Varda Server (Ubuntu): Separate web server VM at 192.168.1.131

Sources#

• DeepSeek conversation log: Servarr/Gluetun troubleshooting session (historical, 192.168.1.30)