v3.10.2 Fix DNS_KEEP_NAMESERVER behavior

• DNS_KEEP_NAMESERVER fixed
• See v3.10.0
• See v3.10.1

Bug fixes to v3.10.0 (the big december refactor)

• See https://github.com/qdm12/gluetun/releases/tag/v3.10.0
• DNS ready signaling fixed
• DNS setup failure loop behavior

v3.10.0 The Big December Refactor

Features

• Docker secrets
• qmcgaw/gluetun Docker image name
• Faster healthcheck, the container should be healthy as soon as it connects almost
• Change redundant dns over tls: DNS over TLS ready to dns over tls: ready
• Update PIA servers using their v5 API
• Two-fold increasing backoff sleep times on crashes for every subprocess/thread.
• PureVPN server information updated

Bug fixes

• PureVPN updater fixed
• Plaintext DNS fix
• Privado settings logging fixed
• Privado server selection
• Healthcheck uses DNS over TLS instead of default resolver (maybe a bug fix)
• PublicIP loop exit bug fixed
• Updater loop exit bug fixed
• Updater loop stop action deadlock fixed
• Program exit bug when openvpn crashes
• servers.json merging with different versions
• DNS SetSettings missing mutex unlocking
• Do not fail if servers.json is emty

Changes

Breaking

• Remove undocumented CLIENT_KEY environment variable (for Cyberghost only)
• Remove decommissioned SecureDNS DOT provider

Non breaking

• Rename UID and GID to PUID and PGID so that they don't conflict with already set variables (but retrocompatible)
• Rename USER to OPENVPN_USER (but retrocompatiblity maintained)
• Rename PASSWORD to OPENVPN_PASSWORD (but retrocompatiblity maintained)
• Rename HOSTNAME to SERVER_HOSTNAME (but retrocompatiblity maintained) to avoid conflict with OS-set HOSTNAME variable

Documentation

• Most of the readme is moved to the Wiki (running out of the 25KB allowed!)
• Remove videos section (outdated)
• Add quick links section for help and support
• Simplify support section
• More badges and metadata
• Update Docker image labels

Code maintenance

Go code

• Updater: Ovpn host extraction reworked
• HTTP proxy and Shadowsocks proxy loops reworked to be more resilient and 'REST' oriented
• Custom OS package for OS operations: filesystem, environment variables, users, etc.
• Stream oriented JSON encoding and decoding for files and HTTP requests/responses.
• Use native http.Client instead of custom client for better compatibility across repositories / easier reading for new devs
• Unix abstraction package (to create the TUN device)
• CLI interface abstraction
• Remove unneeded defaultInterface in Shadowsocks
• Updater loop waitgroup
• Params package: use built-in Unset() option instead of os.Unsetenv function
• Unit tests: remove unneeded .Times(1) and ctrl.Finish()
• Upgrade dependencies

Dockerfile

• Upgrade golangci-lint to v1.34.1

CI

• Microbadger hooks use continue-on-error: true in CI
• Upgrade docker hub readme sync workflow
• Upgrade buildx from 1 to v3

v3.9.0 Newer versioned HTTP control server & bug fixes

Features

• New versioned HTTP control server at URI /v1 (retro compatible with older routes)
• Openvpn, DNS and updater status getting and setting
• Re use username with the UID set in the env variable UID if it exists instead of creating one
• Public IP endpoint at /v1/publicip/ip

Bug fixes

• Updater periodic trigger fix
• Fix settings logging of PureVPN mixing with Mullvad
• Add block-outside-dns to pull filter for Surfshark Openvpn servers

Coding and maintenance

• Openvpn, DNS, Updater and public IP loops reworked
• Github workflows build simplified
• Development container simplified and documented
• Upgrade Golangci-lint to v1.33.0

Documentation

• 256x256 logo for Unraid
• Fix PureVPN environment variables table

HTTP proxy fixes

HTTP Proxy fixes

• HTTP proxy 24 hours timeout, fixing #303
• Removes the authorization headers before forwarding the HTTP(s) requests

HTTP proxy improvements

• Only accepts HTTP 1.x protocols
• Only checks the credentials when the method is CONNECT or the request URL is absolute
• More logging on authorization failures

Fix Cyberghost, update PIA servers and bug fixes

Cyberghost fix

• Reads the client key from /gluetun/client.key
• Read the client certificate from /gluetun/client.crt
• Additional checks for client key and client certificate validity
• Fix client key file parsing if environment variable isn't present

Bug fixes

• Fix Shadowsocks UDP logs not showing
• Fix HTTP proxy authentication for some proxy clients requiring the Proxy Authenticate header

Other improvements

• Private Internet Access servers information update

Privado support and bug fixes

Features

• Privado VPN support
• Optionally filter Windscribe by hostnames
• Update Windscribe servers information using their API

Bug fixes

• Gluetun can now reach other containers on its local Docker network
• Fix program build information writing at build time
• Fix bad json tag for PureVPN servers serialization

Code maintenance

• Remove PIA v3 servers support
• Small refactoring of HTTP control server code

HTTP proxy in Go

• HTTP proxy written in Go to replace Tinyproxy (#269)
• DOT listens on all interfaces so you can publish port 53/udp to have a DNS over TLS through your tunnel for your other hosts (#281)
• /version endpoint for the HTTP control server

Bug fixes and code improvements

Bug fixes

• Restore optional EXTRA_SUBNETS feature to access hosts out of the Docker network with a new variable FIREWALL_OUTBOUND_SUBNETS (but still retro compatible with EXTRA_SUBNETS)
• Fix Cyberghost group name case sensitivity in equality check
• Fix Mullvad city CSV bug (i.e. for New York, NY)
• Increase PIA v4 port forwarding HTTP client timeout to 30 seconds to fix timeouts
• HTTP server runs on 127.0.0.1:9999 so that it does not interfere with the HTTP control server (which can run on a specific port)
• Set default for DOT_CACHING to on in Go code so that the binary can be run without setting it (out of docker)
• Using 0.0.0.0/0 instead of nil for default network, to log 0.0.0.0/0 instead of nil

Code

• Remove unneeded port setup through firewall for Shadowsocks
• Remove dead code remaining for Shadowsocks
• Remove unneeded openvpn remote-random instruction for all providers as a single connection is written to the configuration file
• Using 0.0.0.0/0 instead of nil for better logging and transparency with the user
• Remove x/net dependency by replacing ctxhttp

Routing improvements, multi option filters and bug fixes

Features

• Container ports can now be reached by any IP address coming from your Docker network gateway
• EXTRA_SUBNETS removed (no longer needed)
• Multi options filtering (i.e. -e REGION=Germany,Netherlands)
• HTTP_CONTROL_SERVER_PORT environment variable
• HTTP_CONTROL_SERVER_LOG environment variable
• FIREWALL_INPUT_PORTS environment variable

Improvements

• Using context for HTTP requests for faster shutdown and cleaner behavior
• Do not log healthcheck HTTP requests on HTTP control server

Documentation

• Port forwarding for Mullvad

Code

• Using the Go netlink library to communicate to the Kernel directly to interact with ip routes and rules
• Upgrade all Go dependencies
• Add more linters and fix several lint issues
• VSCode development container configuration updated