LeakWatch ghcr.io/tophat17/leakwatch:latest https://github.com/tophat17/LeakWatch/pkgs/container/leakwatch bridge sh false https://github.com/tophat17/LeakWatch/issues https://github.com/tophat17/LeakWatch LeakWatch teaches you which of your Docker containers should be behind a VPN - and shows you, at a glance, whether they actually are. Building an *arr stack and not sure what needs a VPN? LeakWatch lists every container, tells you whether a VPN is REQUIRED (torrent/usenet), RECOMMENDED (indexers, *arr apps) or NOT NEEDED (Plex, dashboards, databases), and explains WHY in plain language. Then it checks each container's real public IP and flags anything that should be protected but is leaking your server's real IP. Zero configuration: just set the WebUI port and click Apply - everything else is preset. The scan runs automatically when you open the page. For new users it is a guide to safe setup; for experienced users it is a single dashboard to confirm everything is configured as expected and to catch a VPN that silently dropped. How it checks: a throwaway sidecar container runs inside each target's network namespace and reports the real exit IP (works even if the app has no curl/wget), cross-checked across several IP services. It best-effort names the VPN provider (Mullvad, NordVPN, Surfshark, Proton, PIA and more), detects tun/wg tunnels, recognises Tailscale/ZeroTier mesh networks, and includes an IPv6-leak and Tor-exit check. Needs the Docker socket mounted (preset) so it can list and probe your containers. It only reads and tests - it never changes your containers. Network:Management Security: Tools:Utilities http://[IP]:[PORT:8080]/ https://raw.githubusercontent.com/tophat17/LeakWatch/main/unraid/leakwatch.xml https://raw.githubusercontent.com/tophat17/LeakWatch/main/icon.png Teaches which containers should be behind a VPN and why, then checks each one's real public IP and flags anything that should be protected but is leaking your server's real IP. Zero-config: just set the WebUI port. Great for setting up and auditing an *arr stack. ### 3.4.0 - Zero-config install: the only setting is the WebUI port. The Docker socket, app-data path and all tuning options are preset (advanced) so a default install just works. ### 3.3.0 - Accurate VPN-provider naming using a proxy-detection database (names Surfshark, Mullvad, NordVPN, Proton, PIA, and more). ### 3.2.0 - Scan now runs automatically on page load; version shown in the footer. ### 3.1.0 - Per-app recommendations (VPN required / recommended / not needed) with plain-language "why" on hover and a full "About this app" panel. - Per-container scan checklist on hover; Tailscale/ZeroTier mesh awareness; IPv6-leak and Tor-exit checks. ### 1.0.0 - Initial release: list containers, find each exit IP, compare to the host, flag leaks. bridge 8080 8080 tcp /var/run/docker.sock /var/run/docker.sock rw /mnt/user/appdata/leakwatch /data rw curlimages/curl:latest LEAKWATCH_HELPER_IMAGE 8 LEAKWATCH_PROBE_TIMEOUT 4 LEAKWATCH_CONCURRENCY LEAKWATCH_PROXYCHECK_KEY 8080 /var/run/docker.sock /mnt/user/appdata/leakwatch curlimages/curl:latest 8 4