FTC Notice: We earn commissions when you shop through the links on this site.

Running NordVPN in Docker on DigitalOcean (for Region-Lock Testing)

Published January 16, 2026 | By Matt

This guide shows how coders can run NordVPN inside a Docker container on a DigitalOcean Droplet and then route test containers through it to verify geo-based restrictions, region-locked APIs, pricing, or content behavior. If you need help installing NordVPN in a Docker container, you might find this guide on Windows helpful + this guide for MacOS helpful.

⚠️ Important: A VPN inside Docker does not VPN the host.
Only traffic generated by containers using the VPN container’s network is routed through NordVPN. This is intentional and exactly what we want for controlled testing.

Why this setup exists (quick context)

This approach is ideal when you need:

  • Real data-center IPs in specific countries

  • A repeatable, disposable geo-testing environment

  • Isolation between “normal app traffic” and “geo-simulated traffic”

You are not trying to “secure the Droplet” — you’re trying to simulate geography.

Architecture (mental model)

[ Test Container(s) ]


[ NordVPN Docker Container ]


[ NordVPN Exit Server (Chosen Country) ]

Only containers explicitly attached to the VPN container’s network go through the tunnel.

Click Here To Save With DigitalOcean Discount

Requirements

  • DigitalOcean Droplet (Ubuntu 22.04 or newer) – how to create a droplet

  • Docker + Docker Compose installed

  • NordVPN account

  • NordVPN login token (required for non-GUI Docker usage) – watch this video it shows how to get service credentials

Step 1: Create the Droplet & install Docker

SSH into your Droplet, then install Docker:

sudo apt update
sudo apt install -y ca-certificates curl gnupg

sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

sudo usermod -aG docker $USER
newgrp docker

Verify:

docker version
docker compose version

Step 2: Build the official NordVPN Docker image

This follows NordVPN’s documented approach, with no shortcuts.

Create a project directory

mkdir nordvpn-docker && cd nordvpn-docker

Create the Dockerfile

nano Dockerfile

Paste:

FROM ubuntu:24.04

RUN apt-get update && \
apt-get install -y --no-install-recommends \
wget \
apt-transport-https \
ca-certificates && \
wget -qO /etc/apt/trusted.gpg.d/nordvpn_public.asc \
https://repo.nordvpn.com/gpg/nordvpn_public.asc && \
echo "deb https://repo.nordvpn.com/deb/nordvpn/debian stable main" \
> /etc/apt/sources.list.d/nordvpn.list && \
apt-get update && \
apt-get install -y --no-install-recommends nordvpn && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

ENTRYPOINT /etc/init.d/nordvpn start && sleep 5 && /bin/bash -c "$@"
CMD bash

Build the image:

docker build -t nordvpn-container .

Step 3: Run the NordVPN container (VPN only)

docker run -it \
--name nordvpn \
--hostname nordvpn \
--cap-add=NET_ADMIN \
--device /dev/net/tun \
nordvpn-container

Why these flags matter

  • NET_ADMIN → required to create VPN routes

  • /dev/net/tun → required for tunnel interfaces

  • Hostname lock → prevents identity changes across restarts

Step 4: Authenticate using a NordVPN token

Inside the container:

nordvpn login --token YOUR_NORDVPN_TOKEN

Then connect to a country:

nordvpn connect Germany

Confirm:

nordvpn status

At this point, this container is fully VPN-connected.

Step 5: Turn the NordVPN container into a “VPN gateway”

Open a new terminal (outside the container).

Any container that uses:

--network container:nordvpn

will share the NordVPN container’s network stack — meaning all outbound traffic exits via the VPN.

Step 6: Run a geo-test container through the VPN

Example: test IP + country

docker run --rm \
--network container:nordvpn \
curlimages/curl \
sh -c "curl -s https://ifconfig.me && echo && curl -s https://ipinfo.io/country"

Expected output:

<VPN IP>
DE

If you see your Droplet’s region instead, the container is not attached to the VPN network.

Step 7: Run real code through the VPN

Node.js / Python / Playwright / curl / Postman

Any tool works the same way.

Example with a Node container:

docker run -it \
--network container:nordvpn \
node:20 \
node your-script.js

Now:

  • API calls

  • OAuth redirects

  • Pricing endpoints

  • Content checks

…all behave as if they originate from the chosen country.

Switching regions (fast testing loop)

Inside the NordVPN container:

nordvpn disconnect
nordvpn connect United_Kingdom

Then re-run your test containers.

This gives you a tight, repeatable geo-testing loop.

Common issues & fixes

/dev/net/tun missing

ls -l /dev/net/tun

If missing:

sudo modprobe tun

Auth fails

  • Use token-based login

  • Do not use email/password inside Docker

IPv6 leaks or odd routing

If you suspect IPv6 issues, explicitly disable it at the container level:

--sysctl net.ipv6.conf.all.disable_ipv6=1

(Some Nord docs mention this, but the value is commonly mis-documented.)

Click Here To Save With DigitalOcean Discount

Download Your FREE

Dev Stack Starter Guide

Build, automate, and launch faster—see the automation stack developers and agencies are switching to.

  • ✅ API Templates & Code Snippets
  • ✅ Done-for-You Automation Workflows
  • ✅ Step-by-Step Funnel & CRM Guide
  • ✅ Free for Developers, Freelancers, & SaaS Builders










We Respect Your Privacy

Privacy Policy | Link2 | Link3

Copyright © 2026. All Rights Reserved.

We earn commissions when you shop through the links on this site.

Powered by WordPress and Simple Affiliate WordPress Theme