The FIA World Rallycross season starts this weekend, and I prefer the official UK stream over what's sent on local television. Sadly, it's blocked outside the UK, but luckily it's easy to fix!

I've used PrivateInternetAccess VPN for a few years to watch these streams in Virtualbox. I don't like switching all network traffic on my computer to use a VPN, and Virtualbox has worked ok. The framerate got a bit low when playing the stream in a big window, so today I started looking for an alternative solution. This is where Docker comes in.

We need two containers. One for networking through the PIA VPN, and one for Firefox. Let's start with the VPN container. There are a lot of pre-made container setups available in the Docker registry, and i found ColinHebert/pia-openvpn, which works with PIA specifically. There are probably lots of alternatives if you use another VPN provider. Just search the Docker Hub. To set up this container, use the following command:

docker run --cap-add=NET_ADMIN --device=/dev/net/tun --name=pia -d \
  --dns 209.222.18.222 --dns 209.222.18.218 \
  -e 'REGION=REGION' \
  -e 'USERNAME=PIA_USERNAME' \
  -e 'PASSWORD=PIA_PASSWORD' \
  colinhebert/pia-openvpn

Replace REGION, PIA_USERNAME and PIA_PASSWORD above. Then run the command. Now your PrivateInternetAccess VPN container is ready. Next time you need to start it, you can run docker start pia.

Lastly, we need to start the Firefox container. I found one called devurandom/firefox-docker which seems to work quite well. After some tweaking of the run command, I got both video and audio to work, while still using the VPN for networking. You can see we tell it to use the PIA container we created earlier, for networking.

docker run -ti --rm \
    --net=container:pia \
    -e DISPLAY=$DISPLAY \
    -e HOME=/tmp \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -v /run/user/1000/pulse/native:/tmp/pulse \
    -e PULSE_SERVER=unix:/tmp/pulse \
    devurandom/firefox

I run Ubuntu 16.04 on my host computer. If you run another other distro, you may have to make some changes above.

Please note: This approach gives the container access to X11 and pulseaudio on your host computer, and is therefore less secure than if using VNC or other approaches. To my understanding, though, this shouldn't really be a problem since the only thing running inside it is Firefox.