From ef3773228f7a6144327c3f724629863b71e49f3b Mon Sep 17 00:00:00 2001 From: DyonR Date: Sun, 30 Aug 2020 03:36:08 +0200 Subject: [PATCH 01/17] Revert "Merge branch 'alpha' into dev" This reverts commit 7bfd725166c7107600612f6d0a4e41ed72e46231, reversing changes made to b58ac335054aeba5863eafbaa5296965ef619ea2. --- Dockerfile | 134 +++++++++++++++++++++++++++++++++-------------------- README.md | 2 +- 2 files changed, 85 insertions(+), 51 deletions(-) diff --git a/Dockerfile b/Dockerfile index f602561..f3f418c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,61 +7,35 @@ RUN usermod -u 99 nobody # Make directories RUN mkdir -p /downloads /config/qBittorrent /etc/openvpn /etc/qbittorrent +# Compile libtorrent-rasterbar RUN apt update \ && apt -y upgrade \ && apt -y install --no-install-recommends \ - curl \ - jq \ - build-essential \ ca-certificates \ - pkg-config \ - automake \ - libtool \ - git \ - zlib1g-dev \ - libssl-dev \ - libgeoip-dev \ - libboost-dev \ + curl \ + g++ \ + jq \ libboost-system-dev \ - libboost-chrono-dev \ - libboost-random-dev \ - python3 \ - qtbase5-dev \ - qttools5-dev \ - libqt5svg5-dev \ + libssl-dev \ + make \ && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[0] .assets_url' | tr -d '"') \ && LIBTORRENT_DOWNLOAD_URL=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .browser_download_url' | tr -d '"') \ && LIBTORRENT_NAME=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .name' | tr -d '"') \ && curl -o /opt/${LIBTORRENT_NAME} -L ${LIBTORRENT_DOWNLOAD_URL} \ - && tar -xvzf /opt/${LIBTORRENT_NAME} \ - && rm /opt/*.tar.gz \ + && tar -xzf /opt/${LIBTORRENT_NAME} \ + && rm /opt/${LIBTORRENT_NAME} \ && cd /opt/libtorrent-rasterbar* \ && ./configure --disable-debug --enable-encryption && make clean && make -j$(nproc) && make install \ - && git clone https://github.com/qbittorrent/qBittorrent.git /opt/qBittorrent \ - && cd /opt/qBittorrent \ - && ./configure --disable-gui && make -j$(nproc) && make install \ && cd /opt \ && rm -rf /opt/* \ && apt -y purge \ - curl \ - jq \ - build-essential \ ca-certificates \ - pkg-config \ - automake \ - libtool \ - git \ - zlib1g-dev \ - libssl-dev \ - libgeoip-dev \ - libboost-dev \ + curl \ + g++ \ + jq \ libboost-system-dev \ - libboost-chrono-dev \ - libboost-random-dev \ - python3 \ - qtbase5-dev \ - qttools5-dev \ - libqt5svg5-dev \ + libssl-dev \ + make \ && apt-get clean \ && apt -y autoremove \ && rm -rf \ @@ -69,26 +43,86 @@ RUN apt update \ /tmp/* \ /var/tmp/* +# Compile qBittorrent +RUN apt update \ + && apt -y upgrade \ + && apt -y install --no-install-recommends \ + ca-certificates \ + curl \ + g++ \ + jq \ + libboost-system-dev \ + libssl-dev \ + make \ + pkg-config \ + qtbase5-dev \ + qttools5-dev \ + zlib1g-dev \ + && QBITTORRENT_RELEASE=$(curl -sX GET "https://api.github.com/repos/qBittorrent/qBittorrent/tags" | jq '.[0] .name' | tr -d '"') \ + && curl -o /opt/qBittorrent-${QBITTORRENT_RELEASE}.tar.gz -L "https://github.com/qbittorrent/qBittorrent/archive/${QBITTORRENT_RELEASE}.tar.gz" \ + && tar -xzf /opt/qBittorrent-${QBITTORRENT_RELEASE}.tar.gz \ + && rm /opt/qBittorrent-${QBITTORRENT_RELEASE}.tar.gz \ + && cd /opt/qBittorrent-${QBITTORRENT_RELEASE} \ + && ./configure --disable-gui && make -j$(nproc) && make install \ + && cd /opt \ + && rm -rf /opt/* \ + && apt -y purge \ + ca-certificates \ + curl \ + g++ \ + jq \ + libboost-system-dev \ + libssl-dev \ + make \ + pkg-config \ + qtbase5-dev \ + qttools5-dev \ + zlib1g-dev \ + && apt-get clean \ + && apt -y autoremove \ + && rm -rf \ + /var/lib/apt/lists/* \ + /tmp/* \ + /var/tmp/* + +# Install WireGuard, OpenVPN and other dependencies for running qbittorrent-nox and the container scripts RUN echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable-wireguard.list \ && printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable \ && apt update \ && apt -y install --no-install-recommends \ - libboost-system1.67.0 \ - libqt5xml5 \ - libqt5network5 \ - libssl1.1 \ - kmod \ - iptables \ + ca-certificates \ + curl \ + dos2unix \ inetutils-ping \ - procps \ + ipcalc \ + iptables \ + kmod \ + libboost-system1.67.0 \ + libqt5network5 \ + libqt5xml5 \ + libssl1.1 \ moreutils \ net-tools \ - dos2unix \ - openvpn \ openresolv \ + openvpn \ + procps \ wireguard-tools \ - ipcalc \ - ca-certificates \ + && apt-get clean \ + && apt -y autoremove \ + && rm -rf \ + /var/lib/apt/lists/* \ + /tmp/* \ + /var/tmp/* + +RUN echo "deb http://deb.debian.org/debian/ buster non-free" > /etc/apt/sources.list.d/non-free-unrar.list \ + && printf 'Package: *\nPin: release a=non-free\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-non-free \ + && apt update \ + && apt -y upgrade \ + && apt -y install --no-install-recommends \ + unrar \ + p7zip-full \ + unzip \ + zip \ && apt-get clean \ && apt -y autoremove \ && rm -rf \ diff --git a/README.md b/README.md index 84ff304..128a562 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # [qBittorrent](https://github.com/qbittorrent/qBittorrent), WireGuard and OpenVPN [![Docker Pulls](https://img.shields.io/docker/pulls/dyonr/qbittorrentvpn)](https://hub.docker.com/r/dyonr/qbittorrentvpn) -[![Docker Image Size (tag)](https://img.shields.io/docker/image-size/dyonr/qbittorrentvpn/alpha)](https://hub.docker.com/r/dyonr/qbittorrentvpn) +[![Docker Image Size (tag)](https://img.shields.io/docker/image-size/dyonr/qbittorrentvpn/latest)](https://hub.docker.com/r/dyonr/qbittorrentvpn) Docker container which runs the latest [qBittorrent](https://github.com/qbittorrent/qBittorrent)-nox client while connecting to WireGuard (experimental) or OpenVPN with iptables killswitch to prevent IP leakage when the tunnel goes down. From 74bcb8af6c47cddcc1f3beba880bd857edcf87d0 Mon Sep 17 00:00:00 2001 From: DyonR Date: Sun, 30 Aug 2020 03:41:49 +0200 Subject: [PATCH 02/17] Changed apt parameters --- openvpn/start.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openvpn/start.sh b/openvpn/start.sh index 98647c3..1e7c558 100644 --- a/openvpn/start.sh +++ b/openvpn/start.sh @@ -19,9 +19,9 @@ if [[ $INSTALL_PYTHON3 == "yes" ]]; then if [ ! -e /usr/bin/python3 ]; then echo "[INFO] Python3 not yet installed, installing..." | ts '%Y-%m-%d %H:%M:%.S' apt -qq update \ - && apt -qq install python3 \ + && apt -y install python3 \ && apt-get clean \ - && apt -qq autoremove \ + && apt -y autoremove \ && rm -rf \ /var/lib/apt/lists/* \ /tmp/* \ From f3db0807805704fd0bdc08bdb6821504eee3dfd8 Mon Sep 17 00:00:00 2001 From: DyonR Date: Sun, 30 Aug 2020 20:50:17 +0200 Subject: [PATCH 03/17] Moved the Python installation to separate script --- openvpn/start.sh | 16 ---------------- qbittorrent/install-python3.sh | 14 ++++++++++++++ qbittorrent/start.sh | 5 +++++ 3 files changed, 19 insertions(+), 16 deletions(-) create mode 100644 qbittorrent/install-python3.sh diff --git a/openvpn/start.sh b/openvpn/start.sh index 1e7c558..db9f7ed 100644 --- a/openvpn/start.sh +++ b/openvpn/start.sh @@ -13,22 +13,6 @@ if [[ ! -z "${check_network}" ]]; then exit 1 fi -export INSTALL_PYTHON3=$(echo "${INSTALL_PYTHON3,,}") -if [[ $INSTALL_PYTHON3 == "yes" ]]; then - echo "[INFO] INSTALL_PYTHON3 defined as '${INSTALL_PYTHON3}'" | ts '%Y-%m-%d %H:%M:%.S' - if [ ! -e /usr/bin/python3 ]; then - echo "[INFO] Python3 not yet installed, installing..." | ts '%Y-%m-%d %H:%M:%.S' - apt -qq update \ - && apt -y install python3 \ - && apt-get clean \ - && apt -y autoremove \ - && rm -rf \ - /var/lib/apt/lists/* \ - /tmp/* \ - /var/tmp/* - fi -fi - export VPN_ENABLED=$(echo "${VPN_ENABLED}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') if [[ ! -z "${VPN_ENABLED}" ]]; then echo "[INFO] VPN_ENABLED defined as '${VPN_ENABLED}'" | ts '%Y-%m-%d %H:%M:%.S' diff --git a/qbittorrent/install-python3.sh b/qbittorrent/install-python3.sh new file mode 100644 index 0000000..1591b02 --- /dev/null +++ b/qbittorrent/install-python3.sh @@ -0,0 +1,14 @@ +#!/bin/bash +if [ ! -e /usr/bin/python3 ]; then + echo "[INFO] Python3 not yet installed, installing..." | ts '%Y-%m-%d %H:%M:%.S' + apt -qq update \ + && apt -y install python3 \ + && apt-get clean \ + && apt -y autoremove \ + && rm -rf \ + /var/lib/apt/lists/* \ + /tmp/* \ + /var/tmp/* +else + echo "[INFO] Python3 is already installed, nothing to do." | ts '%Y-%m-%d %H:%M:%.S' +fi \ No newline at end of file diff --git a/qbittorrent/start.sh b/qbittorrent/start.sh index 3e6836f..86bccf7 100644 --- a/qbittorrent/start.sh +++ b/qbittorrent/start.sh @@ -17,6 +17,11 @@ if [ ! -e /config/qBittorrent/config/qBittorrent.conf ]; then chown ${PUID}:${PGID} /config/qBittorrent/config/qBittorrent.conf fi +export INSTALL_PYTHON3=$(echo "${INSTALL_PYTHON3,,}") +if [[ $INSTALL_PYTHON3 == "yes" ]]; then + /bin/bash /etc/qbittorrent/install-python3.sh +fi + # The mess down here checks if SSL is enabled. export ENABLE_SSL=$(echo "${ENABLE_SSL,,}") if [[ ${ENABLE_SSL} == 'yes' ]]; then From 0144b34250fae89719b3a98de33c7d79d842dfa6 Mon Sep 17 00:00:00 2001 From: DyonR Date: Sun, 30 Aug 2020 21:00:47 +0200 Subject: [PATCH 04/17] Do not use pre-releases of libtorrent for compiling --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f3f418c..5d5115e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN apt update \ libboost-system-dev \ libssl-dev \ make \ - && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[0] .assets_url' | tr -d '"') \ + && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[] | select(.prerelease==false) | .assets_url' | head -n 1 | tr -d '"') \ && LIBTORRENT_DOWNLOAD_URL=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .browser_download_url' | tr -d '"') \ && LIBTORRENT_NAME=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .name' | tr -d '"') \ && curl -o /opt/${LIBTORRENT_NAME} -L ${LIBTORRENT_DOWNLOAD_URL} \ From 1285981db07d69688c788b602cf569b55530466b Mon Sep 17 00:00:00 2001 From: DyonR Date: Sun, 30 Aug 2020 21:07:01 +0200 Subject: [PATCH 05/17] Only use the RC_1_2 branch This is the only branch that I test with and can confirm works. If libtorrent 2.0 would be released soon, compiling may break. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5d5115e..f82c435 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN apt update \ libboost-system-dev \ libssl-dev \ make \ - && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[] | select(.prerelease==false) | .assets_url' | head -n 1 | tr -d '"') \ + && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[] | select(.prerelease==false) | select(.target_commitish=="RC_1_2") | .assets_url' | head -n 1 | tr -d '"') \ && LIBTORRENT_DOWNLOAD_URL=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .browser_download_url' | tr -d '"') \ && LIBTORRENT_NAME=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .name' | tr -d '"') \ && curl -o /opt/${LIBTORRENT_NAME} -L ${LIBTORRENT_DOWNLOAD_URL} \ From 11404ae043d04eeffbd83473f467221f53537ee9 Mon Sep 17 00:00:00 2001 From: DyonR Date: Mon, 31 Aug 2020 03:52:02 +0200 Subject: [PATCH 06/17] Switched to libtorrent-1.2.8, compining issues with 1.2.9 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f82c435..07777d2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN apt update \ libboost-system-dev \ libssl-dev \ make \ - && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[] | select(.prerelease==false) | select(.target_commitish=="RC_1_2") | .assets_url' | head -n 1 | tr -d '"') \ + && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[] | select(.prerelease==false) | select(.name=="libtorrent-1.2.8") | .assets_url' | head -n 1 | tr -d '"') \ && LIBTORRENT_DOWNLOAD_URL=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .browser_download_url' | tr -d '"') \ && LIBTORRENT_NAME=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .name' | tr -d '"') \ && curl -o /opt/${LIBTORRENT_NAME} -L ${LIBTORRENT_DOWNLOAD_URL} \ From a668334f5b47a4de498d4fefdd9eadf3fe3eb273 Mon Sep 17 00:00:00 2001 From: DyonR Date: Sat, 12 Sep 2020 22:06:42 +0200 Subject: [PATCH 07/17] Fixed getting vpn_remote_line if there are no spaces --- openvpn/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn/start.sh b/openvpn/start.sh index db9f7ed..9c81f9c 100644 --- a/openvpn/start.sh +++ b/openvpn/start.sh @@ -117,7 +117,7 @@ if [[ $VPN_ENABLED == "yes" ]]; then if [[ "${VPN_TYPE}" == "openvpn" ]]; then export vpn_remote_line=$(cat "${VPN_CONFIG}" | grep -P -o -m 1 '(?<=^remote\s)[^\n\r]+' | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') else - export vpn_remote_line=$(cat "${VPN_CONFIG}" | grep -P -o -m 1 '(?<=^Endpoint\s)[^\n\r]+' | sed -e 's~^[=\ ]*~~') + export vpn_remote_line=$(cat "${VPN_CONFIG}" | grep -P -o -m 1 '(?<=^Endpoint)(\s{0,})[^\n\r]+' | sed -e 's~^[=\ ]*~~') fi if [[ ! -z "${vpn_remote_line}" ]]; then From 03d06565f5a93e0ce57f96ae61122fcbb017842c Mon Sep 17 00:00:00 2001 From: DyonR Date: Sat, 12 Sep 2020 22:24:08 +0200 Subject: [PATCH 08/17] Fixed comments originating from Jackettvpn --- qbittorrent/start.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qbittorrent/start.sh b/qbittorrent/start.sh index 86bccf7..0b95acc 100644 --- a/qbittorrent/start.sh +++ b/qbittorrent/start.sh @@ -6,10 +6,10 @@ fi # Set the correct rights accordingly to the PUID and PGID on /config/qBittorrent chown -R ${PUID}:${PGID} /config/qBittorrent -# Set the rights on the /blackhole folder +# Set the rights on the /downloads folder chown -R ${PUID}:${PGID} /downloads -# Check if ServerConfig.json exists, if not, copy the template over +# Check if qBittorrent.conf exists, if not, copy the template over if [ ! -e /config/qBittorrent/config/qBittorrent.conf ]; then echo "[WARNING] qBittorrent.conf is missing, this is normal for the first launch! Copying template." | ts '%Y-%m-%d %H:%M:%.S' cp /etc/qbittorrent/qBittorrent.conf /config/qBittorrent/config/qBittorrent.conf From 1fcf8288ee17e469620237bba6b4dbb6099853d4 Mon Sep 17 00:00:00 2001 From: DyonR Date: Mon, 14 Sep 2020 16:35:54 +0200 Subject: [PATCH 09/17] Removal of iptables mangle --- qbittorrent/iptables.sh | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/qbittorrent/iptables.sh b/qbittorrent/iptables.sh index e54230d..0507731 100644 --- a/qbittorrent/iptables.sh +++ b/qbittorrent/iptables.sh @@ -76,20 +76,6 @@ if [[ "${DEBUG}" == "true" ]]; then lsmod fi -# check we have iptable_mangle, if so setup fwmark -lsmod | grep iptable_mangle -iptable_mangle_exit_code=$? - -if [[ $iptable_mangle_exit_code == 0 ]]; then - echo "[INFO] iptable_mangle support detected, adding fwmark for tables" | ts '%Y-%m-%d %H:%M:%.S' - - # setup route for qBittorrent webui using set-mark to route traffic for port 8080 and 8999 to "${docker_interface}" - echo "8080 webui" >> /etc/iproute2/rt_tables - echo "8999 webui" >> /etc/iproute2/rt_tables - ip rule add fwmark 1 table webui - ip route add default via ${DEFAULT_GATEWAY} table webui -fi - # input iptable rules ### @@ -155,13 +141,6 @@ iptables -A OUTPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j AC # accept output from vpn gateway iptables -A OUTPUT -o "${docker_interface}" -p $VPN_PROTOCOL --dport $VPN_PORT -j ACCEPT -# if iptable mangle is available (kernel module) then use mark -if [[ $iptable_mangle_exit_code == 0 ]]; then - # accept output from qBittorrent webui port - used for external access - iptables -t mangle -A OUTPUT -p tcp --dport 8080 -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -p tcp --sport 8080 -j MARK --set-mark 1 -fi - # accept output from qBittorrent webui port - used for lan access iptables -A OUTPUT -o "${docker_interface}" -p tcp --dport 8080 -j ACCEPT iptables -A OUTPUT -o "${docker_interface}" -p tcp --sport 8080 -j ACCEPT From 83bdf4abaf8f40b47f8aabeddd4f02e2b161cc18 Mon Sep 17 00:00:00 2001 From: DyonR Date: Mon, 14 Sep 2020 18:20:41 +0200 Subject: [PATCH 10/17] Revert "Removal of iptables mangle" This reverts commit 1fcf8288ee17e469620237bba6b4dbb6099853d4. --- qbittorrent/iptables.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/qbittorrent/iptables.sh b/qbittorrent/iptables.sh index 0507731..e54230d 100644 --- a/qbittorrent/iptables.sh +++ b/qbittorrent/iptables.sh @@ -76,6 +76,20 @@ if [[ "${DEBUG}" == "true" ]]; then lsmod fi +# check we have iptable_mangle, if so setup fwmark +lsmod | grep iptable_mangle +iptable_mangle_exit_code=$? + +if [[ $iptable_mangle_exit_code == 0 ]]; then + echo "[INFO] iptable_mangle support detected, adding fwmark for tables" | ts '%Y-%m-%d %H:%M:%.S' + + # setup route for qBittorrent webui using set-mark to route traffic for port 8080 and 8999 to "${docker_interface}" + echo "8080 webui" >> /etc/iproute2/rt_tables + echo "8999 webui" >> /etc/iproute2/rt_tables + ip rule add fwmark 1 table webui + ip route add default via ${DEFAULT_GATEWAY} table webui +fi + # input iptable rules ### @@ -141,6 +155,13 @@ iptables -A OUTPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j AC # accept output from vpn gateway iptables -A OUTPUT -o "${docker_interface}" -p $VPN_PROTOCOL --dport $VPN_PORT -j ACCEPT +# if iptable mangle is available (kernel module) then use mark +if [[ $iptable_mangle_exit_code == 0 ]]; then + # accept output from qBittorrent webui port - used for external access + iptables -t mangle -A OUTPUT -p tcp --dport 8080 -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -p tcp --sport 8080 -j MARK --set-mark 1 +fi + # accept output from qBittorrent webui port - used for lan access iptables -A OUTPUT -o "${docker_interface}" -p tcp --dport 8080 -j ACCEPT iptables -A OUTPUT -o "${docker_interface}" -p tcp --sport 8080 -j ACCEPT From 915e5e19919adc5738f95b311c393c8e39823f73 Mon Sep 17 00:00:00 2001 From: DyonR Date: Thu, 29 Oct 2020 19:16:32 +0100 Subject: [PATCH 11/17] Removed 'Experimental' related to WireGuard --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 128a562..932875c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Docker Pulls](https://img.shields.io/docker/pulls/dyonr/qbittorrentvpn)](https://hub.docker.com/r/dyonr/qbittorrentvpn) [![Docker Image Size (tag)](https://img.shields.io/docker/image-size/dyonr/qbittorrentvpn/latest)](https://hub.docker.com/r/dyonr/qbittorrentvpn) -Docker container which runs the latest [qBittorrent](https://github.com/qbittorrent/qBittorrent)-nox client while connecting to WireGuard (experimental) or OpenVPN with iptables killswitch to prevent IP leakage when the tunnel goes down. +Docker container which runs the latest [qBittorrent](https://github.com/qbittorrent/qBittorrent)-nox client while connecting to WireGuard or OpenVPN with iptables killswitch to prevent IP leakage when the tunnel goes down. [preview]: https://raw.githubusercontent.com/DyonR/docker-templates/master/Screenshots/qbittorrentvpn/qbittorrentvpn-webui.png "qBittorrent WebUI" ![alt text][preview] From 69898d166f77a0391fe3c42b91e99bf4816f5fc4 Mon Sep 17 00:00:00 2001 From: DyonR Date: Sat, 7 Nov 2020 23:34:15 +0100 Subject: [PATCH 12/17] added wg-quick down to start.sh --- openvpn/start.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openvpn/start.sh b/openvpn/start.sh index 9c81f9c..16524eb 100644 --- a/openvpn/start.sh +++ b/openvpn/start.sh @@ -264,6 +264,8 @@ if [[ $VPN_ENABLED == "yes" ]]; then else echo "[INFO] Starting WireGuard..." | ts '%Y-%m-%d %H:%M:%.S' cd /config/wireguard + wg-quick down $VPN_CONFIG + sleep 1 #Just sleep 1 second to make sure it has time to go down wg-quick up $VPN_CONFIG #exec /bin/bash /etc/openvpn/openvpn.init start & fi From fd5f1e358fc5b459b027354355ccf913733f71d7 Mon Sep 17 00:00:00 2001 From: DyonR Date: Sun, 8 Nov 2020 00:27:21 +0100 Subject: [PATCH 13/17] Catch the exit code of wg-quick down --- openvpn/start.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openvpn/start.sh b/openvpn/start.sh index 16524eb..bd51b4c 100644 --- a/openvpn/start.sh +++ b/openvpn/start.sh @@ -264,8 +264,8 @@ if [[ $VPN_ENABLED == "yes" ]]; then else echo "[INFO] Starting WireGuard..." | ts '%Y-%m-%d %H:%M:%.S' cd /config/wireguard - wg-quick down $VPN_CONFIG - sleep 1 #Just sleep 1 second to make sure it has time to go down + wg-quick down $VPN_CONFIG || echo "WireGuard is down already" | ts '%Y-%m-%d %H:%M:%.S' # Run wg-quick down as an extra safeguard in case WireGuard is still up for some reason + sleep 0.5 # Just to give WireGuard a bit to go down wg-quick up $VPN_CONFIG #exec /bin/bash /etc/openvpn/openvpn.init start & fi From 928b5a9633cff6bb90baec4df7aa2ac0e4e4ac10 Mon Sep 17 00:00:00 2001 From: DyonR Date: Sun, 8 Nov 2020 23:10:51 +0100 Subject: [PATCH 14/17] Added quotes around some ${VPN_CONFIG}'s --- openvpn/start.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/openvpn/start.sh b/openvpn/start.sh index bd51b4c..26392fa 100644 --- a/openvpn/start.sh +++ b/openvpn/start.sh @@ -99,13 +99,13 @@ if [[ $VPN_ENABLED == "yes" ]]; then echo "${VPN_PASSWORD}" >> /config/openvpn/credentials.conf # Replace line with one that points to credentials.conf - auth_cred_exist=$(cat ${VPN_CONFIG} | grep -m 1 'auth-user-pass') + auth_cred_exist=$(cat "${VPN_CONFIG}" | grep -m 1 'auth-user-pass') if [[ ! -z "${auth_cred_exist}" ]]; then # Get line number of auth-user-pass - LINE_NUM=$(grep -Fn -m 1 'auth-user-pass' ${VPN_CONFIG} | cut -d: -f 1) - sed -i "${LINE_NUM}s/.*/auth-user-pass credentials.conf/" ${VPN_CONFIG} + LINE_NUM=$(grep -Fn -m 1 'auth-user-pass' "${VPN_CONFIG}" | cut -d: -f 1) + sed -i "${LINE_NUM}s/.*/auth-user-pass credentials.conf/" "${VPN_CONFIG}" else - sed -i "1s/.*/auth-user-pass credentials.conf/" ${VPN_CONFIG} + sed -i "1s/.*/auth-user-pass credentials.conf/" "${VPN_CONFIG}" fi fi fi @@ -259,7 +259,7 @@ if [[ $VPN_ENABLED == "yes" ]]; then if [[ "${VPN_TYPE}" == "openvpn" ]]; then echo "[INFO] Starting OpenVPN..." | ts '%Y-%m-%d %H:%M:%.S' cd /config/openvpn - exec openvpn --config ${VPN_CONFIG} & + exec openvpn --config "${VPN_CONFIG}" & #exec /bin/bash /etc/openvpn/openvpn.init start & else echo "[INFO] Starting WireGuard..." | ts '%Y-%m-%d %H:%M:%.S' From 26f98e57fe9a5942ffb717d7d025493a58592714 Mon Sep 17 00:00:00 2001 From: DyonR Date: Wed, 25 Nov 2020 04:11:51 +0100 Subject: [PATCH 15/17] Fixed a typo in the How to use WireGuard section Thanks to Quintanium on the Unraid Forums to let me know about this! --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 932875c..ef7d36e 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ Access http://IPADDRESS:PORT from a browser on the same network. (for example: h |`password`| `adminadmin` | # How to use WireGuard -The container will fail to boot if `VPN_ENABLED` is set and there is no valid .conf file present in the /config/wireguard directory. Drop a .conf file from your VPN provider into /config/wireguard and start the container again. The file must have the name `wg0.confg`. +The container will fail to boot if `VPN_ENABLED` is set and there is no valid .conf file present in the /config/wireguard directory. Drop a .conf file from your VPN provider into /config/wireguard and start the container again. The file must have the name `wg0.conf`. # How to use OpenVPN The container will fail to boot if `VPN_ENABLED` is set and there is no valid .ovpn file present in the /config/openvpn directory. Drop a .ovpn file from your VPN provider into /config/openvpn and start the container again. You may need to edit the ovpn configuration file to load your VPN credentials from a file by setting `auth-user-pass`. From 6ca0b5a119770aa3a9fec395906fd523d8f7c4ad Mon Sep 17 00:00:00 2001 From: DyonR Date: Thu, 26 Nov 2020 20:33:35 +0100 Subject: [PATCH 16/17] Fixed ./configure so libtorrent >= 1.2.9 can be sued Big thanks to the user c0re100 for letting me know how to fix this in this qBittorrent Issue I created: https://github.com/qbittorrent/qBittorrent/issues/13831 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 07777d2..2c7e1f4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,14 +18,14 @@ RUN apt update \ libboost-system-dev \ libssl-dev \ make \ - && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[] | select(.prerelease==false) | select(.name=="libtorrent-1.2.8") | .assets_url' | head -n 1 | tr -d '"') \ + && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[] | select(.prerelease==false) | select(.name=="libtorrent-1.2.11") | .assets_url' | head -n 1 | tr -d '"') \ && LIBTORRENT_DOWNLOAD_URL=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .browser_download_url' | tr -d '"') \ && LIBTORRENT_NAME=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .name' | tr -d '"') \ && curl -o /opt/${LIBTORRENT_NAME} -L ${LIBTORRENT_DOWNLOAD_URL} \ && tar -xzf /opt/${LIBTORRENT_NAME} \ && rm /opt/${LIBTORRENT_NAME} \ && cd /opt/libtorrent-rasterbar* \ - && ./configure --disable-debug --enable-encryption && make clean && make -j$(nproc) && make install \ + && ./configure CXXFLAGS="-std=c++14" --disable-debug --enable-encryption && make clean && make -j$(nproc) && make install \ && cd /opt \ && rm -rf /opt/* \ && apt -y purge \ @@ -63,7 +63,7 @@ RUN apt update \ && tar -xzf /opt/qBittorrent-${QBITTORRENT_RELEASE}.tar.gz \ && rm /opt/qBittorrent-${QBITTORRENT_RELEASE}.tar.gz \ && cd /opt/qBittorrent-${QBITTORRENT_RELEASE} \ - && ./configure --disable-gui && make -j$(nproc) && make install \ + && ./configure CXXFLAGS="-std=c++14" --disable-gui && make -j$(nproc) && make install \ && cd /opt \ && rm -rf /opt/* \ && apt -y purge \ From d3c3aa36f587a9a168286f877a30e28532df81e7 Mon Sep 17 00:00:00 2001 From: DyonR Date: Fri, 27 Nov 2020 23:51:20 +0100 Subject: [PATCH 17/17] Use any libtorrent RC_1_2 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2c7e1f4..5bd164d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN apt update \ libboost-system-dev \ libssl-dev \ make \ - && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[] | select(.prerelease==false) | select(.name=="libtorrent-1.2.11") | .assets_url' | head -n 1 | tr -d '"') \ + && LIBTORRENT_ASSETS=$(curl -sX GET "https://api.github.com/repos/arvidn/libtorrent/releases" | jq '.[] | select(.prerelease==false) | select(.target_commitish=="RC_1_2") | .assets_url' | head -n 1 | tr -d '"') \ && LIBTORRENT_DOWNLOAD_URL=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .browser_download_url' | tr -d '"') \ && LIBTORRENT_NAME=$(curl -sX GET ${LIBTORRENT_ASSETS} | jq '.[0] .name' | tr -d '"') \ && curl -o /opt/${LIBTORRENT_NAME} -L ${LIBTORRENT_DOWNLOAD_URL} \