DyonR
GitHub
commit
81db5ca399
15
Dockerfile
15
Dockerfile
@ -7,16 +7,19 @@ RUN usermod -u 99 nobody
|
||||
# Make directories
|
||||
RUN mkdir -p /downloads /config/qBittorrent /etc/openvpn /etc/qbittorrent
|
||||
|
||||
# Compile and install Boost
|
||||
# Install boost
|
||||
RUN apt update \
|
||||
&& apt -y upgrade \
|
||||
&& apt -y install --no-install-recommends \
|
||||
curl \
|
||||
ca-certificates \
|
||||
g++ \
|
||||
&& curl -o /opt/boost_1_75_0.tar.gz -L https://dl.bintray.com/boostorg/release/1.75.0/source/boost_1_75_0.tar.gz \
|
||||
&& tar -xzf boost_1_75_0.tar.gz \
|
||||
&& cd /opt/boost_1_75_0 \
|
||||
libxml2-utils \
|
||||
&& BOOST_VERSION_DOT=$(curl -sX GET "https://www.boost.org/feed/news.rss" | xmllint --xpath '//rss/channel/item/title/text()' - | awk -F 'Version' '{print $2 FS}' - | sed -e 's/Version//g;s/\ //g' | awk 'NR==1{print $1}' -) \
|
||||
&& BOOST_VERSION=$(echo ${BOOST_VERSION_DOT} | head -n 1 | sed -e 's/\./_/g') \
|
||||
&& curl -o /opt/boost_${BOOST_VERSION}.tar.gz -L https://dl.bintray.com/boostorg/release/${BOOST_VERSION_DOT}/source/boost_${BOOST_VERSION}.tar.gz \
|
||||
&& tar -xzf /opt/boost_${BOOST_VERSION}.tar.gz -C /opt \
|
||||
&& cd /opt/boost_${BOOST_VERSION} \
|
||||
&& ./bootstrap.sh --prefix=/usr \
|
||||
&& ./b2 --prefix=/usr install \
|
||||
&& cd /opt \
|
||||
@ -25,6 +28,7 @@ RUN apt update \
|
||||
curl \
|
||||
ca-certificates \
|
||||
g++ \
|
||||
libxml2-utils \
|
||||
&& apt-get clean \
|
||||
&& apt -y autoremove \
|
||||
&& rm -rf \
|
||||
@ -32,7 +36,6 @@ RUN apt update \
|
||||
/tmp/* \
|
||||
/var/tmp/*
|
||||
|
||||
# Compile and install libtorrent-rasterbar
|
||||
# Install Ninja
|
||||
RUN apt update \
|
||||
&& apt upgrade -y \
|
||||
@ -209,4 +212,4 @@ RUN chmod +x /etc/qbittorrent/*.sh /etc/qbittorrent/*.init /etc/openvpn/*.sh
|
||||
EXPOSE 8080
|
||||
EXPOSE 8999
|
||||
EXPOSE 8999/udp
|
||||
CMD ["/bin/bash", "/etc/openvpn/start.sh"]
|
||||
CMD ["/bin/bash", "/etc/openvpn/start.sh"]
|
||||
26
README.md
26
README.md
@ -11,12 +11,13 @@ Docker container which runs the latest [qBittorrent](https://github.com/qbittorr
|
||||
* Base: Debian 10-slim
|
||||
* [qBittorrent](https://github.com/qbittorrent/qBittorrent) compiled from source
|
||||
* [libtorrent](https://github.com/arvidn/libtorrent) compiled from source
|
||||
* Compiled with the latest version of [Boost](https://www.boost.org/)
|
||||
* Compiled with the latest versions of [CMake](https://cmake.org/)
|
||||
* Selectively enable or disable WireGuard or OpenVPN support
|
||||
* IP tables killswitch to prevent IP leaking when VPN connection fails
|
||||
* Specify name servers to add to container
|
||||
* Configure UID and GID for config files and /downloads for qBittorrent
|
||||
* Configurable UID and GID for config files and /downloads for qBittorrent
|
||||
* Created with [Unraid](https://unraid.net/) in mind
|
||||
* BitTorrent port 8999 by default
|
||||
* BitTorrent port 8999 exposed by default
|
||||
|
||||
# Run container from Docker registry
|
||||
The container is available from the Docker registry and this is the simplest way to get it
|
||||
@ -29,7 +30,6 @@ $ docker run --privileged -d \
|
||||
-e "VPN_ENABLED=yes" \
|
||||
-e "VPN_TYPE=wireguard" \
|
||||
-e "LAN_NETWORK=192.168.0.0/24" \
|
||||
-e "NAME_SERVERS=1.1.1.1,1.0.0.1" \
|
||||
-p 8080:8080 \
|
||||
--restart unless-stopped \
|
||||
dyonr/qbittorrentvpn
|
||||
@ -52,13 +52,9 @@ $ docker run --privileged -d \
|
||||
|`HEALTH_CHECK_HOST`| No |This is the host or IP that the healthcheck script will use to check an active connection|`HEALTH_CHECK_HOST=one.one.one.one`|`one.one.one.one`|
|
||||
|`HEALTH_CHECK_INTERVAL`| No |This is the time in seconds that the container waits to see if the internet connection still works (check if VPN died)|`HEALTH_CHECK_INTERVAL=300`|`300`|
|
||||
|`HEALTH_CHECK_SILENT`| No |Set to `1` to supress the 'Network is up' message. Defaults to `1` if unset.|`HEALTH_CHECK_SILENT=1`|`1`|
|
||||
|`DISABLE_IPV6`\*| No |Setting the value of this to `0` will **enable** IPv6 in sysctl. `1` will disable IPv6 in sysctl.|`DISABLE_IPV6=1`|`1`|
|
||||
|`INSTALL_PYTHON3`| No |Set this to `yes` to let the container install Python3.|`INSTALL_PYTHON3=yes`|`no`|
|
||||
|`ADDITIONAL_PORTS`| No |Adding a comma delimited list of ports will allow these ports via the iptables script.|`ADDITIONAL_PORTS=1234,8112`||
|
||||
|
||||
\*This option was initially added as a way to fix problems with VPN providers that support IPv6 and might not work at all. I am unable to test this since my VPN provider does not support IPv6, nor I have an IPv6 connection.
|
||||
|
||||
|
||||
## Volumes
|
||||
| Volume | Required | Function | Example |
|
||||
|----------|----------|----------|----------|
|
||||
@ -73,7 +69,7 @@ $ docker run --privileged -d \
|
||||
| `8999` | UDP | Yes | qBittorrent UDP Listening Port | `8999:8999/udp`|
|
||||
|
||||
# Access the WebUI
|
||||
Access http://IPADDRESS:PORT from a browser on the same network. (for example: http://192.168.0.90:8080)
|
||||
Access https://IPADDRESS:PORT from a browser on the same network. (for example: https://192.168.0.90:8080)
|
||||
|
||||
## Default Credentials
|
||||
|
||||
@ -106,15 +102,6 @@ User ID (PUID) and Group ID (PGID) can be found by issuing the following command
|
||||
id <username>
|
||||
```
|
||||
|
||||
## Known issue IPv6
|
||||
There is a known issue with VPN providers that support IPv6.
|
||||
To workaround this issue, you need to add the folling lines to your .ovpn file:
|
||||
```
|
||||
pull-filter ignore 'route-ipv6'
|
||||
pull-filter ignore 'ifconfig-ipv6'
|
||||
```
|
||||
Thanks to [Technikte](https://github.com/Technikte) in [Issue #19](https://github.com/DyonR/docker-Jackettvpn/issues/19).
|
||||
|
||||
# Issues
|
||||
If you are having issues with this container please submit an issue on GitHub.
|
||||
Please provide logs, docker version and other information that can simplify reproducing the issue.
|
||||
@ -123,5 +110,4 @@ Using the latest stable verison of Docker is always recommended. Support for old
|
||||
### Credits:
|
||||
[MarkusMcNugen/docker-qBittorrentvpn](https://github.com/MarkusMcNugen/docker-qBittorrentvpn)
|
||||
[DyonR/jackettvpn](https://github.com/DyonR/jackettvpn)
|
||||
This projects originates from MarkusMcNugen/docker-qBittorrentvpn, but forking was not possible since DyonR/jackettvpn uses the fork already.
|
||||
|
||||
This projects originates from MarkusMcNugen/docker-qBittorrentvpn, but forking was not possible since DyonR/jackettvpn uses the fork already.
|
||||
@ -21,15 +21,18 @@ else
|
||||
export VPN_ENABLED="yes"
|
||||
fi
|
||||
|
||||
export DISABLE_IPV6=$(echo "${DISABLE_IPV6,,}")
|
||||
echo "[INFO] DISABLE_IPV6 is set to '${DISABLE_IPV6}'" | ts '%Y-%m-%d %H:%M:%.S'
|
||||
if [[ $DISABLE_IPV6 == "1" || $DISABLE_IPV6 == "true" || $DISABLE_IPV6 == "yes" || $DISABLE_IPV6 == "" ]]; then
|
||||
echo "[INFO] Disabling IPv6 in sysctl" | ts '%Y-%m-%d %H:%M:%.S'
|
||||
sysctl -w net.ipv6.conf.all.disable_ipv6=1 > /dev/null 2>&1
|
||||
else
|
||||
echo "[INFO] Enabling IPv6 in sysctl" | ts '%Y-%m-%d %H:%M:%.S'
|
||||
sysctl -w net.ipv6.conf.all.disable_ipv6=0 > /dev/null 2>&1
|
||||
fi
|
||||
# export LEGACY_IPTABLES=$(echo "${LEGACY_IPTABLES,,}")
|
||||
# echo "[INFO] LEGACY_IPTABLES is set to '${LEGACY_IPTABLES}'" | ts '%Y-%m-%d %H:%M:%.S'
|
||||
# if [[ $LEGACY_IPTABLES == "1" || $LEGACY_IPTABLES == "true" || $LEGACY_IPTABLES == "yes" ]]; then
|
||||
# echo "[INFO] Linking /usr/sbin/iptables-legacy to /usr/sbin/iptables" | ts '%Y-%m-%d %H:%M:%.S'
|
||||
# ln -sf /usr/sbin/iptables-legacy /usr/sbin/iptables > /dev/null 2>&1
|
||||
# echo "[INFO] Linking /usr/sbin/iptables-legacy-save to /usr/sbin/iptables-save" | ts '%Y-%m-%d %H:%M:%.S'
|
||||
# ln -sf /usr/sbin/iptables-legacy-save /usr/sbin/iptables-save > /dev/null 2>&1
|
||||
# echo "[INFO] Linking /usr/sbin/iptables-legacy-restore to /usr/sbin/iptables-restore" | ts '%Y-%m-%d %H:%M:%.S'
|
||||
# ln -sf /usr/sbin/iptables-legacy-restore /usr/sbin/iptables-restore > /dev/null 2>&1
|
||||
# else
|
||||
# echo "[INFO] Not making any changes to iptables" | ts '%Y-%m-%d %H:%M:%.S'
|
||||
# fi
|
||||
|
||||
if [[ $VPN_ENABLED == "yes" ]]; then
|
||||
# Check if VPN_TYPE is set.
|
||||
@ -229,7 +232,7 @@ if [[ $VPN_ENABLED == "yes" ]]; then
|
||||
fi
|
||||
|
||||
elif [[ $VPN_ENABLED == "no" ]]; then
|
||||
echo "[WARNING] !!IMPORTANT!! You have set the VPN to disabled, you will NOT be secure!" | ts '%Y-%m-%d %H:%M:%.S'
|
||||
echo "[WARNING] !!IMPORTANT!! You have set the VPN to disabled, your connection will NOT be secure!" | ts '%Y-%m-%d %H:%M:%.S'
|
||||
fi
|
||||
|
||||
|
||||
@ -259,13 +262,15 @@ if [[ $VPN_ENABLED == "yes" ]]; then
|
||||
if [[ "${VPN_TYPE}" == "openvpn" ]]; then
|
||||
echo "[INFO] Starting OpenVPN..." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
cd /config/openvpn
|
||||
exec openvpn --config "${VPN_CONFIG}" &
|
||||
exec openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --config "${VPN_CONFIG}" &
|
||||
#exec /bin/bash /etc/openvpn/openvpn.init start &
|
||||
else
|
||||
echo "[INFO] Starting WireGuard..." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
cd /config/wireguard
|
||||
wg-quick down $VPN_CONFIG || echo "WireGuard is down already" | ts '%Y-%m-%d %H:%M:%.S' # Run wg-quick down as an extra safeguard in case WireGuard is still up for some reason
|
||||
sleep 0.5 # Just to give WireGuard a bit to go down
|
||||
if ip link | grep -q `basename -s .conf $VPN_CONFIG`; then
|
||||
wg-quick down $VPN_CONFIG || echo "WireGuard is down already" | ts '%Y-%m-%d %H:%M:%.S' # Run wg-quick down as an extra safeguard in case WireGuard is still up for some reason
|
||||
sleep 0.5 # Just to give WireGuard a bit to go down
|
||||
fi
|
||||
wg-quick up $VPN_CONFIG
|
||||
#exec /bin/bash /etc/openvpn/openvpn.init start &
|
||||
fi
|
||||
|
||||
@ -39,36 +39,32 @@ if [[ ${ENABLE_SSL} == 'yes' ]]; then
|
||||
openssl req -new -x509 -nodes -out /config/qBittorrent/config/WebUICertificate.crt -keyout /config/qBittorrent/config/WebUIKey.key -subj "/C=NL/ST=localhost/L=localhost/O=/OU=/CN="
|
||||
chown -R ${PUID}:${PGID} /config/qBittorrent/config
|
||||
fi
|
||||
if grep -Fxq 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' "/config/qBittorrent/config/qBittorrent.conf"
|
||||
then
|
||||
echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUICertificate.crt loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
else
|
||||
echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUICertificate.crt loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
echo 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' >> "/config/qBittorrent/config/qBittorrent.conf"
|
||||
if grep -Fxq 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' "/config/qBittorrent/config/qBittorrent.conf"; then
|
||||
echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUICertificate.crt loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
else
|
||||
echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUICertificate.crt loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
echo 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' >> "/config/qBittorrent/config/qBittorrent.conf"
|
||||
fi
|
||||
if grep -Fxq 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' "/config/qBittorrent/config/qBittorrent.conf"
|
||||
then
|
||||
echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUIKey.key loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
else
|
||||
echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUIKey.key loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
echo 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' >> "/config/qBittorrent/config/qBittorrent.conf"
|
||||
if grep -Fxq 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' "/config/qBittorrent/config/qBittorrent.conf"; then
|
||||
echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUIKey.key loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
else
|
||||
echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUIKey.key loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
echo 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' >> "/config/qBittorrent/config/qBittorrent.conf"
|
||||
fi
|
||||
if grep -xq 'WebUI\\HTTPS\\Enabled=true\|WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf"
|
||||
then
|
||||
if grep -xq 'WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf"
|
||||
then
|
||||
echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled set to false, changing it to true." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
sed -i 's/WebUI\\HTTPS\\Enabled=false/WebUI\\HTTPS\\Enabled=true/g' "/config/qBittorrent/config/qBittorrent.conf"
|
||||
else
|
||||
echo "[INFO] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled already set to true." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
fi
|
||||
if grep -xq 'WebUI\\HTTPS\\Enabled=true\|WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf"; then
|
||||
if grep -xq 'WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf"; then
|
||||
echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled set to false, changing it to true." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
sed -i 's/WebUI\\HTTPS\\Enabled=false/WebUI\\HTTPS\\Enabled=true/g' "/config/qBittorrent/config/qBittorrent.conf"
|
||||
else
|
||||
echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUI\HTTPS\Enabled loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
echo 'WebUI\HTTPS\Enabled=true' >> "/config/qBittorrent/config/qBittorrent.conf"
|
||||
echo "[INFO] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled already set to true." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
fi
|
||||
else
|
||||
echo "[WARNING] ENABLE_SSL is set to ${ENABLE_SSL}, SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID)." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
echo "[WARNING] If you manage the SSL config yourself, you can ignore this." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
else
|
||||
echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUI\HTTPS\Enabled loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
echo 'WebUI\HTTPS\Enabled=true' >> "/config/qBittorrent/config/qBittorrent.conf"
|
||||
fi
|
||||
else
|
||||
echo "[WARNING] ENABLE_SSL is set to ${ENABLE_SSL}, SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID)." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
echo "[WARNING] If you manage the SSL config yourself, you can ignore this." | ts '%Y-%m-%d %H:%M:%.S'
|
||||
fi
|
||||
|
||||
# Check if the PGID exists, if not create the group with the name 'qbittorrent'
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user