diff --git a/Dockerfile b/Dockerfile index 22c0f87..0456a10 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,16 +7,19 @@ RUN usermod -u 99 nobody # Make directories RUN mkdir -p /downloads /config/qBittorrent /etc/openvpn /etc/qbittorrent -# Compile and install Boost +# Install boost RUN apt update \ && apt -y upgrade \ && apt -y install --no-install-recommends \ curl \ ca-certificates \ g++ \ - && curl -o /opt/boost_1_75_0.tar.gz -L https://dl.bintray.com/boostorg/release/1.75.0/source/boost_1_75_0.tar.gz \ - && tar -xzf boost_1_75_0.tar.gz \ - && cd /opt/boost_1_75_0 \ + libxml2-utils \ + && BOOST_VERSION_DOT=$(curl -sX GET "https://www.boost.org/feed/news.rss" | xmllint --xpath '//rss/channel/item/title/text()' - | awk -F 'Version' '{print $2 FS}' - | sed -e 's/Version//g;s/\ //g' | awk 'NR==1{print $1}' -) \ + && BOOST_VERSION=$(echo ${BOOST_VERSION_DOT} | head -n 1 | sed -e 's/\./_/g') \ + && curl -o /opt/boost_${BOOST_VERSION}.tar.gz -L https://dl.bintray.com/boostorg/release/${BOOST_VERSION_DOT}/source/boost_${BOOST_VERSION}.tar.gz \ + && tar -xzf /opt/boost_${BOOST_VERSION}.tar.gz -C /opt \ + && cd /opt/boost_${BOOST_VERSION} \ && ./bootstrap.sh --prefix=/usr \ && ./b2 --prefix=/usr install \ && cd /opt \ @@ -25,6 +28,7 @@ RUN apt update \ curl \ ca-certificates \ g++ \ + libxml2-utils \ && apt-get clean \ && apt -y autoremove \ && rm -rf \ @@ -32,7 +36,6 @@ RUN apt update \ /tmp/* \ /var/tmp/* -# Compile and install libtorrent-rasterbar # Install Ninja RUN apt update \ && apt upgrade -y \ @@ -209,4 +212,4 @@ RUN chmod +x /etc/qbittorrent/*.sh /etc/qbittorrent/*.init /etc/openvpn/*.sh EXPOSE 8080 EXPOSE 8999 EXPOSE 8999/udp -CMD ["/bin/bash", "/etc/openvpn/start.sh"] +CMD ["/bin/bash", "/etc/openvpn/start.sh"] \ No newline at end of file diff --git a/README.md b/README.md index ef7d36e..e49782c 100644 --- a/README.md +++ b/README.md @@ -11,12 +11,13 @@ Docker container which runs the latest [qBittorrent](https://github.com/qbittorr * Base: Debian 10-slim * [qBittorrent](https://github.com/qbittorrent/qBittorrent) compiled from source * [libtorrent](https://github.com/arvidn/libtorrent) compiled from source +* Compiled with the latest version of [Boost](https://www.boost.org/) +* Compiled with the latest versions of [CMake](https://cmake.org/) * Selectively enable or disable WireGuard or OpenVPN support * IP tables killswitch to prevent IP leaking when VPN connection fails -* Specify name servers to add to container -* Configure UID and GID for config files and /downloads for qBittorrent +* Configurable UID and GID for config files and /downloads for qBittorrent * Created with [Unraid](https://unraid.net/) in mind -* BitTorrent port 8999 by default +* BitTorrent port 8999 exposed by default # Run container from Docker registry The container is available from the Docker registry and this is the simplest way to get it @@ -29,7 +30,6 @@ $ docker run --privileged -d \ -e "VPN_ENABLED=yes" \ -e "VPN_TYPE=wireguard" \ -e "LAN_NETWORK=192.168.0.0/24" \ - -e "NAME_SERVERS=1.1.1.1,1.0.0.1" \ -p 8080:8080 \ --restart unless-stopped \ dyonr/qbittorrentvpn @@ -52,13 +52,9 @@ $ docker run --privileged -d \ |`HEALTH_CHECK_HOST`| No |This is the host or IP that the healthcheck script will use to check an active connection|`HEALTH_CHECK_HOST=one.one.one.one`|`one.one.one.one`| |`HEALTH_CHECK_INTERVAL`| No |This is the time in seconds that the container waits to see if the internet connection still works (check if VPN died)|`HEALTH_CHECK_INTERVAL=300`|`300`| |`HEALTH_CHECK_SILENT`| No |Set to `1` to supress the 'Network is up' message. Defaults to `1` if unset.|`HEALTH_CHECK_SILENT=1`|`1`| -|`DISABLE_IPV6`\*| No |Setting the value of this to `0` will **enable** IPv6 in sysctl. `1` will disable IPv6 in sysctl.|`DISABLE_IPV6=1`|`1`| |`INSTALL_PYTHON3`| No |Set this to `yes` to let the container install Python3.|`INSTALL_PYTHON3=yes`|`no`| |`ADDITIONAL_PORTS`| No |Adding a comma delimited list of ports will allow these ports via the iptables script.|`ADDITIONAL_PORTS=1234,8112`|| -\*This option was initially added as a way to fix problems with VPN providers that support IPv6 and might not work at all. I am unable to test this since my VPN provider does not support IPv6, nor I have an IPv6 connection. - - ## Volumes | Volume | Required | Function | Example | |----------|----------|----------|----------| @@ -73,7 +69,7 @@ $ docker run --privileged -d \ | `8999` | UDP | Yes | qBittorrent UDP Listening Port | `8999:8999/udp`| # Access the WebUI -Access http://IPADDRESS:PORT from a browser on the same network. (for example: http://192.168.0.90:8080) +Access https://IPADDRESS:PORT from a browser on the same network. (for example: https://192.168.0.90:8080) ## Default Credentials @@ -106,15 +102,6 @@ User ID (PUID) and Group ID (PGID) can be found by issuing the following command id ``` -## Known issue IPv6 -There is a known issue with VPN providers that support IPv6. -To workaround this issue, you need to add the folling lines to your .ovpn file: -``` -pull-filter ignore 'route-ipv6' -pull-filter ignore 'ifconfig-ipv6' -``` -Thanks to [Technikte](https://github.com/Technikte) in [Issue #19](https://github.com/DyonR/docker-Jackettvpn/issues/19). - # Issues If you are having issues with this container please submit an issue on GitHub. Please provide logs, docker version and other information that can simplify reproducing the issue. @@ -123,5 +110,4 @@ Using the latest stable verison of Docker is always recommended. Support for old ### Credits: [MarkusMcNugen/docker-qBittorrentvpn](https://github.com/MarkusMcNugen/docker-qBittorrentvpn) [DyonR/jackettvpn](https://github.com/DyonR/jackettvpn) -This projects originates from MarkusMcNugen/docker-qBittorrentvpn, but forking was not possible since DyonR/jackettvpn uses the fork already. - +This projects originates from MarkusMcNugen/docker-qBittorrentvpn, but forking was not possible since DyonR/jackettvpn uses the fork already. \ No newline at end of file diff --git a/openvpn/start.sh b/openvpn/start.sh index 26392fa..62f316a 100644 --- a/openvpn/start.sh +++ b/openvpn/start.sh @@ -21,15 +21,18 @@ else export VPN_ENABLED="yes" fi -export DISABLE_IPV6=$(echo "${DISABLE_IPV6,,}") -echo "[INFO] DISABLE_IPV6 is set to '${DISABLE_IPV6}'" | ts '%Y-%m-%d %H:%M:%.S' -if [[ $DISABLE_IPV6 == "1" || $DISABLE_IPV6 == "true" || $DISABLE_IPV6 == "yes" || $DISABLE_IPV6 == "" ]]; then - echo "[INFO] Disabling IPv6 in sysctl" | ts '%Y-%m-%d %H:%M:%.S' - sysctl -w net.ipv6.conf.all.disable_ipv6=1 > /dev/null 2>&1 -else - echo "[INFO] Enabling IPv6 in sysctl" | ts '%Y-%m-%d %H:%M:%.S' - sysctl -w net.ipv6.conf.all.disable_ipv6=0 > /dev/null 2>&1 -fi +# export LEGACY_IPTABLES=$(echo "${LEGACY_IPTABLES,,}") +# echo "[INFO] LEGACY_IPTABLES is set to '${LEGACY_IPTABLES}'" | ts '%Y-%m-%d %H:%M:%.S' +# if [[ $LEGACY_IPTABLES == "1" || $LEGACY_IPTABLES == "true" || $LEGACY_IPTABLES == "yes" ]]; then +# echo "[INFO] Linking /usr/sbin/iptables-legacy to /usr/sbin/iptables" | ts '%Y-%m-%d %H:%M:%.S' +# ln -sf /usr/sbin/iptables-legacy /usr/sbin/iptables > /dev/null 2>&1 +# echo "[INFO] Linking /usr/sbin/iptables-legacy-save to /usr/sbin/iptables-save" | ts '%Y-%m-%d %H:%M:%.S' +# ln -sf /usr/sbin/iptables-legacy-save /usr/sbin/iptables-save > /dev/null 2>&1 +# echo "[INFO] Linking /usr/sbin/iptables-legacy-restore to /usr/sbin/iptables-restore" | ts '%Y-%m-%d %H:%M:%.S' +# ln -sf /usr/sbin/iptables-legacy-restore /usr/sbin/iptables-restore > /dev/null 2>&1 +# else +# echo "[INFO] Not making any changes to iptables" | ts '%Y-%m-%d %H:%M:%.S' +# fi if [[ $VPN_ENABLED == "yes" ]]; then # Check if VPN_TYPE is set. @@ -229,7 +232,7 @@ if [[ $VPN_ENABLED == "yes" ]]; then fi elif [[ $VPN_ENABLED == "no" ]]; then - echo "[WARNING] !!IMPORTANT!! You have set the VPN to disabled, you will NOT be secure!" | ts '%Y-%m-%d %H:%M:%.S' + echo "[WARNING] !!IMPORTANT!! You have set the VPN to disabled, your connection will NOT be secure!" | ts '%Y-%m-%d %H:%M:%.S' fi @@ -259,13 +262,15 @@ if [[ $VPN_ENABLED == "yes" ]]; then if [[ "${VPN_TYPE}" == "openvpn" ]]; then echo "[INFO] Starting OpenVPN..." | ts '%Y-%m-%d %H:%M:%.S' cd /config/openvpn - exec openvpn --config "${VPN_CONFIG}" & + exec openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --config "${VPN_CONFIG}" & #exec /bin/bash /etc/openvpn/openvpn.init start & else echo "[INFO] Starting WireGuard..." | ts '%Y-%m-%d %H:%M:%.S' cd /config/wireguard - wg-quick down $VPN_CONFIG || echo "WireGuard is down already" | ts '%Y-%m-%d %H:%M:%.S' # Run wg-quick down as an extra safeguard in case WireGuard is still up for some reason - sleep 0.5 # Just to give WireGuard a bit to go down + if ip link | grep -q `basename -s .conf $VPN_CONFIG`; then + wg-quick down $VPN_CONFIG || echo "WireGuard is down already" | ts '%Y-%m-%d %H:%M:%.S' # Run wg-quick down as an extra safeguard in case WireGuard is still up for some reason + sleep 0.5 # Just to give WireGuard a bit to go down + fi wg-quick up $VPN_CONFIG #exec /bin/bash /etc/openvpn/openvpn.init start & fi diff --git a/qbittorrent/start.sh b/qbittorrent/start.sh index 0b95acc..02bfff4 100644 --- a/qbittorrent/start.sh +++ b/qbittorrent/start.sh @@ -39,36 +39,32 @@ if [[ ${ENABLE_SSL} == 'yes' ]]; then openssl req -new -x509 -nodes -out /config/qBittorrent/config/WebUICertificate.crt -keyout /config/qBittorrent/config/WebUIKey.key -subj "/C=NL/ST=localhost/L=localhost/O=/OU=/CN=" chown -R ${PUID}:${PGID} /config/qBittorrent/config fi - if grep -Fxq 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' "/config/qBittorrent/config/qBittorrent.conf" - then - echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUICertificate.crt loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S' - else - echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUICertificate.crt loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S' - echo 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' >> "/config/qBittorrent/config/qBittorrent.conf" + if grep -Fxq 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' "/config/qBittorrent/config/qBittorrent.conf"; then + echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUICertificate.crt loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S' + else + echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUICertificate.crt loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S' + echo 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' >> "/config/qBittorrent/config/qBittorrent.conf" fi - if grep -Fxq 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' "/config/qBittorrent/config/qBittorrent.conf" - then - echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUIKey.key loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S' - else - echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUIKey.key loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S' - echo 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' >> "/config/qBittorrent/config/qBittorrent.conf" + if grep -Fxq 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' "/config/qBittorrent/config/qBittorrent.conf"; then + echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUIKey.key loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S' + else + echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUIKey.key loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S' + echo 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' >> "/config/qBittorrent/config/qBittorrent.conf" fi - if grep -xq 'WebUI\\HTTPS\\Enabled=true\|WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf" - then - if grep -xq 'WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf" - then - echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled set to false, changing it to true." | ts '%Y-%m-%d %H:%M:%.S' - sed -i 's/WebUI\\HTTPS\\Enabled=false/WebUI\\HTTPS\\Enabled=true/g' "/config/qBittorrent/config/qBittorrent.conf" - else - echo "[INFO] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled already set to true." | ts '%Y-%m-%d %H:%M:%.S' - fi + if grep -xq 'WebUI\\HTTPS\\Enabled=true\|WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf"; then + if grep -xq 'WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf"; then + echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled set to false, changing it to true." | ts '%Y-%m-%d %H:%M:%.S' + sed -i 's/WebUI\\HTTPS\\Enabled=false/WebUI\\HTTPS\\Enabled=true/g' "/config/qBittorrent/config/qBittorrent.conf" else - echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUI\HTTPS\Enabled loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S' - echo 'WebUI\HTTPS\Enabled=true' >> "/config/qBittorrent/config/qBittorrent.conf" + echo "[INFO] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled already set to true." | ts '%Y-%m-%d %H:%M:%.S' fi - else - echo "[WARNING] ENABLE_SSL is set to ${ENABLE_SSL}, SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID)." | ts '%Y-%m-%d %H:%M:%.S' - echo "[WARNING] If you manage the SSL config yourself, you can ignore this." | ts '%Y-%m-%d %H:%M:%.S' + else + echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUI\HTTPS\Enabled loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S' + echo 'WebUI\HTTPS\Enabled=true' >> "/config/qBittorrent/config/qBittorrent.conf" + fi +else + echo "[WARNING] ENABLE_SSL is set to ${ENABLE_SSL}, SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID)." | ts '%Y-%m-%d %H:%M:%.S' + echo "[WARNING] If you manage the SSL config yourself, you can ignore this." | ts '%Y-%m-%d %H:%M:%.S' fi # Check if the PGID exists, if not create the group with the name 'qbittorrent'