Merge pull request #10 from DyonR/dev

Add INSTALL_PYTHON3
2020-08-30 03:31:22 +02:00 · 2020-08-30 03:31:22 +02:00 · a2087f771c
commit a2087f771c
parent e8a7764a84 7bfd725166
4 changed files with 84 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -14,7 +14,7 @@ Docker container which runs the latest [qBittorrent](https://github.com/qbittorr
 * Selectively enable or disable WireGuard or OpenVPN support
 * IP tables killswitch to prevent IP leaking when VPN connection fails
 * Specify name servers to add to container
-* Configure UID and GID for config files and blackhole for qBittorrent
+* Configure UID and GID for config files and /downloads for qBittorrent
 * Created with [Unraid](https://unraid.net/) in mind
 * BitTorrent port 8999 by default

@ -27,6 +27,7 @@ $ docker run --privileged  -d \
              -v /your/config/path/:/config \
              -v /your/downloads/path/:/downloads \
              -e "VPN_ENABLED=yes" \
+              -e "VPN_TYPE=wireguard" \
              -e "LAN_NETWORK=192.168.0.0/24" \
              -e "NAME_SERVERS=1.1.1.1,1.0.0.1" \
              -p 8080:8080 \
@ -38,19 +39,21 @@ $ docker run --privileged  -d \
 ## Environment Variables
 | Variable | Required | Function | Example | Default |
 |----------|----------|----------|----------|----------|
-|`VPN_ENABLED`| Yes | Enable VPN? (yes/no)|`VPN_ENABLED=yes`|`yes`|
-|`VPN_TYPE`| Yes | WireGuard or OpenVPN? (wireguard/openvpn)|`VPN_TYPE=wireguard`|`openvpn`|
+|`VPN_ENABLED`| Yes | Enable VPN (yes/no)?|`VPN_ENABLED=yes`|`yes`|
+|`VPN_TYPE`| Yes | WireGuard or OpenVPN (wireguard/openvpn)?|`VPN_TYPE=wireguard`|`openvpn`|
 |`VPN_USERNAME`| No | If username and password provided, configures ovpn file automatically |`VPN_USERNAME=ad8f64c02a2de`||
 |`VPN_PASSWORD`| No | If username and password provided, configures ovpn file automatically |`VPN_PASSWORD=ac98df79ed7fb`||
 |`LAN_NETWORK`| Yes (atleast one) | Comma delimited local Network's with CIDR notation |`LAN_NETWORK=192.168.0.0/24,10.10.0.0/24`||
+|`ENABLE_SSL`| No | Let the container handle SSL (yes/no)? |`ENABLE_SSL=yes`|`yes`|
 |`NAME_SERVERS`| No | Comma delimited name servers |`NAME_SERVERS=1.1.1.1,1.0.0.1`|`1.1.1.1,1.0.0.1`|
-|`PUID`| No | UID applied to config files and blackhole |`PUID=99`|`99`|
-|`PGID`| No | GID applied to config files and blackhole |`PGID=100`|`100`|
+|`PUID`| No | UID applied to /config files and /downloads |`PUID=99`|`99`|
+|`PGID`| No | GID applied to /config files and /downloads  |`PGID=100`|`100`|
 |`UMASK`| No | |`UMASK=002`|`002`|
 |`HEALTH_CHECK_HOST`| No |This is the host or IP that the healthcheck script will use to check an active connection|`HEALTH_CHECK_HOST=one.one.one.one`|`one.one.one.one`|
 |`HEALTH_CHECK_INTERVAL`| No |This is the time in seconds that the container waits to see if the internet connection still works (check if VPN died)|`HEALTH_CHECK_INTERVAL=300`|`300`|
 |`HEALTH_CHECK_SILENT`| No |Set to `1` to supress the 'Network is up' message. Defaults to `1` if unset.|`HEALTH_CHECK_SILENT=1`|`1`|
 |`DISABLE_IPV6`\*| No |Setting the value of this to `0` will **enable** IPv6 in sysctl. `1` will disable IPv6 in sysctl.|`DISABLE_IPV6=1`|`1`|
+|`INSTALL_PYTHON3`| No |Set this to `yes` to let the container install Python3.|`INSTALL_PYTHON3=yes`|`no`|
 |`ADDITIONAL_PORTS`| No |Adding a comma delimited list of ports will allow these ports via the iptables script.|`ADDITIONAL_PORTS=1234,8112`||

 \*This option was initially added as a way to fix problems with VPN providers that support IPv6 and might not work at all. I am unable to test this since my VPN provider does not support IPv6, nor I have an IPv6 connection.
@ -60,7 +63,7 @@ $ docker run --privileged  -d \
 | Volume | Required | Function | Example |
 |----------|----------|----------|----------|
 | `config` | Yes | qBittorrent, WireGuard and OpenVPN config files | `/your/config/path/:/config`|
-| `downloads` | No | Default blackhole path for saving magnet links | `/your/downloads/path/:/downloads`|
+| `downloads` | No | Default downloads path for saving downloads | `/your/downloads/path/:/downloads`|

 ## Ports
 | Port | Proto | Required | Function | Example |
--- a/openvpn/start.sh
+++ b/openvpn/start.sh
@ -13,6 +13,22 @@ if [[ ! -z "${check_network}" ]]; then
 	exit 1
 fi

+export INSTALL_PYTHON3=$(echo "${INSTALL_PYTHON3,,}")
+if [[ $INSTALL_PYTHON3 == "yes" ]]; then
+    echo "[INFO] INSTALL_PYTHON3 defined as '${INSTALL_PYTHON3}'" | ts '%Y-%m-%d %H:%M:%.S'
+    if [ ! -e /usr/bin/python3 ]; then
+        echo "[INFO] Python3 not yet installed, installing..." | ts '%Y-%m-%d %H:%M:%.S'
+        apt -qq update \
+        && apt -qq install python3 \
+        && apt-get clean \
+        && apt -qq autoremove \
+        && rm -rf \
+        /var/lib/apt/lists/* \
+        /tmp/* \
+        /var/tmp/*
+    fi
+fi
+
 export VPN_ENABLED=$(echo "${VPN_ENABLED}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')
 if [[ ! -z "${VPN_ENABLED}" ]]; then
 	echo "[INFO] VPN_ENABLED defined as '${VPN_ENABLED}'" | ts '%Y-%m-%d %H:%M:%.S'
--- a/qbittorrent/qbittorrent.init
+++ b/qbittorrent/qbittorrent.init
@ -1,12 +1,12 @@
 #!/bin/bash
 ### BEGIN INIT INFO
-# Provides: jackett
+# Provides: qBittorrent
 # Required-Start: $remote_fs $syslog
 # Required-Stop: $remote_fs $syslog
 # Default-Start: 2 3 4 5
 # Default-Stop: 0 1 6
-# Short-Description: Starts Jackett
-# Description: Start jackett on start. Change USER= before running
+# Short-Description: Starts qBittorrent
+# Description: Start qBittorrent on start. Change USER= before running
 ### END INIT INFO

 # Author: Jesper Smith
--- a/qbittorrent/start.sh
+++ b/qbittorrent/start.sh
@ -11,28 +11,77 @@ chown -R ${PUID}:${PGID} /downloads

 # Check if ServerConfig.json exists, if not, copy the template over
 if [ ! -e /config/qBittorrent/config/qBittorrent.conf ]; then
-	echo "[INFO] qBittorrent.conf is missing, this is normal for the first launch! Copying template" | ts '%Y-%m-%d %H:%M:%.S'
+	echo "[WARNING] qBittorrent.conf is missing, this is normal for the first launch! Copying template." | ts '%Y-%m-%d %H:%M:%.S'
 	cp /etc/qbittorrent/qBittorrent.conf /config/qBittorrent/config/qBittorrent.conf
 	chmod 755 /config/qBittorrent/config/qBittorrent.conf
 	chown ${PUID}:${PGID} /config/qBittorrent/config/qBittorrent.conf
 fi

-# Check if the PGID exists, if not create the group with the name 'qbittorent'
+# The mess down here checks if SSL is enabled.
+export ENABLE_SSL=$(echo "${ENABLE_SSL,,}")
+if [[ ${ENABLE_SSL} == 'yes' ]]; then
+	echo "[INFO] ENABLE_SSL is set to ${ENABLE_SSL}" | ts '%Y-%m-%d %H:%M:%.S'
+	if [[ ${HOST_OS,,} == 'unraid' ]]; then
+		echo "[SYSTEM] If you use Unraid, and get something like a 'ERR_EMPTY_RESPONSE' in your browser, add https:// to the front of the IP, and/or do this:" | ts '%Y-%m-%d %H:%M:%.S'
+		echo "[SYSTEM] Edit this Docker, change the slider in the top right to 'advanced view' and change http to https at the WebUI setting." | ts '%Y-%m-%d %H:%M:%.S'
+	fi
+	if [ ! -e /config/qBittorrent/config/WebUICertificate.crt ]; then
+		echo "[WARNING] WebUI Certificate is missing, generating a new Certificate and Key" | ts '%Y-%m-%d %H:%M:%.S'
+		openssl req -new -x509 -nodes -out /config/qBittorrent/config/WebUICertificate.crt -keyout /config/qBittorrent/config/WebUIKey.key -subj "/C=NL/ST=localhost/L=localhost/O=/OU=/CN="
+		chown -R ${PUID}:${PGID} /config/qBittorrent/config
+	elif [ ! -e /config/qBittorrent/config/WebUIKey.key ]; then
+		echo "[WARNING] WebUI Key is missing, generating a new Certificate and Key" | ts '%Y-%m-%d %H:%M:%.S'
+		openssl req -new -x509 -nodes -out /config/qBittorrent/config/WebUICertificate.crt -keyout /config/qBittorrent/config/WebUIKey.key -subj "/C=NL/ST=localhost/L=localhost/O=/OU=/CN="
+		chown -R ${PUID}:${PGID} /config/qBittorrent/config
+	fi
+	if grep -Fxq 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' "/config/qBittorrent/config/qBittorrent.conf" 
+		then
+			echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUICertificate.crt loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S'
+		else
+			echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUICertificate.crt loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S'
+			echo 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' >> "/config/qBittorrent/config/qBittorrent.conf"
+	fi
+	if grep -Fxq 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' "/config/qBittorrent/config/qBittorrent.conf" 
+		then
+			echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUIKey.key loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S'
+		else
+			echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUIKey.key loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S'
+			echo 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' >> "/config/qBittorrent/config/qBittorrent.conf"
+	fi
+	if grep -xq 'WebUI\\HTTPS\\Enabled=true\|WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf"
+		then
+			if grep -xq 'WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf"
+				then
+					echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled set to false, changing it to true." | ts '%Y-%m-%d %H:%M:%.S'
+					sed -i 's/WebUI\\HTTPS\\Enabled=false/WebUI\\HTTPS\\Enabled=true/g' "/config/qBittorrent/config/qBittorrent.conf"
+				else
+					echo "[INFO] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled already set to true." | ts '%Y-%m-%d %H:%M:%.S'
+			fi
+		else
+			echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUI\HTTPS\Enabled loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S'
+			echo 'WebUI\HTTPS\Enabled=true' >> "/config/qBittorrent/config/qBittorrent.conf"
+		fi
+		else
+			echo "[WARNING] ENABLE_SSL is set to ${ENABLE_SSL}, SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID)." | ts '%Y-%m-%d %H:%M:%.S'
+			echo "[WARNING] If you manage the SSL config yourself, you can ignore this." | ts '%Y-%m-%d %H:%M:%.S'
+fi
+
+# Check if the PGID exists, if not create the group with the name 'qbittorrent'
 grep $"${PGID}:" /etc/group > /dev/null 2>&1
 if [ $? -eq 0 ]; then
 	echo "[INFO] A group with PGID $PGID already exists in /etc/group, nothing to do." | ts '%Y-%m-%d %H:%M:%.S'
 else
-	echo "[INFO] A group with PGID $PGID does not exist, adding a group called 'qbittorent' with PGID $PGID" | ts '%Y-%m-%d %H:%M:%.S'
-	groupadd -g $PGID qbittorent
+	echo "[INFO] A group with PGID $PGID does not exist, adding a group called 'qbittorrent' with PGID $PGID" | ts '%Y-%m-%d %H:%M:%.S'
+	groupadd -g $PGID qbittorrent
 fi

-# Check if the PUID exists, if not create the user with the name 'qbittorent', with the correct group
+# Check if the PUID exists, if not create the user with the name 'qbittorrent', with the correct group
 grep $"${PUID}:" /etc/passwd > /dev/null 2>&1
 if [ $? -eq 0 ]; then
 	echo "[INFO] An user with PUID $PUID already exists in /etc/passwd, nothing to do." | ts '%Y-%m-%d %H:%M:%.S'
 else
-	echo "[INFO] An user with PUID $PUID does not exist, adding an user called 'qbittorent user' with PUID $PUID" | ts '%Y-%m-%d %H:%M:%.S'
-	useradd -c "qbittorent user" -g $PGID -u $PUID qbittorent
+	echo "[INFO] An user with PUID $PUID does not exist, adding an user called 'qbittorrent user' with PUID $PUID" | ts '%Y-%m-%d %H:%M:%.S'
+	useradd -c "qbittorrent user" -g $PGID -u $PUID qbittorrent
 fi

 # Set the umask