diff --git a/README.md b/README.md index c0f45ce..84ff304 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Docker container which runs the latest [qBittorrent](https://github.com/qbittorr * Selectively enable or disable WireGuard or OpenVPN support * IP tables killswitch to prevent IP leaking when VPN connection fails * Specify name servers to add to container -* Configure UID and GID for config files and blackhole for qBittorrent +* Configure UID and GID for config files and /downloads for qBittorrent * Created with [Unraid](https://unraid.net/) in mind * BitTorrent port 8999 by default @@ -27,6 +27,7 @@ $ docker run --privileged -d \ -v /your/config/path/:/config \ -v /your/downloads/path/:/downloads \ -e "VPN_ENABLED=yes" \ + -e "VPN_TYPE=wireguard" \ -e "LAN_NETWORK=192.168.0.0/24" \ -e "NAME_SERVERS=1.1.1.1,1.0.0.1" \ -p 8080:8080 \ @@ -38,19 +39,21 @@ $ docker run --privileged -d \ ## Environment Variables | Variable | Required | Function | Example | Default | |----------|----------|----------|----------|----------| -|`VPN_ENABLED`| Yes | Enable VPN? (yes/no)|`VPN_ENABLED=yes`|`yes`| -|`VPN_TYPE`| Yes | WireGuard or OpenVPN? (wireguard/openvpn)|`VPN_TYPE=wireguard`|`openvpn`| +|`VPN_ENABLED`| Yes | Enable VPN (yes/no)?|`VPN_ENABLED=yes`|`yes`| +|`VPN_TYPE`| Yes | WireGuard or OpenVPN (wireguard/openvpn)?|`VPN_TYPE=wireguard`|`openvpn`| |`VPN_USERNAME`| No | If username and password provided, configures ovpn file automatically |`VPN_USERNAME=ad8f64c02a2de`|| |`VPN_PASSWORD`| No | If username and password provided, configures ovpn file automatically |`VPN_PASSWORD=ac98df79ed7fb`|| |`LAN_NETWORK`| Yes (atleast one) | Comma delimited local Network's with CIDR notation |`LAN_NETWORK=192.168.0.0/24,10.10.0.0/24`|| +|`ENABLE_SSL`| No | Let the container handle SSL (yes/no)? |`ENABLE_SSL=yes`|`yes`| |`NAME_SERVERS`| No | Comma delimited name servers |`NAME_SERVERS=1.1.1.1,1.0.0.1`|`1.1.1.1,1.0.0.1`| -|`PUID`| No | UID applied to config files and blackhole |`PUID=99`|`99`| -|`PGID`| No | GID applied to config files and blackhole |`PGID=100`|`100`| +|`PUID`| No | UID applied to /config files and /downloads |`PUID=99`|`99`| +|`PGID`| No | GID applied to /config files and /downloads |`PGID=100`|`100`| |`UMASK`| No | |`UMASK=002`|`002`| |`HEALTH_CHECK_HOST`| No |This is the host or IP that the healthcheck script will use to check an active connection|`HEALTH_CHECK_HOST=one.one.one.one`|`one.one.one.one`| |`HEALTH_CHECK_INTERVAL`| No |This is the time in seconds that the container waits to see if the internet connection still works (check if VPN died)|`HEALTH_CHECK_INTERVAL=300`|`300`| |`HEALTH_CHECK_SILENT`| No |Set to `1` to supress the 'Network is up' message. Defaults to `1` if unset.|`HEALTH_CHECK_SILENT=1`|`1`| |`DISABLE_IPV6`\*| No |Setting the value of this to `0` will **enable** IPv6 in sysctl. `1` will disable IPv6 in sysctl.|`DISABLE_IPV6=1`|`1`| +|`INSTALL_PYTHON3`| No |Set this to `yes` to let the container install Python3.|`INSTALL_PYTHON3=yes`|`no`| |`ADDITIONAL_PORTS`| No |Adding a comma delimited list of ports will allow these ports via the iptables script.|`ADDITIONAL_PORTS=1234,8112`|| \*This option was initially added as a way to fix problems with VPN providers that support IPv6 and might not work at all. I am unable to test this since my VPN provider does not support IPv6, nor I have an IPv6 connection. @@ -60,7 +63,7 @@ $ docker run --privileged -d \ | Volume | Required | Function | Example | |----------|----------|----------|----------| | `config` | Yes | qBittorrent, WireGuard and OpenVPN config files | `/your/config/path/:/config`| -| `downloads` | No | Default blackhole path for saving magnet links | `/your/downloads/path/:/downloads`| +| `downloads` | No | Default downloads path for saving downloads | `/your/downloads/path/:/downloads`| ## Ports | Port | Proto | Required | Function | Example | diff --git a/openvpn/start.sh b/openvpn/start.sh index db9f7ed..98647c3 100644 --- a/openvpn/start.sh +++ b/openvpn/start.sh @@ -13,6 +13,22 @@ if [[ ! -z "${check_network}" ]]; then exit 1 fi +export INSTALL_PYTHON3=$(echo "${INSTALL_PYTHON3,,}") +if [[ $INSTALL_PYTHON3 == "yes" ]]; then + echo "[INFO] INSTALL_PYTHON3 defined as '${INSTALL_PYTHON3}'" | ts '%Y-%m-%d %H:%M:%.S' + if [ ! -e /usr/bin/python3 ]; then + echo "[INFO] Python3 not yet installed, installing..." | ts '%Y-%m-%d %H:%M:%.S' + apt -qq update \ + && apt -qq install python3 \ + && apt-get clean \ + && apt -qq autoremove \ + && rm -rf \ + /var/lib/apt/lists/* \ + /tmp/* \ + /var/tmp/* + fi +fi + export VPN_ENABLED=$(echo "${VPN_ENABLED}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') if [[ ! -z "${VPN_ENABLED}" ]]; then echo "[INFO] VPN_ENABLED defined as '${VPN_ENABLED}'" | ts '%Y-%m-%d %H:%M:%.S' diff --git a/qbittorrent/qbittorrent.init b/qbittorrent/qbittorrent.init index 05ddce9..c7b3aac 100644 --- a/qbittorrent/qbittorrent.init +++ b/qbittorrent/qbittorrent.init @@ -1,12 +1,12 @@ #!/bin/bash ### BEGIN INIT INFO -# Provides: jackett +# Provides: qBittorrent # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 -# Short-Description: Starts Jackett -# Description: Start jackett on start. Change USER= before running +# Short-Description: Starts qBittorrent +# Description: Start qBittorrent on start. Change USER= before running ### END INIT INFO # Author: Jesper Smith diff --git a/qbittorrent/start.sh b/qbittorrent/start.sh index 7d41992..3e6836f 100644 --- a/qbittorrent/start.sh +++ b/qbittorrent/start.sh @@ -11,28 +11,77 @@ chown -R ${PUID}:${PGID} /downloads # Check if ServerConfig.json exists, if not, copy the template over if [ ! -e /config/qBittorrent/config/qBittorrent.conf ]; then - echo "[INFO] qBittorrent.conf is missing, this is normal for the first launch! Copying template" | ts '%Y-%m-%d %H:%M:%.S' + echo "[WARNING] qBittorrent.conf is missing, this is normal for the first launch! Copying template." | ts '%Y-%m-%d %H:%M:%.S' cp /etc/qbittorrent/qBittorrent.conf /config/qBittorrent/config/qBittorrent.conf chmod 755 /config/qBittorrent/config/qBittorrent.conf chown ${PUID}:${PGID} /config/qBittorrent/config/qBittorrent.conf fi -# Check if the PGID exists, if not create the group with the name 'qbittorent' +# The mess down here checks if SSL is enabled. +export ENABLE_SSL=$(echo "${ENABLE_SSL,,}") +if [[ ${ENABLE_SSL} == 'yes' ]]; then + echo "[INFO] ENABLE_SSL is set to ${ENABLE_SSL}" | ts '%Y-%m-%d %H:%M:%.S' + if [[ ${HOST_OS,,} == 'unraid' ]]; then + echo "[SYSTEM] If you use Unraid, and get something like a 'ERR_EMPTY_RESPONSE' in your browser, add https:// to the front of the IP, and/or do this:" | ts '%Y-%m-%d %H:%M:%.S' + echo "[SYSTEM] Edit this Docker, change the slider in the top right to 'advanced view' and change http to https at the WebUI setting." | ts '%Y-%m-%d %H:%M:%.S' + fi + if [ ! -e /config/qBittorrent/config/WebUICertificate.crt ]; then + echo "[WARNING] WebUI Certificate is missing, generating a new Certificate and Key" | ts '%Y-%m-%d %H:%M:%.S' + openssl req -new -x509 -nodes -out /config/qBittorrent/config/WebUICertificate.crt -keyout /config/qBittorrent/config/WebUIKey.key -subj "/C=NL/ST=localhost/L=localhost/O=/OU=/CN=" + chown -R ${PUID}:${PGID} /config/qBittorrent/config + elif [ ! -e /config/qBittorrent/config/WebUIKey.key ]; then + echo "[WARNING] WebUI Key is missing, generating a new Certificate and Key" | ts '%Y-%m-%d %H:%M:%.S' + openssl req -new -x509 -nodes -out /config/qBittorrent/config/WebUICertificate.crt -keyout /config/qBittorrent/config/WebUIKey.key -subj "/C=NL/ST=localhost/L=localhost/O=/OU=/CN=" + chown -R ${PUID}:${PGID} /config/qBittorrent/config + fi + if grep -Fxq 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' "/config/qBittorrent/config/qBittorrent.conf" + then + echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUICertificate.crt loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S' + else + echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUICertificate.crt loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S' + echo 'WebUI\HTTPS\CertificatePath=/config/qBittorrent/config/WebUICertificate.crt' >> "/config/qBittorrent/config/qBittorrent.conf" + fi + if grep -Fxq 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' "/config/qBittorrent/config/qBittorrent.conf" + then + echo "[INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUIKey.key loaded, nothing to do." | ts '%Y-%m-%d %H:%M:%.S' + else + echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUIKey.key loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S' + echo 'WebUI\HTTPS\KeyPath=/config/qBittorrent/config/WebUIKey.key' >> "/config/qBittorrent/config/qBittorrent.conf" + fi + if grep -xq 'WebUI\\HTTPS\\Enabled=true\|WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf" + then + if grep -xq 'WebUI\\HTTPS\\Enabled=false' "/config/qBittorrent/config/qBittorrent.conf" + then + echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled set to false, changing it to true." | ts '%Y-%m-%d %H:%M:%.S' + sed -i 's/WebUI\\HTTPS\\Enabled=false/WebUI\\HTTPS\\Enabled=true/g' "/config/qBittorrent/config/qBittorrent.conf" + else + echo "[INFO] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled already set to true." | ts '%Y-%m-%d %H:%M:%.S' + fi + else + echo "[WARNING] /config/qBittorrent/config/qBittorrent.conf doesn't have the WebUI\HTTPS\Enabled loaded. Added it to the config." | ts '%Y-%m-%d %H:%M:%.S' + echo 'WebUI\HTTPS\Enabled=true' >> "/config/qBittorrent/config/qBittorrent.conf" + fi + else + echo "[WARNING] ENABLE_SSL is set to ${ENABLE_SSL}, SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID)." | ts '%Y-%m-%d %H:%M:%.S' + echo "[WARNING] If you manage the SSL config yourself, you can ignore this." | ts '%Y-%m-%d %H:%M:%.S' +fi + +# Check if the PGID exists, if not create the group with the name 'qbittorrent' grep $"${PGID}:" /etc/group > /dev/null 2>&1 if [ $? -eq 0 ]; then echo "[INFO] A group with PGID $PGID already exists in /etc/group, nothing to do." | ts '%Y-%m-%d %H:%M:%.S' else - echo "[INFO] A group with PGID $PGID does not exist, adding a group called 'qbittorent' with PGID $PGID" | ts '%Y-%m-%d %H:%M:%.S' - groupadd -g $PGID qbittorent + echo "[INFO] A group with PGID $PGID does not exist, adding a group called 'qbittorrent' with PGID $PGID" | ts '%Y-%m-%d %H:%M:%.S' + groupadd -g $PGID qbittorrent fi -# Check if the PUID exists, if not create the user with the name 'qbittorent', with the correct group +# Check if the PUID exists, if not create the user with the name 'qbittorrent', with the correct group grep $"${PUID}:" /etc/passwd > /dev/null 2>&1 if [ $? -eq 0 ]; then echo "[INFO] An user with PUID $PUID already exists in /etc/passwd, nothing to do." | ts '%Y-%m-%d %H:%M:%.S' else - echo "[INFO] An user with PUID $PUID does not exist, adding an user called 'qbittorent user' with PUID $PUID" | ts '%Y-%m-%d %H:%M:%.S' - useradd -c "qbittorent user" -g $PGID -u $PUID qbittorent + echo "[INFO] An user with PUID $PUID does not exist, adding an user called 'qbittorrent user' with PUID $PUID" | ts '%Y-%m-%d %H:%M:%.S' + useradd -c "qbittorrent user" -g $PGID -u $PUID qbittorrent fi # Set the umask