WireGuard

This is an automated archive.

The original was posted on /r/wireguard by /u/Prestigious_Sell_877 on 2024-01-20 08:06:52+00:00.

Hello,

So currently we have our VPN working externally meaning making VPN connections to the server works and is possible to visit each individual docker container from the VPN ip (Example 10.8.0.1:8096)

Issues we are currently having is Sonarr is unable to connect/reach externally when we want to search any tv-series. We've changed the docker compose file multiple times.

What changes would we need to do so we can put sonarr, radarr, etc behind a VPN (Wireguard) while allowing them to still be able to download?

Any help or assistance would be helpful.

version: "3.9"
name: media-stack
services:
  qbittorrent:
    container_name: qbittorrent
    image: lscr.io/linuxserver/qbittorrent:4.6.2
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
      - WEBUI_PORT=5080
    volumes:
      - qbittorrent-config:/config
      - torrent-downloads:/downloads
    ports:
      - 5080:5080
      - 6881:6881
      - 6881:6881/udp
    restart: "unless-stopped"

  radarr:
    container_name: radarr
    image: lscr.io/linuxserver/radarr:5.2.6
    network_mode: service:wireguard
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
#    ports:
#     - 7878:7878
    volumes:
      - radarr-config:/config
      - torrent-downloads:/downloads
    restart: "unless-stopped"

  sonarr:
    image: custom-sonarr
    container_name: sonarr
    cap_add:
      - NET_ADMIN
    network_mode: "service:wireguard"
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    #command: [ "/bin/bash", "-c", "wg-quick up wg0 && /init" ]  # Start WireGuard then Radarr
    volumes:
      - sonarr-config:/config
      - torrent-downloads:/downloads
      - ./sonarrvpn:/etc/wireguard/
#    ports:
#      - 8989:8989
    restart: unless-stopped

  prowlarr:
    container_name: prowlarr
    image: linuxserver/prowlarr:1.11.4
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    volumes:
      - prowlarr-config:/config

    # Comment below ports if VPN is enabled.
    ports:
      - 9696:9696
    restart: unless-stopped

  jellyfin:
    image: linuxserver/jellyfin:10.8.13
    container_name: jellyfin
    network_mode: service:wireguard
 #   networks:
 #     - wireguard
 #     - default  # Allows access from both VPN and local network
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    volumes:
      - jellyfin-config:/config
      - torrent-downloads:/data
  #  ports:
  #    - 8096:8096
  #    - 7359:7359/udp
  #    - 8920:8920
    restart: unless-stopped

  wireguard:
    environment:
      # ⚠️ Required:
      # Change this to your host's public address
      - WG_HOST=PUBLICIP

      # Optional:
      - PASSWORD=password
      - WG_PORT=51820
      # - WG_DEFAULT_ADDRESS=10.8.0.x
      - WG_DEFAULT_DNS=1.1.1.1
      # - WG_MTU=1420
      - WG_ALLOWED_IPS=0.0.0.0/0
      # - WG_PERSISTENT_KEEPALIVE=25
      # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
      # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
      # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
      # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt

    image: ghcr.io/wg-easy/wg-easy
    container_name: wireguard
    volumes:
      - ./etc_wireguard:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - wireguard

volumes:
  torrent-downloads:
  radarr-config:
  sonarr-config:
  prowlarr-config:
  jellyfin-config:
  qbittorrent-config:
  # cleanmyarr-config:

networks:
  wireguard:
    name: wireguard
    driver: bridge
#  default:
#    driver: host