this post was submitted on 07 Aug 2023
19 points (80.6% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54772 readers
386 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Arr, my friends. I have an old laptop already running some servoces on docker 24/7 at home and looking to extend it's functionalities to become torrent downloader with media server for TV. Need VPN for obvious reasons.

I was wondering if there are already all-in-one solutions to just run docler compose file and get 2 containers: one running torrent client with all traffic via VPN in another?

I plan to use Mullvad VPN.

Upd. Updated title to highlight it's a request. Not sure why getting downvotes, please elaborate :)

top 23 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 1 year ago (1 children)

Use gluetun, look up how to configure for your provider. Run a 2nd container for your torrent client, using network_mode: “service:gluetun” to run all your traffic though the vpn. Note that if you’re forwarding ports from your client to e.g. access the web UI, you’ll need to forward them from the gluetun container instead.

[–] [email protected] 1 points 1 year ago

This is definitely the way to do it long term. I’ve used a hybrid download + VPN client but in the end I moved to a split gluetun + client since it offers the best flexibility.

[–] [email protected] 10 points 1 year ago (1 children)

If you want to use transmission as your torrent client I recommend checking out https://github.com/haugene/docker-transmission-openvpn . There are some additional configuration changes needed for mullvad but it should be straightforward.

[–] Switchy85 2 points 1 year ago

This is what I use and love it. Took a bit to get it configured properly with airvpn, but now it's rock solid.

[–] [email protected] 6 points 1 year ago (2 children)

Just google "gluetun + qbittorrent". There are some examples, but in short you want network_mode: "service:gluetun" and depends_on: -gluetun under qbittorrent so it doesnt have connection if gluetun fails.

Gluetun supports a lot of providers, documentation is decent and simple.

But consider airvpn or any other with port forwarding if you want to torrent. Mullvad ditched PF recently 😔

[–] [email protected] 1 points 1 year ago

Thanks for recommendation, didn't know Mullvad discontinued port forwarding. That was a reason I chose them a year ago.

Now will tale a look at ProtonVPN and AirVPN as alternatives.

Your answer is amazing, you covered it all and so concise, that should be on FAQ :)

[–] [email protected] 1 points 1 year ago (1 children)

Meaning no torrent downloads are possible? Or "just" no uploads?

[–] [email protected] 2 points 1 year ago

Meaning both are possible, but its much better with port forwarding. You cant connect to everyone, but for well seeded torrents it shouldnt be an issue.

[–] [email protected] 6 points 1 year ago

No one-stop-shop that I have seen or heard of, but check out Gluetun. https://github.com/qdm12/gluetun

[–] [email protected] 6 points 1 year ago (2 children)

My (almost finished) script creates a setup like this. It doesn't just do a client + VPN, but it can also set up radarr, sonarr, jellyfin, and a couple of other services

https://gitlab.com/hyperspace_/lootarr

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Trash guides say you shouldn’t run the *arr’s through a VPN because you’re likely to get blocked by metadata servers. I only run my download client through the VPN + also use gluetun’s HTTP proxy for Prowlarr’s indexers

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

I wish I could do that as well, but most of the big public trackers are blocked where I live. I need to run Sonarr and the like through the VPN because I can't search through the trackers otherwise

I haven't heard of prowlarr's HTTP proxy. Do you have a link to more info about it?

[–] [email protected] 1 points 1 year ago

Sure, the docs are pretty minimal though: https://wiki.servarr.com/prowlarr/settings (just click on Proxy)

Basically you can configure a proxy (from your VPN provider for example) for each indexer (or font add a tag to apply it to all of them), and queries to indexers will run through there. This avoids Sonarr making calls to TVDB or whatever through the VPN and getting blocked.

[–] [email protected] 1 points 1 year ago (1 children)

This is a great work! Documentation is clear to a person not familiar with the topic (me). Will try that out and provide feedback, thank you!

[–] [email protected] 2 points 1 year ago

I'm currently in the process of a complete rewrite. Once the v2 tag is out I can actually go into deeper feedback :)

[–] [email protected] 4 points 1 year ago

Don‘t use two images, just use qbittorrentvpn

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

I use portainer for stacks so idk how you do it manually... But a stack with Gluetun and any apps that you use the VPN. I have Firefox(kasm) in my stack with the homepage set to ipleak to double check the VPN

https://hub.docker.com/r/qmcgaw/gluetun

[–] [email protected] 3 points 1 year ago (1 children)

I recently went through setting this up. I can give you a base compose.yaml based on the one I have

For the wireguard config, you would throw your .conf file to /path/to/wireguard/config, like so: /path/to/wireguard/config/wg0.conf

This setup assumes you have ipv6 working and enabled. The wg0.conf would also have the VPNs ipv6 address. I use Mullvad too btw.

You can access Qbittorrent's web UI through http://localhost:8090.

I'd like to note that the image I use for Qbittorrent has support built in for VPN, but with the setup I have I basically have the wireguard container with its network, and multiple containers on that same network. In theory it should work with other bittorrent clients.

And the docker images for reference:

version: '3.7'
services:
    wireguard:
        image: lscr.io/linuxserver/wireguard:latest
        container_name: wireguard
        cap_add:
          - NET_ADMIN
          - SYS_MODULE #optional
        networks:
          - wireguard_network
        environment:
          - PUID=1000
          - PGID=1000
          - TZ=Etc/UTC
        volumes:
          - /path/to/wireguard/config:/config
          - /lib/modules:/lib/modules #optional
        ports:
          - 51820:51820/udp   # Wireguard
          - 8090:8090         # QBittorrent
        sysctls:
          - net.ipv4.conf.all.src_valid_mark=1
          - net.ipv6.conf.all.disable_ipv6=0
        restart: unless-stopped

    qbittorrentvpn:
        privileged: true
        container_name: qbtwg
        network_mode: service:wireguard
        depends_on:
            - wireguard
        volumes:
            - '/path/to/qbtconfig/:/config'
            - '/path/to/downloads/:/downloads'
        environment:
            - VPN_ENABLED=no
            - VPN_TYPE=wireguard
            - PUID=1000
            - PGID=1000
            - LAN_NETWORK=192.168.1.0/24
            - 'NAME_SERVERS=1.1.1.1,1.0.0.1'
        restart: unless-stopped
        image: dyonr/qbittorrentvpn
networks:
  wireguard_network:
    driver: bridge
[–] [email protected] 1 points 1 year ago (1 children)

Don‘t run privileged images! Drop all CAPS, enable no-new-privileged, use non-privileged users only.

[–] [email protected] 2 points 1 year ago (1 children)

Hey there, thanks for the tips. It seems I can't get the wireguard container working without the NET_ADMIN CAP. I looked at the gluetun image and it has it too. Is it possible to run a docker wireguard client without that CAP?

[–] [email protected] 2 points 1 year ago

Wireguard needs kernel access so needs to run privileged.

[–] [email protected] 3 points 1 year ago

I figured you wanted a 4th person telling you to use Gluetun. The biggest advantage is that it can run anything through the VPN. Not just the torrent client, but also radarr, sonarr, slskd, etc

[–] [email protected] 3 points 1 year ago

I don't do it all in one compose file out of preference, but as others have said Gluetun + your preferred torrent client with all networking going to Gluetun. I've been running this way with deluge for a while now and it's been solid as a rock.