Arr, my friends. I have an old laptop already running some servoces on docker 24/7 at home and looking to extend it’s functionalities to become torrent downloader with media server for TV. Need VPN for obvious reasons.

I was wondering if there are already all-in-one solutions to just run docler compose file and get 2 containers: one running torrent client with all traffic via VPN in another?

I plan to use Mullvad VPN.

Upd. Updated title to highlight it’s a request. Not sure why getting downvotes, please elaborate :)

I don’t do it all in one compose file out of preference, but as others have said Gluetun + your preferred torrent client with all networking going to Gluetun. I’ve been running this way with deluge for a while now and it’s been solid as a rock.

@vd1n@lemmy.ml
link
fedilink
English
3
edit-2
1Y

I use portainer for stacks so idk how you do it manually… But a stack with Gluetun and any apps that you use the VPN. I have Firefox(kasm) in my stack with the homepage set to ipleak to double check the VPN

https://hub.docker.com/r/qmcgaw/gluetun

No one-stop-shop that I have seen or heard of, but check out Gluetun. https://github.com/qdm12/gluetun

@butter@midwest.social
link
fedilink
English
31Y

I figured you wanted a 4th person telling you to use Gluetun. The biggest advantage is that it can run anything through the VPN. Not just the torrent client, but also radarr, sonarr, slskd, etc

@Fenzik@lemmy.ml
link
fedilink
English
141Y

Use gluetun, look up how to configure for your provider. Run a 2nd container for your torrent client, using network_mode: “service:gluetun” to run all your traffic though the vpn. Note that if you’re forwarding ports from your client to e.g. access the web UI, you’ll need to forward them from the gluetun container instead.

@subtext@lemmy.world
link
fedilink
English
11Y

This is definitely the way to do it long term. I’ve used a hybrid download + VPN client but in the end I moved to a split gluetun + client since it offers the best flexibility.

@rambos@lemm.ee
link
fedilink
English
61Y

Just google “gluetun + qbittorrent”. There are some examples, but in short you want network_mode: "service:gluetun" and depends_on: -gluetun under qbittorrent so it doesnt have connection if gluetun fails.

Gluetun supports a lot of providers, documentation is decent and simple.

But consider airvpn or any other with port forwarding if you want to torrent. Mullvad ditched PF recently 😔

@koorool@feddit.de
creator
link
fedilink
English
11Y

Thanks for recommendation, didn’t know Mullvad discontinued port forwarding. That was a reason I chose them a year ago.

Now will tale a look at ProtonVPN and AirVPN as alternatives.

Your answer is amazing, you covered it all and so concise, that should be on FAQ :)

X3I
link
fedilink
English
11Y

Meaning no torrent downloads are possible? Or “just” no uploads?

@rambos@lemm.ee
link
fedilink
English
11Y

Meaning both are possible, but its much better with port forwarding. You cant connect to everyone, but for well seeded torrents it shouldnt be an issue.

@Kekin@lemy.lol
link
fedilink
English
31Y

I recently went through setting this up. I can give you a base compose.yaml based on the one I have

For the wireguard config, you would throw your .conf file to /path/to/wireguard/config, like so: /path/to/wireguard/config/wg0.conf

This setup assumes you have ipv6 working and enabled. The wg0.conf would also have the VPNs ipv6 address. I use Mullvad too btw.

You can access Qbittorrent’s web UI through http://localhost:8090.

I’d like to note that the image I use for Qbittorrent has support built in for VPN, but with the setup I have I basically have the wireguard container with its network, and multiple containers on that same network. In theory it should work with other bittorrent clients.

And the docker images for reference:

version: '3.7'
services:
    wireguard:
        image: lscr.io/linuxserver/wireguard:latest
        container_name: wireguard
        cap_add:
          - NET_ADMIN
          - SYS_MODULE #optional
        networks:
          - wireguard_network
        environment:
          - PUID=1000
          - PGID=1000
          - TZ=Etc/UTC
        volumes:
          - /path/to/wireguard/config:/config
          - /lib/modules:/lib/modules #optional
        ports:
          - 51820:51820/udp   # Wireguard
          - 8090:8090         # QBittorrent
        sysctls:
          - net.ipv4.conf.all.src_valid_mark=1
          - net.ipv6.conf.all.disable_ipv6=0
        restart: unless-stopped

    qbittorrentvpn:
        privileged: true
        container_name: qbtwg
        network_mode: service:wireguard
        depends_on:
            - wireguard
        volumes:
            - '/path/to/qbtconfig/:/config'
            - '/path/to/downloads/:/downloads'
        environment:
            - VPN_ENABLED=no
            - VPN_TYPE=wireguard
            - PUID=1000
            - PGID=1000
            - LAN_NETWORK=192.168.1.0/24
            - 'NAME_SERVERS=1.1.1.1,1.0.0.1'
        restart: unless-stopped
        image: dyonr/qbittorrentvpn
networks:
  wireguard_network:
    driver: bridge

Don‘t run privileged images! Drop all CAPS, enable no-new-privileged, use non-privileged users only.

@Kekin@lemy.lol
link
fedilink
English
21Y

Hey there, thanks for the tips. It seems I can’t get the wireguard container working without the NET_ADMIN CAP. I looked at the gluetun image and it has it too. Is it possible to run a docker wireguard client without that CAP?

Andi
link
fedilink
English
21Y

Wireguard needs kernel access so needs to run privileged.

hyperspace
link
fedilink
61Y

My (almost finished) script creates a setup like this. It doesn’t just do a client + VPN, but it can also set up radarr, sonarr, jellyfin, and a couple of other services

https://gitlab.com/hyperspace_/lootarr

@koorool@feddit.de
creator
link
fedilink
English
11Y

This is a great work! Documentation is clear to a person not familiar with the topic (me). Will try that out and provide feedback, thank you!

hyperspace
link
fedilink
21Y

I’m currently in the process of a complete rewrite. Once the v2 tag is out I can actually go into deeper feedback :)

@Fenzik@lemmy.ml
link
fedilink
English
3
edit-2
1Y

Trash guides say you shouldn’t run the *arr’s through a VPN because you’re likely to get blocked by metadata servers. I only run my download client through the VPN + also use gluetun’s HTTP proxy for Prowlarr’s indexers

hyperspace
link
fedilink
3
edit-2
1Y

I wish I could do that as well, but most of the big public trackers are blocked where I live. I need to run Sonarr and the like through the VPN because I can’t search through the trackers otherwise

I haven’t heard of prowlarr’s HTTP proxy. Do you have a link to more info about it?

@Fenzik@lemmy.ml
link
fedilink
English
11Y

Sure, the docs are pretty minimal though: https://wiki.servarr.com/prowlarr/settings (just click on Proxy)

Basically you can configure a proxy (from your VPN provider for example) for each indexer (or font add a tag to apply it to all of them), and queries to indexers will run through there. This avoids Sonarr making calls to TVDB or whatever through the VPN and getting blocked.

@aliens@infosec.pub
link
fedilink
English
101Y

If you want to use transmission as your torrent client I recommend checking out https://github.com/haugene/docker-transmission-openvpn . There are some additional configuration changes needed for mullvad but it should be straightforward.

This is what I use and love it. Took a bit to get it configured properly with airvpn, but now it’s rock solid.

Don‘t use two images, just use qbittorrentvpn

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
!piracy@lemmy.dbzer0.com
Create a post
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don’t request invites, trade, sell, or self-promote

3. Don’t request or link to specific pirated titles, including DMs

4. Don’t submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

  • 1 user online
  • 106 users / day
  • 270 users / week
  • 1K users / month
  • 3.5K users / 6 months
  • 1 subscriber
  • 3.4K Posts
  • 82.2K Comments
  • Modlog