this post was submitted on 30 Oct 2023
16 points (90.0% liked)

Selfhosted

40296 readers
510 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
16
Prowlarr VPN/proxy advice (self.selfhosted)
submitted 1 year ago* (last edited 1 year ago) by Elkenders to c/selfhosted@lemmy.world
 

Been having a frustrating but rewarding time setting up my first server with some advice from you all. Learned a lot and feel like I'm almost there with a lot of it. One thing I've really been struggling with is public indexers on Prowlarr. In the UK I can only access them behind a VPN but Prowlarr can't access the rest of the suite if it goes behind Gluetun.

I feel like I've tried everything, it seems that I likely want to use the indexer proxy built into Prowlarr but I must be doing something wrong as it's always refused or never resolves. I did read something about privoxy which I did try and look into but no success. Considered just leaving the whole thing for usenet but I'd just love to get some public trackers working successfully in the UK. Does anyone have any advice to someone still learning please?

Thanks all!

Edit: Thanks all for your input! I got it workihg by adding httpproxy=on to Gluetun then adding the http proxy deets into the Prowlarr http proxy page.

all 21 comments
sorted by: hot top controversial new old
[–] anzo@programming.dev 4 points 1 year ago* (last edited 1 year ago) (2 children)

Containers sharing the same network (e.g. gluetun) should be able to see each other's by their hostnames, yet the VPN blocks that by its very nature, so... Check out https://github.com/qdm12/gluetun-wiki/blob/main/setup/inter-containers-networking.md

[–] pyt0xic@lemmy.world 1 points 1 year ago

Gluetun is great, but it does not work with docker swarm. I'm using a container running wireguard and Dante as a SOCKS5 proxy, everything that needs a VPN is on an internal overlay network and routes through the proxy container. Only the proxy container is part of the public network and all external traffic goes through the VPN. I use Traefik as a reverse proxy which is part of both the private and public networks. Meaning I can access the private containers (qbitorrent, prowlarr and sonarr) externally through Traefik but they cannot access anything outside the internal private network unless they route though the proxy container.

It's not perfect but it works xD

[–] Elkenders 1 points 1 year ago (1 children)

The trash guides say to avoid putting the arrs through VPN so I only put the torrent client through. Is that what you do?

[–] iluap@lemmy.world 1 points 1 year ago (1 children)

I am in the UK TOO, I use docker on a nas and I only have gluetun and qbittorrent using vpn, all my other containers (sonarr, radarr, bazarr, prowlarr) are kt behind vpn. What do you mean prowlarr cannot access the indexers? If you use the setting for the indexer you should be able to try different URLs for it, check if any of them works.

[–] Elkenders 1 points 1 year ago* (last edited 1 year ago) (1 children)

Sorry don't quite follow. Are the arrs behind VPN on your setup? If I use Gluetun for Prowlarr then I can connect fine to the public trackers, but the information doesn't pass to Sonarr etc. Which makes sense to me, but I don't know how to work around it.

Edit: I've tried all of the alt URLs and still nada also unless it's behind VPN.

[–] iluap@lemmy.world 1 points 1 year ago

In my setup, only qbittorrent container is using the gluetun network, all other "arrs" are using bridge non-VPN connection (my ISP uses CGNAT and I have no need to access them from outside anyway). It may be my ISP does not block those indexers alternative URL's, my previous one didn't either though.

[–] d00phy@lemmy.world 3 points 1 year ago* (last edited 1 year ago) (1 children)

FWIW, all of my *arr, and VPN containers use the same network bridge. Prowlarr and torrent use the VPN service, though having Prowlarr on there is maybe overkill. They're all able to access one another using the bridge gateway + port as the host, e.g.: 172.20.0.1:5050

I mostly used this guide, where he suggests:

I have split out Prowlarr as you may want this running on a VPN connection if your ISP blocks certain indexers. If not copy this section into your compose as well. See my Gluetun guides for more information on adding to a VPN.

One thing I had to make sure of was that the ports for Prowlarr were included in the VPN container setup, rather than the Prowlarr section (b/c it's just connecting to the VPN service):

    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8090:8090 # port for qbittorrent
      - 9696:9696 # For Prowlarr
[–] Elkenders 1 points 1 year ago (2 children)

I wonder if I need to use a proper compose instead of the Portainer stacks function, so they're all on the same network withing docker.

[–] d00phy@lemmy.world 1 points 1 year ago (1 children)

I have VPN, BitTorrent and prowlarr in one "stack" (a project in Synology Container Manager). Everything else is bundled into a separate project. Not sure how portainer would make this work differently. I don't have much experience with that.

[–] Elkenders 1 points 1 year ago

Yeah that makes sense. That's helpful thank you. I finally got it working pretty simply last night. Thanks for the help!

[–] jafea7@lemmy.world 2 points 1 year ago (2 children)

If it's anything like Australia, it's just a matter of not using the ISP's DNS servers. eg. Use Quad9, CF, NextDNS, etc.

[–] Snowplow8861@lemmus.org 1 points 1 year ago

There have been a few cases where ports are blocked. For example on many residential port 25 is blocked. If you pay and get a static ip this often gets unblocked. Same with port 10443 on a few residential services. There's probably more but these are issues I've seen.

If you think about how trivial these are to bypass, but also that often aligns to fixing the problem for why they're blocked. Iirc port 10443 was abused by malicious actors when home routers accepted Nat- pnp from say an unpatched qnap. Automatically forwarding inbound traffic on 10443 to the nas which has terrible security flaws and was part of a wide spread botnet. If you changed the Web port, you probably also are maintaining the qnap maybe. Also port 25 can be bypassed by using start-tls authenticated mail on 587 or 465 and therefore aren't relaying outbound mail spam from infected local computers.

Overall fair enough.

[–] Elkenders 1 points 1 year ago (2 children)

I did try a custom DNS in the Prowlarr compose stack in Portainer but it didn't help unfortunately. Do you do it a different way?

[–] Elkenders 2 points 1 year ago* (last edited 1 year ago)

Omg I was doing DNS wrong in the compose. Totally works now, thank you!

Edit oh no, I thought I'd cracked it but still unable to connect.

[–] jafea7@lemmy.world 1 points 1 year ago (1 children)

I set the computers DNS, not the container ... so everything on the computer will use Quad9, etc.

[–] Elkenders 1 points 1 year ago

Thanks, I tried this but same sitch

[–] Decronym@lemmy.decronym.xyz 1 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CF CloudFlare
CGNAT Carrier-Grade NAT
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
NAT Network Address Translation
VPN Virtual Private Network

5 acronyms in this thread; the most compressed thread commented on today has 13 acronyms.

[Thread #252 for this sub, first seen 30th Oct 2023, 15:50] [FAQ] [Full list] [Contact] [Source code]

[–] lemmy@linkopath.com 1 points 1 year ago (2 children)

It's been a while since I set mine up but I know that most public indexes using a proxy will get blocked by cloudflare at one time or another. Away around that is to use flaresolverr. Not totally sure if that is your problem but it might be a good place to look.

https://github.com/FlareSolverr/FlareSolverr

[–] Elkenders 1 points 1 year ago

I tried flaresolver but still no connecty unfortunately.

[–] Elkenders 1 points 1 year ago

Thank you, I'll have a look. I think I should be able to use the http proxy with my mullvad but I'm just struggling to find information I can follow. I'll check flaresolver in the meantime.