Laziness2945

joined 1 year ago
 

Hello everyone. This is my first dive into this world so be patient and keep it as simple as possible.

...
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=1000
      - WEBUI_PORT=8080
    volumes:
      - ##
      - ##
    restart: unless-stopped 
    network_mode: "service:gluetun"
    depends_on:
      gluetun:
        condition: service_healthy

  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=##
      - WIREGUARD_ADDRESSES=##
      - SERVER_COUNTRIES=Sweden
      - OWNED_ONLY=yes
    ports:
      - 8080:8080 #qbit
      - 7878:7878 #radarr
      - 9696:9696 #prowlarr
      - 8989:8989 #sonarr
      - 3001:3001 #firefox
    restart: unless-stopped

This is how i setup my qbittorent and my gluetun composes. They are both in the same file, together with other services such as the arr suite. To make the arr suite talk with qbit i attached it to the gluetun container. Probably this is unnecessary, but i dont mind it. I still can access the webUIs via 192.168.*.**:1234 so unless it is a problem id like to keep it like this. In the Arr suite settings when it came to download control i had to set 127.0.0.1:8080 as the address of qbit to make it work. If you are wondering why there is a port to firefox, it is because i use it to check my ip and things like that when running behind the VPN. Is this a risk? I dont plan to do anything else apart from that.

One thing i added to basically all gluetun's composes i found online is "restart: unless-stopped". Is there a reason why it does not come suggested by default?

I tried to play with Linux ISOs to check that everything was working, and it seemed to be but i dont really have a way to check that my real IP is not being broadcast. On the otherhand thanks to a miscopied WG key i saw that until the container became healthy, all the others werent working. Or at least i couldnt access them.

The only thing missing from having a functioning media server is setting up prowlarr, but before i do it i want to make sure that i did everything right.

Do you see any issues with this setup?

Anything i can improve? Keep in mind that my knowledge is very limited, i cant change router settings so everything i do must be done on the machine and i dont plan to access anything from outside my house.

 

Hello. Im a newbie when it comes to docker, self-hosting and networking.

Im setting up a media server. So far i managed to set up all the docker containers i need without issues. What im missing now is only a VPN. As far as i managed to understand, there are two ways i can run a VPN: as a docker container or as a normal system applications.

I still havent chosen a VPN, but for the sake of it lets assume it has either a CLI native application (.deb, .rpm etc) and/or the possibility of exporting OpenVPN/WG profiles.

At first i tried, just to test, to run via a wireguard config file with Proton VPN. It worked, but now it came the problem: since the network was on the machine and not on docker, i couldnt bind my qbittorent container to it and that is a must. The second issue was that i wasnt using the VPN's DNS service, but my ISP's. Probably all i need is to add a line of text or two in the .conf and thats it, but it is still something i need to figure out.

My idea is to run a standalone application outside docker, dont run qbittorent as a docker container but as a .deb and then make it talk to the containers via common folders. Now comes the second problem: directories. Since i have the *arr suite setup, it needs to manage folders. As long as qbit was a container, all i had to do was set up the correct paths in the compose file, but now i had qbit talking to the actual path (/home/...../media/....) while the containers where seeing another thing (/media/....) so i had to recreate the complete path in its entirety for the containers. It should work, but i have no way of testing it.

I know you can run wireguard containers and then route all the containers that need a VPN through that, but it is something i would need to look up and frankly i cant see the benefits of doing it via docker instead of the system's wireguard manager.

How do you suggest i go forward? I dont need the absolute best solution, just one that works and is safe (i must bind qbit to the VPN connection, kill switch is not enough) keeping in mind my very limited knowledge so easier is better. If one day i decide to go for something better but for sophisticated, there is always time.