Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54443 readers

1128 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

💰 Please help cover server costs.


Ko-fi	Liberapay

founded 1 year ago

MODERATORS

db0@lemmy.dbzer0.com

sunbrothersco@lemmy.dbzer0.com

dataprolet@lemmy.dbzer0.com

Flatworm7591@lemmy.dbzer0.com

RandomLegend@lemmy.dbzer0.com

VPN + Torrent Client in Docker Compose (feddit.de)

submitted 1 year ago by koorool@feddit.de to c/piracy@lemmy.dbzer0.com

21 comments fedilink hide all child comments

Arr, my friends. I have an old laptop already running some servoces on docker 24/7 at home and looking to extend it's functionalities to become torrent downloader with media server for TV. Need VPN for obvious reasons.

I was wondering if there are already all-in-one solutions to just run docler compose file and get 2 containers: one running torrent client with all traffic via VPN in another?

I plan to use Mullvad VPN.

you are viewing a single comment's thread
view the rest of the comments

[–] Kekin@lemy.lol 2 points 1 year ago (3 children)

I recently went through setting this up. I can give you a base compose.yaml based on the one I have

For the wireguard config, you would throw your .conf file to /path/to/wireguard/config, like so: /path/to/wireguard/config/wg0.conf

This setup assumes you have ipv6 working and enabled. The wg0.conf would also have the VPNs ipv6 address. I use Mullvad too btw.

You can access Qbittorrent's web UI through http://localhost:8090.

I'd like to note that the image I use for Qbittorrent has support built in for VPN, but with the setup I have I basically have the wireguard container with its network, and multiple containers on that same network. In theory it should work with other bittorrent clients.

And the docker images for reference:

version: '3.7'
services:
    wireguard:
        image: lscr.io/linuxserver/wireguard:latest
        container_name: wireguard
        cap_add:
          - NET_ADMIN
          - SYS_MODULE #optional
        networks:
          - wireguard_network
        environment:
          - PUID=1000
          - PGID=1000
          - TZ=Etc/UTC
        volumes:
          - /path/to/wireguard/config:/config
          - /lib/modules:/lib/modules #optional
        ports:
          - 51820:51820/udp   # Wireguard
          - 8090:8090         # QBittorrent
        sysctls:
          - net.ipv4.conf.all.src_valid_mark=1
          - net.ipv6.conf.all.disable_ipv6=0
        restart: unless-stopped

    qbittorrentvpn:
        privileged: true
        container_name: qbtwg
        network_mode: service:wireguard
        depends_on:
            - wireguard
        volumes:
            - '/path/to/qbtconfig/:/config'
            - '/path/to/downloads/:/downloads'
        environment:
            - VPN_ENABLED=no
            - VPN_TYPE=wireguard
            - PUID=1000
            - PGID=1000
            - LAN_NETWORK=192.168.1.0/24
            - 'NAME_SERVERS=1.1.1.1,1.0.0.1'
        restart: unless-stopped
        image: dyonr/qbittorrentvpn
networks:
  wireguard_network:
    driver: bridge

[–] max2078@lemmy.dbzer0.com 1 points 1 year ago (1 children)

Don‘t run privileged images! Drop all CAPS, enable no-new-privileged, use non-privileged users only.

[–] Kekin@lemy.lol 1 points 1 year ago (1 children)

Hey there, thanks for the tips. It seems I can't get the wireguard container working without the NET_ADMIN CAP. I looked at the gluetun image and it has it too. Is it possible to run a docker wireguard client without that CAP?

[–] Andi@feddit.uk 1 points 1 year ago

Wireguard needs kernel access so needs to run privileged.

load more comments (1 replies)