Arr, my friends. I have an old laptop already running some servoces on docker 24/7 at home and looking to extend it’s functionalities to become torrent downloader with media server for TV. Need VPN for obvious reasons.

I was wondering if there are already all-in-one solutions to just run docler compose file and get 2 containers: one running torrent client with all traffic via VPN in another?

I plan to use Mullvad VPN.

Upd. Updated title to highlight it’s a request. Not sure why getting downvotes, please elaborate :)

  • Fenzik@lemmy.ml
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    Use gluetun, look up how to configure for your provider. Run a 2nd container for your torrent client, using network_mode: “service:gluetun” to run all your traffic though the vpn. Note that if you’re forwarding ports from your client to e.g. access the web UI, you’ll need to forward them from the gluetun container instead.

    • subtext@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This is definitely the way to do it long term. I’ve used a hybrid download + VPN client but in the end I moved to a split gluetun + client since it offers the best flexibility.

    • Switchy85@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      This is what I use and love it. Took a bit to get it configured properly with airvpn, but now it’s rock solid.

  • rambos@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Just google “gluetun + qbittorrent”. There are some examples, but in short you want network_mode: "service:gluetun" and depends_on: -gluetun under qbittorrent so it doesnt have connection if gluetun fails.

    Gluetun supports a lot of providers, documentation is decent and simple.

    But consider airvpn or any other with port forwarding if you want to torrent. Mullvad ditched PF recently 😔

      • rambos@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Meaning both are possible, but its much better with port forwarding. You cant connect to everyone, but for well seeded torrents it shouldnt be an issue.

    • koorool@feddit.deOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Thanks for recommendation, didn’t know Mullvad discontinued port forwarding. That was a reason I chose them a year ago.

      Now will tale a look at ProtonVPN and AirVPN as alternatives.

      Your answer is amazing, you covered it all and so concise, that should be on FAQ :)

      • hyperspace@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        I wish I could do that as well, but most of the big public trackers are blocked where I live. I need to run Sonarr and the like through the VPN because I can’t search through the trackers otherwise

        I haven’t heard of prowlarr’s HTTP proxy. Do you have a link to more info about it?

        • Fenzik@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Sure, the docs are pretty minimal though: https://wiki.servarr.com/prowlarr/settings (just click on Proxy)

          Basically you can configure a proxy (from your VPN provider for example) for each indexer (or font add a tag to apply it to all of them), and queries to indexers will run through there. This avoids Sonarr making calls to TVDB or whatever through the VPN and getting blocked.

    • koorool@feddit.deOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This is a great work! Documentation is clear to a person not familiar with the topic (me). Will try that out and provide feedback, thank you!

      • hyperspace@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        I’m currently in the process of a complete rewrite. Once the v2 tag is out I can actually go into deeper feedback :)

  • butter@midwest.social
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I figured you wanted a 4th person telling you to use Gluetun. The biggest advantage is that it can run anything through the VPN. Not just the torrent client, but also radarr, sonarr, slskd, etc

  • Kekin@lemy.lol
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I recently went through setting this up. I can give you a base compose.yaml based on the one I have

    For the wireguard config, you would throw your .conf file to /path/to/wireguard/config, like so: /path/to/wireguard/config/wg0.conf

    This setup assumes you have ipv6 working and enabled. The wg0.conf would also have the VPNs ipv6 address. I use Mullvad too btw.

    You can access Qbittorrent’s web UI through http://localhost:8090.

    I’d like to note that the image I use for Qbittorrent has support built in for VPN, but with the setup I have I basically have the wireguard container with its network, and multiple containers on that same network. In theory it should work with other bittorrent clients.

    And the docker images for reference:

    version: '3.7'
    services:
        wireguard:
            image: lscr.io/linuxserver/wireguard:latest
            container_name: wireguard
            cap_add:
              - NET_ADMIN
              - SYS_MODULE #optional
            networks:
              - wireguard_network
            environment:
              - PUID=1000
              - PGID=1000
              - TZ=Etc/UTC
            volumes:
              - /path/to/wireguard/config:/config
              - /lib/modules:/lib/modules #optional
            ports:
              - 51820:51820/udp   # Wireguard
              - 8090:8090         # QBittorrent
            sysctls:
              - net.ipv4.conf.all.src_valid_mark=1
              - net.ipv6.conf.all.disable_ipv6=0
            restart: unless-stopped
    
        qbittorrentvpn:
            privileged: true
            container_name: qbtwg
            network_mode: service:wireguard
            depends_on:
                - wireguard
            volumes:
                - '/path/to/qbtconfig/:/config'
                - '/path/to/downloads/:/downloads'
            environment:
                - VPN_ENABLED=no
                - VPN_TYPE=wireguard
                - PUID=1000
                - PGID=1000
                - LAN_NETWORK=192.168.1.0/24
                - 'NAME_SERVERS=1.1.1.1,1.0.0.1'
            restart: unless-stopped
            image: dyonr/qbittorrentvpn
    networks:
      wireguard_network:
        driver: bridge
    
    • max2078@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Don‘t run privileged images! Drop all CAPS, enable no-new-privileged, use non-privileged users only.

      • Kekin@lemy.lol
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Hey there, thanks for the tips. It seems I can’t get the wireguard container working without the NET_ADMIN CAP. I looked at the gluetun image and it has it too. Is it possible to run a docker wireguard client without that CAP?

  • vd1n@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    I use portainer for stacks so idk how you do it manually… But a stack with Gluetun and any apps that you use the VPN. I have Firefox(kasm) in my stack with the homepage set to ipleak to double check the VPN

    https://hub.docker.com/r/qmcgaw/gluetun

  • skadden@ctrlaltelite.xyz
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I don’t do it all in one compose file out of preference, but as others have said Gluetun + your preferred torrent client with all networking going to Gluetun. I’ve been running this way with deluge for a while now and it’s been solid as a rock.