qBittorrent docker container with OpenVPN client running as unprivileged user on alpine linux
DEPRECATION NOTICE
I no longer have time to maintain this project.
This project has served me well for a while, but has important SECURITY ISSUES that I no longer have time to fix:
https://github.com/guillaumedsde/alpine-qbittorrent-openvpn/issues/137
I would advise migrating to another solution for running a containerized qbittorrent with a VPN tunnel such as:
https://github.com/qdm12/gluetun
I will leave this repository up for archival purposes and will add a disclaimer to the docker image at launch.
This repository contains the code to build a docker container with the qBittorrent torrent client with all traffic routed through an OpenVPN tunnel with firewall rules preventing traffic outside of the tunnel. The container is built automatically whenever the Alpine container is updated, the final image is available on the docker hub and the documentation is hosted on gitlab pages.
This container is based on an Alpine Linux and uses the S6-overlay for starting setting up the firewall, VPN tunnel and lastly starting qBittorrent. The image aims to be safe, small and generally minimal by installing as little dependencies as possible and running qBittorrent and OpenVPN as different unprivileged users.
docker run
$ docker run --cap-add=NET_ADMIN -d \
-v /your/storage/path/:/downloads \
-v /path/to/config/directory:/config \
-v /etc/localtime:/etc/localtime:ro \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=ca_toronto \
-e OPENVPN_USERNAME=user \
-e OPENVPN_PASSWORD=pass \
-e PUID=1000 \
-e PGID=1000 \
-e LAN=192.168.0.0/16 \
-p 8080:8080 \
guillaumedsde/alpine-qbittorrent-openvpn:latest
docker-compose.yml
version: "3.3"
services:
alpine-qbittorrent-openvpn:
volumes:
- "/your/storage/path/:/downloads"
- "/path/to/config/directory:/config"
- "/etc/localtime:/etc/localtime:ro"
environment:
- OPENVPN_PROVIDER=PIA
- OPENVPN_CONFIG=ca_toronto
- OPENVPN_USERNAME=user
- OPENVPN_PASSWORD=pass
- PUID=1000
- PGID=1000
- LAN=192.168.0.0/16
ports:
- "8080:8080"
cap_add:
- NET_ADMIN
image: guillaumedsde/alpine-qbittorrent-openvpn:latest
This container is built for many hardware platforms (yes, even ppc64le whoever uses that... 😉):
All you have to do is use a recent version of docker and it will pull the appropriate version of the image guillaumedsde/alpine-qbittorrent-openvpn from the docker hub.
This image makes use of the VPN providers' OpenVPN configurations from the latest version of haugene/docker-transmission-openvpn cheers to that project 🍺! It is possible I might have messed something up, so if one provider is not working for you, make sure to leave an issue on this repository's Github page. Selecting a preloaded configuration works the same way as the haugene container (see below for an example).
If your provider is not in the supported list or if is currently not working, you can mount your .ovpn
file at /config/openvpn/config.ovpn
optionally set your OPENVPN_USERNAME
and OPENVPN_PASSWORD
leaving the OPENVPN_PROVIDER
empty and the container will load your configuration upon start.
In order to be as light as possible, the latest
tagged docker image does not include python.
This means that in order to use qBittorrent's torrent Search functionality you have to use the version of this image based on the official python alpine docker image, this image is tagged python
, in order to download it, please use guillaumedsde/alpine-qbittorrent-openvpn:python
.
This image has a couple of limitations:
127.0.0.11
. I have not managed to write proper iptables rules to allow this traffic, if you have any idea how, leave an issue 🙂. In the meantime, the container's DNS resolver is set using the DNS
environment variable@reconman suggests using docker-autoheal by adding the autoheal=true
label to the container to automatically restart it when the container becomes unhealthy (qBittorrent or OpenVPN crashes).
A couple of projects really helped me out while developing this container: