bea/docker-deluge-openvpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed transmission to deluge. Simplify ufw rules

Browse Source
This commit is contained in:
Eldwan Brianne
2020-11-10 23:31:05 +01:00
parent 3d97cd5302
commit 69bd27150f
10515 changed files with 666 additions and 2369 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
.circleci/config.yml
View File

@@ -1,161 +0,0 @@
version: 2.1
workflows:
# Defines a workflow for building and pushing updated documentation to GitHub pages
build-documentation:
jobs:
- build-and-deploy-gh-pages:
filters:
branches:
only: master
# Defines workflow for when to build the different Docker images
build-docker-images:
jobs:
- build-alpine-image:
context: dockerhub
filters:
branches:
only:
- dev
- master
tags:
only: /^\d+\.\d+.*/
- build-armhf-image:
context: dockerhub
filters:
branches:
only:
- dev
- master
tags:
only: /^\d+\.\d+.*/
- build-arm64-image:
context: dockerhub
filters:
branches:
only:
- dev
- master
tags:
only: /^\d+\.\d+.*/
# Job definitions, used by the workflows.
jobs:
build-alpine-image:
environment:
IMAGE_NAME: haugene/transmission-openvpn
docker:
- image: circleci/buildpack-deps:stretch
steps:
- checkout
- setup_remote_docker
- calculate-tag-name:
distro: alpine
- run:
name: Build Docker image
command: |
docker build \
-t $IMAGE_NAME:$IMAGE_TAG \
--build-arg REVISION=$CIRCLE_SHA1 .
- run:
name: Login to Docker Hub
command: echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin
- run:
name: Push image
command: docker push $IMAGE_NAME:$IMAGE_TAG
build-armhf-image:
environment:
IMAGE_NAME: haugene/transmission-openvpn
docker:
- image: circleci/buildpack-deps:stretch
steps:
- checkout
- setup_remote_docker
- calculate-tag-name:
distro: armhf
- run:
name: Build Docker image
command: |
echo "Un-commenting cross-build instructions in Dockerfile.armhf"
sed -i 's/^#\(.*cross-build.*\)/\1/' Dockerfile.armhf
docker build \
-t $IMAGE_NAME:$IMAGE_TAG \
-f Dockerfile.armhf \
--build-arg REVISION=$CIRCLE_SHA1 .
- run:
name: Login to Docker Hub
command: echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin
- run:
name: Push image
command: docker push $IMAGE_NAME:$IMAGE_TAG
build-arm64-image:
environment:
IMAGE_NAME: haugene/transmission-openvpn
docker:
- image: circleci/buildpack-deps:buster
steps:
- checkout
- setup_remote_docker
- calculate-tag-name:
distro: arm64
- run:
name: Build Docker image
command: |
echo "Un-commenting cross-build instructions in Dockerfile.armhf"
sed -i 's/^#\(.*cross-build.*\)/\1/' Dockerfile.armhf
docker build \
-t $IMAGE_NAME:$IMAGE_TAG \
-f Dockerfile.armhf \
--build-arg base_image=balenalib/raspberrypi3-64:buster \
--build-arg REVISION=$CIRCLE_SHA1 .
- run:
name: Login to Docker Hub
command: echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin
- run:
name: Push image
command: docker push $IMAGE_NAME:$IMAGE_TAG
build-and-deploy-gh-pages:
docker:
- image: circleci/python:3.7
steps:
- checkout
- run:
name: "Set Git name for commits"
command: git config --global user.name "CircleCI"
- run:
name: "Install Mkdocs and Material theme"
command: pip install --user mkdocs mkdocs-material
- run:
name: "Build and push site"
command: mkdocs gh-deploy --message "Deployed {sha} with MkDocs version {version}. [skip ci]"
commands:
calculate-tag-name:
description: "Calculates the target tag name for Docker image"
parameters:
distro:
type: string
steps:
- run:
name: Calculate tag to set for the built Docker image
command: |
if [ ! -z $CIRCLE_TAG ]; then
TAG_VERSION=$CIRCLE_TAG
elif [ "$CIRCLE_BRANCH" = "master" ]; then
TAG_VERSION=latest
else
TAG_VERSION=$CIRCLE_BRANCH;
fi
if [ "<< parameters.distro >>" = "alpine" ]; then
TAG_DISTRO="";
else
TAG_DISTRO=-<< parameters.distro >>;
fi
echo "export IMAGE_TAG=$TAG_VERSION$TAG_DISTRO" >> $BASH_ENV

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.vscode

76
DockerEnv
View File

@@ -8,83 +8,7 @@
#ENABLE_UFW=false #ENABLE_UFW=false
#UFW_ALLOW_GW_NET=false #UFW_ALLOW_GW_NET=false
#UFW_EXTRA_PORTS= #UFW_EXTRA_PORTS=
#UFW_DISABLE_IPTABLES_REJECT=false
#GLOBAL_APPLY_PERMISSIONS=true
#TRANSMISSION_ALT_SPEED_DOWN=50
#TRANSMISSION_ALT_SPEED_ENABLED=false
#TRANSMISSION_ALT_SPEED_TIME_BEGIN=540
#TRANSMISSION_ALT_SPEED_TIME_DAY=127
#TRANSMISSION_ALT_SPEED_TIME_ENABLED=false
#TRANSMISSION_ALT_SPEED_TIME_END=1020
#TRANSMISSION_ALT_SPEED_UP=50
#TRANSMISSION_BIND_ADDRESS_IPV4=0.0.0.0
#TRANSMISSION_BIND_ADDRESS_IPV6=::
#TRANSMISSION_BLOCKLIST_ENABLED=false
#TRANSMISSION_BLOCKLIST_URL=http://www.example.com/blocklist
#TRANSMISSION_CACHE_SIZE_MB=4
#TRANSMISSION_DHT_ENABLED=true
#TRANSMISSION_DOWNLOAD_DIR=/data/completed
#TRANSMISSION_DOWNLOAD_LIMIT=100
#TRANSMISSION_DOWNLOAD_LIMIT_ENABLED=0
#TRANSMISSION_DOWNLOAD_QUEUE_ENABLED=true
#TRANSMISSION_DOWNLOAD_QUEUE_SIZE=5
#TRANSMISSION_ENCRYPTION=1
#TRANSMISSION_IDLE_SEEDING_LIMIT=30
#TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=false
#TRANSMISSION_INCOMPLETE_DIR=/data/incomplete
#TRANSMISSION_INCOMPLETE_DIR_ENABLED=true
#TRANSMISSION_LPD_ENABLED=false
#TRANSMISSION_MAX_PEERS_GLOBAL=200
#TRANSMISSION_MESSAGE_LEVEL=2
#TRANSMISSION_PEER_CONGESTION_ALGORITHM=
#TRANSMISSION_PEER_ID_TTL_HOURS=6
#TRANSMISSION_PEER_LIMIT_GLOBAL=200
#TRANSMISSION_PEER_LIMIT_PER_TORRENT=50
#TRANSMISSION_PEER_PORT=51413
#TRANSMISSION_PEER_PORT_RANDOM_HIGH=65535
#TRANSMISSION_PEER_PORT_RANDOM_LOW=49152
#TRANSMISSION_PEER_PORT_RANDOM_ON_START=false
#TRANSMISSION_PEER_SOCKET_TOS=default
#TRANSMISSION_PEX_ENABLED=true
#TRANSMISSION_PORT_FORWARDING_ENABLED=false
#TRANSMISSION_PREALLOCATION=1
#TRANSMISSION_PREFETCH_ENABLED=1
#TRANSMISSION_QUEUE_STALLED_ENABLED=true
#TRANSMISSION_QUEUE_STALLED_MINUTES=30
#TRANSMISSION_RATIO_LIMIT=2
#TRANSMISSION_RATIO_LIMIT_ENABLED=false
#TRANSMISSION_RENAME_PARTIAL_FILES=true
#TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=false
#TRANSMISSION_RPC_BIND_ADDRESS=0.0.0.0
#TRANSMISSION_RPC_ENABLED=true
#TRANSMISSION_RPC_HOST_WHITELIST=
#TRANSMISSION_RPC_HOST_WHITELIST_ENABLED=true
#TRANSMISSION_RPC_PASSWORD=password
#TRANSMISSION_RPC_PORT=9091
#TRANSMISSION_RPC_URL=/transmission/
#TRANSMISSION_RPC_USERNAME=username
#TRANSMISSION_RPC_WHITELIST=127.0.0.1
#TRANSMISSION_RPC_WHITELIST_ENABLED=false
#TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=true
#TRANSMISSION_SCRIPT_TORRENT_DONE_ENABLED=false
#TRANSMISSION_SCRIPT_TORRENT_DONE_FILENAME=
#TRANSMISSION_SEED_QUEUE_ENABLED=false
#TRANSMISSION_SEED_QUEUE_SIZE=10
#TRANSMISSION_SPEED_LIMIT_DOWN=100
#TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED=false
#TRANSMISSION_SPEED_LIMIT_UP=100
#TRANSMISSION_SPEED_LIMIT_UP_ENABLED=false
#TRANSMISSION_START_ADDED_TORRENTS=true
#TRANSMISSION_TRASH_ORIGINAL_TORRENT_FILES=false
#TRANSMISSION_UMASK=2
#TRANSMISSION_UPLOAD_SLOTS_PER_TORRENT=14
#TRANSMISSION_UTP_ENABLED=false
#TRANSMISSION_WATCH_DIR=/data/watch
#TRANSMISSION_WATCH_DIR_ENABLED=true
#TRANSMISSION_HOME=/data/transmission-home
#TRANSMISSION_WATCH_DIR_FORCE_GENERIC=false
#WEBPROXY_ENABLED=false #WEBPROXY_ENABLED=false
#WEBPROXY_PORT=8888 #WEBPROXY_PORT=8888
#WEBPROXY_USERNAME= #WEBPROXY_USERNAME=
#WEBPROXY_PASSWORD= #WEBPROXY_PASSWORD=
#LOG_TO_STDOUT=false

74
Dockerfile
View File

@@ -1,48 +1,25 @@
FROM alpine:3.12 FROM alpine:edge
VOLUME /data RUN echo "@edgecommunity http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
VOLUME /config && echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& apk update \
RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ && apk add --upgrade apk-tools \
&& apk --no-cache add bash dumb-init ip6tables ufw@community openvpn shadow transmission-daemon transmission-cli curl jq tzdata openrc tinyproxy tinyproxy-openrc openssh unrar \ && apk add bash dumb-init openvpn shadow curl jq tzdata openrc tinyproxy tinyproxy-openrc openssh unrar deluge@testing ufw@edgecommunity \
&& mkdir -p /opt/transmission-ui \
&& echo "Install Combustion" \
&& wget -qO- https://github.com/Secretmapper/combustion/archive/release.tar.gz | tar xz -C /opt/transmission-ui \
&& echo "Install kettu" \
&& wget -qO- https://github.com/endor/kettu/archive/master.tar.gz | tar xz -C /opt/transmission-ui \
&& mv /opt/transmission-ui/kettu-master /opt/transmission-ui/kettu \
&& echo "Install Transmission-Web-Control" \
&& mkdir /opt/transmission-ui/transmission-web-control \
&& curl -sL `curl -s https://api.github.com/repos/ronggang/transmission-web-control/releases/latest | jq --raw-output '.tarball_url'` | tar -C /opt/transmission-ui/transmission-web-control/ --strip-components=2 -xz \
&& ln -s /usr/share/transmission/web/style /opt/transmission-ui/transmission-web-control \
&& ln -s /usr/share/transmission/web/images /opt/transmission-ui/transmission-web-control \
&& ln -s /usr/share/transmission/web/javascript /opt/transmission-ui/transmission-web-control \
&& ln -s /usr/share/transmission/web/index.html /opt/transmission-ui/transmission-web-control/index.original.html \
&& rm -rf /tmp/* /var/tmp/* \ && rm -rf /tmp/* /var/tmp/* \
&& groupmod -g 1000 users \ && groupadd -g 911 abc \
&& useradd -u 911 -U -d /config -s /bin/false abc \ && useradd -u 911 -g 911 -s /bin/false -m abc \
&& usermod -G users abc && usermod -G users abc
# Add configuration and scripts # Add configuration and scripts
ADD openvpn/ /etc/openvpn/ COPY root/ /
ADD transmission/ /etc/transmission/
ADD tinyproxy /opt/tinyproxy/
ADD scripts /etc/scripts/
ENV OPENVPN_USERNAME=**None** \ ENV OPENVPN_USERNAME=**None** \
OPENVPN_PASSWORD=**None** \ OPENVPN_PASSWORD=**None** \
OPENVPN_PROVIDER=**None** \ OPENVPN_PROVIDER=**None** \
GLOBAL_APPLY_PERMISSIONS=true \
TRANSMISSION_HOME=/data/transmission-home \
TRANSMISSION_RPC_PORT=9091 \
TRANSMISSION_DOWNLOAD_DIR=/data/completed \
TRANSMISSION_INCOMPLETE_DIR=/data/incomplete \
TRANSMISSION_WATCH_DIR=/data/watch \
CREATE_TUN_DEVICE=true \ CREATE_TUN_DEVICE=true \
ENABLE_UFW=false \ ENABLE_UFW=false \
UFW_ALLOW_GW_NET=false \
UFW_EXTRA_PORTS= \ UFW_EXTRA_PORTS= \
UFW_DISABLE_IPTABLES_REJECT=false \ UFW_ALLOW_GW_NET=false \
PUID= \ PUID= \
PGID= \ PGID= \
DROP_DEFAULT_ROUTE= \ DROP_DEFAULT_ROUTE= \
@@ -50,21 +27,28 @@ ENV OPENVPN_USERNAME=**None** \
WEBPROXY_PORT=8888 \ WEBPROXY_PORT=8888 \
WEBPROXY_USERNAME= \ WEBPROXY_USERNAME= \
WEBPROXY_PASSWORD= \ WEBPROXY_PASSWORD= \
LOG_TO_STDOUT=false \ HEALTH_CHECK_HOST=google.com \
HEALTH_CHECK_HOST=google.com LANG='en_US.UTF-8' \
LANGUAGE='en_US.UTF-8' \
TERM='xterm' \
LOCAL_NETWORK=
HEALTHCHECK --interval=1m CMD /etc/scripts/healthcheck.sh HEALTHCHECK --interval=1m CMD /etc/scripts/healthcheck.sh
# Add labels to identify this image and version
ARG REVISION
# Set env from build argument or default to empty string
ENV REVISION=${REVISION:-""}
LABEL org.opencontainers.image.source=https://github.com/haugene/docker-transmission-openvpn
LABEL org.opencontainers.image.revision=$REVISION
# Compatability with https://hub.docker.com/r/willfarrell/autoheal/ # Compatability with https://hub.docker.com/r/willfarrell/autoheal/
LABEL autoheal=true LABEL autoheal=true
# Expose port and run VOLUME /downloads
EXPOSE 9091 VOLUME /config
CMD ["dumb-init", "/etc/openvpn/start.sh"]
# Expose web ui port
EXPOSE 8112
# expose port for deluge daemon
EXPOSE 58846
# expose port for incoming torrent data (tcp and udp)
EXPOSE 58946
EXPOSE 58946/udp
CMD ["dumb-init", "/etc/openvpn/start.sh"]

79
Dockerfile.armhf
View File

@@ -1,79 +0,0 @@
ARG base_image=balenalib/raspberry-pi:buster
FROM $base_image
# For building on x86 machines. CircleCI un-comments before building
#RUN [ "cross-build-start" ]
VOLUME /data
VOLUME /config
# Update packages and install software
RUN apt-get update \
&& apt-get -y install apt-utils transmission-cli transmission-common transmission-daemon \
&& apt-get install -y dumb-init unzip p7zip-full p7zip openvpn curl ufw git tinyproxy jq bash \
&& apt-get -y upgrade \
&& curl -L -o /tmp/release.zip https://github.com/Secretmapper/combustion/archive/release.zip \
&& unzip /tmp/release.zip -d /opt/transmission-ui/ \
&& rm /tmp/release.zip \
&& git clone git://github.com/endor/kettu.git /opt/transmission-ui/kettu \
&& mkdir /opt/transmission-ui/transmission-web-control \
&& curl -sL `curl -s https://api.github.com/repos/ronggang/transmission-web-control/releases/latest | jq --raw-output '.tarball_url'` | tar -C /opt/transmission-ui/transmission-web-control/ --strip-components=2 -xz \
&& ln -s /usr/share/transmission/web/style /opt/transmission-ui/transmission-web-control \
&& ln -s /usr/share/transmission/web/images /opt/transmission-ui/transmission-web-control \
&& ln -s /usr/share/transmission/web/javascript /opt/transmission-ui/transmission-web-control \
&& ln -s /usr/share/transmission/web/index.html /opt/transmission-ui/transmission-web-control/index.original.html \
&& apt-get purge git \
&& apt-get autoremove --purge \
&& apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& groupmod -g 1000 users \
&& useradd -u 911 -U -d /config -s /bin/false abc \
&& usermod -G users abc
# Add configuration and scripts
ADD openvpn/ /etc/openvpn/
ADD transmission/ /etc/transmission/
ADD tinyproxy /opt/tinyproxy/
ADD scripts /etc/scripts/
ENV OPENVPN_USERNAME=**None** \
OPENVPN_PASSWORD=**None** \
OPENVPN_PROVIDER=**None** \
GLOBAL_APPLY_PERMISSIONS=true \
TRANSMISSION_HOME=/data/transmission-home \
TRANSMISSION_RPC_PORT=9091 \
TRANSMISSION_DOWNLOAD_DIR=/data/completed \
TRANSMISSION_INCOMPLETE_DIR=/data/incomplete \
TRANSMISSION_WATCH_DIR=/data/watch \
CREATE_TUN_DEVICE=true \
ENABLE_UFW=false \
UFW_ALLOW_GW_NET=false \
UFW_EXTRA_PORTS= \
UFW_DISABLE_IPTABLES_REJECT=false \
PUID= \
PGID= \
DROP_DEFAULT_ROUTE= \
WEBPROXY_ENABLED=false \
WEBPROXY_PORT=8888 \
WEBPROXY_USERNAME= \
WEBPROXY_PASSWORD= \
LOG_TO_STDOUT=false \
HEALTH_CHECK_HOST=google.com
HEALTHCHECK --interval=1m CMD /etc/scripts/healthcheck.sh
# Add labels to identify this image and version
ARG REVISION
# Set env from build argument or default to empty string
ENV REVISION=${REVISION:-""}
LABEL org.opencontainers.image.source=https://github.com/haugene/docker-transmission-openvpn
LABEL org.opencontainers.image.revision=$REVISION
# Compatability with https://hub.docker.com/r/willfarrell/autoheal/
LABEL autoheal=true
# Expose port and run
EXPOSE 9091
CMD ["dumb-init", "/etc/openvpn/start.sh"]
# For building on x86 machines. CircleCI un-comments before building
#RUN [ "cross-build-end" ]

9
Makefile Normal file
View File

@@ -0,0 +1,9 @@
IMAGE=192.168.10.26:5000/deluge-openvpn
.PHONY: build
build:
sh build.sh "$(IMAGE)"
.PHONY: push
push:
sh push.sh "$(IMAGE)"

6
build.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env sh
set -e
IMAGE=$1
docker build --no-cache --pull -t "${IMAGE}:amd64-latest" .

41
docker-compose-armhf.yml
View File

@@ -1,41 +0,0 @@
version: '2'
services:
transmission:
image: haugene/transmission-openvpn:latest-armhf
cap_add:
- NET_ADMIN
devices:
- "/dev/net/tun"
restart: always
ports:
- "9091:9091"
- "8888:8888"
dns:
- 8.8.8.8
- 8.8.4.4
volumes:
- /etc/localtime:/etc/localtime:ro
- /your/storage/path/:/data
environment:
- OPENVPN_PROVIDER=PIA
- OPENVPN_USERNAME=username
- OPENVPN_PASSWORD=password
- OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
- LOCAL_NETWORK=192.168.0.0/24
proxy:
image: haugene/transmission-openvpn-proxy:latest-armhf
links:
- transmission
ports:
- "8080:8080"
volumes:
- /etc/localtime:/etc/localtime:ro
rss:
image: haugene/transmission-rss:latest-armhf
links:
- transmission
environment:
- RSS_URL=http://.../xxxxx.rss

39
docker-compose.yml
View File

@@ -1,39 +0,0 @@
version: '2'
services:
transmission:
image: haugene/transmission-openvpn
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
restart: always
ports:
- "9091:9091"
- "8888:8888"
dns:
- 8.8.8.8
- 8.8.4.4
volumes:
- /etc/localtime:/etc/localtime:ro
- /your/storage/path/:/data
environment:
- OPENVPN_PROVIDER=PIA
- OPENVPN_USERNAME=username
- OPENVPN_PASSWORD=password
- OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
- LOCAL_NETWORK=192.168.0.0/24
proxy:
image: haugene/transmission-openvpn-proxy
links:
- transmission
ports:
- 8080:8080
volumes:
- /etc/localtime:/etc/localtime:ro
rss:
image: haugene/transmission-rss
links:
- transmission
environment:
- RSS_URL=http://.../xxxxx.rss

25
docs/access.md
View File

@@ -1,25 +0,0 @@
## Access the WebUI
But what's going on? My http://my-host:9091 isn't responding?
This is because the VPN is active, and since docker is running in a different ip range than your client the response
to your request will be treated as "non-local" traffic and therefore be routed out through the VPN interface.
### How to fix this
The container supports the `LOCAL_NETWORK` environment variable. For instance if your local network uses the IP range 192.168.0.0/24 you would pass `-e LOCAL_NETWORK=192.168.0.0/24`.
Alternatively you can reverse proxy the traffic through another container, as that container would be in the docker range. There is a reverse proxy being built with the container. You can run it using the command below or have a look in the repository proxy folder for inspiration for your own custom proxy.
```
$ docker run -d \
--link <transmission-container>:transmission \
-p 8080:8080 \
haugene/transmission-openvpn-proxy
```
## Access the RPC
You need to add a / to the end of the URL to be able to connect. Example: http://my-host:9091/transmission/rpc/
## Controlling Transmission remotely
The container exposes /config as a volume. This is the directory where the supplied transmission and OpenVPN credentials will be stored.
If you have transmission authentication enabled and want scripts in another container to access and
control the transmission-daemon, this can be a handy way to access the credentials.
For example, another container may pause or restrict transmission speeds while the server is streaming video.

124
docs/arguments.md
View File

@@ -1,124 +0,0 @@
### Required environment options
| Variable | Function | Example |
| ------------------ | --------------------------------- | ------------------------------------------------------------------------------------------------------- |
| `OPENVPN_PROVIDER` | Sets the OpenVPN provider to use. | `OPENVPN_PROVIDER=provider`. Supported providers and their config values are listed in the table above. |
| `OPENVPN_USERNAME` | Your OpenVPN username | `OPENVPN_USERNAME=asdf` |
| `OPENVPN_PASSWORD` | Your OpenVPN password | `OPENVPN_PASSWORD=asdf` |
### Network configuration options
| Variable | Function | Example |
| ------------------- | --------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| `OPENVPN_CONFIG` | Sets the OpenVPN endpoint to connect to. | `OPENVPN_CONFIG=UK Southampton` |
| `OPENVPN_OPTS` | Will be passed to OpenVPN on startup | See [OpenVPN doc](https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html) |
| `LOCAL_NETWORK` | Sets the local network that should have access. Accepts comma separated list. | `LOCAL_NETWORK=192.168.0.0/24` |
| `CREATE_TUN_DEVICE` | Creates /dev/net/tun device inside the container, mitigates the need mount the device from the host | `CREATE_TUN_DEVICE=true` |
### Timezone option
Set a custom timezone in tz database format. Look [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) for a list of valid timezones. Defaults to UTC.
| Variable | Function | Example |
| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
| `TZ` | Set Timezone | `TZ=UTC` |
### Firewall configuration options
When enabled, the firewall blocks everything except traffic to the peer port and traffic to the rpc port from the LOCAL_NETWORK and the internal docker gateway.
If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to the range of peer ports defined by TRANSMISSION_PEER_PORT_RANDOM_HIGH and TRANSMISSION_PEER_PORT_RANDOM_LOW.
| Variable | Function | Example |
| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
| `ENABLE_UFW` | Enables the firewall | `ENABLE_UFW=true` |
| `UFW_ALLOW_GW_NET` | Allows the gateway network through the firewall. Off defaults to only allowing the gateway. | `UFW_ALLOW_GW_NET=true` |
| `UFW_EXTRA_PORTS` | Allows the comma separated list of ports through the firewall. Respects UFW_ALLOW_GW_NET. | `UFW_EXTRA_PORTS=9910,23561,443` |
| `UFW_DISABLE_IPTABLES_REJECT` | Prevents the use of `REJECT` in the `iptables` rules, for hosts without the `ipt_REJECT` module (such as the Synology NAS). | `UFW_DISABLE_IPTABLES_REJECT=true` |
### Health check option
Because your VPN connection can sometimes fail, Docker will run a health check on this container every 5 minutes to see if the container is still connected to the internet. By default, this check is done by pinging google.com once. You change the host that is pinged.
| Variable | Function | Example |
| ------------------- | ------------------------------------------------------------------ | ------------ |
| `HEALTH_CHECK_HOST` | this host is pinged to check if the network connection still works | `google.com` |
### Permission configuration options
By default the startup script applies a default set of permissions and ownership on the transmission download, watch and incomplete directories. The GLOBAL_APPLY_PERMISSIONS directive can be used to disable this functionality.
| Variable | Function | Example |
| -------------------------- | -------------------------------------- | -------------------------------- |
| `GLOBAL_APPLY_PERMISSIONS` | Disable setting of default permissions | `GLOBAL_APPLY_PERMISSIONS=false` |
### Alternative web UIs
You can override the default web UI by setting the ```TRANSMISSION_WEB_HOME``` environment variable. If set, Transmission will look there for the Web Interface files, such as the javascript, html, and graphics files.
[Combustion UI](https://github.com/Secretmapper/combustion), [Kettu](https://github.com/endor/kettu) and [Transmission-Web-Control](https://github.com/ronggang/transmission-web-control/) come bundled with the container. You can enable either of them by setting```TRANSMISSION_WEB_UI=combustion```, ```TRANSMISSION_WEB_UI=kettu``` or ```TRANSMISSION_WEB_UI=transmission-web-control```, respectively. Note that this will override the ```TRANSMISSION_WEB_HOME``` variable if set.
| Variable | Function | Example |
| ----------------------- | -------------------------------- | --------------------------------------------------------------------------------------------------------------- |
| `TRANSMISSION_WEB_HOME` | Set Transmission web home | `TRANSMISSION_WEB_HOME=/path/to/web/ui` |
| `TRANSMISSION_WEB_UI` | Use the specified bundled web UI | `TRANSMISSION_WEB_UI=combustion`, `TRANSMISSION_WEB_UI=kettu` or `TRANSMISSION_WEB_UI=transmission-web-control` |
### Transmission configuration options
You may override Transmission options by setting the appropriate environment variable.
The environment variables are the same name as used in the transmission settings.json file
and follow the format given in these examples:
| Transmission variable name | Environment variable name |
| -------------------------- | ------------------------------------- |
| `speed-limit-up` | `TRANSMISSION_SPEED_LIMIT_UP` |
| `speed-limit-up-enabled` | `TRANSMISSION_SPEED_LIMIT_UP_ENABLED` |
| `ratio-limit` | `TRANSMISSION_RATIO_LIMIT` |
| `ratio-limit-enabled` | `TRANSMISSION_RATIO_LIMIT_ENABLED` |
As you can see the variables are prefixed with `TRANSMISSION_`, the variable is capitalized, and `-` is converted to `_`.
Transmission options changed in the WebUI or in settings.json will be overridden at startup and will not survive after a reboot of the container. You may want to use these variables in order to keep your preferences.
PS: `TRANSMISSION_BIND_ADDRESS_IPV4` will be overridden to the IP assigned to your OpenVPN tunnel interface.
This is to prevent leaking the host IP.
### Web proxy configuration options
This container also contains a web-proxy server to allow you to tunnel your web-browser traffic through the same OpenVPN tunnel.
This is useful if you are using a private tracker that needs to see you login from the same IP address you are torrenting from.
The default listening port is 8888. Note that only ports above 1024 can be specified as all ports below 1024 are privileged
and would otherwise require root permissions to run.
Remember to add a port binding for your selected (or default) port when starting the container.
If you set Username and Password it will enable BasicAuth for the proxy
| Variable | Function | Example |
| ------------------ | ----------------------- | ----------------------- |
| `WEBPROXY_ENABLED` | Enables the web proxy | `WEBPROXY_ENABLED=true` |
| `WEBPROXY_PORT` | Sets the listening port | `WEBPROXY_PORT=8888` |
| `WEBPROXY_USERNAME`| Sets the BasicAuth username | `WEBPROXY_USERNAME=test` |
| `WEBPROXY_PASSWORD`| Sets the BasicAuth password | `WEBPROXY_PASSWORD=password` |
### User configuration options
By default everything will run as the root user. However, it is possible to change who runs the transmission process.
You may set the following parameters to customize the user id that runs transmission.
| Variable | Function | Example |
| -------- | ------------------------------------------- | ----------- |
| `PUID` | Sets the user id who will run transmission | `PUID=1003` |
| `PGID` | Sets the group id for the transmission user | `PGID=1003` |
### Dropping default route from iptables (advanced)
Some VPNs do not override the default route, but rather set other routes with a lower metric.
This might lead to the default route (your untunneled connection) to be used.
To drop the default route set the environment variable `DROP_DEFAULT_ROUTE` to `true`.
*Note*: This is not compatible with all VPNs. You can check your iptables routing with the `ip r` command in a running container.
### Changing logging locations
By default Transmission will log to a file in `TRANSMISSION_HOME/transmission.log`.
To log to stdout instead set the environment variable `LOG_TO_STDOUT` to `true`.
*Note*: By default stdout is what container engines read logs from. Set this to true to have Tranmission logs in commands like `docker logs` and `kubectl logs`. OpenVPN currently only logs to stdout.

15
docs/custom-scripts.md
View File

@@ -1,15 +0,0 @@
If you ever need to run custom code before or after transmission is executed or stopped, you can use the custom scripts feature.
Custom scripts are located in the /scripts directory which is empty by default.
To enable this feature, you'll need to mount the /scripts directory.
Once /scripts is mounted you'll need to write your custom code in the following bash shell scripts:
| Script | Function |
| ----------------------------------- | ------------------------------------------------------------ |
| /scripts/openvpn-pre-start.sh | This shell script will be executed before openvpn start |
| /scripts/transmission-pre-start.sh | This shell script will be executed before transmission start |
| /scripts/transmission-post-start.sh | This shell script will be executed after transmission start |
| /scripts/transmission-pre-stop.sh | This shell script will be executed before transmission stop |
| /scripts/transmission-post-stop.sh | This shell script will be executed after transmission stop |
Don't forget to include the #!/bin/bash shebang and to make the scripts executable using chmod a+x

16
docs/dockerenv.md
View File

@@ -1,16 +0,0 @@
Another way is to use a docker env file where you can easily store all your env variables and maintain multiple configurations for different providers.
In the GitHub repository there is a provided [DockerEnv](https://github.com/haugene/docker-transmission-openvpn/blob/master/DockerEnv) file with all the current transmission and openvpn environment variables. You can use this to create local configurations
by filling in the details and removing the # of the ones you want to use.
Please note that if you pass in env. variables on the command line these will override the ones in the env file.
See explanation of variables above.
To use this env file, use the following to run the docker image:
```
$ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
--env-file /your/docker/env/file \
-p 9091:9091 \
haugene/transmission-openvpn
```

68
docs/index.md
View File

@@ -1,68 +0,0 @@
<h1 align="center">
OpenVPN and Transmission with WebUI
</h1>
<p align="center">
Docker container running Transmission torrent client with WebUI over an OpenVPN tunnel
<br/><br/>
<a href="https://hub.docker.com/r/haugene/transmission-openvpn/">
<img alt="build" src="https://img.shields.io/docker/automated/haugene/transmission-openvpn.svg" />
</a>
<a href="https://hub.docker.com/r/haugene/transmission-openvpn/">
<img alt="pulls" src="https://img.shields.io/docker/pulls/haugene/transmission-openvpn.svg" />
</a>
<a href="https://gitter.im/docker-transmission-openvpn/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge">
<img alt="Join the chat at https://gitter.im/docker-transmission-openvpn/Lobby" src="https://badges.gitter.im/docker-transmission-openvpn/Lobby.svg" />
</a>
</p>
## Quick Start
This container contains OpenVPN and Transmission with a configuration where Transmission is running only when OpenVPN has an active tunnel. It bundles configuration files for many popular VPN providers to make the setup easier.
You need to specify your provider and credentials with environment variables, as well as mounting volumes where the data should be stored. An example run command to get you going is provided below.
It also bundles an installation of Tinyproxy to also be able to proxy web traffic over your VPN, as well as scripts for opening a port for Transmission if you are using PIA or Perfect Privacy providers.
```
$ docker run --cap-add=NET_ADMIN -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
-e CREATE_TUN_DEVICE=true \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=CA\ Toronto \
-e OPENVPN_USERNAME=user \
-e OPENVPN_PASSWORD=pass \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.0.0/16 \
--log-driver json-file \
--log-opt max-size=10m \
-p 9091:9091 \
haugene/transmission-openvpn
```
## Please help out (about:maintenance)
This image was created for my own use, but sharing is caring, so it had to be open source.
It has now gotten quite popular, and that's great! But keeping it up to date, providing support, fixes
and new features takes a lot of time.
I'm therefore kindly asking you to donate if you feel like you're getting a good tool
and you're able to spare some dollars to keep it functioning as it should. There's a couple of ways to do it:
Become a patron, supporting the project with a small monthly amount.
[![Donate with Patreon](https://github.com/haugene/docker-transmission-openvpn/raw/master/images/patreon.png)](https://www.patreon.com/haugene)
Make a one time donation through PayPal.
[![Donate with PayPal](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=73XHRSK65KQYC)
Or use this referral code to DigitalOcean and get 25$ in credits, if you're interested in a cloud setup.
[![Credits on DigitalOcean](https://raw.githubusercontent.com/haugene/docker-transmission-openvpn/master/images/digitalocean.png)](https://m.do.co/c/ca994f1552bc)
You can also help out by submitting pull-requests or helping others with
open issues or in the gitter chat. A big thanks to everyone who has contributed so far!
And if you could be interested in joining as collaborator, let me know.

21
docs/known-issues.md
View File

@@ -1,21 +0,0 @@
#### Use Google DNS servers
Some have encountered problems with DNS resolving inside the docker container.
This causes trouble because OpenVPN will not be able to resolve the host to connect to.
If you have this problem use dockers --dns flag to override the resolv.conf of the container.
For example use googles dns servers by adding --dns 8.8.8.8 --dns 8.8.4.4 as parameters to the usual run command.
#### Restart container if connection is lost
If the VPN connection fails or the container for any other reason loses connectivity, you want it to recover from it. One way of doing this is to set environment variable `OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60` and use the --restart=always flag when starting the container. This way OpenVPN will exit if ping fails over a period of time which will stop the container and then the Docker deamon will restart it.
#### Reach sleep or hybernation on your host if no torrents are active
By befault Transmission will always [scrape](https://en.wikipedia.org/wiki/Tracker_scrape) trackers, even if all torrents have completed their activities, or they have been paused manually. This will cause Transmission to be always active, therefore never allow your host server to be inactive and go to sleep/hybernation/whatever. If this is something you want, you can add the following variable when creating the container. It will turn off a hidden setting in Tranmsission which will stop the application to scrape trackers for paused torrents. Transmission will become inactive, and your host will reach the desidered state.
```
-e "TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=false"
```
#### Running it on a NAS
Several popular NAS platforms supports Docker containers. You should be able to set up and configure this container using their web interfaces. Remember that you need a TUN/TAP device to run the container. To set up the device it's probably simplest to install a OpenVPN package for the NAS. This should set up the device. If not, there are some more detailed instructions below.
#### Questions?
If you are having issues with this container please submit an issue on GitHub.
Please provide logs, docker version and other information that can simplify reproducing the issue.
Using the latest stable version of Docker is always recommended. Support for older version is on a best-effort basis.

22
docs/nordvpn-script.md
View File

@@ -1,22 +0,0 @@
## NORDVPN API
The update script is based on the NordVPN API. The API sends back the best recommended OpenVPN configuration file based on the filters given.
Available ENV variables in the container to define via the NordVPN API the file to use are:
| Variable | Function | Example |
| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- |
| `NORDVPN_COUNTRY` | Two character country code. See [/servers/countries](https://api.nordvpn.com/v1/servers/countries) for full list. | `NORDVPN_COUNTRY=US` |
| `NORDVPN_CATEGORY` | Server type (P2P, Standard, etc). See [/servers/groups](https://api.nordvpn.com/v1/servers/groups) for full list. Use either `title` or `identifier` from the list. | `NORDVPN_CATEGORY=legacy_p2p` |
| `NORDVPN_PROTOCOL` | Either `tcp` or `udp`. (values identifier more available at https://api.nordvpn.com/v1/technologies, may need script adaptation) | `NORDVPN_PROTOCOL=tcp` |
The file is then downloaded using the API to find the best server according to the variables, here an albanian, using tcp:
* selecting server (limit answer to 1): [ANSWER]= https://api.nordvpn.com/v1/servers/recommendations?filters[country_id]=2&filters[servers_technologies][identifier]=openvpn_tcp&filters[servers_group][identifier]=legacy_group_category&limit=1
* download selected server's config: https://downloads.nordcdn.com/configs/files/ovpn_[NORDVPN_PROTOCOL]/servers/[ANSWER.0.HOSTNAME][] => https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/al9.nordvpn.com.tcp.ovpn
A possible evolution would be to check server's load to select the most available one.
* limit numbers of returned server to 10
* use https://api.nordvpn.com/server/stats to collect cpu's load
* select the more available server.

512
docs/readme.md
View File

@@ -1,512 +0,0 @@
# OpenVPN and Transmission with WebUI
[![Docker Automated build](https://img.shields.io/docker/automated/haugene/transmission-openvpn.svg)](https://hub.docker.com/r/haugene/transmission-openvpn/)
[![Docker Pulls](https://img.shields.io/docker/pulls/haugene/transmission-openvpn.svg)](https://hub.docker.com/r/haugene/transmission-openvpn/)
[![Join the chat at https://gitter.im/docker-transmission-openvpn/Lobby](https://badges.gitter.im/docker-transmission-openvpn/Lobby.svg)](https://gitter.im/docker-transmission-openvpn/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
This container contains OpenVPN and Transmission with a configuration
where Transmission is running only when OpenVPN has an active tunnel.
It bundles configuration files for many popular VPN providers to make the setup easier.
You need to specify your provider and credentials with environment variables,
as well as mounting volumes where the data should be stored.
An example run command to get you going is provided below.
It also bundles an installation of Tinyproxy to also be able to proxy web traffic over your VPN,
as well as scripts for opening a port for Transmission if you are using PIA or Perfect Privacy providers.
GL HF! And if you run into problems, please check the README twice and try the gitter chat before opening an issue :)
## Please help out (about:maintenance)
This image was created for my own use, but sharing is caring, so it had to be open source.
It has now gotten quite popular, and that's great! But keeping it up to date, providing support, fixes
and new features takes a lot of time.
I'm therefore kindly asking you to donate if you feel like you're getting a good tool
and you're able to spare some dollars to keep it functioning as it should. There's a couple of ways to do it:
Become a patron, supporting the project with a small monthly amount.
[![Donate with Patreon](images/patreon.png)](https://www.patreon.com/haugene)
Make a one time donation through PayPal.
[![Donate with PayPal](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=73XHRSK65KQYC)
Or use this referral code to DigitalOcean and get 25$ in credits, if you're interested in a cloud setup.
[![Credits on DigitalOcean](images/digitalocean.png)](https://m.do.co/c/ca994f1552bc)
You can also help out by submitting pull-requests or helping others with
open issues or in the gitter chat. A big thanks to everyone who has contributed so far!
And if you could be interested in joining as collaborator, let me know.
## Run container from Docker registry
The container is available from the Docker registry and this is the simplest way to get it.
To run the container use this command:
```
$ docker run --cap-add=NET_ADMIN -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
-e CREATE_TUN_DEVICE=true \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=CA\ Toronto \
-e OPENVPN_USERNAME=user \
-e OPENVPN_PASSWORD=pass \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.0.0/16 \
--log-driver json-file \
--log-opt max-size=10m \
-p 9091:9091 \
haugene/transmission-openvpn
```
You must set the environment variables `OPENVPN_PROVIDER`, `OPENVPN_USERNAME` and `OPENVPN_PASSWORD` to provide basic connection details.
The `OPENVPN_CONFIG` is an optional variable. If no config is given, a default config will be selected for the provider you have chosen.
Find available OpenVPN configurations by looking in the openvpn folder of the GitHub repository. The value that you should use here is the filename of your chosen openvpn configuration *without* the .ovpn file extension. For example:
```
-e "OPENVPN_CONFIG=ipvanish-AT-Vienna-vie-c02"
```
You can also provide a comma separated list of openvpn configuration filenames.
If you provide a list, a file will be randomly chosen in the list, this is useful for redundancy setups. For example:
```
-e "OPENVPN_CONFIG=ipvanish-AT-Vienna-vie-c02,ipvanish-FR-Paris-par-a01,ipvanish-DE-Frankfurt-fra-a01"
```
If you provide a list and the selected server goes down, after the value of ping-timeout the container will be restarted and a server will be randomly chosen, note that the faulty server can be chosen again, if this should occur, the container will be restarted again until a working server is selected.
To make sure this work in all cases, you should add ```--pull-filter ignore ping``` to your OPENVPN_OPTS variable.
As you can see, the container also expects a data volume to be mounted.
This is where Transmission will store your downloads, incomplete downloads and look for a watch directory for new .torrent files.
By default a folder named transmission-home will also be created under /data, this is where Transmission stores its state.
### Supported providers
This is a list of providers that are bundled within the image. Feel free to create an issue if your provider is not on the list, but keep in mind that some providers generate config files per user. This means that your login credentials are part of the config an can therefore not be bundled. In this case you can use the custom provider setup described later in this readme. The custom provider setting can be used with any provider.
| Provider Name | Config Value (`OPENVPN_PROVIDER`) |
| :---------------------- | :-------------------------------- |
| Anonine | `ANONINE` |
| AnonVPN | `ANONVPN` |
| BlackVPN | `BLACKVPN` |
| BTGuard | `BTGUARD` |
| Cryptostorm | `CRYPTOSTORM` |
| Cypherpunk | `CYPHERPUNK` |
| FastestVPN | `FASTESTVPN` |
| FreeVPN | `FREEVPN` |
| FrootVPN | `FROOT` |
| FrostVPN | `FROSTVPN` |
| GhostPath | `GHOSTPATH` |
| Giganews | `GIGANEWS` |
| HideMe | `HIDEME` |
| HideMyAss | `HIDEMYASS` |
| IntegrityVPN | `INTEGRITYVPN` |
| IPredator | `IPREDATOR` |
| IPVanish | `IPVANISH` |
| IronSocket | `IRONSOCKET` |
| Ivacy | `IVACY` |
| IVPN | `IVPN` |
| Mullvad | `MULLVAD` |
| Newshosting | `NEWSHOSTING` |
| NordVPN | `NORDVPN` |
| OVPN | `OVPN` |
| Perfect Privacy | `PERFECTPRIVACY` |
| Private Internet Access | `PIA` |
| PrivateVPN | `PRIVATEVPN` |
| ProtonVPN | `PROTONVPN` |
| proXPN | `PROXPN` |
| proxy.sh | `PROXYSH ` |
| PureVPN | `PUREVPN` |
| RA4W VPN | `RA4W` |
| SaferVPN | `SAFERVPN` |
| SlickVPN | `SLICKVPN` |
| Smart DNS Proxy | `SMARTDNSPROXY` |
| SmartVPN | `SMARTVPN` |
| Surfshark | `SURFSHARK` |
| TigerVPN | `TIGER` |
| TorGuard | `TORGUARD` |
| Trust.Zone | `TRUSTZONE` |
| TunnelBear | `TUNNELBEAR` |
| UsenetServerVPN | `USENETSERVER` |
| Windscribe | `WINDSCRIBE` |
| VPNArea.com | `VPNAREA` |
| VPN.AC | `VPNAC` |
| VPN.ht | `VPNHT` |
| VPNBook.com | `VPNBOOK` |
| VPNFacile | `VPNFACILE` |
| VPNTunnel | `VPNTUNNEL` |
| VyprVpn | `VYPRVPN` |
| VPNUnlimited | `VPNUNLIMITED` |
### Required environment options
| Variable | Function | Example |
| ------------------ | --------------------------------- | ------------------------------------------------------------------------------------------------------- |
| `OPENVPN_PROVIDER` | Sets the OpenVPN provider to use. | `OPENVPN_PROVIDER=provider`. Supported providers and their config values are listed in the table above. |
| `OPENVPN_USERNAME` | Your OpenVPN username | `OPENVPN_USERNAME=asdf` |
| `OPENVPN_PASSWORD` | Your OpenVPN password | `OPENVPN_PASSWORD=asdf` |
### Network configuration options
| Variable | Function | Example |
| ------------------- | --------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| `OPENVPN_CONFIG` | Sets the OpenVPN endpoint to connect to. | `OPENVPN_CONFIG=UK Southampton` |
| `OPENVPN_OPTS` | Will be passed to OpenVPN on startup | See [OpenVPN doc](https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html) |
| `LOCAL_NETWORK` | Sets the local network that should have access. Accepts comma separated list. | `LOCAL_NETWORK=192.168.0.0/24` |
| `CREATE_TUN_DEVICE` | Creates /dev/net/tun device inside the container, mitigates the need mount the device from the host | `CREATE_TUN_DEVICE=true` |
### Firewall configuration options
When enabled, the firewall blocks everything except traffic to the peer port and traffic to the rpc port from the LOCAL_NETWORK and the internal docker gateway.
If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to the range of peer ports defined by TRANSMISSION_PEER_PORT_RANDOM_HIGH and TRANSMISSION_PEER_PORT_RANDOM_LOW.
| Variable | Function | Example |
| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
| `ENABLE_UFW` | Enables the firewall | `ENABLE_UFW=true` |
| `UFW_ALLOW_GW_NET` | Allows the gateway network through the firewall. Off defaults to only allowing the gateway. | `UFW_ALLOW_GW_NET=true` |
| `UFW_EXTRA_PORTS` | Allows the comma separated list of ports through the firewall. Respects UFW_ALLOW_GW_NET. | `UFW_EXTRA_PORTS=9910,23561,443` |
| `UFW_DISABLE_IPTABLES_REJECT` | Prevents the use of `REJECT` in the `iptables` rules, for hosts without the `ipt_REJECT` module (such as the Synology NAS). | `UFW_DISABLE_IPTABLES_REJECT=true` |
### Health check option
Because your VPN connection can sometimes fail, Docker will run a health check on this container every 5 minutes to see if the container is still connected to the internet. By default, this check is done by pinging google.com once. You change the host that is pinged.
| Variable | Function | Example |
| ------------------- | ------------------------------------------------------------------ | ------------ |
| `HEALTH_CHECK_HOST` | this host is pinged to check if the network connection still works | `google.com` |
### Permission configuration options
By default the startup script applies a default set of permissions and ownership on the transmission download, watch and incomplete directories. The GLOBAL_APPLY_PERMISSIONS directive can be used to disable this functionality.
| Variable | Function | Example |
| -------------------------- | -------------------------------------- | -------------------------------- |
| `GLOBAL_APPLY_PERMISSIONS` | Disable setting of default permissions | `GLOBAL_APPLY_PERMISSIONS=false` |
### Alternative web UIs
You can override the default web UI by setting the ```TRANSMISSION_WEB_HOME``` environment variable. If set, Transmission will look there for the Web Interface files, such as the javascript, html, and graphics files.
[Combustion UI](https://github.com/Secretmapper/combustion), [Kettu](https://github.com/endor/kettu) and [Transmission-Web-Control](https://github.com/ronggang/transmission-web-control/) come bundled with the container. You can enable either of them by setting```TRANSMISSION_WEB_UI=combustion```, ```TRANSMISSION_WEB_UI=kettu``` or ```TRANSMISSION_WEB_UI=transmission-web-control```, respectively. Note that this will override the ```TRANSMISSION_WEB_HOME``` variable if set.
| Variable | Function | Example |
| ----------------------- | -------------------------------- | --------------------------------------------------------------------------------------------------------------- |
| `TRANSMISSION_WEB_HOME` | Set Transmission web home | `TRANSMISSION_WEB_HOME=/path/to/web/ui` |
| `TRANSMISSION_WEB_UI` | Use the specified bundled web UI | `TRANSMISSION_WEB_UI=combustion`, `TRANSMISSION_WEB_UI=kettu` or `TRANSMISSION_WEB_UI=transmission-web-control` |
### Transmission configuration options
You may override Transmission options by setting the appropriate environment variable.
The environment variables are the same name as used in the transmission settings.json file
and follow the format given in these examples:
| Transmission variable name | Environment variable name |
| -------------------------- | ------------------------------------- |
| `speed-limit-up` | `TRANSMISSION_SPEED_LIMIT_UP` |
| `speed-limit-up-enabled` | `TRANSMISSION_SPEED_LIMIT_UP_ENABLED` |
| `ratio-limit` | `TRANSMISSION_RATIO_LIMIT` |
| `ratio-limit-enabled` | `TRANSMISSION_RATIO_LIMIT_ENABLED` |
As you can see the variables are prefixed with `TRANSMISSION_`, the variable is capitalized, and `-` is converted to `_`.
Transmission options changed in the WebUI or in settings.json will be overridden at startup and will not survive after a reboot of the container. You may want to use these variables in order to keep your preferences.
PS: `TRANSMISSION_BIND_ADDRESS_IPV4` will be overridden to the IP assigned to your OpenVPN tunnel interface.
This is to prevent leaking the host IP.
### Web proxy configuration options
This container also contains a web-proxy server to allow you to tunnel your web-browser traffic through the same OpenVPN tunnel.
This is useful if you are using a private tracker that needs to see you login from the same IP address you are torrenting from.
The default listening port is 8888. Note that only ports above 1024 can be specified as all ports below 1024 are privileged
and would otherwise require root permissions to run.
Remember to add a port binding for your selected (or default) port when starting the container.
| Variable | Function | Example |
| ------------------ | ----------------------- | ----------------------- |
| `WEBPROXY_ENABLED` | Enables the web proxy | `WEBPROXY_ENABLED=true` |
| `WEBPROXY_PORT` | Sets the listening port | `WEBPROXY_PORT=8888` |
| `WEBPROXY_USERNAME`| Sets the BasicAuth username | `WEBPROXY_USERNAME=test` |
| `WEBPROXY_PASSWORD`| Sets the BasicAuth password | `WEBPROXY_PASSWORD=password` |
### User configuration options
By default everything will run as the root user. However, it is possible to change who runs the transmission process.
You may set the following parameters to customize the user id that runs transmission.
| Variable | Function | Example |
| -------- | ------------------------------------------- | ----------- |
| `PUID` | Sets the user id who will run transmission | `PUID=1003` |
| `PGID` | Sets the group id for the transmission user | `PGID=1003` |
### Dropping default route from iptables (advanced)
Some VPNs do not override the default route, but rather set other routes with a lower metric.
This might lead to the default route (your untunneled connection) to be used.
To drop the default route set the environment variable `DROP_DEFAULT_ROUTE` to `true`.
*Note*: This is not compatible with all VPNs. You can check your iptables routing with the `ip r` command in a running container.
### Custom pre/post scripts
If you ever need to run custom code before or after transmission is executed or stopped, you can use the custom scripts feature.
Custom scripts are located in the /scripts directory which is empty by default.
To enable this feature, you'll need to mount the /scripts directory.
Once /scripts is mounted you'll need to write your custom code in the following bash shell scripts:
| Script | Function |
| ----------------------------------- | ------------------------------------------------------------ |
| /scripts/openvpn-pre-start.sh | This shell script will be executed before openvpn start |
| /scripts/transmission-pre-start.sh | This shell script will be executed before transmission start |
| /scripts/transmission-post-start.sh | This shell script will be executed after transmission start |
| /scripts/transmission-pre-stop.sh | This shell script will be executed before transmission stop |
| /scripts/transmission-post-stop.sh | This shell script will be executed after transmission stop |
Don't forget to include the #!/bin/bash shebang and to make the scripts executable using chmod a+x
### RSS plugin
The Transmission RSS plugin can optionally be run as a separate container. It allow to download torrents based on an RSS URL, see [Plugin page](https://github.com/nning/transmission-rss).
```
$ docker run -d \
-e "RSS_URL=<URL>" \
--link <transmission-container>:transmission \
--name "transmission-rss" \
haugene/transmission-rss
```
#### Use docker env file
Another way is to use a docker env file where you can easily store all your env variables and maintain multiple configurations for different providers.
In the GitHub repository there is a provided DockerEnv file with all the current transmission and openvpn environment variables. You can use this to create local configurations
by filling in the details and removing the # of the ones you want to use.
Please note that if you pass in env. variables on the command line these will override the ones in the env file.
See explanation of variables above.
To use this env file, use the following to run the docker image:
```
$ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
--env-file /your/docker/env/file \
-p 9091:9091 \
haugene/transmission-openvpn
```
## Access the WebUI
But what's going on? My http://my-host:9091 isn't responding?
This is because the VPN is active, and since docker is running in a different ip range than your client the response
to your request will be treated as "non-local" traffic and therefore be routed out through the VPN interface.
### How to fix this
The container supports the `LOCAL_NETWORK` environment variable. For instance if your local network uses the IP range 192.168.0.0/24 you would pass `-e LOCAL_NETWORK=192.168.0.0/24`.
Alternatively you can reverse proxy the traffic through another container, as that container would be in the docker range. There is a reverse proxy being built with the container. You can run it using the command below or have a look in the repository proxy folder for inspiration for your own custom proxy.
```
$ docker run -d \
--link <transmission-container>:transmission \
-p 8080:8080 \
haugene/transmission-openvpn-proxy
```
## Access the RPC
You need to add a / to the end of the URL to be able to connect. Example: http://my-host:9091/transmission/rpc/
## Known issues, tips and tricks
#### Use Google DNS servers
Some have encountered problems with DNS resolving inside the docker container.
This causes trouble because OpenVPN will not be able to resolve the host to connect to.
If you have this problem use dockers --dns flag to override the resolv.conf of the container.
For example use googles dns servers by adding --dns 8.8.8.8 --dns 8.8.4.4 as parameters to the usual run command.
#### Restart container if connection is lost
If the VPN connection fails or the container for any other reason loses connectivity, you want it to recover from it. One way of doing this is to set environment variable `OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60` and use the --restart=always flag when starting the container. This way OpenVPN will exit if ping fails over a period of time which will stop the container and then the Docker deamon will restart it.
#### Reach sleep or hybernation on your host if no torrents are active
By befault Transmission will always [scrape](https://en.wikipedia.org/wiki/Tracker_scrape) trackers, even if all torrents have completed their activities, or they have been paused manually. This will cause Transmission to be always active, therefore never allow your host server to be inactive and go to sleep/hybernation/whatever. If this is something you want, you can add the following variable when creating the container. It will turn off a hidden setting in Tranmsission which will stop the application to scrape trackers for paused torrents. Transmission will become inactive, and your host will reach the desidered state.
```
-e "TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=false"
```
#### Running it on a NAS
Several popular NAS platforms supports Docker containers. You should be able to set up and configure this container using their web interfaces. Remember that you need a TUN/TAP device to run the container. To set up the device it's probably simplest to install a OpenVPN package for the NAS. This should set up the device. If not, there are some more detailed instructions below.
#### Questions?
If you are having issues with this container please submit an issue on GitHub.
Please provide logs, docker version and other information that can simplify reproducing the issue.
Using the latest stable version of Docker is always recommended. Support for older version is on a best-effort basis.
## Adding new providers
If your VPN provider is not in the list of supported providers you could always create an issue on GitHub and see if someone could add it for you. But if you're feeling up for doing it yourself, here's a couple of pointers.
You clone this repository and create a new folder under "openvpn" where you put the .ovpn files your provider gives you. Depending on the structure of these files you need to make some adjustments. For example if they come with a ca.crt file that is referenced in the config you need to update this reference to the path it will have inside the container (which is /etc/openvpn/...). You also have to set where to look for your username/password.
There is a script called adjustConfigs.sh that could help you. After putting your .ovpn files in a folder, run that script with your folder name as parameter and it will try to do the changes described above. If you use it or not, reading it might give you some help in what you're looking to change in the .ovpn files.
Once you've finished modifying configs, you build the container and run it with OPENVPN_PROVIDER set to the name of the folder of configs you just created (it will be lowercased to match the folder names). And that should be it!
So, you've just added your own provider and you're feeling pretty good about it! Why don't you fork this repository, commit and push your changes and submit a pull request? Share your provider with the rest of us! :) Please submit your PR to the dev branch in that case.
### Using a custom provider
If you want to run the image with your own provider without building a new image, that is also possible. For some providers, like AirVPN, the .ovpn files are generated per user and contains credentials. They should not be added to a public image. This is what you do:
Add a new volume mount to your `docker run` command that mounts your config file:
`-v /path/to/your/config.ovpn:/etc/openvpn/custom/default.ovpn`
Then you can set `OPENVPN_PROVIDER=CUSTOM`and the container will use the config you provided. If you are using AirVPN or other provider with credentials in the config file, you still need to set `OPENVPN_USERNAME` and `OPENVPN_PASSWORD` as this is required by the startup script. They will not be read by the .ovpn file, so you can set them to whatever.
Note that you still need to modify your .ovpn file as described in the previous section. If you have an separate ca.crt, client.key or client.crt file in your volume mount should be a folder containing both the ca.crt and the .ovpn config.
Mount the folder contianing all the required files instead of the openvpn.ovpn file.
`-v /path/to/your/config/:/etc/openvpn/custom/`
Additionally the .ovpn config should include the full path on the docker container to the ca.crt and additional files.
`ca /etc/openvpn/custom/ca.crt`
If `-e OPENVPN_CONFIG=` variable has been omitted from the `docker run` command the .ovpn config file must be named default.ovpn. IF `-e OPENVPN_CONFIG=` is used with the custom provider the .ovpn config and variable must match as described above.
## Controlling Transmission remotely
The container exposes /config as a volume. This is the directory where the supplied transmission and OpenVPN credentials will be stored.
If you have transmission authentication enabled and want scripts in another container to access and
control the transmission-daemon, this can be a handy way to access the credentials.
For example, another container may pause or restrict transmission speeds while the server is streaming video.
## Running on ARM (Raspberry PI)
Since the Raspberry PI runs on an ARM architecture instead of x64, the existing x64 images will not
work properly. There are 2 additional Dockerfiles created. The Dockerfiles supported by the Raspberry PI are Dockerfile.armhf -- there is
also an example docker-compose-armhf file that shows how you might use Transmission/OpenVPN and the
corresponding nginx reverse proxy on an RPI machine.
You can use the `latest-armhf` tag for each images (see docker-compose-armhf.yml) or build your own images using Dockerfile.armhf.
## Make it work on Synology NAS
Here are the steps to run it on a Synology NAS (Tested on DSM 6) :
- Connect as _admin_ to your Synology SSH
- Switch to root with command `sudo su -`
- Enter your _admin_ password when prompted
- Create a TUN.sh file anywhere in your synology file system by typing `vim /volume1/foldername/TUN.sh`
replacing _foldername_ with any folder you created on your Synology
- Paste @timkelty 's script :
```
#!/bin/sh
# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
if ( [ ! -d /dev/net ] ); then
mkdir -m 755 /dev/net
fi
mknod /dev/net/tun c 10 200
chmod 0755 /dev/net/tun
fi
# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
insmod /lib/modules/tun.ko
fi
```
- Save the file with [escape] + `:wq!`
- Go in the folder containing your script : `cd /volume1/foldername/`
- Check permission with `chmod 0755 TUN.sh`
- Run it with `./TUN.sh`
- Return to initial directory typing `cd`
- Create the DNS config file by typing `vim /volume1/foldername/resolv.conf`
- Paste the following lines :
```
nameserver 8.8.8.8
nameserver 8.8.4.4
```
- Save the file with [escape] + `:wq!`
- Create your docker container with a the following command line:
# Tested on DSM 6.1.4-15217 Update 1, Docker Package 17.05.0-0349
docker run \
--cap-add=NET_ADMIN \
--device=/dev/net/tun \
-d \
-v /volume1/foldername/resolv.conf:/etc/resolv.conf \
-v /volume1/yourpath/:/data \
-e "OPENVPN_PROVIDER=PIA" \
-e "OPENVPN_CONFIG=CA\ Toronto" \
-e "OPENVPN_USERNAME=XXXXX" \
-e "OPENVPN_PASSWORD=XXXXX" \
-e "LOCAL_NETWORK=192.168.0.0/24" \
-e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \
-e "PGID=100" \
-e "PUID=1234" \
-p 9091:9091 \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
--name "transmission-openvpn-syno" \
haugene/transmission-openvpn:latest
- To make it work after a nas restart, create an automated task in your synology web interface : go to **Settings Panel > Task Scheduler ** create a new task that run `/volume1/foldername/TUN.sh` as root (select '_root_' in 'user' selectbox). This task will start module that permit the container to run, you can make a task that run on startup. These kind of task doesn't work on my nas so I just made a task that run every minute.
- Enjoy
## systemd Integration
On many modern linux systems, including Ubuntu, systemd can be used to start the transmission-openvpn at boot time, and restart it after any failure.
Save the following as `/etc/systemd/system/transmission-openvpn.service`, and replace the OpenVPN PROVIDER/USERNAME/PASSWORD directives with your settings, and add any other directives that you're using.
This service is assuming that there is a `bittorrent` user set up with a home directory at `/home/bittorrent/`. The data directory will be mounted at `/home/bittorrent/data/`. This can be changed to whichever user and location you're using.
OpenVPN is set to exit if there is a connection failure. OpenVPN exiting triggers the container to also exit, then the `Restart=always` definition in the `transmission-openvpn.service` file tells systems to restart things again.
```
[Unit]
Description=haugene/transmission-openvpn docker container
After=docker.service
Requires=docker.service
[Service]
User=bittorrent
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill transmission-openvpn
ExecStartPre=-/usr/bin/docker rm transmission-openvpn
ExecStartPre=/usr/bin/docker pull haugene/transmission-openvpn
ExecStart=/usr/bin/docker run \
--name transmission-openvpn \
--cap-add=NET_ADMIN \
--device=/dev/net/tun \
-v /home/bittorrent/data/:/data \
-e "OPENVPN_PROVIDER=TORGUARD" \
-e "OPENVPN_USERNAME=bittorrent@example.com" \
-e "OPENVPN_PASSWORD=hunter2" \
-e "OPENVPN_CONFIG=CA\ Toronto" \
-e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \
-e "TRANSMISSION_UMASK=0" \
-p 9091:9091 \
--dns 8.8.8.8 \
--dns 8.8.4.4 \
haugene/transmission-openvpn
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
```
Then enable and start the new service with:
```
$ sudo systemctl enable /etc/systemd/system/transmission-openvpn.service
$ sudo systemctl restart transmission-openvpn.service
```
If it is stopped or killed in any fashion, systemd will restart the container. If you do want to shut it down, then run the following command and it will stay down until you restart it.
```
$ sudo systemctl stop transmission-openvpn.service
# Later ...
$ sudo systemctl start transmission-openvpn.service
```

9
docs/rss-plugin.md
View File

@@ -1,9 +0,0 @@
The Transmission RSS plugin can optionally be run as a separate container. It allows downloading torrents based on an RSS URL, see [Plugin page](https://github.com/nning/transmission-rss).
```
$ docker run -d \
-e "RSS_URL=<URL>" \
--link <transmission-container>:transmission \
--name "transmission-rss" \
haugene/transmission-rss
```

41
docs/run-from-docker-registry.md
View File

@@ -1,41 +0,0 @@
The container is available from the Docker registry and this is the simplest way to get it.
To run the container use this command:
```
$ docker run --cap-add=NET_ADMIN -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
-e CREATE_TUN_DEVICE=true \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=CA\ Toronto \
-e OPENVPN_USERNAME=user \
-e OPENVPN_PASSWORD=pass \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.0.0/16 \
--log-driver json-file \
--log-opt max-size=10m \
-p 9091:9091 \
haugene/transmission-openvpn
```
You must set the environment variables `OPENVPN_PROVIDER`, `OPENVPN_USERNAME` and `OPENVPN_PASSWORD` to provide basic connection details.
The `OPENVPN_CONFIG` is an optional variable. If no config is given, a default config will be selected for the provider you have chosen.
Find available OpenVPN configurations by looking in the openvpn folder of the GitHub repository. The value that you should use here is the filename of your chosen openvpn configuration *without* the .ovpn file extension. For example:
```
-e "OPENVPN_CONFIG=ipvanish-AT-Vienna-vie-c02"
```
You can also provide a comma separated list of openvpn configuration filenames.
If you provide a list, a file will be randomly chosen in the list, this is useful for redundancy setups. For example:
```
-e "OPENVPN_CONFIG=ipvanish-AT-Vienna-vie-c02,ipvanish-FR-Paris-par-a01,ipvanish-DE-Frankfurt-fra-a01"
```
If you provide a list and the selected server goes down, after the value of ping-timeout the container will be restarted and a server will be randomly chosen, note that the faulty server can be chosen again, if this should occur, the container will be restarted again until a working server is selected.
To make sure this work in all cases, you should add ```--pull-filter ignore ping``` to your OPENVPN_OPTS variable.
As you can see, the container also expects a data volume to be mounted.
This is where Transmission will store your downloads, incomplete downloads and look for a watch directory for new .torrent files.
By default a folder named transmission-home will also be created under /data, this is where Transmission stores its state.

6
docs/run-on-arm.md
View File

@@ -1,6 +0,0 @@
### Running on ARM (Raspberry PI)
Since the Raspberry PI runs on an ARM architecture instead of x64, the existing x64 images will not
work properly. There are 2 additional Dockerfiles created. The Dockerfiles supported by the Raspberry PI are Dockerfile.armhf -- there is
also an example docker-compose-armhf file that shows how you might use Transmission/OpenVPN and the
corresponding nginx reverse proxy on an RPI machine.
You can use the `latest-armhf` tag for each images (see docker-compose-armhf.yml) or build your own images using Dockerfile.armhf.

97
docs/supported-providers.md
View File

@@ -1,97 +0,0 @@
This is a list of providers that are bundled within the image. Feel free to create an issue if your provider is not on the list, but keep in mind that some providers generate config files per user. This means that your login credentials are part of the config an can therefore not be bundled. In this case you can use the custom provider setup described later in this readme. The custom provider setting can be used with any provider.
| Provider Name | Config Value (`OPENVPN_PROVIDER`) |
| :---------------------- | :-------------------------------- |
| Anonine | `ANONINE` |
| AnonVPN | `ANONVPN` |
| BlackVPN | `BLACKVPN` |
| BTGuard | `BTGUARD` |
| Cryptostorm | `CRYPTOSTORM` |
| Cypherpunk | `CYPHERPUNK` |
| elastictunnel.com | `ELASTICTUNNEL` |
| ExpressVPN | `EXPRESSVPN` |
| FastestVPN | `FASTESTVPN` |
| FreeVPN | `FREEVPN` |
| FrootVPN | `FROOT` |
| FrostVPN | `FROSTVPN` |
| GhostPath | `GHOSTPATH` |
| Giganews | `GIGANEWS` |
| HideMe | `HIDEME` |
| HideMyAss | `HIDEMYASS` |
| IntegrityVPN | `INTEGRITYVPN` |
| IPredator | `IPREDATOR` |
| IPVanish | `IPVANISH` |
| IronSocket | `IRONSOCKET` |
| Ivacy | `IVACY` |
| IVPN | `IVPN` |
| Mullvad | `MULLVAD` |
| NordVPN | `NORDVPN` |
| OctaneVPN | `OCTANEVPN` |
| OVPN | `OVPN` |
| Perfect Privacy | `PERFECTPRIVACY` |
| Private Internet Access | `PIA` |
| Privado | `PRIVADO` |
| PrivateVPN | `PRIVATEVPN` |
| ProtonVPN | `PROTONVPN` |
| proXPN | `PROXPN` |
| proxy.sh | `PROXYSH ` |
| PureVPN | `PUREVPN` |
| RA4W VPN | `RA4W` |
| SaferVPN | `SAFERVPN` |
| SlickVPN | `SLICKVPN` |
| Smart DNS Proxy | `SMARTDNSPROXY` |
| SmartVPN | `SMARTVPN` |
| Surfshark | `SURFSHARK` |
| TigerVPN | `TIGER` |
| TorGuard | `TORGUARD` |
| Trust.Zone | `TRUSTZONE` |
| TunnelBear | `TUNNELBEAR` |
| VPNArea.com | `VPNAREA` |
| VPNBook.com | `VPNBOOK` |
| VPNFacile | `VPNFACILE` |
| VPNTunnel | `VPNTUNNEL` |
| VPNUnlimited | `VPNUNLIMITED` |
| VPN.AC | `VPNAC` |
| VPN.ht | `VPNHT` |
| VyprVpn | `VYPRVPN` |
| Windscribe | `WINDSCRIBE` |
| ZoogVPN | `ZOOGVPN` |
## Adding new providers
If your VPN provider is not in the list of supported providers you could always create an issue on GitHub and see if someone could add it for you. But if you're feeling up for doing it yourself, here's a couple of pointers.
You clone this repository and create a new folder under "openvpn" where you put the .ovpn files your provider gives you. Depending on the structure of these files you need to make some adjustments. For example if they come with a ca.crt file that is referenced in the config you need to update this reference to the path it will have inside the container (which is /etc/openvpn/...). You also have to set where to look for your username/password.
There is a script called adjustConfigs.sh that could help you. After putting your .ovpn files in a folder, run that script with your folder name as parameter and it will try to do the changes described above. If you use it or not, reading it might give you some help in what you're looking to change in the .ovpn files.
Once you've finished modifying configs, you build the container and run it with OPENVPN_PROVIDER set to the name of the folder of configs you just created (it will be lowercased to match the folder names). And that should be it!
So, you've just added your own provider and you're feeling pretty good about it! Why don't you fork this repository, commit and push your changes and submit a pull request? Share your provider with the rest of us! :) Please submit your PR to the dev branch in that case.
### Using a custom provider
If you want to run the image with your own provider without building a new image, that is also possible. For some providers, like AirVPN, the .ovpn files are generated per user and contains credentials. They should not be added to a public image. This is what you do:
Add a new volume mount to your `docker run` command that mounts your config file:
`-v /path/to/your/config.ovpn:/etc/openvpn/custom/default.ovpn`
Then you can set `OPENVPN_PROVIDER=CUSTOM`and the container will use the config you provided.
NOTE: Your .ovpn config file probably contains a line that says `auth-user-pass`. This will prompt OpenVPN to ask for the
username and password. As this is running in a scripted environment that is not possible. Change it for `auth-user-pass /config/openvpn-credentials.txt`
which is the file where your `OPENVPN_USERNAME` and `OPENVPN_PASSWORD` variables will be written to.
If you are using AirVPN or other provider with credentials in the config file, you still need
to set `OPENVPN_USERNAME` and `OPENVPN_PASSWORD` as this is required by the startup script.
They will not be read by the .ovpn file, so you can set them to whatever.
Note that you still need to modify your .ovpn file as described in the previous section.
If you have an separate ca.crt, client.key or client.crt file in your volume mount should be a folder containing both the ca.crt and the .ovpn config.
Mount the folder contianing all the required files instead of the openvpn.ovpn file.
`-v /path/to/your/config/:/etc/openvpn/custom/`
Additionally the .ovpn config should include the full path on the docker container to the ca.crt and additional files.
`ca /etc/openvpn/custom/ca.crt`
If `-e OPENVPN_CONFIG=` variable has been omitted from the `docker run` command the .ovpn config file must be named default.ovpn.
If `-e OPENVPN_CONFIG=` is used with the custom provider the .ovpn config and variable must match as described above.

55
docs/systemd-integration.md
View File

@@ -1,55 +0,0 @@
On many modern linux systems, including Ubuntu, systemd can be used to start the transmission-openvpn at boot time, and restart it after any failure.
Save the following as `/etc/systemd/system/transmission-openvpn.service`, and replace the OpenVPN PROVIDER/USERNAME/PASSWORD directives with your settings, and add any other directives that you're using.
This service is assuming that there is a `bittorrent` user set up with a home directory at `/home/bittorrent/`. The data directory will be mounted at `/home/bittorrent/data/`. This can be changed to whichever user and location you're using.
OpenVPN is set to exit if there is a connection failure. OpenVPN exiting triggers the container to also exit, then the `Restart=always` definition in the `transmission-openvpn.service` file tells systems to restart things again.
```
[Unit]
Description=haugene/transmission-openvpn docker container
After=docker.service
Requires=docker.service
[Service]
User=bittorrent
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill transmission-openvpn
ExecStartPre=-/usr/bin/docker rm transmission-openvpn
ExecStartPre=/usr/bin/docker pull haugene/transmission-openvpn
ExecStart=/usr/bin/docker run \
--name transmission-openvpn \
--cap-add=NET_ADMIN \
-v /home/bittorrent/data/:/data \
-e "OPENVPN_PROVIDER=TORGUARD" \
-e "OPENVPN_USERNAME=bittorrent@example.com" \
-e "OPENVPN_PASSWORD=hunter2" \
-e "OPENVPN_CONFIG=CA Toronto" \
-e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \
-e "TRANSMISSION_UMASK=0" \
-p 9091:9091 \
--dns 8.8.8.8 \
--dns 8.8.4.4 \
haugene/transmission-openvpn
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
```
Then enable and start the new service with:
```
$ sudo systemctl enable /etc/systemd/system/transmission-openvpn.service
$ sudo systemctl restart transmission-openvpn.service
```
If it is stopped or killed in any fashion, systemd will restart the container. If you do want to shut it down, then run the following command and it will stay down until you restart it.
```
$ sudo systemctl stop transmission-openvpn.service
# Later ...
$ sudo systemctl start transmission-openvpn.service
```

BIN
images/digitalocean.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.0 KiB

BIN
images/patreon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.3 KiB

24
mkdocs.yml
View File

@@ -1,24 +0,0 @@
site_name: docker-transmission-openvpn
site_url: http://haugene.github.io/docker-transmission-openvpn/
repo_url: https://github.com/haugene/docker-transmission-openvpn/
theme:
name: 'material'
markdown_extensions:
- toc:
permalink: True
separator: "_"
nav:
- 'Home': 'index.md'
- 'Run from Docker registry': 'run-from-docker-registry.md'
- 'Supported providers': 'supported-providers.md'
- 'Arguments': 'arguments.md'
- 'Custom pre/post scripts': 'custom-scripts.md'
- 'RSS plugin': 'rss-plugin.md'
- 'Use docker env file': 'dockerenv.md'
- 'Access': 'access.md'
- 'Running on ARM': 'run-on-arm.md'
- 'NORDVPN update script': 'nordvpn-script.md'
- 'Systemd integration': 'systemd-integration.md'
- 'Known issues, tips and tricks': 'known-issues.md'
plugins:
- search

53
openvpn/adjustConfigs.sh
View File

@@ -1,53 +0,0 @@
#!/bin/bash
bold=$(tput bold)
normal=$(tput sgr0)
#
# This is a script to ease the process of updating and adding .ovpn files to the project.
# As some customizations have to be done with the .ovpn files from the providers
# this script was created to make it easy and also to highlight which changes we actually do and why.
#
# Intended usage is to download .zip (or other) package with .ovpn files from your provider.
# Then delete the content in the provider-folder, replace with the new ones, run the script and it should be quite good.
# Just need to double check that the default.ovpn is still there and that the diff to origin looks reasonable.
#
display_usage() {
echo "${bold}Hint: read the script before using it${normal}"
echo "If you just forgot: ./adjustConfigs.sh <provider-folder>"
}
# if no arguments supplied, display usage
if [ $# -lt 1 ]
then
display_usage
exit 1
fi
provider=$1
for configFile in $provider/*.ovpn;
do
if [[ -L ${configFile} ]]; then
continue # Don't edit symbolic links (default.ovpn)
fi
# Absolute reference to ca cert
sed -i "s/ca .*\.crt/ca \/etc\/openvpn\/$provider\/ca.crt/g" "$configFile"
# Absolute reference to Wdc key file
sed -i "s/tls-auth Wdc.key 1/tls-auth \/etc\/openvpn\/$provider\/Wdc.key 1/g" "$configFile"
# Absolute reference to crl
sed -i "s/crl-verify.*\.pem/crl-verify \/etc\/openvpn\/$provider\/crl.pem/g" "$configFile"
# Set user-pass file location
sed -i "s/auth-user-pass.*/auth-user-pass \/config\/openvpn-credentials.txt/g" "$configFile"
# Remove up/down resolv-conf script calls (Mullvad)
sed -i "/update-resolv-conf/d" "$configFile"
done
echo "Updated all .ovpn files in folder $provider"

42
openvpn/adjustConfigsDocker.sh
View File

@@ -1,42 +0,0 @@
#!/bin/bash
set -x
bold=$(tput bold)
normal=$(tput sgr0)
# Wrapper script of adjustConfigs.sh
# Getting errors that I don't care to fix when running sed on my mac (different versions and syntax)
# Copying provider files into a temporary container, running the script and copying it out again
display_usage() {
echo "${bold}Hint: read the script before using it${normal}"
echo "If you just forgot: ./adjustConfigs.sh <provider-folder>"
}
# if no arguments supplied, display usage
if [ $# -lt 1 ]
then
display_usage
exit 1
fi
provider=$1
# Create a simple container that, when started, just tails a static file
CONTAINER=$(docker create ubuntu bash -c "tail -f /etc/os-release")
# Copy provider files and script into container
docker cp ${provider} ${CONTAINER}:/${provider}
docker cp adjustConfigs.sh ${CONTAINER}:/
# Start it and exec the script (need to install dos2unix first, might be improved later)
docker start ${CONTAINER}
docker exec -it ${CONTAINER} bash -c "apt update && apt install -y dos2unix"
docker exec -it -w / ${CONTAINER} bash -c "./adjustConfigs.sh ${provider}"
docker exec -it -w /${provider} ${CONTAINER} bash -c "find . -type f -name '*.ovpn' -print0 | xargs -0 dos2unix"
# Copy our result back out, and remove the container
docker cp ${CONTAINER}:/${provider} .
docker rm -f ${CONTAINER}

215
openvpn/start.sh
View File

@@ -1,215 +0,0 @@
#!/bin/bash
##
# Get some initial setup out of the way.
##
if [[ -n "$REVISION" ]]; then
echo "Starting container with revision: $REVISION"
fi
[[ "${DEBUG}" == "true" ]] && set -x
# If openvpn-pre-start.sh exists, run it
if [[ -x /scripts/openvpn-pre-start.sh ]]; then
echo "Executing /scripts/openvpn-pre-start.sh"
/scripts/openvpn-pre-start.sh "$@"
echo "/scripts/openvpn-pre-start.sh returned $?"
fi
# Allow for overriding the DNS used directly in the /etc/resolv.conf
if compgen -e | grep -q "OVERRIDE_DNS"; then
echo "One or more OVERRIDE_DNS addresses found. Will use them to overwrite /etc/resolv.conf"
echo "" > /etc/resolv.conf
for var in $(compgen -e | grep "OVERRIDE_DNS"); do
echo "nameserver $(printenv "$var")" >> /etc/resolv.conf
done
fi
# If create_tun_device is set, create /dev/net/tun
if [[ "${CREATE_TUN_DEVICE,,}" == "true" ]]; then
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 0666 /dev/net/tun
fi
##
# Configure OpenVPN.
# This basically means to figure out the config file to use as well as username/password
##
# If no OPENVPN_PROVIDER is given, we default to "custom" provider.
VPN_PROVIDER="${OPENVPN_PROVIDER:-custom}"
VPN_PROVIDER="${VPN_PROVIDER,,}" # to lowercase
VPN_PROVIDER_HOME="/etc/openvpn/${VPN_PROVIDER}"
mkdir -p "$VPN_PROVIDER_HOME"
# Make sure that we have enough information to start OpenVPN
if [[ -z $OPENVPN_CONFIG_URL ]] && [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then
echo "ERROR: Cannot determine where to find your OpenVPN config. Both OPENVPN_CONFIG_URL and OPENVPN_PROVIDER is unset."
echo "You have to either provide a URL to the config you want to use, or set a configured provider that will download one for you."
echo "Exiting..." && exit 1
fi
echo "Using OpenVPN provider: ${VPN_PROVIDER^^}"
if [[ -n $OPENVPN_CONFIG_URL ]]; then
echo "Found URL to OpenVPN config, will download it."
CHOSEN_OPENVPN_CONFIG=$VPN_PROVIDER_HOME/downloaded_config.ovpn
curl -o "$CHOSEN_OPENVPN_CONFIG" -sSL "$OPENVPN_CONFIG_URL"
# shellcheck source=openvpn/modify-openvpn-config.sh
/etc/openvpn/modify-openvpn-config.sh "$CHOSEN_OPENVPN_CONFIG"
elif [[ -x $VPN_PROVIDER_HOME/configure-openvpn.sh ]]; then
echo "Provider $OPENVPN_PROVIDER has a custom startup script, executing it"
# shellcheck source=/dev/null
. "$VPN_PROVIDER_HOME"/configure-openvpn.sh
fi
if [[ -z ${CHOSEN_OPENVPN_CONFIG} ]]; then
# We still don't have a config. The user might have set a config in OPENVPN_CONFIG.
if [[ -n "${OPENVPN_CONFIG-}" ]]; then
readarray -t OPENVPN_CONFIG_ARRAY <<< "${OPENVPN_CONFIG//,/$'\n'}"
## Trim leading and trailing spaces from all entries. Inefficient as all heck, but works like a champ.
for i in "${!OPENVPN_CONFIG_ARRAY[@]}"; do
OPENVPN_CONFIG_ARRAY[${i}]="${OPENVPN_CONFIG_ARRAY[${i}]#"${OPENVPN_CONFIG_ARRAY[${i}]%%[![:space:]]*}"}"
OPENVPN_CONFIG_ARRAY[${i}]="${OPENVPN_CONFIG_ARRAY[${i}]%"${OPENVPN_CONFIG_ARRAY[${i}]##*[![:space:]]}"}"
done
# If there were multiple configs (comma separated), select one of them
if (( ${#OPENVPN_CONFIG_ARRAY[@]} > 1 )); then
OPENVPN_CONFIG_RANDOM=$((RANDOM%${#OPENVPN_CONFIG_ARRAY[@]}))
echo "${#OPENVPN_CONFIG_ARRAY[@]} servers found in OPENVPN_CONFIG, ${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]} chosen randomly"
OPENVPN_CONFIG="${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]}"
fi
# Check that the chosen config exists.
if [[ -f "${VPN_PROVIDER_HOME}/${OPENVPN_CONFIG}.ovpn" ]]; then
echo "Starting OpenVPN using config ${OPENVPN_CONFIG}.ovpn"
CHOSEN_OPENVPN_CONFIG="${VPN_PROVIDER_HOME}/${OPENVPN_CONFIG}.ovpn"
else
echo "Supplied config ${OPENVPN_CONFIG}.ovpn could not be found."
echo "Your options for this provider are:"
ls "${VPN_PROVIDER_HOME}" | grep .ovpn
echo "NB: Remember to not specify .ovpn as part of the config name."
exit 1 # No longer fall back to default. The user chose a specific config - we should use it or fail.
fi
else
echo "No VPN configuration provided. Using default."
CHOSEN_OPENVPN_CONFIG="${VPN_PROVIDER_HOME}/default.ovpn"
fi
fi
# add OpenVPN user/pass
if [[ "${OPENVPN_USERNAME}" == "**None**" ]] || [[ "${OPENVPN_PASSWORD}" == "**None**" ]] ; then
if [[ ! -f /config/openvpn-credentials.txt ]] ; then
echo "OpenVPN credentials not set. Exiting."
exit 1
fi
echo "Found existing OPENVPN credentials at /config/openvpn-credentials.txt"
else
echo "Setting OpenVPN credentials..."
mkdir -p /config
echo "${OPENVPN_USERNAME}" > /config/openvpn-credentials.txt
echo "${OPENVPN_PASSWORD}" >> /config/openvpn-credentials.txt
chmod 600 /config/openvpn-credentials.txt
fi
# add transmission credentials from env vars
echo "${TRANSMISSION_RPC_USERNAME}" > /config/transmission-credentials.txt
echo "${TRANSMISSION_RPC_PASSWORD}" >> /config/transmission-credentials.txt
# Persist transmission settings for use by transmission-daemon
python3 /etc/openvpn/persistEnvironment.py /etc/transmission/environment-variables.sh
TRANSMISSION_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/openvpn/tunnelUp.sh --down /etc/openvpn/tunnelDown.sh"
## If we use UFW or the LOCAL_NETWORK we need to grab network config info
if [[ "${ENABLE_UFW,,}" == "true" ]] || [[ -n "${LOCAL_NETWORK-}" ]]; then
eval $(/sbin/ip route list match 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')
## IF we use UFW_ALLOW_GW_NET along with ENABLE_UFW we need to know what our netmask CIDR is
if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
eval $(/sbin/ip route list dev ${INT} | awk '{if($5=="link"){print "GW_CIDR="$1; exit}}')
fi
fi
## Open port to any address
function ufwAllowPort {
typeset -n portNum=${1}
if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ -n "${portNum-}" ]]; then
echo "allowing ${portNum} through the firewall"
ufw allow ${portNum}
fi
}
## Open port to specific address.
function ufwAllowPortLong {
typeset -n portNum=${1} sourceAddress=${2}
if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ -n "${portNum-}" ]] && [[ -n "${sourceAddress-}" ]]; then
echo "allowing ${sourceAddress} through the firewall to port ${portNum}"
ufw allow from ${sourceAddress} to any port ${portNum}
fi
}
if [[ "${ENABLE_UFW,,}" == "true" ]]; then
if [[ "${UFW_DISABLE_IPTABLES_REJECT,,}" == "true" ]]; then
# A horrible hack to ufw to prevent it detecting the ability to limit and REJECT traffic
sed -i 's/return caps/return []/g' /usr/lib/python3/dist-packages/ufw/util.py
# force a rewrite on the enable below
echo "Disable and blank firewall"
ufw disable
echo "" > /etc/ufw/user.rules
fi
# Enable firewall
echo "enabling firewall"
sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw
ufw enable
if [[ "${TRANSMISSION_PEER_PORT_RANDOM_ON_START,,}" == "true" ]]; then
PEER_PORT="${TRANSMISSION_PEER_PORT_RANDOM_LOW}:${TRANSMISSION_PEER_PORT_RANDOM_HIGH}"
else
PEER_PORT="${TRANSMISSION_PEER_PORT}"
fi
ufwAllowPort PEER_PORT
if [[ "${WEBPROXY_ENABLED,,}" == "true" ]]; then
ufwAllowPort WEBPROXY_PORT
fi
if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
ufwAllowPortLong TRANSMISSION_RPC_PORT GW_CIDR
else
ufwAllowPortLong TRANSMISSION_RPC_PORT GW
fi
if [[ -n "${UFW_EXTRA_PORTS-}" ]]; then
for port in ${UFW_EXTRA_PORTS//,/ }; do
if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
ufwAllowPortLong port GW_CIDR
else
ufwAllowPortLong port GW
fi
done
fi
fi
if [[ -n "${LOCAL_NETWORK-}" ]]; then
if [[ -n "${GW-}" ]] && [[ -n "${INT-}" ]]; then
for localNet in ${LOCAL_NETWORK//,/ }; do
echo "adding route to local network ${localNet} via ${GW} dev ${INT}"
/sbin/ip route add "${localNet}" via "${GW}" dev "${INT}"
if [[ "${ENABLE_UFW,,}" == "true" ]]; then
ufwAllowPortLong TRANSMISSION_RPC_PORT localNet
if [[ -n "${UFW_EXTRA_PORTS-}" ]]; then
for port in ${UFW_EXTRA_PORTS//,/ }; do
ufwAllowPortLong port localNet
done
fi
fi
done
fi
fi
# shellcheck disable=SC2086
exec openvpn ${TRANSMISSION_CONTROL_OPTS} ${OPENVPN_OPTS} --config "${CHOSEN_OPENVPN_CONFIG}"

17
plugins/rss/Dockerfile
View File

@@ -1,17 +0,0 @@
FROM ubuntu:16.04
MAINTAINER Kristian Haugene
# Update packages and install software
RUN apt-get update \
&& apt-get -y upgrade \
&& apt-get -y install curl gcc make ruby2.3-dev \
&& gem install transmission-rss \
&& curl -L https://github.com/jwilder/dockerize/releases/download/v0.5.0/dockerize-linux-amd64-v0.5.0.tar.gz | tar -C /usr/local/bin -xzv
ADD . /etc/transmission-rss
ENV TRANSMISSION_DOWNLOAD_DIR=/data/completed \
RSS_URL=**None** \
RSS_REGEXP=
CMD ["/etc/transmission-rss/start.sh"]

17
plugins/rss/Dockerfile.armhf
View File

@@ -1,17 +0,0 @@
FROM balenalib/raspberry-pi:stretch
MAINTAINER Kristian Haugene
# Update packages and install software
RUN apt-get update \
&& apt-get -y upgrade \
&& apt-get -y install curl gcc make ruby2.3-dev libc6-dev \
&& gem install transmission-rss \
&& curl -L https://github.com/jwilder/dockerize/releases/download/v0.2.0/dockerize-linux-armhf-v0.2.0.tar.gz | tar -C /usr/local/bin -xzv
ADD . /etc/transmission-rss
ENV TRANSMISSION_DOWNLOAD_DIR=/data/completed \
RSS_URL=**None** \
RSS_REGEXP=
CMD ["/etc/transmission-rss/start.sh"]

23
plugins/rss/DockerfileCrossBuild.armhf
View File

@@ -1,23 +0,0 @@
# This Dockerfile is for building ARM images on x64 machine like Docker Hub
FROM balenalib/raspberry-pi:stretch
MAINTAINER Kristian Haugene
RUN [ "cross-build-start" ]
# Update packages and install software
RUN apt-get update \
&& apt-get -y upgrade \
&& apt-get -y install curl gcc make ruby2.3-dev libc6-dev \
&& gem install transmission-rss \
&& curl -L https://github.com/jwilder/dockerize/releases/download/v0.2.0/dockerize-linux-armhf-v0.2.0.tar.gz | tar -C /usr/local/bin -xzv
ADD . /etc/transmission-rss
ENV TRANSMISSION_DOWNLOAD_DIR=/data/completed \
RSS_URL=**None** \
RSS_REGEXP=
CMD ["/etc/transmission-rss/start.sh"]
RUN [ "cross-build-end" ]

5
plugins/rss/environment-variables.tmpl
View File

@@ -1,5 +0,0 @@
#! /bin/bash
export TRANSMISSION_DOWNLOAD_DIR={{ .Env.TRANSMISSION_DOWNLOAD_DIR }}
export RSS_URL="{{ .Env.RSS_URL }}"
export RSS_REGEXP="{{ .Env.RSS_REGEXP }}"

16
plugins/rss/start.sh
View File

@@ -1,16 +0,0 @@
#!/bin/sh
# Source our persisted env variables from container startup
dockerize -template /etc/transmission-rss/environment-variables.tmpl:/etc/transmission-rss/environment-variables.sh
. /etc/transmission-rss/environment-variables.sh
if [ -z "${RSS_URL}" ] || [ "${RSS_URL}" = "**None**" ] ; then
echo "NO RSS URL CONFIGURED, IGNORING"
else
if [ -z "${RSS_REGEXP}" ] ; then
sed -i 's/regexp:*//g' /etc/transmission-rss/transmission-rss.tmpl
fi
dockerize -template /etc/transmission-rss/transmission-rss.tmpl:/etc/transmission-rss.conf
echo "STARTING RSS PLUGIN"
transmission-rss
fi

9
plugins/rss/transmission-rss.tmpl
View File

@@ -1,9 +0,0 @@
feeds:
- url: {{ .Env.RSS_URL }}
download_path: {{ .Env.TRANSMISSION_DOWNLOAD_DIR }}
regexp: {{ .Env.RSS_REGEXP }}
server:
host: transmission
port: 9091
rpc_path: /transmission/rpc

3
proxy/Dockerfile
View File

@@ -1,3 +0,0 @@
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

16
proxy/Dockerfile.armhf
View File

@@ -1,16 +0,0 @@
FROM balenalib/raspberry-pi:stretch
RUN apt-get update \
&& apt-get install -y \
ca-certificates \
nginx \
&& rm -rf /var/lib/apt/lists/*
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 8080
COPY nginx.conf /etc/nginx/nginx.conf
CMD ["nginx", "-g", "daemon off;"]

22
proxy/DockerfileCrossBuild.armhf
View File

@@ -1,22 +0,0 @@
# This Dockerfile is for building ARM images on x64 machine like Docker Hub
FROM balenalib/raspberry-pi:stretch
RUN [ "cross-build-start" ]
RUN apt-get update \
&& apt-get install -y \
ca-certificates \
nginx \
&& rm -rf /var/lib/apt/lists/*
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 8080
COPY nginx.conf /etc/nginx/nginx.conf
CMD ["nginx", "-g", "daemon off;"]
RUN [ "cross-build-end" ]

26
proxy/nginx.conf
View File

@@ -1,26 +0,0 @@
events {
worker_connections 1024;
}
http {
# In case of big files
client_max_body_size 200M;
server {
listen 8080;
location / {
proxy_pass http://transmission:9091;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
}

6
push.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env sh
set -e
IMAGE=$1
docker push "${IMAGE}:amd64-latest"

101
root/etc/config/core.conf Normal file
View File

@@ -0,0 +1,101 @@
{
"file": 1,
"format": 1
}{
"info_sent": 0.0,
"lsd": true,
"max_download_speed": -1.0,
"send_info": false,
"natpmp": true,
"move_completed_path": "/data/completed",
"peer_tos": "0x00",
"enc_in_policy": 1,
"queue_new_to_top": false,
"ignore_limits_on_local_network": true,
"rate_limit_ip_overhead": false,
"daemon_port": 58846,
"torrentfiles_location": "/data/torrents",
"max_active_limit": 8,
"geoip_db_location": "/usr/share/GeoIP/GeoIP.dat",
"upnp": true,
"utpex": true,
"max_active_downloading": 3,
"max_active_seeding": 5,
"allow_remote": true,
"outgoing_ports": [
0,
0
],
"enabled_plugins": [],
"max_half_open_connections": 50,
"download_location": "/data/incomplete",
"compact_allocation": false,
"max_upload_speed": -1.0,
"plugins_location": "/config/plugins",
"max_connections_global": 200,
"enc_prefer_rc4": true,
"cache_expiry": 60,
"dht": true,
"stop_seed_at_ratio": false,
"stop_seed_ratio": 2.0,
"max_download_speed_per_torrent": -1,
"prioritize_first_last_pieces": false,
"max_upload_speed_per_torrent": -1,
"auto_managed": true,
"enc_level": 2,
"copy_torrent_file": false,
"max_connections_per_second": 20,
"listen_ports": [
58946,
58946
],
"max_connections_per_torrent": -1,
"del_copy_torrent_file": false,
"move_completed": false,
"autoadd_enable": false,
"proxies": {
"peer": {
"username": "",
"password": "",
"hostname": "",
"type": 0,
"port": 8080
},
"web_seed": {
"username": "",
"password": "",
"hostname": "",
"type": 0,
"port": 8080
},
"tracker": {
"username": "",
"password": "",
"hostname": "",
"type": 0,
"port": 8080
},
"dht": {
"username": "",
"password": "",
"hostname": "",
"type": 0,
"port": 8080
}
},
"dont_count_slow_torrents": false,
"add_paused": false,
"random_outgoing_ports": true,
"max_upload_slots_per_torrent": -1,
"new_release_check": true,
"enc_out_policy": 1,
"seed_time_ratio_limit": 7.0,
"remove_seed_at_ratio": false,
"autoadd_location": "/data/watched",
"max_upload_slots_global": 4,
"seed_time_limit": 180,
"cache_size": 512,
"share_ratio_limit": 2.0,
"random_port": false,
"listen_interface": "0.0.0.0"
}

28
root/etc/config/web.conf Normal file
View File

@@ -0,0 +1,28 @@
{
"file": 1,
"format": 1
}{
"sidebar_show_zero": false,
"show_session_speed": false,
"pwd_sha1": "2ce1a410bcdcc53064129b6d950f2e9fee4edc1e",
"show_sidebar": true,
"sessions": {
"bc64a15bf9d74b773810c92b4822c30d": {
"login": "admin",
"expires": 1487945609.0,
"level": 10
}
},
"enabled_plugins": [],
"base": "/",
"first_login": false,
"theme": "gray",
"pkey": "ssl/daemon.pkey",
"cert": "ssl/daemon.cert",
"session_timeout": 3600,
"https": false,
"default_daemon": "127.0.0.1:58846",
"sidebar_multiple_filters": true,
"pwd_salt": "c26ab3bbd8b137f99cd83c2c1c0963bcc1a35cad",
"port": 8112
}

96
root/etc/deluge/start.sh Executable file
View File

@@ -0,0 +1,96 @@
#!/bin/bash
TIMESTAMP_FORMAT='%a %b %d %T %Y'
log() {
echo "$(date +"${TIMESTAMP_FORMAT}") [tunnel-up] $*"
}
# Source our persisted env variables from container startup
. /etc/deluge/environment-variables.sh
# This script will be called with tun/tap device name as parameter 1, and local IP as parameter 4
# See https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html (--up cmd)
log "Up script executed with $*"
if [[ "$4" = "" ]]; then
log "ERROR, unable to obtain tunnel address"
log "killing $PPID"
kill -9 $PPID
exit 1
fi
# If deluge-pre-start.sh exists, run it
if [[ -x /config/deluge-pre-start.sh ]]; then
log "Executing /config/deluge-pre-start.sh"
/config/deluge-pre-start.sh "$@"
log "/config/deluge-pre-start.sh returned $?"
fi
if [[ ! -e "/dev/random" ]]; then
# Avoid "Fatal: no entropy gathering module detected" error
log "INFO: /dev/random not found - symlink to /dev/urandom"
ln -s /dev/urandom /dev/random
fi
log "Using ip of interface $1: $4"
export DELUGE_BIND_ADDRESS_IPV4=$4
if [ -e /config/core.conf ]; then
log "Updating Deluge conf file: listen_interface=$DELUGE_BIND_ADDRESS_IPV4"
sed -i -e "s/\"listen_interface\": \".*\"/\"listen_interface\": \"$DELUGE_BIND_ADDRESS_IPV4\"/" /config/core.conf
fi
if [[ "true" = "$DROP_DEFAULT_ROUTE" ]]; then
log "DROPPING DEFAULT ROUTE"
ip r del default || exit 1
fi
## If we use UFW or the LOCAL_NETWORK we need to grab network config info
if [[ "${ENABLE_UFW,,}" == "true" ]] || [[ -n "${LOCAL_NETWORK-}" ]]; then
eval $(/sbin/ip r l | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')
## IF we use UFW_ALLOW_GW_NET along with ENABLE_UFW we need to know what our netmask CIDR is
if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
eval $(ip r l dev ${INT} | awk '{if($5=="link"){print "GW_CIDR="$1; exit}}')
fi
fi
if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then
log "Allow in and out from ${GW_CIDR}"
ufw allow in to ${GW_CIDR}
ufw allow out to ${GW_CIDR}
fi
if [[ -n "${LOCAL_NETWORK-}" ]]; then
if [[ -n "${GW-}" ]] && [[ -n "${INT-}" ]]; then
for localNet in ${LOCAL_NETWORK//,/ }; do
log "Adding route to local network ${localNet} via ${GW} dev ${INT}"
/sbin/ip r a "${localNet}" via "${GW}" dev "${INT}"
done
fi
fi
log "Starting Deluge"
exec su --preserve-environment abc -s /bin/bash -c "/usr/bin/deluged -d -c /config -L info -l /config/deluged.log" &
# wait for deluge daemon process to start (listen for port)
while [[ $(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ".58846"') == "" ]]; do
sleep 0.1
done
log "Starting Deluge webui..."
exec su --preserve-environment abc -s /bin/bash -c "/usr/bin/deluge-web -d -c /config -L info -l /config/web.log" &
# Configure port forwarding if applicable
if [[ -x /etc/openvpn/${OPENVPN_PROVIDER,,}/update-port.sh && -z $DISABLE_PORT_UPDATER ]]; then
log "Provider ${OPENVPN_PROVIDER^^} has a script for automatic port forwarding. Will run it now."
log "If you want to disable this, set environment variable DISABLE_PORT_UPDATER=yes"
log /etc/openvpn/${OPENVPN_PROVIDER,,}/update-port.sh &
fi
# If deluge-post-start.sh exists, run it
if [[ -x /config/deluge-post-start.sh ]]; then
log "Executing /config/deluge-post-start.sh"
/config/deluge-post-start.sh "$@"
log "/config/deluge-post-start.sh returned $?"
fi
log "Deluge startup script complete."

31
root/etc/deluge/stop.sh Executable file
View File

@@ -0,0 +1,31 @@
#!/bin/bash
TIMESTAMP_FORMAT='%a %b %d %T %Y'
log() {
echo "$(date +"${TIMESTAMP_FORMAT}") [tunnel-up] $*"
}
# If deluge-pre-stop.sh exists, run it
if [[ -x /config/deluge-pre-stop.sh ]]
then
echo "Executing /config/deluge-pre-stop.sh"
/config/deluge-pre-stop.sh "$@"
echo "/config/deluge-pre-stop.sh returned $?"
fi
echo "Sending kill signal to deluge-daemon"
PID=$(pidof deluged)
kill $PID
# Give deluge-daemon time to shut down
for i in {1..10}; do
ps -p $PID &> /dev/null || break
sleep .2
done
# If deluge-post-stop.sh exists, run it
if [[ -x /config/deluge-post-stop.sh ]]
then
echo "Executing /config/deluge-post-stop.sh"
/config/deluge-post-stop.sh "$@"
echo "/config/deluge-post-stop.sh returned $?"
fi

0
openvpn/anonine/Argentina-BuenosAires.ovpn → root/etc/openvpn/anonine/Argentina-BuenosAires.ovpn
View File

0
openvpn/anonine/Australia-Sydney.ovpn → root/etc/openvpn/anonine/Australia-Sydney.ovpn
View File

0
openvpn/anonine/Brazil-RiodeJaneiro.ovpn → root/etc/openvpn/anonine/Brazil-RiodeJaneiro.ovpn
View File

0
openvpn/anonine/Brazil-SaoPaulo.ovpn → root/etc/openvpn/anonine/Brazil-SaoPaulo.ovpn
View File

0
openvpn/anonine/Canada-East.ovpn → root/etc/openvpn/anonine/Canada-East.ovpn
View File

0
openvpn/anonine/Canada-West.ovpn → root/etc/openvpn/anonine/Canada-West.ovpn
View File

0
openvpn/anonine/China-HongKong.ovpn → root/etc/openvpn/anonine/China-HongKong.ovpn
View File

0
openvpn/anonine/CostaRica-SanJose.ovpn → root/etc/openvpn/anonine/CostaRica-SanJose.ovpn
View File

0
openvpn/anonine/CzechRepublic-Prague.ovpn → root/etc/openvpn/anonine/CzechRepublic-Prague.ovpn
View File

0
openvpn/anonine/Denmark-Copenhagen.ovpn → root/etc/openvpn/anonine/Denmark-Copenhagen.ovpn
View File

0
openvpn/anonine/Finland-Helsinki.ovpn → root/etc/openvpn/anonine/Finland-Helsinki.ovpn
View File

0
openvpn/anonine/France-Paris.ovpn → root/etc/openvpn/anonine/France-Paris.ovpn
View File

0
openvpn/anonine/Germany-Dusseldorf.ovpn → root/etc/openvpn/anonine/Germany-Dusseldorf.ovpn
View File

0
openvpn/anonine/Germany-Frankfurt.ovpn → root/etc/openvpn/anonine/Germany-Frankfurt.ovpn
View File

0
openvpn/anonine/Iceland-Reykjavik.ovpn → root/etc/openvpn/anonine/Iceland-Reykjavik.ovpn
View File

0
openvpn/anonine/India-NewDelhi.ovpn → root/etc/openvpn/anonine/India-NewDelhi.ovpn
View File

0
openvpn/anonine/Ireland-Dublin.ovpn → root/etc/openvpn/anonine/Ireland-Dublin.ovpn
View File

0
openvpn/anonine/Israel-TelAviv.ovpn → root/etc/openvpn/anonine/Israel-TelAviv.ovpn
View File

0
openvpn/anonine/Italy-Porcia.ovpn → root/etc/openvpn/anonine/Italy-Porcia.ovpn
View File

0
openvpn/anonine/Italy-Venice.ovpn → root/etc/openvpn/anonine/Italy-Venice.ovpn
View File

0
openvpn/anonine/Japan-Sapporo.ovpn → root/etc/openvpn/anonine/Japan-Sapporo.ovpn
View File

0
openvpn/anonine/Korea(South)-Seoul.ovpn → root/etc/openvpn/anonine/Korea(South)-Seoul.ovpn
View File

0
openvpn/anonine/Luxembourg-Mersch.ovpn → root/etc/openvpn/anonine/Luxembourg-Mersch.ovpn
View File

0
openvpn/anonine/Malaysia-Puchong.ovpn → root/etc/openvpn/anonine/Malaysia-Puchong.ovpn
View File

0
openvpn/anonine/Mexico-MexicoCity.ovpn → root/etc/openvpn/anonine/Mexico-MexicoCity.ovpn
View File

0
openvpn/anonine/Netherlands-Amsterdam.ovpn → root/etc/openvpn/anonine/Netherlands-Amsterdam.ovpn
View File

0
openvpn/anonine/NewZealand-Auckland.ovpn → root/etc/openvpn/anonine/NewZealand-Auckland.ovpn
View File

0
openvpn/anonine/Norway-Oslo.ovpn → root/etc/openvpn/anonine/Norway-Oslo.ovpn
View File

0
openvpn/anonine/Panama-Panama.ovpn → root/etc/openvpn/anonine/Panama-Panama.ovpn
View File

0
openvpn/anonine/Poland-Gdansk.ovpn → root/etc/openvpn/anonine/Poland-Gdansk.ovpn
View File

0
openvpn/anonine/Poland-Warsaw.ovpn → root/etc/openvpn/anonine/Poland-Warsaw.ovpn
View File

0
openvpn/anonine/Portugal-Lisbon.ovpn → root/etc/openvpn/anonine/Portugal-Lisbon.ovpn
View File

0
openvpn/anonine/Russia-SaintPetersburg.ovpn → root/etc/openvpn/anonine/Russia-SaintPetersburg.ovpn
View File

0
openvpn/anonine/Singapore-Singapore.ovpn → root/etc/openvpn/anonine/Singapore-Singapore.ovpn
View File

0
openvpn/anonine/Spain-Barcelona.ovpn → root/etc/openvpn/anonine/Spain-Barcelona.ovpn
View File

0
openvpn/anonine/Spain-Madrid.ovpn → root/etc/openvpn/anonine/Spain-Madrid.ovpn
View File

0
openvpn/anonine/Spain-Valencia.ovpn → root/etc/openvpn/anonine/Spain-Valencia.ovpn
View File

0
openvpn/anonine/Sweden-Stockholm.ovpn → root/etc/openvpn/anonine/Sweden-Stockholm.ovpn
View File

0
openvpn/anonine/Sweden-StockholmPublicIP.ovpn → root/etc/openvpn/anonine/Sweden-StockholmPublicIP.ovpn
View File

0
openvpn/anonine/Switzerland-Zurich.ovpn → root/etc/openvpn/anonine/Switzerland-Zurich.ovpn
View File

0
openvpn/anonine/Turkey-Istanbul.ovpn → root/etc/openvpn/anonine/Turkey-Istanbul.ovpn
View File

0
openvpn/anonine/UnitedKingdom-BBCiPlayer.ovpn → root/etc/openvpn/anonine/UnitedKingdom-BBCiPlayer.ovpn
View File

0
openvpn/anonine/UnitedKingdom-Coventry.ovpn → root/etc/openvpn/anonine/UnitedKingdom-Coventry.ovpn
View File

0
openvpn/anonine/UnitedKingdom-London.ovpn → root/etc/openvpn/anonine/UnitedKingdom-London.ovpn
View File

0
openvpn/anonine/UnitedStates-California.ovpn → root/etc/openvpn/anonine/UnitedStates-California.ovpn
View File

0
openvpn/anonine/UnitedStates-Florida.ovpn → root/etc/openvpn/anonine/UnitedStates-Florida.ovpn
View File

0
openvpn/anonine/UnitedStates-Georgia.ovpn → root/etc/openvpn/anonine/UnitedStates-Georgia.ovpn
View File

0
openvpn/anonine/UnitedStates-Illinois.ovpn → root/etc/openvpn/anonine/UnitedStates-Illinois.ovpn
View File

0
openvpn/anonine/UnitedStates-NewYork.ovpn → root/etc/openvpn/anonine/UnitedStates-NewYork.ovpn
View File

0
openvpn/anonine/UnitedStates-Texas.ovpn → root/etc/openvpn/anonine/UnitedStates-Texas.ovpn
View File

0
openvpn/anonine/UnitedStates-US-Netflix-East.ovpn → root/etc/openvpn/anonine/UnitedStates-US-Netflix-East.ovpn
View File

0
openvpn/anonine/UnitedStates-US-Netflix-West.ovpn → root/etc/openvpn/anonine/UnitedStates-US-Netflix-West.ovpn
View File

0
openvpn/anonine/UnitedStates-Virginia.ovpn → root/etc/openvpn/anonine/UnitedStates-Virginia.ovpn
View File

0
openvpn/anonine/default.ovpn → root/etc/openvpn/anonine/default.ovpn
View File

0
openvpn/anonvpn/Chicago.ovpn → root/etc/openvpn/anonvpn/Chicago.ovpn
View File

0
openvpn/anonvpn/Frankfurt.ovpn → root/etc/openvpn/anonvpn/Frankfurt.ovpn
View File

0
openvpn/anonvpn/London.ovpn → root/etc/openvpn/anonvpn/London.ovpn
View File

Some files were not shown because too many files have changed in this diff Show More