Merge branch 'dev' of github.com:haugene/docker-transmission-openvpn into dev
This commit is contained in:
@@ -4,6 +4,7 @@
|
||||
#OPENVPN_USERNAME=
|
||||
#OPENVPN_PASSWORD=
|
||||
#LOCAL_NETWORK=
|
||||
#ENABLE_UFW=false
|
||||
#TRANSMISSION_ALT_SPEED_DOWN=50
|
||||
#TRANSMISSION_ALT_SPEED_ENABLED=false
|
||||
#TRANSMISSION_ALT_SPEED_TIME_BEGIN=540
|
||||
@@ -75,4 +76,4 @@
|
||||
#TRANSMISSION_UTP_ENABLED=true
|
||||
#TRANSMISSION_WATCH_DIR=/data/watch
|
||||
#TRANSMISSION_WATCH_DIR_ENABLED=true
|
||||
#TRANSMISSION_HOME=/data/transmission-home
|
||||
#TRANSMISSION_HOME=/data/transmission-home
|
||||
|
@@ -10,7 +10,7 @@ VOLUME /config
|
||||
|
||||
# Update packages and install software
|
||||
RUN apt-get update \
|
||||
&& apt-get -y install software-properties-common \
|
||||
&& apt-get -y install software-properties-common ufw \
|
||||
&& add-apt-repository multiverse \
|
||||
&& add-apt-repository ppa:transmissionbt/ppa \
|
||||
&& apt-get update \
|
||||
@@ -103,6 +103,7 @@ ENV OPENVPN_USERNAME=**None** \
|
||||
"TRANSMISSION_WATCH_DIR=/data/watch" \
|
||||
"TRANSMISSION_WATCH_DIR_ENABLED=true" \
|
||||
"TRANSMISSION_HOME=/data/transmission-home" \
|
||||
"ENABLE_UFW=false" \
|
||||
PUID=\
|
||||
PGID=
|
||||
|
||||
|
@@ -11,7 +11,7 @@ VOLUME /config
|
||||
# Update packages and install software
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y transmission-cli transmission-common transmission-daemon \
|
||||
&& apt-get install -y openvpn curl \
|
||||
&& apt-get install -y openvpn curl ufw \
|
||||
&& curl -sLO https://archive.raspbian.org/raspbian/pool/main/d/dumb-init/dumb-init_1.0.3-1_armhf.deb \
|
||||
&& dpkg -i dumb-init_*.deb \
|
||||
&& rm -rf dumb-init_*.deb \
|
||||
@@ -100,6 +100,7 @@ ENV OPENVPN_USERNAME=**None** \
|
||||
"TRANSMISSION_WATCH_DIR=/data/watch" \
|
||||
"TRANSMISSION_WATCH_DIR_ENABLED=true" \
|
||||
"TRANSMISSION_HOME=/data/transmission-home" \
|
||||
"ENABLE_UFW=false" \
|
||||
PUID=\
|
||||
PGID=
|
||||
|
||||
|
@@ -82,6 +82,15 @@ By default a folder named transmission-home will also be created under /data, th
|
||||
|`OPENVPN_OPTS` | Will be passed to OpenVPN on startup | See [OpenVPN doc](https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html) |
|
||||
|`LOCAL_NETWORK` | Sets the local network that should have access. | `LOCAL_NETWORK=192.168.0.0/24`|
|
||||
|
||||
### Firewall configuration options
|
||||
When enabled, the firewall blocks everything except traffic to the peer port and traffic to the rpc port from the LOCAL_NETWORK and the internal docker gateway.
|
||||
|
||||
If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to the range of peer ports defined by TRANSMISSION_PEER_PORT_RANDOM_HIGH and TRANSMISSION_PEER_PORT_RANDOM_LOW.
|
||||
|
||||
| Variable | Function | Example |
|
||||
|----------|----------|-------|
|
||||
|`ENABLE_UFW` | Enables the firewall | `ENABLE_UFW=true`|
|
||||
|
||||
### Transmission configuration options
|
||||
|
||||
You may override transmission options by setting the appropriate environment variable.
|
||||
|
@@ -46,11 +46,35 @@ dockerize -template /etc/transmission/environment-variables.tmpl:/etc/transmissi
|
||||
|
||||
TRANSMISSION_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/transmission/start.sh --down /etc/transmission/stop.sh"
|
||||
|
||||
if [ "true" = "$ENABLE_UFW" ]; then
|
||||
# Enable firewall
|
||||
echo "enabling firewall"
|
||||
sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw
|
||||
ufw enable
|
||||
|
||||
if [ "true" = "$TRANSMISSION_PEER_PORT_RANDOM_ON_START" ]; then
|
||||
PEER_PORT="$TRANSMISSION_PEER_PORT_RANDOM_LOW:$TRANSMISSION_PEER_PORT_RANDOM_HIGH/tcp"
|
||||
else
|
||||
PEER_PORT=$TRANSMISSION_PEER_PORT
|
||||
fi
|
||||
|
||||
echo "allowing $PEER_PORT through the firewall"
|
||||
ufw allow $PEER_PORT
|
||||
|
||||
eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')
|
||||
echo "allowing access to $TRANSMISSION_RPC_PORT from $GW"
|
||||
ufw allow proto tcp from $GW to any port $TRANSMISSION_RPC_PORT
|
||||
fi
|
||||
|
||||
if [ -n "${LOCAL_NETWORK-}" ]; then
|
||||
eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')
|
||||
if [ -n "${GW-}" -a -n "${INT-}" ]; then
|
||||
echo "adding route to local network $LOCAL_NETWORK via $GW dev $INT"
|
||||
/sbin/ip r a "$LOCAL_NETWORK" via "$GW" dev "$INT"
|
||||
if [ "true" = "$ENABLE_UFW" ]; then
|
||||
echo "allowing access to $TRANSMISSION_RPC_PORT from $LOCAL_NETWORK"
|
||||
ufw allow proto tcp from $LOCAL_NETWORK to any port $TRANSMISSION_RPC_PORT
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@@ -75,5 +75,7 @@ export TRANSMISSION_WATCH_DIR_ENABLED={{ .Env.TRANSMISSION_WATCH_DIR_ENABLED }}
|
||||
# Transmission needs to know which VPN provider is used
|
||||
export OPENVPN_PROVIDER={{ .Env.OPENVPN_PROVIDER }}
|
||||
|
||||
export ENABLE_UFW={{ .Env.ENABLE_UFW }}
|
||||
|
||||
export PUID={{ .Env.PUID }}
|
||||
export PGID={{ .Env.PGID }}
|
||||
|
Reference in New Issue
Block a user