Merge branch 'dev' of github.com:haugene/docker-transmission-openvpn into dev
This commit is contained in:
		| @@ -4,6 +4,7 @@ | ||||
| #OPENVPN_USERNAME= | ||||
| #OPENVPN_PASSWORD= | ||||
| #LOCAL_NETWORK= | ||||
| #ENABLE_UFW=false | ||||
| #TRANSMISSION_ALT_SPEED_DOWN=50  | ||||
| #TRANSMISSION_ALT_SPEED_ENABLED=false  | ||||
| #TRANSMISSION_ALT_SPEED_TIME_BEGIN=540  | ||||
| @@ -75,4 +76,4 @@ | ||||
| #TRANSMISSION_UTP_ENABLED=true  | ||||
| #TRANSMISSION_WATCH_DIR=/data/watch  | ||||
| #TRANSMISSION_WATCH_DIR_ENABLED=true  | ||||
| #TRANSMISSION_HOME=/data/transmission-home | ||||
| #TRANSMISSION_HOME=/data/transmission-home | ||||
|   | ||||
| @@ -10,7 +10,7 @@ VOLUME /config | ||||
|  | ||||
| # Update packages and install software | ||||
| RUN apt-get update \ | ||||
|     && apt-get -y install software-properties-common \ | ||||
|     && apt-get -y install software-properties-common ufw \ | ||||
|     && add-apt-repository multiverse \ | ||||
|     && add-apt-repository ppa:transmissionbt/ppa \ | ||||
|     && apt-get update \ | ||||
| @@ -103,6 +103,7 @@ ENV OPENVPN_USERNAME=**None** \ | ||||
|     "TRANSMISSION_WATCH_DIR=/data/watch" \ | ||||
|     "TRANSMISSION_WATCH_DIR_ENABLED=true" \ | ||||
|     "TRANSMISSION_HOME=/data/transmission-home" \ | ||||
|     "ENABLE_UFW=false" \ | ||||
|     PUID=\ | ||||
|     PGID= | ||||
|  | ||||
|   | ||||
| @@ -11,7 +11,7 @@ VOLUME /config | ||||
| # Update packages and install software | ||||
| RUN apt-get update \ | ||||
|     && apt-get install -y transmission-cli transmission-common transmission-daemon \ | ||||
|     && apt-get install -y openvpn curl \ | ||||
|     && apt-get install -y openvpn curl ufw \ | ||||
|     && curl -sLO https://archive.raspbian.org/raspbian/pool/main/d/dumb-init/dumb-init_1.0.3-1_armhf.deb \ | ||||
|     && dpkg -i dumb-init_*.deb \ | ||||
|     && rm -rf dumb-init_*.deb \ | ||||
| @@ -100,6 +100,7 @@ ENV OPENVPN_USERNAME=**None** \ | ||||
|     "TRANSMISSION_WATCH_DIR=/data/watch" \ | ||||
|     "TRANSMISSION_WATCH_DIR_ENABLED=true" \ | ||||
|     "TRANSMISSION_HOME=/data/transmission-home" \ | ||||
|     "ENABLE_UFW=false" \ | ||||
|     PUID=\ | ||||
|     PGID= | ||||
|  | ||||
|   | ||||
| @@ -82,6 +82,15 @@ By default a folder named transmission-home will also be created under /data, th | ||||
| |`OPENVPN_OPTS` | Will be passed to OpenVPN on startup | See [OpenVPN doc](https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html) | | ||||
| |`LOCAL_NETWORK` | Sets the local network that should have access. | `LOCAL_NETWORK=192.168.0.0/24`| | ||||
|  | ||||
| ### Firewall configuration options | ||||
| When enabled, the firewall blocks everything except traffic to the peer port and traffic to the rpc port from the LOCAL_NETWORK and the internal docker gateway. | ||||
|  | ||||
| If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to the range of peer ports defined by TRANSMISSION_PEER_PORT_RANDOM_HIGH and TRANSMISSION_PEER_PORT_RANDOM_LOW. | ||||
|  | ||||
| | Variable | Function | Example | | ||||
| |----------|----------|-------| | ||||
| |`ENABLE_UFW` | Enables the firewall | `ENABLE_UFW=true`| | ||||
|  | ||||
| ### Transmission configuration options | ||||
|  | ||||
| You may override transmission options by setting the appropriate environment variable. | ||||
|   | ||||
| @@ -46,11 +46,35 @@ dockerize -template /etc/transmission/environment-variables.tmpl:/etc/transmissi | ||||
|  | ||||
| TRANSMISSION_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/transmission/start.sh --down /etc/transmission/stop.sh" | ||||
|  | ||||
| if [ "true" = "$ENABLE_UFW" ]; then | ||||
|   # Enable firewall | ||||
|   echo "enabling firewall" | ||||
|   sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw | ||||
|   ufw enable | ||||
|  | ||||
|   if [ "true" = "$TRANSMISSION_PEER_PORT_RANDOM_ON_START" ]; then | ||||
|     PEER_PORT="$TRANSMISSION_PEER_PORT_RANDOM_LOW:$TRANSMISSION_PEER_PORT_RANDOM_HIGH/tcp" | ||||
|   else | ||||
|     PEER_PORT=$TRANSMISSION_PEER_PORT | ||||
|   fi | ||||
|  | ||||
|   echo "allowing $PEER_PORT through the firewall" | ||||
|   ufw allow $PEER_PORT | ||||
|  | ||||
|   eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') | ||||
|   echo "allowing access to $TRANSMISSION_RPC_PORT from $GW" | ||||
|   ufw allow proto tcp from $GW to any port $TRANSMISSION_RPC_PORT | ||||
| fi | ||||
|  | ||||
| if [ -n "${LOCAL_NETWORK-}" ]; then | ||||
|   eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') | ||||
|   if [ -n "${GW-}" -a -n "${INT-}" ]; then | ||||
|     echo "adding route to local network $LOCAL_NETWORK via $GW dev $INT" | ||||
|     /sbin/ip r a "$LOCAL_NETWORK" via "$GW" dev "$INT" | ||||
|     if [ "true" = "$ENABLE_UFW" ]; then | ||||
|       echo "allowing access to $TRANSMISSION_RPC_PORT from $LOCAL_NETWORK" | ||||
|       ufw allow proto tcp from $LOCAL_NETWORK to any port $TRANSMISSION_RPC_PORT | ||||
|     fi | ||||
|   fi | ||||
| fi | ||||
|  | ||||
|   | ||||
| @@ -75,5 +75,7 @@ export TRANSMISSION_WATCH_DIR_ENABLED={{ .Env.TRANSMISSION_WATCH_DIR_ENABLED }} | ||||
| # Transmission needs to know which VPN provider is used | ||||
| export OPENVPN_PROVIDER={{ .Env.OPENVPN_PROVIDER }} | ||||
|  | ||||
| export ENABLE_UFW={{ .Env.ENABLE_UFW }} | ||||
|  | ||||
| export PUID={{ .Env.PUID }} | ||||
| export PGID={{ .Env.PGID }} | ||||
|   | ||||
		Reference in New Issue
	
	Block a user