Minimal and secure Alpine Linux based Docker image with Transmission BitTorrent client.
Tini is used by the container as an init process. It protects the system
from process table being filled up, which can prevent the system from spawning any
new processes, by reaping zombie processes.
In addtion to reaping zombies Tini also performs signal forwarding.
Container uses iptables to configure packet filtering rules in the Linux kernel
and therefore CAP_NET_ADMIN capability is required to run the container.
Outbound IPv4 network traffic is only allowed through a VPN tunnel. Inbound IPv4 traffic is allowed to TCP port 9091 on the default interface.
All IPv6 traffic is blocked.
Host user and group can be mapped to a container by defining HOST_UID and
HOST_GID environment variables. If the variables are left undefined the
container will execute its command with a random UID/GID combination.
To improve security Transmission is configured to use authenticated RPC
requests. The credentials are defined using RPC_USERNAME and RPC_PASSWORD
environment variables. If RPC_USERNAME is not defined, then a default username
transmission is used. However, if RPC_PASSWORD environment variable is not
defined, a random password is generated every time the container starts.
Container is compatible with docker logs command although logging is disabled
by default if the container is started with docker-compose command. To find
out more about logging see the command reference.
To print out a trace of commands executed by container-entrypoint script,
set DEBUG environment variable to any non-null value.
This project is licensed under the MIT License.