-
Notifications
You must be signed in to change notification settings - Fork 57
Examples
Here are some working examples showing some ways in which the container can be used. If you've got an interesting use for the container, or have something that someone else might find useful, feel free to add it below.
Note that the socks-proxy container essentially inherits the network stack of the vpn container, so things like ports are set on the vpn container itself.
services:
vpn:
image: thrnz/docker-wireguard-pia
volumes:
- pia-dat:/pia
ports:
- 1080:1080
cap_add:
- NET_ADMIN
environment:
- LOCAL_NETWORK=192.168.1.0/24
- LOC=swiss
- USER=xxxx
- PASS=xxxx
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
socks-proxy:
image: serjs/go-socks5-proxy
network_mode: "service:vpn"
volumes:
pia-dat:Normally qBittorent would need the listen port to be manually set to the port number shown in the vpn container's logs. This can be automated by scripting using the PORT_SCRIPT env var. Note that access to the web ui port is exposed on the vpn container itself, and that LOCAL_NETWORK must be set correctly for access from other machines on the lan.
services:
vpn:
image: thrnz/docker-wireguard-pia
volumes:
- pia-dat:/pia
- /path/to/set_qbt_port.sh:/set_qbt_port.sh
ports:
- 8080:8080
cap_add:
- NET_ADMIN
environment:
- LOCAL_NETWORK=192.168.1.0/24
- LOC=swiss
- USER=xxxx
- PASS=xxxx
- PORT_FORWARDING=1
- PORT_SCRIPT=/set_qbt_port.sh
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
network_mode: "service:vpn"
volumes:
- /path/to/appdata/config:/config
- /path/to/downloads:/downloads
volumes:
pia-dat:The following script can be customized as needed then mounted inside the container and automatically run by setting the PORT_SCRIPT=/set_qbt_port.sh env var. Ensure that the correct permissions are set first ( chmod +x /path/to/set_qbt_port.sh).
#!/bin/bash
# The forwarded port is passed as the first argument to the script
port="$1"
QBT_USER="admin"
QBT_PASS="password"
QBT_PORT="8080"
echo "$(date): Setting qBittorrent listen port to $port..."
# Very basic retry logic so we don't fail if qBittorrent isn't running yet
while ! curl --silent --retry 10 --retry-delay 15 --max-time 10 \
--data-urlencode "username=${QBT_USER}" \
--data-urlencode "password=${QBT_PASS}" \
--output /dev/null \
--cookie-jar /tmp/qb-cookies.txt \
http://localhost:${QBT_PORT}/api/v2/auth/login
do
sleep 10
done
curl --silent --retry 10 --retry-delay 15 --max-time 10 \
--data 'json={"listen_port": "'"$port"'"}' \
--output /dev/null \
--cookie /tmp/qb-cookies.txt \
http://localhost:${QBT_PORT}/api/v2/app/setPreferences
# Check that the port was successfully updated
if [[ $(curl --silent --retry 10 --retry-delay 15 --max-time 10 --cookie /tmp/qb-cookies.txt \
http://localhost:${QBT_PORT}/api/v2/app/preferences | jq '.listen_port') = $port ]]; then
echo "$(date): qBittorrent listen port successfully set to $port"
else
echo "$(date): Error: qBittorrent port was not set"
fiSee Issue #26 for a bit more info, including links to scripts for some other clients.
Another option is to use the PORT_FILE env var. By default the container dumps the forwarded port number to /pia-shared/port.dat which can then be mounted and monitored in other containers. Some 'helper' containers have been made for setting the listen port in qBittorrent, Transmission, and Deluge. For instance, the qBittorrent helper container example can be used as follows:
image: scotte/qbittorrent-porthelper:latest
container_name: qbittorrent-porthelper
environment:
- HOST=192.168.10.254:8080
- USERNAME=YourqBittorrentUsernameHere
- PASSWORD=YourqBittorrentPasswordHere
volumes:
- /data/software/wireguard-pia/:/piashared
depends_on:
- qbittorrentSee https://github.com/alexta69/metube for more info on config.
version: '3'
services:
vpn:
image: thrnz/docker-wireguard-pia
restart: unless-stopped
container_name: vpn
hostname: vpn
volumes:
- /appdata/pia-metube/pia:/pia
- /appdata/pia-metube/pia-shared:/pia-shared
cap_add:
- NET_ADMIN
- SYS_MODULE # SYS_MODULE might not be needed with a 5.6+ kernel?
ports:
- 8081:8081 # MeTube port
environment:
# Streaming optimized PIA locations
# ca_ontario-so | us-streaming | us-streaming-2 | de_germany-so | japan_2 | sweden_2 | uk_2 | au_australia-so
- LOC=${pia_loc}
- USER=${pia_user}
- PASS=${pia_pass}
- VPNDNS=1.1.1.1,1.0.0.1
- LOCAL_NETWORK=192.168.1.0/24
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.default.disable_ipv6=1
- net.ipv6.conf.all.disable_ipv6=1
- net.ipv6.conf.lo.disable_ipv6=1
metube_vpn:
image: ghcr.io/alexta69/metube
container_name: metube_vpn
restart: unless-stopped
volumes:
- /downloads:/downloads
environment:
PUID: "99"
PGID: "100"
TZ: America/Chicago
UMASK: "000"
DEFAULT_THEME: dark
OUTPUT_TEMPLATE: "%(channel)s [%(channel_id)s]/%(title)s [%(id)s]/%(title)s.%(ext)s"
OUTPUT_TEMPLATE_PLAYLIST: "%(playlist_title)s[%(playlist_id)s]/%(title)s
[%(id)s]/%(title)s.%(ext)s"
YTDL_OPTIONS: |
{
"format": "bv+ba/b",
"postprocessors": [
{
"key":"FFmpegEmbedSubtitle",
"already_have_subtitle":false
},
{
"key":"FFmpegThumbnailsConvertor",
"format":"jpg",
"when":"before_dl"
},
{
"key":"FFmpegMetadata",
"add_chapters":true,
"add_metadata":true,
"add_infojson":false
}
],
"restrictfilenames": true,
"subtitleslangs": [ "en" ],
"updatetime":false,
"writedescription": false,
"writeinfojson": true,
"writesubtitles": true,
"writethumbnail": true
}
network_mode: service:vpn
depends_on:
- vpn