[Looking For] VPN + Torrent Client in Docker Compose

koorool@feddit.de to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.com – 24 points –

Arr, my friends. I have an old laptop already running some servoces on docker 24/7 at home and looking to extend it's functionalities to become torrent downloader with media server for TV. Need VPN for obvious reasons.

I was wondering if there are already all-in-one solutions to just run docler compose file and get 2 containers: one running torrent client with all traffic via VPN in another?

I plan to use Mullvad VPN.

Upd. Updated title to highlight it's a request. Not sure why getting downvotes, please elaborate :)

23

You are viewing a single comment
View all comments

I recently went through setting this up. I can give you a base compose.yaml based on the one I have

For the wireguard config, you would throw your .conf file to /path/to/wireguard/config, like so: /path/to/wireguard/config/wg0.conf

This setup assumes you have ipv6 working and enabled. The wg0.conf would also have the VPNs ipv6 address. I use Mullvad too btw.

You can access Qbittorrent's web UI through http://localhost:8090.

I'd like to note that the image I use for Qbittorrent has support built in for VPN, but with the setup I have I basically have the wireguard container with its network, and multiple containers on that same network. In theory it should work with other bittorrent clients.

And the docker images for reference:

version: '3.7'
services:
    wireguard:
        image: lscr.io/linuxserver/wireguard:latest
        container_name: wireguard
        cap_add:
          - NET_ADMIN
          - SYS_MODULE #optional
        networks:
          - wireguard_network
        environment:
          - PUID=1000
          - PGID=1000
          - TZ=Etc/UTC
        volumes:
          - /path/to/wireguard/config:/config
          - /lib/modules:/lib/modules #optional
        ports:
          - 51820:51820/udp   # Wireguard
          - 8090:8090         # QBittorrent
        sysctls:
          - net.ipv4.conf.all.src_valid_mark=1
          - net.ipv6.conf.all.disable_ipv6=0
        restart: unless-stopped

    qbittorrentvpn:
        privileged: true
        container_name: qbtwg
        network_mode: service:wireguard
        depends_on:
            - wireguard
        volumes:
            - '/path/to/qbtconfig/:/config'
            - '/path/to/downloads/:/downloads'
        environment:
            - VPN_ENABLED=no
            - VPN_TYPE=wireguard
            - PUID=1000
            - PGID=1000
            - LAN_NETWORK=192.168.1.0/24
            - 'NAME_SERVERS=1.1.1.1,1.0.0.1'
        restart: unless-stopped
        image: dyonr/qbittorrentvpn
networks:
  wireguard_network:
    driver: bridge

Don‘t run privileged images! Drop all CAPS, enable no-new-privileged, use non-privileged users only.

Hey there, thanks for the tips. It seems I can't get the wireguard container working without the NET_ADMIN CAP. I looked at the gluetun image and it has it too. Is it possible to run a docker wireguard client without that CAP?

Wireguard needs kernel access so needs to run privileged.