search

DyonR / docker-Jackettvpn

Docker container which runs a headless Jackett Server with an optional WireGuard or OpenVPN connection
https://hub.docker.com/r/dyonr/jackettvpn/
GNU General Public License v3.0
68 stars 32 forks source link

OpenVPN not being used - host IP exposed #58

Closed pypeaday closed 2 years ago

pypeaday commented 2 years ago

I am trying to run this in docker on my home server but for the life of me cannot get openvpn to work. I use a similar transmission-with-openvpn docker container that is working and everything looks pretty similar to me.

Here's what I've got: Docker: 20.10.8, build 3967b7d Image: dyonr/jackettvpn@sha256:bc90dc374e99c5744080982164971bb86c56e485b7cb868bbf954ded942844e1

Logs: There's way more to the log file but it all looks like just stuff for adding indexers - this bit seems repeated, let me know if you want the whole file

2021-09-11 05:00:28.3022 Info Starting Jackett v0.18.729 
2021-09-11 05:00:29.4222 Info Environment version: 5.0.9 (/opt/Jackett/) 
2021-09-11 05:00:29.4231 Info OS version: Unix 5.4.0.81 (64bit OS) (64bit process) 
2021-09-11 05:00:29.4231 Info Jackett variant: CoreLinuxAmdx64 
2021-09-11 05:00:29.4231 Info File /etc/issue: Debian GNU/Linux 11 \n \l 
2021-09-11 05:00:29.4231 Info Running in Docker: Yes (image build: unknown) 
2021-09-11 05:00:29.4231 Info ThreadPool MaxThreads: 32767 workerThreads, 1000 completionPortThreads 
2021-09-11 05:00:29.4231 Info App config/log directory: /config/Jackett 
2021-09-11 05:00:29.4231 Info Using proxy: Disabled 
2021-09-11 05:00:29.4231 Info Using FlareSolverr: No 
2021-09-11 05:00:29.4270 Info Using HTTP Client: HttpWebClient2 
2021-09-11 05:00:29.4363 Info Loading Native indexers ...

Logs from Portainer:

2021-10-01 07:22:41.552913 [INFO] VPN_ENABLED defined as 'true
2021-10-01 07:22:41.597518 [INFO] The container is currently running iptables v1.8.7 (nf_tables).
2021-10-01 07:22:41.637588 [INFO] LEGACY_IPTABLES is set to ''
2021-10-01 07:22:41.675972 [INFO] Not making any changes to iptables version
2021-10-01 07:22:41.732263 [INFO] A group with PGID 1005 does not exist, adding a group called 'jackett' with PGID 1005
2021-10-01 07:22:41.802685 [INFO] An user with PUID 1005 does not exist, adding an user called 'jackett user' with PUID 1005
2021-10-01 07:22:41.929526 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
2021-10-01 07:22:42.063069 [WARNING] There is no password set via Jackett's web interface or as an environment variable!
2021-10-01 07:22:42.101878 [WARNING] Anyone on your network could access Jackett without authentication!
2021-10-01 07:22:42.149895 [WARNING] Or even the whole world if you did port-fortwarding!
2021-10-01 07:22:42.190295 [WARNING] It's adviced to set one via either the web interface or as environment variable
2021-10-01 07:22:42.230855 [INFO] Starting Jackett daemon...
Logging to /config/Jackett/Logs/log.txt.
2021-10-01 07:22:43.279840 [INFO] Jackett PID: 73
2021-10-01 07:22:43.297812 [INFO] Started Jackett daemon successfully...
2021-10-01 07:22:43.320839 [INFO] HEALTH_CHECK_HOST is not set. For now using default host one.one.one.one
2021-10-01 07:22:43.359246 [INFO] HEALTH_CHECK_INTERVAL is not set. For now using default interval of 300

Server:

OS: Ubuntu 20.04.2 LTS
Kernel: 5.4.0

Deployment (I use ansible):

---
- name: Create jackett Directories
  file:
    path: "{{ item }}"
    state: directory
  with_items:
    - "{{ jackett_data_directory }}"
    - "{{ jackett_vpn_directory }}"

- name: Add OpenVPN config  
  template:
    src: "{{ jackett_vpn_config }}"
    dest: "{{ jackett_data_directory }}/{{ jackett_vpn_config }}"
  register: openvpn_config_provider

- name: Add OpenVPN credentials  
  template:
    src: "openvpn/credentials.conf"
    dest: "{{ jackett_data_directory }}/openvpn/credentials.conf"
  register: open_vpn_credentials

- name: jackett
  docker_container:
    privileged: "false"
    name: jackett
    image: dyonr/jackettvpn
    # image: linuxserver/jackett
    volumes:
      - "{{ jackett_data_directory }}:/config:rw"
      - "/etc/localtime:/etc/localtime:ro"
      - "{{ jackett_torrents_root }}:/blackhole"
    ports:
      - "{{ jackett_port }}:9117"
    env:
      TZ: "{{ ansible_nas_timezone }}"
      VPN_ENABLED: "{{ jackett_vpn_enabled }}"
      VPN_TYPE: "{{ jackett_vpn_type }}"
      LAN_NETWORK: "{{ jackett_lan_network }}"
      VPN_USERNAME: "{{ jackett_vpn_username }}"
      VPN_PASSWORD: "{{ jackett_vpn_password }}"
      WEB_UI_PASSWORD: "{{ jackett_web_ui_password }}"
      PGID: "{{ jackett_group_id }}"
      PUID: "{{ jackett_user_id }}"
    restart_policy: unless-stopped
    devices:
      - /dev/net/tun
    capabilities:
      - NET_ADMIN
    memory: "{{ jackett_memory }}"
    labels:
      traefik.enable: "{{ jackett_available_externally }}"
      traefik.http.routers.jackett.rule: "Host(`{{ jackett_hostname }}.{{ ansible_nas_domain }}`)"
      traefik.http.routers.jackett.tls.certresolver: "letsencrypt"
      traefik.http.routers.jackett.tls.domains[0].main: "{{ ansible_nas_domain }}"
      traefik.http.routers.jackett.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
      traefik.http.services.jackett.loadbalancer.server.port: "9117"
pypeaday commented 2 years ago

Any chance this has been considered?

pypeaday commented 2 years ago

My problem was setting "VPN_ENABLED" via my ansible variable "jackett_vpn_enabled" to "true" instead of "yes"... I would recommend allowing both as true/false is what I would expect for boolean variables. Thanks for making this open though - making my life a lot easier now that it's behind the vpn!