Open Fastjur opened 1 year ago
Small detail to add when I try to connect, I eventually get a Gateway Timeout
error when visiting qbt.redacteddomain.com
.
I am encountering the same error, with a slightly different setup.
version: "3.3"
services:
dyonr-qbittorrent-openvpn:
volumes:
- "/media/seagate/qbittorrent/downloads:/downloads"
- "/media/seagate/qbittorrent/config:/config"
- "/etc/localtime:/etc/localtime:ro"
environment:
- VPN_USERNAME=<removed>
- VPN_PASSWORD=<removed>
- VPN_TYPE=openvpn
- VPN_ENABLED=yes
- PUID=1000
- PGID=1000
- LAN_NETWORK=192.168.0.0/24
ports:
- "8080:8080"
image: dyonr/qbittorrentvpn:latest
restart: unless-stopped
devices:
- /dev/net/tun
cap_add:
- NET_ADMIN
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
Error:
--------------
2023-04-13 16:15:18.157733 [WARNING] ENABLE_SSL is set to '', SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2023-04-13 16:15:18.187831 [WARNING] Removing the SSL configuration from the config file...
2023-04-13 16:15:18.220871 [INFO] A group with PGID 1000 does not exist within this container, adding a group called 'qbittorrent' with PGID 1000
2023-04-13 16:15:18.352106 [INFO] An user with PUID 1000 does not exist within this container, adding an user called 'qbittorrent user' with PUID 1000
2023-04-13 16:15:18.586726 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
2023-04-13 16:15:18.616353 [INFO] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent.log.
2023-04-13 16:15:19.649651 [INFO] Started qBittorrent daemon successfully...
2023-04-13 16:15:19.673747 [INFO] qBittorrent PID: 355
2023-04-13 16:15:19.697134 [INFO] HEALTH_CHECK_HOST is not set. For now using default host one.one.one.one
2023-04-13 16:15:19.720433 [INFO] HEALTH_CHECK_INTERVAL is not set. For now using default interval of 300
2023-04-13 16:15:19.742896 [INFO] HEALTH_CHECK_SILENT is not set. Because this variable is not set, it will be supressed by default
2023-04-13 16:15:19.765642 [WARNING] RESTART_CONTAINER not defined,(via -e RESTART_CONTAINER), defaulting to 'yes'
2023-04-13 16:15:19.788131 [INFO] HEALTH_CHECK_AMOUNT is not set. For now using default interval of 1
2023-04-13 16:15:19.810865 [INFO] HEALTH_CHECK_AMOUNT is set to 1
If anyone has seen this before, help would be appreciated!
This is something I encountered myself in the past.
Basically, my qBittorrent (bridge) is hosted on 172.17.0.14:8080/TCP <> 192.168.0.240:2364
With 172.17.0.0/16 being the Docker network and 192.168.0.0/24 being my normal LAN range.
If Traefik is in br0 mode, there is no way for it to access qBittorrent sadly. I do not know why exactly, but it's a Docker thing.
My Pi-hole is hosted on 192.168.0.3 (docker, br0), and it cannot connect to 192.168.0.240 on any port.
However, if Traefik is using bridge as the network interface, then it can access qBittorrent via the Docker 172.xxx.xxx.xxx range. So, in the log that you posted your qBittorrent had the IP 172.19.0.7
, so Traefik should be able to access it on 172.19.0.7:8080
then.
Also, your LAN_NETWORK for 172.19.0.0 is /24 on the end, should be /16 I think.
Bottom line is, br0
containers cannot access bridge
containers.
I don't know if this is your exact setup, but I think this may be it.
Based on my quick research, a term related to this may be macvlan
. I can't tell you anything about it, but in Unraid that is what enabling the option "Host access to custom networks" does, with the description "Allows direct communication between the host and containers using a custom macvlan network. By default this is disabled.""
Hiya, just wanted to let you know that I am still planning on finding a fix/workaround for this, just haven't had the time yet. Once I have it fixed I will let you know, perhaps write something up such that you could add it to a FAQ or something similar.
But yeah, just haven't had the time to take a look at it for longer than 10 minutes yet, but no need to close the issue :)
Any update on the write up? I just created this container and am running into the same issue.
Okay so, I just did some more testing for my setup.
First of all, I found out that I should specify the LAN_NETWORK
without quotes, otherwise, it threw errors in the container, but that was not the fix.
Before I wanted to start on implementing it with a macvlan
network, I first wanted to try some more things.
What I noticed is, that even when I simply expose the 8080 port, I am not even able to connect to the qbt container when VPN_ENABLED=yes
is set.
So even when not using traefik but just directly connecting to the host using its IP address and the qbt port, I am unable to get to the web interface, even when then LAN_NETWORK is set to either my docker network subnet, my own lan subnet or both.
However, I must admit that this is out of the scope of my capabilities, and I was unable to fix this properly. When I attempted to add a second docker network that is a macvlan network, it also broke my other traefik services connecting properly.
So, another update. For now I have moved away from using the VPN inside this container, and instead have setup a gluetun container through which I route all my services that I want to be using a VPN.
I am not certain at this time how safe/secure this is in terms of potentially still leaking some information. But here's how I have set it up:
gluetun:
image: ghcr.io/qdm12/gluetun
container_name: gluetun
# line above must be uncommented to allow external containers to connect. See https://github.com/qdm12/gluetun/wiki/Connect-a-container-to-gluetun#external-container-to-gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
networks:
- "traefik-net"
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 8080:8080 # qbt webui
- 8999:8999 # qbt
- 8999:8999/udp # qbt
volumes:
- ./gluetun:/gluetun
environment:
# See https://github.com/qdm12/gluetun/wiki
- VPN_SERVICE_PROVIDER=mullvad
- VPN_TYPE=wireguard
# Wireguard:
- WIREGUARD_PRIVATE_KEY=${MULLVAD_VPN_WIREGUARD_PRIVATEKEY}
- WIREGUARD_ADDRESSES=<addr>
- SERVER_CITIES=Amsterdam
# Timezone for accurate log times
- TZ=Europe/Amsterdam
# Server list updater. See https://github.com/qdm12/gluetun/wiki/Updating-Servers#periodic-update
- UPDATER_PERIOD=24h
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik-net"
- "traefik.http.services.qbittorrentvpn.loadbalancer.server.port=8080"
- "traefik.http.routers.qbittorrentvpn.rule=Host(`qbt.${DOMAIN}`)"
- "traefik.http.routers.qbittorrentvpn.entrypoints=websecure"
- "traefik.http.routers.qbittorrentvpn.service=qbittorrentvpn"
- "traefik.http.routers.qbittorrentvpn.tls.certresolver=letsencryptresolver"
And then how I define qbtvpn
qbittorrentvpn:
# qBittorrent container with wireguard and openvpn
image: dyonr/qbittorrentvpn
container_name: qbittorrentvpn
restart: unless-stopped
network_mode: "service:gluetun"
depends_on:
gluetun:
condition: service_healthy
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
volumes:
- ./qbtconfig:/config
- /media/Media-lv/PlexMedia:/PlexMedia
cap_add:
- NET_ADMIN
environment:
- VPN_ENABLED=no
- VPN_TYPE=wireguard
- RESTART_CONTAINER=yes
- PUID=998
- PGID=997
- UMASK=007
Hiya,
I have really tried everything here, but I am unable to access the webui when enabling
VPN_ENABLED=yes
. I am running this setup using traefik as a reverse proxy, I would like to be able to access the qbt webui using this (it's also needed for sonarr and radarr).The setup of my network is:
192.168.2.0/24
, the machine that traefik & qbittorrentvpn are running on has IP192.168.2.201
traefik-net
to which the container attaches is defined with subnet172.19.0.0/16
On my router port 80 and 443 are forwarded to the machine running traefik at IP
192.168.2.201
, I am positive that this is working as I can access the qbittorrent web UI when not enabling the VPN, I also have other services running behind traefik.So, the issue is that I have tried all combinations of
LAN_NETWORK
, but am never able to access the webui through the reverse proxy, and hence my radarr and sonarr client are also not able to talk to it.If you have any pointers that would be greatly appreciated!
Here is my docker-compose:
Here are the container logs: