search

Trigus42 / alpine-qbittorrentvpn

Multiarch docker image with the latest qBittorrent-nox client (WEB UI) and WireGuard/OpenVPN tunnel
GNU General Public License v3.0
69 stars 10 forks source link

Cannot write to config (container crashes in a loop) #68

Closed acegene closed 1 month ago

acegene commented 1 month ago

Container is restarting immediately, WebGUI cannot be accessed. I am not sure what is wrong as I could at least start the https://github.com/DyonR/docker-qbittorrentvpn container (and access the WebGUI). Any tips or ideas to debug this issue would be greatly appreciated, thanks.

This repeats in the log

(N) 2024-05-18T10:26:59 - qBittorrent v4.3.9 started
(N) 2024-05-18T10:26:59 - Using config directory: /config/qBittorrent/config/
Cannot write to torrent resume folder: "/config/qBittorrent/data/BT_backup"(C) 2024-05-18T10:27:00 - An access error occurred while trying to write the configuration file.

compose.yml

services:
  qbittorrentvpn:
    image: trigus42/qbittorrentvpn:qbt4.3.9
    container_name: qbittorrentvpn
    volumes:
      - "${HOME}/Documents/qb-docker-cfg:/config"
      - "${HOME}/Downloads:/downloads"
      - "/media/mount-1:/output-1"
    environment:
      - DEBUG=yes
      # - DOWNLOAD_DIR_CHOWN=yes # commented or not the problem persists
      - HEALTH_CHECK_TIMEOUT=20
      - LAN_NETWORK=10.0.0.0/24
      # - PUID=${docker_puid} # commented or not the problem persists
      # - PGID=${docker_pgid} # commented or not the problem persists
      - WEBUI_PASSWORD=adminadmin
      - VPN_ENABLED=yes
      - VPN_TYPE=openvpn
    ports:
      - 8080:8080
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
    devices:
      - "/dev/net/tun"

Docker logs:

qbittorrentvpn  | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
qbittorrentvpn  | [s6-init] ensuring user provided files have correct perms...exited 0.
qbittorrentvpn  | [fix-attrs.d] applying ownership & permissions fixes...
qbittorrentvpn  | [fix-attrs.d] done.
qbittorrentvpn  | [cont-init.d] executing container initialization scripts...
qbittorrentvpn  | [cont-init.d] 01-environment: executing... 
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] LAN_NETWORK defined as '10.0.0.0/24'
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] PUID not defined. Defaulting to 1000
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] PGID not defined. Defaulting to 1000
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] An user with PUID 1000 does not exist, adding an user called 'qbittorrent' with PUID 1000
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] VPN_ENABLED defined as 'yes'
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] VPN_TYPE defined as 'openvpn'
qbittorrentvpn  | 2024-05-18 10:27:11 [WARNING] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to CloudFlare and Google name servers
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] Adding 1.1.1.1 to resolv.conf
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] Adding 8.8.8.8 to resolv.conf
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] Adding 1.0.0.1 to resolv.conf
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] Adding 8.8.4.4 to resolv.conf
qbittorrentvpn  | [cont-init.d] 01-environment: exited 0.
qbittorrentvpn  | [cont-init.d] 02-vpn: executing... 
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] Choosen VPN config: 'us9570.nordvpn.com.udp1194.ovpn'
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] Using credentials from /config/openvpn/us9570.nordvpn.com.udp1194_credentials.conf
qbittorrentvpn  | dos2unix: converting file /config/openvpn/us9570.nordvpn.com.udp1194.ovpn to Unix format...
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] VPN remote line defined as '92.119.19.140 1194'
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] VPN_REMOTE defined as '92.119.19.140'
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] VPN_PORT defined as '1194'
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] VPN_PROTOCOL defined as 'udp'
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] VPN_DEVICE_TYPE defined as 'tun0'
qbittorrentvpn  | 2024-05-18 10:27:11 [INFO] Starting OpenVPN...
qbittorrentvpn  | --------------------
qbittorrentvpn  | 2024-05-18 10:27:11 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
qbittorrentvpn  | 2024-05-18 10:27:11 WARNING: file '/config/openvpn/us9570.nordvpn.com.udp1194_credentials.conf' is group or others accessible
qbittorrentvpn  | 2024-05-18 10:27:11 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
qbittorrentvpn  | 2024-05-18 10:27:11 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
qbittorrentvpn  | 2024-05-18 10:27:11 WARNING: --ping should normally be used with --ping-restart or --ping-exit
qbittorrentvpn  | 2024-05-18 10:27:11 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
qbittorrentvpn  | 2024-05-18 10:27:11 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrentvpn  | 2024-05-18 10:27:11 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrentvpn  | 2024-05-18 10:27:11 TCP/UDP: Preserving recently used remote address: [AF_INET]92.119.19.140:1194
qbittorrentvpn  | 2024-05-18 10:27:11 Socket Buffers: R=[212992->212992] S=[212992->212992]
qbittorrentvpn  | 2024-05-18 10:27:11 UDP link local: (not bound)
qbittorrentvpn  | 2024-05-18 10:27:11 UDP link remote: [AF_INET]92.119.19.140:1194
qbittorrentvpn  | 2024-05-18 10:27:11 TLS: Initial packet from [AF_INET]92.119.19.140:1194, sid=a6a3a209 e2dbba88
qbittorrentvpn  | 2024-05-18 10:27:11 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
qbittorrentvpn  | 2024-05-18 10:27:11 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
qbittorrentvpn  | 2024-05-18 10:27:11 VERIFY KU OK
qbittorrentvpn  | 2024-05-18 10:27:11 Validating certificate extended key usage
qbittorrentvpn  | 2024-05-18 10:27:11 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
qbittorrentvpn  | 2024-05-18 10:27:11 VERIFY EKU OK
qbittorrentvpn  | 2024-05-18 10:27:11 VERIFY X509NAME OK: CN=us9570.nordvpn.com
qbittorrentvpn  | 2024-05-18 10:27:11 VERIFY OK: depth=0, CN=us9570.nordvpn.com
qbittorrentvpn  | 2024-05-18 10:27:11 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
qbittorrentvpn  | 2024-05-18 10:27:11 [us9570.nordvpn.com] Peer Connection Initiated with [AF_INET]92.119.19.140:1194
qbittorrentvpn  | 2024-05-18 10:27:12 SENT CONTROL [us9570.nordvpn.com]: 'PUSH_REQUEST' (status=1)
qbittorrentvpn  | 2024-05-18 10:27:12 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.100.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.100.0.2 255.255.255.0,peer-id 3,cipher AES-256-GCM'
qbittorrentvpn  | 2024-05-18 10:27:12 OPTIONS IMPORT: timers and/or timeouts modified
qbittorrentvpn  | 2024-05-18 10:27:12 OPTIONS IMPORT: explicit notify parm(s) modified
qbittorrentvpn  | 2024-05-18 10:27:12 OPTIONS IMPORT: compression parms modified
qbittorrentvpn  | 2024-05-18 10:27:12 OPTIONS IMPORT: --ifconfig/up options modified
qbittorrentvpn  | 2024-05-18 10:27:12 OPTIONS IMPORT: route options modified
qbittorrentvpn  | 2024-05-18 10:27:12 OPTIONS IMPORT: route-related options modified
qbittorrentvpn  | 2024-05-18 10:27:12 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
qbittorrentvpn  | 2024-05-18 10:27:12 OPTIONS IMPORT: peer-id set
qbittorrentvpn  | 2024-05-18 10:27:12 OPTIONS IMPORT: adjusting link_mtu to 1657
qbittorrentvpn  | 2024-05-18 10:27:12 OPTIONS IMPORT: data channel crypto options modified
qbittorrentvpn  | 2024-05-18 10:27:12 Data Channel: using negotiated cipher 'AES-256-GCM'
qbittorrentvpn  | 2024-05-18 10:27:12 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
qbittorrentvpn  | 2024-05-18 10:27:12 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
qbittorrentvpn  | 2024-05-18 10:27:12 ROUTE_GATEWAY 172.20.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:14:00:02
qbittorrentvpn  | 2024-05-18 10:27:12 TUN/TAP device tun0 opened
qbittorrentvpn  | 2024-05-18 10:27:12 /sbin/ip link set dev tun0 up mtu 1500
qbittorrentvpn  | 2024-05-18 10:27:12 /sbin/ip link set dev tun0 up
qbittorrentvpn  | 2024-05-18 10:27:12 /sbin/ip addr add dev tun0 10.100.0.2/24
qbittorrentvpn  | 2024-05-18 10:27:12 /helper/resume-after-connect tun0 1500 1585 10.100.0.2 255.255.255.0 init
qbittorrentvpn  | --------------------
qbittorrentvpn  | 2024-05-18 10:27:12 /sbin/ip route add 92.119.19.140/32 via 172.20.0.1
qbittorrentvpn  | 2024-05-18 10:27:12 /sbin/ip route add 0.0.0.0/1 via 10.100.0.1
qbittorrentvpn  | 2024-05-18 10:27:12 /sbin/ip route add 128.0.0.0/1 via 10.100.0.1
qbittorrentvpn  | [cont-init.d] 02-vpn: exited 0.
qbittorrentvpn  | 2024-05-18 10:27:12 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
qbittorrentvpn  | 2024-05-18 10:27:12 Initialization Sequence Completed
qbittorrentvpn  | [cont-init.d] 03-network: executing... 
qbittorrentvpn  | 2024-05-18 10:27:12 [DEBUG] Docker interface defined as eth0
qbittorrentvpn  | 2024-05-18 10:27:12 [DEBUG] Docker IP defined as 172.20.0.2
qbittorrentvpn  | 2024-05-18 10:27:12 [DEBUG] Docker netmask defined as 255.255.0.0
qbittorrentvpn  | 2024-05-18 10:27:12 [INFO] Docker network defined as 172.20.0.0/16
qbittorrentvpn  | 2024-05-18 10:27:12 [INFO] Adding 10.0.0.0/24 as route via docker eth0
qbittorrentvpn  | 2024-05-18 10:27:12 [DEBUG] 'main' routing table defined as follows...
qbittorrentvpn  | --------------------
qbittorrentvpn  | 0.0.0.0/1 via 10.100.0.1 dev tun0 
qbittorrentvpn  | default via 172.20.0.1 dev eth0 
qbittorrentvpn  | 10.0.0.0/24 via 172.20.0.1 dev eth0 
qbittorrentvpn  | 10.100.0.0/24 dev tun0 proto kernel scope link src 10.100.0.2 
qbittorrentvpn  | 92.119.19.140 via 172.20.0.1 dev eth0 
qbittorrentvpn  | 128.0.0.0/1 via 10.100.0.1 dev tun0 
qbittorrentvpn  | 172.20.0.0/16 dev eth0 proto kernel scope link src 172.20.0.2 
qbittorrentvpn  | --------------------
qbittorrentvpn  | 2024-05-18 10:27:12 [DEBUG] ip rules defined as follows...
qbittorrentvpn  | --------------------
qbittorrentvpn  | 0:from all lookup local
qbittorrentvpn  | 32766:from all lookup main
qbittorrentvpn  | 32767:from all lookup default
qbittorrentvpn  | --------------------
qbittorrentvpn  | 2024-05-18 10:27:12 [DEBUG] iptables table 'filter' defined as follows...
qbittorrentvpn  | --------------------
qbittorrentvpn  | -P INPUT DROP
qbittorrentvpn  | -P FORWARD ACCEPT
qbittorrentvpn  | -P OUTPUT DROP
qbittorrentvpn  | -A INPUT -i tun0 -m comment --comment "Accept input from tunnel adapter" -j ACCEPT
qbittorrentvpn  | -A INPUT -s 172.20.0.0/16 -d 172.20.0.0/16 -m comment --comment "Accept input from internal Docker network" -j ACCEPT
qbittorrentvpn  | -A INPUT -s 92.119.19.140/32 -i eth0 -p udp -m udp --sport 1194 -m comment --comment "Accept input of VPN gateway" -j ACCEPT
qbittorrentvpn  | -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -m comment --comment "Accept input to qBittorrent webui port" -j ACCEPT
qbittorrentvpn  | -A INPUT -i lo -m comment --comment "Accept input to internal loopback" -j ACCEPT
qbittorrentvpn  | -A OUTPUT -o tun0 -m comment --comment "Accept output to tunnel adapter" -j ACCEPT
qbittorrentvpn  | -A OUTPUT -s 172.20.0.0/16 -d 172.20.0.0/16 -m comment --comment "Accept output to internal Docker network" -j ACCEPT
qbittorrentvpn  | -A OUTPUT -d 92.119.19.140/32 -o eth0 -p udp -m udp --dport 1194 -m comment --comment "Accept output of VPN gateway" -j ACCEPT
qbittorrentvpn  | -A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -m comment --comment "Accept output from qBittorrent webui port" -j ACCEPT
qbittorrentvpn  | -A OUTPUT -o lo -m comment --comment "Accept output from internal loopback" -j ACCEPT
qbittorrentvpn  | --------------------
qbittorrentvpn  | 2024-05-18 10:27:12 [DEBUG] iptables table 'mangle' defined as follows...
qbittorrentvpn  | --------------------
qbittorrentvpn  | -P PREROUTING ACCEPT
qbittorrentvpn  | -P INPUT ACCEPT
qbittorrentvpn  | -P FORWARD ACCEPT
qbittorrentvpn  | -P OUTPUT ACCEPT
qbittorrentvpn  | -P POSTROUTING ACCEPT
qbittorrentvpn  | --------------------
qbittorrentvpn  | [cont-init.d] 03-network: exited 0.
qbittorrentvpn  | [cont-init.d] 04-qbittorrent-setup: executing... 
qbittorrentvpn  | 2024-05-18 10:27:12 [WARNING] ENABLE_SSL is set to , SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
qbittorrentvpn  | 2024-05-18 10:27:12 [WARNING] If you manage the SSL config yourself, you can ignore this.
qbittorrentvpn  | 2024-05-18 10:27:12 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
qbittorrentvpn  | [cont-init.d] 04-qbittorrent-setup: exited 0.
qbittorrentvpn  | [cont-init.d] 05-install: executing... 
qbittorrentvpn  | [cont-init.d] 05-install: exited 0.
qbittorrentvpn  | [cont-init.d] done.
qbittorrentvpn  | [services.d] starting services
qbittorrentvpn  | [services.d] done.
qbittorrentvpn  | 2024-05-18 10:27:12 [INFO] Logging to /config/qBittorrent/data/logs/qbittorrent.log.
qbittorrentvpn  | 2024-05-18 10:27:12 [INFO] Trying to ping 1.1.1.1 and 8.8.8.8 over the docker interface for 500ms each...
qbittorrentvpn  | Terminated
qbittorrentvpn  | Terminated
qbittorrentvpn  | 2024-05-18 10:27:14 [INFO] Success: Could not connect. This means the firewall is most likely working properly.
qbittorrentvpn  | 2024-05-18 10:27:14 [INFO] Logging to /config/qBittorrent/data/logs/qbittorrent.log.
qbittorrentvpn  | 2024-05-18 10:27:14 [INFO] Trying to ping 1.1.1.1 and 8.8.8.8 over the docker interface for 500ms each...
qbittorrentvpn  | Terminated
qbittorrentvpn  | Terminated
qbittorrentvpn  | 2024-05-18 10:27:16 [INFO] Success: Could not connect. This means the firewall is most likely working properly.
qbittorrentvpn  | 2024-05-18 10:27:16 [INFO] qBittorrent started with PID 539
qbittorrentvpn  | 2024-05-18 10:27:16 [INFO] HEALTH_CHECK_HOST is not set. Using default host one.one.one.one
qbittorrentvpn  | 2024-05-18 10:27:16 [INFO] HEALTH_CHECK_INTERVAL is not set. Using default interval of 5s
qbittorrentvpn  | 2024-05-18 10:27:16 [INFO] Logging to /config/qBittorrent/data/logs/qbittorrent.log.
qbittorrentvpn  | 2024-05-18 10:27:16 [INFO] Trying to ping 1.1.1.1 and 8.8.8.8 over the docker interface for 500ms each...
qbittorrentvpn  | Terminated
qbittorrentvpn  | Terminated
qbittorrentvpn  | 2024-05-18 10:27:18 [INFO] Success: Could not connect. This means the firewall is most likely working properly.
qbittorrentvpn  | 2024-05-18 10:27:18 [INFO] Logging to /config/qBittorrent/data/logs/qbittorrent.log.
qbittorrentvpn  | 2024-05-18 10:27:18 [INFO] Trying to ping 1.1.1.1 and 8.8.8.8 over the docker interface for 500ms each...
qbittorrentvpn  | Terminated
qbittorrentvpn  | Terminated
acegene commented 1 month ago

Apparently, running a continuous chown operation on the mounted config files can cause this issue, even if the chown values are those the container has permission for. I do not understand this, but I will close this issue as I have found the problem