search

binhex / arch-qbittorrentvpn

Docker build script for Arch Linux base with qBittorrent, Privoxy and OpenVPN
GNU General Public License v3.0
443 stars 47 forks source link

qBittorrent not starting with VPN_ENABLED=yes #229

Closed Hi-ImKyle closed 5 months ago

Hi-ImKyle commented 5 months ago

At no point in the supervisord.log does it state qBittorrent is starting. 

Created by...
___.   .__       .__
\_ |__ |__| ____ |  |__   ____ ___  ___
 | __ \|  |/    \|  |  \_/ __ \\  \/  /
 | \_\ \  |   |  \   Y  \  ___/ >    <
 |___  /__|___|  /___|  /\___  >__/\_ \
     \/        \/     \/     \/      \/
   https://hub.docker.com/u/binhex/

2024-04-04 21:45:28.641066 [info] System information Linux 7cd5c18b2f16 5.15.0-88-generic #98-Ubuntu SMP Mon Oct 2 15:18:56 UTC 2023 x86_64 GNU/Linux
2024-04-04 21:45:28.674072 [info] PUID defined as '0'
2024-04-04 21:45:28.870330 [info] PGID defined as '0'
2024-04-04 21:45:29.099219 [info] UMASK defined as '077'
2024-04-04 21:45:29.131400 [info] Permissions already set for '/config'
2024-04-04 21:45:29.165040 [info] Deleting files in /tmp (non recursive)...
2024-04-04 21:45:29.203912 [info] VPN_ENABLED defined as 'yes'
2024-04-04 21:45:29.237373 [info] VPN_CLIENT defined as 'openvpn'
2024-04-04 21:45:29.270053 [info] VPN_PROV defined as 'custom'
2024-04-04 21:45:29.306198 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/ipvanish-DE-Frankfurt-fra-c06.ovpn
2024-04-04 21:45:29.367334 [info] VPN remote server(s) defined as 'fra-c06.ipvanish.com,'
2024-04-04 21:45:29.396477 [info] VPN remote port(s) defined as '443,'
2024-04-04 21:45:29.425367 [info] VPN remote protcol(s) defined as 'udp,'
2024-04-04 21:45:29.458521 [info] VPN_DEVICE_TYPE defined as 'tun0'
2024-04-04 21:45:29.490568 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2024-04-04 21:45:29.745732 [info] LAN_NETWORK defined as '192.168.1.0/24'
2024-04-04 21:45:29.790996 [info] LAN_NETWORK exported as '192.168.1.0/24'
2024-04-04 21:45:29.823694 [warn] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to name servers defined in readme.md
2024-04-04 21:45:29.858443 [info] VPN_USER defined as 'username'
2024-04-04 21:45:29.891108 [info] VPN_PASS defined as 'password'
2024-04-04 21:45:29.910710 [info] ENABLE_PRIVOXY defined as 'no'
2024-04-04 21:45:29.946725 [info] VPN_INPUT_PORTS defined as '6881'
2024-04-04 21:45:29.980930 [info] VPN_OUTPUT_PORTS defined as '6881'
2024-04-04 21:45:30.014395 [info] ENABLE_STARTUP_SCRIPTS defined as 'yes'
2024-04-04 21:45:30.047740 [info] WEBUI_PORT defined as '8080'
2024-04-04 21:45:31.863214 [info] Starting Supervisor...
2024-04-04 21:45:32,016 INFO Included extra file "/etc/supervisor/conf.d/qbittorrent.conf" during parsing
2024-04-04 21:45:32,016 INFO Set uid to user 0 succeeded
2024-04-04 21:45:32,017 INFO supervisord started with pid 7
2024-04-04 21:45:33,019 INFO spawned: 'start-script' with pid 248
2024-04-04 21:45:33,020 INFO spawned: 'watchdog-script' with pid 249
2024-04-04 21:45:33,020 INFO reaped unknown pid 8 (exit status 0)
2024-04-04 21:45:33,026 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2024-04-04 21:45:33,026 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2024-04-04 21:45:33,026 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2024-04-04 21:45:33,032 DEBG 'start-script' stdout output:
[warn] Username contains characters which could cause authentication issues, please consider changing this if possible

2024-04-04 21:45:33,086 DEBG 'start-script' stdout output:
[info] Adding 84.200.69.80 to /etc/resolv.conf

2024-04-04 21:45:33,089 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2024-04-04 21:45:33,093 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2024-04-04 21:45:33,096 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2024-04-04 21:45:33,100 DEBG 'start-script' stdout output:
[info] Adding 84.200.70.40 to /etc/resolv.conf

2024-04-04 21:45:33,104 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2024-04-04 21:45:33,282 DEBG 'start-script' stdout output:
[info] Adding 192.168.1.0/24 as route via adapter eth0

2024-04-04 21:45:33,283 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2024-04-04 21:45:33,284 DEBG 'start-script' stdout output:
default via 172.24.0.1 dev eth0 
172.24.0.0/16 dev eth0 proto kernel scope link src 172.24.0.2 
192.168.1.0/24 via 172.24.0.1 dev eth0 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 

2024-04-04 21:45:33,285 DEBG 'start-script' stdout output:
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
local 172.24.0.2 dev eth0 table local proto kernel scope host src 172.24.0.2 
broadcast 172.24.255.255 dev eth0 table local proto kernel scope link src 172.24.0.2 

2024-04-04 21:45:33,285 DEBG 'start-script' stdout output:
--------------------

2024-04-04 21:45:33,290 DEBG 'start-script' stdout output:
iptable_mangle         16384  0
ip_tables              32768  10 iptable_filter,iptable_mangle
x_tables               53248  21 ip6table_filter,xt_conntrack,iptable_filter,nft_compat,xt_LOG,xt_multiport,xt_tcpudp,xt_addrtype,xt_recent,xt_nat,ip6t_rt,xt_comment,ip6_tables,ipt_REJECT,ip_tables,xt_limit,xt_hl,xt_MASQUERADE,ip6t_REJECT,iptable_mangle,xt_mark

2024-04-04 21:45:33,290 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2024-04-04 21:45:33,348 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2024-04-04 21:45:33,349 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 216.131.111.32/32 -i eth0 -j ACCEPT
-A INPUT -s 172.24.0.0/16 -d 172.24.0.0/16 -j ACCEPT
-A INPUT -s 216.131.111.32/32 -i eth0 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 6881 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 6881 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 172.24.0.0/16 -i eth0 -p tcp -m tcp --sport 6881 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A OUTPUT -d 216.131.111.32/32 -o eth0 -j ACCEPT
-A OUTPUT -s 172.24.0.0/16 -d 172.24.0.0/16 -j ACCEPT
-A OUTPUT -d 216.131.111.32/32 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 6881 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 6881 -j ACCEPT
-A OUTPUT -s 172.24.0.0/16 -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --dport 6881 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT

2024-04-04 21:45:33,351 DEBG 'start-script' stdout output:
--------------------

2024-04-04 21:45:33,351 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...

2024-04-04 21:45:33,359 DEBG 'start-script' stdout output:
2024-04-04 21:45:33 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

2024-04-04 21:45:33,360 DEBG 'start-script' stdout output:
2024-04-04 21:45:33 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 

2024-04-04 21:45:33,360 DEBG 'start-script' stdout output:
2024-04-04 21:45:33 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-04-04 21:45:33 WARNING: file 'credentials.conf' is group or others accessible
2024-04-04 21:45:33 OpenVPN 2.6.10 [git:makepkg/ba0f62fb950c56a0+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Mar 20 2024
2024-04-04 21:45:33 library versions: OpenSSL 3.2.1 30 Jan 2024, LZO 2.10
2024-04-04 21:45:33 DCO version: N/A

2024-04-04 21:45:33,361 DEBG 'start-script' stdout output:
2024-04-04 21:45:33 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2024-04-04 21:45:33,362 DEBG 'start-script' stdout output:
2024-04-04 21:45:33 TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.111.32:443

2024-04-04 21:45:33,362 DEBG 'start-script' stdout output:
2024-04-04 21:45:33 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-04-04 21:45:33 UDPv4 link local: (not bound)
2024-04-04 21:45:33 UDPv4 link remote: [AF_INET]216.131.111.32:443

2024-04-04 21:46:33,017 DEBG 'start-script' stdout output:
2024-04-04 21:46:33 [UNDEF] Inactivity timeout (--ping-restart), restarting

2024-04-04 21:46:33,017 DEBG 'start-script' stdout output:
2024-04-04 21:46:33 SIGHUP[soft,ping-restart] received, process restarting

2024-04-04 21:46:33,017 DEBG 'start-script' stdout output:
2024-04-04 21:46:33 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

2024-04-04 21:46:33,017 DEBG 'start-script' stdout output:
2024-04-04 21:46:33 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2024-04-04 21:46:33 Note: '--allow-compression' is not set to 'no', disabling data channel offload.

2024-04-04 21:46:33,017 DEBG 'start-script' stdout output:
2024-04-04 21:46:33 WARNING: file 'credentials.conf' is group or others accessible
2024-04-04 21:46:33 OpenVPN 2.6.10 [git:makepkg/ba0f62fb950c56a0+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Mar 20 2024
2024-04-04 21:46:33 library versions: OpenSSL 3.2.1 30 Jan 2024, LZO 2.10
2024-04-04 21:46:33 DCO version: N/A

2024-04-04 21:46:33,017 DEBG 'start-script' stdout output:
2024-04-04 21:46:33 Restart pause, 1 second(s)

2024-04-04 21:46:34,017 DEBG 'start-script' stdout output:
2024-04-04 21:46:34 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2024-04-04 21:46:34,018 DEBG 'start-script' stdout output:
2024-04-04 21:46:34 TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.111.32:443
2024-04-04 21:46:34 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-04-04 21:46:34 UDPv4 link local: (not bound)
2024-04-04 21:46:34 UDPv4 link remote: [AF_INET]216.131.111.32:443

If I change VPN_ENABLED to no, it starts up fine.

2024-04-04 21:47:17,613 DEBG 'watchdog-script' stdout output:
[info] qBittorrent not running

2024-04-04 21:47:17,613 DEBG 'watchdog-script' stdout output:
[info] qBittorrent config file already exists, skipping copy
[info] Removing session lock file (if it exists)...

2024-04-04 21:47:17,657 DEBG 'watchdog-script' stdout output:
[info] Attempting to start qBittorrent...

2024-04-04 21:47:17,662 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 8080...

WebUI will be started shortly after internal preparations. Please wait...

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080

The WebUI administrator username is: admin
The WebUI administrator password was not set. A temporary password is provided for this session: TwcSYq9Nu
You should set your own password in program preferences.
2024-04-04 21:47:17,998 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 8080

It's almost like with VPN_ENABLED=yes the watchdog script doesn't even try to start qBittorrent.

Is this intentional? Am I missing the main point of this image?

adocampo commented 5 months ago

Hi there,

I'm struggling trying to make this work with a simple openvpn connection. my idea is NOT specify the VPN user and password on the docker-compose.yml but on a text file called credentials.txt and placed on the same directory as the .ovpn config file and call it with auth-user-pass credentials.conf within the .ovpn.

it says 

2024-04-05 00:25:43 AUTH: Received control message: AUTH_FAILED

obviously, I've tried with the environment vars inside the docker-compose.

version: "3"
services:
    arch-qbittorrentvpn:
        cap_add:
            - NET_ADMIN
        ports:
            - 6882:6881
            - 6882:6881/udp
            - 49550:49550
            - 49551:8118
        container_name: torrent-vpn
        volumes:
            - /data/files:/data
            - /data/.docker/arch-qbittorrent-vpn/config:/config
            - /etc/localtime:/etc/localtime:ro
        environment:
            - VPN_ENABLED=yes
            - VPN_PROV=protonvpn
            - VPN_CLIENT=openvpn
             - VPN_USER=email@gmail.com
             - VPN_PASS=passord              
            - STRICT_PORT_FORWARD=yes
            - ENABLE_PRIVOXY=yes
            - ENABLE_STARTUP_SCRIPTS=no
            - LAN_NETWORK=192.168.1.0/24
            - NAME_SERVERS=192.168.1.1
            - DEBUG=true
            - WEBUI_PORT=49550
            - UMASK=000
            - PUID=0
            - PGID=0
        network_mode: bridge
        restart: unless-stopped

        image: binhex/arch-qbittorrentvpn

I've tried VPN_PROV protonvpn, pia, custom... nothing works.

As the OP, if I disable the VPN, qbittorrent starts just fine.

Someone can shred some light, please?

binhex commented 5 months ago

Inactivity timeout (--ping-restart), restarting

See Q17:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md