network_mode and routing traffic through transmission-vpn

[robflate]

I noticed you commented out;

network_mode: container:transmission-vpn for qbittorrent

Do you know how to route traffic through the transmission-vpn container?

Thanks.

[g0Idfinger]

I have not figured that part out yet for traefik2 and I'm not sure that I will anytime soon. If you do figure it please let me know and I'll add it.

[android-808]

I am also interested in this. I have been trying to use bubuntux/nordvpn but that requires network_mode: bridge or it fails to connect. Can't remember the reason, it fails to connect to several urls that the nordvpn app uses to update its configs as spits out some io error.

The way I tried to get around it was setting Jackett for example as using the network_mode: service:vpn up and then set up an nginx container, lets say Jackett-Frontend, that uses links: jackett:vpn and networks: traefik to enable web access via a proxy. I'd seen it done that way elsewhere for some other containers but didn't have any luck getting it to work.

[android-808]

I made some progress using transmission-vpn. I'm not 100% sure its working correctly, I'm new to docker but I imagine you can enter a shell somehow to test your external IP.

• Under transmission-vpn, add ports: for all services you want to route through it. eg 9117:9117 for Jackett.
• Under jackett, set network mode service: transmission-vpn, remove/comment networks: section
• When configuring Sonarr for example, you need to change url of the jackett service from https://jacket.example.com/api/... to http://transmission-vpn:9117/api/.....
• Transmission is showing that it has a closed port, something like 51413. I haven't worked that bit out yet. Don't know if I need to add it to ports: or if the VPN should tunnel it.

Note It will not work straight away after running docker-compose up. There is a health check feature built into transmission-vpn that doesn't reported it as working for ~5 minutes. Until it shows as working under docker ps, Treafik will not pick up on it and so will not allow access or report is as a service/router etc under the Traefik dashboard.

I'm not a lover of Transmission, I encountered a bug years ago where after a random period of time it would output directories with random names under /home/user instead of the actual location and the data wouldn't actually be there, despite the percentage complete increasing. Restarting it would then show the correct data and resume downloading to the correct location but wasted time and resources. I'd prefer a dedicated VPN image that I could then connect the app of choice to instead of running transmission just so I can get the VPN feature. The upside to using it however is that it is a popular image so therefore is better maintained.

[robflate]

Thanks. I set it up as described and it works. For example, routing qBittorrent through Transmission-vpn hides my public IP. Checked with https://torguard.net/checkmytorrentipaddress.php.

However, if I route a second container through Transmission-vpn things go wrong. I first added qBittorrent and it works but when I then add Jackett, qBittorrent fails with a 404 at the webui. Checking in Traefik, the qBittorrent route and service entries disappear and Jackett ones appear. If I then add qBittorrent again, Jackett fails.

I'm not sure what's going on. It's not the Transmission-vpn health check as Transmission works and reports as healthy. I even left it for a few hours to check. Traefik logs show;

today at 2:36 PM time="2020-04-14T13:36:02Z" level=warning msg="Could not find network named 't2_proxy' for container '/jackett'! Maybe you're missing the project's prefix in the label? Defaulting to first available network." serviceName=jackett-svc providerName=docker container=jackett-media-server-af1b3a73318b2dd451eee0fa6256d796fdb689444512e35dd7189a62d21bab60

today at 2:36 PM time="2020-04-14T13:36:02Z" level=error msg="service \"jackett-svc\" error: unable to find the IP address for the container \"/jackett\": the server is ignored" providerName=docker container=jackett-media-server-af1b3a73318b2dd451eee0fa6256d796fdb689444512e35dd7189a62d21bab60

[android-808]

I've seen to that error in my log when it was idle but not used it enough at the moment to actually experience in action. I'll have to play around with it some more.

[android-808]

I currently have both qBittorent and Jackett open in tabs. I have the first error mentioned for both services in just under 5 minutes. Now around 1 hour since docker-compose up was run, and only seen the once. Just to make sure, you did set LOCAL_NETWORK correctly?

I don't know if https://github.com/containous/traefik/issues/5535#issuecomment-537048178 could be of any use. Add ipv4: address to transmission-vpn then add a set of rules in traefik2/rules/ that specifiy the server ip for Jackett/qBittorent routers.

[robflate]

Thanks. LOCAL_NETWORK is 192.168.0.0/16. Traefik ip is 192.168.80.254 and docker network was created with docker network create --gateway 192.168.80.1 --subnet 192.168.80.0/24 t2_proxy

[robflate]

If I start my stack with something like docker-compose up -d --force-recreate, everything works including both qBittorrent and Jackett. If I then restart transmission-vpn, qBittorrent and Jackett fail to work even after 1 hour.

If you restart just transmission-vpn, do qBittorrent and Jackett still work (after transmission-vpn has passed the health check)?

[android-808]

I literally just run sudo docker-compose up. I might have added depends_on: transmission-vpn to them both, but it's definitely on one of them.

If I get a chance, I'll try adding a rules file, see if that helps.

[android-808]

I seem to have got the warnings to go away. I still haven't experienced the issue you have of one service not being available. I haven't played with restarting individual services yet.

I added a new file for each service under the rules folder, called app-qbittorrent.yml and app-jackett.yml. I moved everything from the labels: section for each service in docker-compose.yml to these, converting to YAML as its what I have configs stored as. TOML would also work, and would probably be much simpler. The one issue I have with it is working out how to get $DOMAINNAME expansion working.

http:
  routers:
    qbit-rtr:
      entryPoints:
        - https
      rule: "Host(`qbit.example.org`)" # $DOMAINNAME here doesn't get expanded.
      tls: {}
      middlewares:
        - chain-no-auth
      service: qbit-svc

  services:
    qbit-svc:
      loadBalancer:
        servers:
          - url: "http://VPNSERVICEIP:8168" # use ipv4: to specify an address under transmission-vpn

[g0Idfinger]

if you want to use the variable you will need to put it the .env file in the same folder as the file trying to to use it or use system environment variables.

[g0Idfinger]

network_mode: container:transmission-vpn is what you would add to use the vpn connection from transmission-vpn. make sure the container name is correct.

I have also added a qbittorrent section to the yml that has VPN built into qbittorrent container. if you want other containers to use it add this to the service container: network_mode: container:qbitvpn