🐋 Alpine qBittorrent OpenVPN

DEPRECATION NOTICE

I no longer have time to maintain this project.

This project has served me well for a while, but has important SECURITY ISSUES that I no longer have time to fix:

https://github.com/guillaumedsde/alpine-qbittorrent-openvpn/issues/137

I would advise migrating to another solution for running a containerized qbittorrent with a VPN tunnel such as:

https://github.com/qdm12/gluetun

I will leave this repository up for archival purposes and will add a disclaimer to the docker image at launch.

This repository contains the code to build a docker container with the qBittorrent torrent client with all traffic routed through an OpenVPN tunnel with firewall rules preventing traffic outside of the tunnel. The container is built automatically whenever the Alpine container is updated, the final image is available on the docker hub and the documentation is hosted on gitlab pages.

This container is based on an Alpine Linux and uses the S6-overlay for starting setting up the firewall, VPN tunnel and lastly starting qBittorrent. The image aims to be safe, small and generally minimal by installing as little dependencies as possible and running qBittorrent and OpenVPN as different unprivileged users.

✔️ Features summary

🏔️ Alpine Linux small and secure base Docker image
🤏 As few Docker layers as possible
🛡️ Minimal software dependencies installed
🛡️ Runs as unprivileged user with minimal permissions
🖥️ Built for many platforms
🚇 Compatible with most OpenVPN providers
↔️ Port forwarding support for PrivateVPN, Private Internet Access and Perfect Privacy

🏁 How to Run

`docker run`

$ docker run --cap-add=NET_ADMIN -d \
              -v /your/storage/path/:/downloads \
              -v /path/to/config/directory:/config \
              -v /etc/localtime:/etc/localtime:ro \
              -e OPENVPN_PROVIDER=PIA \
              -e OPENVPN_CONFIG=ca_toronto \
              -e OPENVPN_USERNAME=user \
              -e OPENVPN_PASSWORD=pass \
              -e PUID=1000 \
              -e PGID=1000 \
              -e LAN=192.168.0.0/16 \
              -p 8080:8080 \
              guillaumedsde/alpine-qbittorrent-openvpn:latest

`docker-compose.yml`

version: "3.3"
services:
  alpine-qbittorrent-openvpn:
    volumes:
      - "/your/storage/path/:/downloads"
      - "/path/to/config/directory:/config"
      - "/etc/localtime:/etc/localtime:ro"
    environment:
      - OPENVPN_PROVIDER=PIA
      - OPENVPN_CONFIG=ca_toronto
      - OPENVPN_USERNAME=user
      - OPENVPN_PASSWORD=pass
      - PUID=1000
      - PGID=1000
      - LAN=192.168.0.0/16
    ports:
      - "8080:8080"
    cap_add:
      - NET_ADMIN
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest

🖥️ Supported platforms

This container is built for many hardware platforms (yes, even ppc64le whoever uses that... 😉):

linux/386
linux/amd64
linux/arm/v6
linux/arm/v7
linux/arm64
linux/ppc64le

All you have to do is use a recent version of docker and it will pull the appropriate version of the image guillaumedsde/alpine-qbittorrent-openvpn from the docker hub.

🚇 OpenVPN configuration

Officially supported

This image makes use of the VPN providers' OpenVPN configurations from the latest version of haugene/docker-transmission-openvpn cheers to that project 🍺! It is possible I might have messed something up, so if one provider is not working for you, make sure to leave an issue on this repository's Github page. Selecting a preloaded configuration works the same way as the haugene container (see below for an example).

Custom OpenVPN config

If your provider is not in the supported list or if is currently not working, you can mount your .ovpn file at /config/openvpn/config.ovpn optionally set your OPENVPN_USERNAME and OPENVPN_PASSWORD leaving the OPENVPN_PROVIDER empty and the container will load your configuration upon start.

🔍 qBittorrent torrent search

In order to be as light as possible, the latest tagged docker image does not include python. This means that in order to use qBittorrent's torrent Search functionality you have to use the version of this image based on the official python alpine docker image, this image is tagged python, in order to download it, please use guillaumedsde/alpine-qbittorrent-openvpn:python.

🐌 Limitations

This image has a couple of limitations:

No IPv6 support I have not installed iptables for IPv6 as such the firewall kill switch will probably not work with IPv6 (I have not tested it) if you need it, file an issue and I'll look into it when I have some time
No support for docker's built in DNS server Docker has an embedded DNS server that containers query to get the IPs of other containers, however, Docker does some weird iptables trick to redirect containers' DNS requests to its resolver at 127.0.0.11. I have not managed to write proper iptables rules to allow this traffic, if you have any idea how, leave an issue 🙂. In the meantime, the container's DNS resolver is set using the DNS environment variable

Enhancements

@reconman suggests using docker-autoheal by adding the autoheal=true label to the container to automatically restart it when the container becomes unhealthy (qBittorrent or OpenVPN crashes).

🙏 Credits

A couple of projects really helped me out while developing this container:

🍻 0x022b/s6-openvpn for figuring out how the S6 overlay works, and for most of the code to run OpenVPN as an unprivileged user
🍻 haugene/docker-transmission-openvpn for general inspiration for the project and specifically, the OpenVPN configurations, the port forwarding and healthcheck scripts adapted in this repository
🏁 s6-overlay A simple, relatively small yet powerful set of init script for managing processes (especially in docker containers)
💽 userdocs/qbittorrent-nox-static for the great static qbittorrent build scripts
🏔️ Alpine Linux an awesome lightweight secure linux distribution used as the base for this container
🐋 The Docker project (of course)

guillaumedsde / alpine-qbittorrent-openvpn

readme