Torrent, Usenet, NZB, VPN (ProtonVPN/NordVPN) box by Docker Compose containers

The code on this repository is intended to be used to share media content with various networks such as Torrent and Usenet while protecting your privacy through a VPN. The main idea is to provide access where Internet censors and content restriction apply. I totally discourage using this code for any piracy reasons.

The stack can be run in any Linux box.\ Besides Plex transcoding, all other apps and functions are super light and a basic Raspberry Pi is able to handle the load.

All the apps are pre-configured and integrated. Therefore, with a few clicks you can start adding Indexers to the configurations and tinkering to your liking.

IMPORTANT: I strongly recommend rotating all the API keys and changing all the passwords.

Requisites

Apps Included

Table of Contents

• Torrent, Usenet, NZB, VPN (ProtonVPN) box by Docker Compose containers
• Requisites
• Apps Included
• Table of Contents
• Usage
  • 1. Check your parameters
  • 2.Create dotenv (.env) file
  • 3. Edit dotenv (.env) file
  • 3.1. ProtonVPN
  • 3.2. NordVPN
  • 4. Generate the certificate
  • 4.1. Use your own certificate
  • 5. Enable / Disable Apps
  • 6. Run the containers
  • 7. Rotate your keys
  • 8. Shutting it down
  • 9. Backup
• Folders
• App Links
  • HTTP
  • HTTPS
  • HTTPS through reverse proxy (Nginx)
• Indexers
  • Torrent
  • Usenet
• Downloaders
  • Torrent
  • Usenet
• Library Managers
  • Movies / Series / Music
  • AudioBooks / eBooks / Comics
  • Subtitles (Movies / TV Shows)
• Bandwith Control
  • Revert to original state
  • Known Issues and future improvements
  • Clean up everything (including media folder)
• License
• Contribute / Donate

Usage

1. Check your parameters

It is necessary to set a few parameters to match your environment. Check your user id and gid. To get this info, go to your shell and run:

id

The result should be something like;

uid=1000(my_user) gid=1000(my_user) groups=1000(my_user)

After that, check your timezone. For that, run:

cat /etc/timezone

The result should be something like;

America/Toronto

Save these values for later reference.

2.Create dotenv (.env) file

Copy from the example and generate a new .env file.

cp .env.example .env

3. Edit dotenv (.env) file

Edit the newly created .env file and change the UID, GID, and TIMEZONE parameters to the values you gathered from steps 1 and 2.

In addition, set the DOMAIN variable for the certificate generation and the reverse proxy configuration.

Lastly, configure the VPN_PROVIDER, choose from protonvpn or nordvpn and fill the variables accordingly.

It will look something like this;

# System Parameters
UID=1000
GID=1000
TIMEZONE=America/Toronto
UMASK=022
DOMAIN=localhost

# VPN Configurations
VPN_PROVIDER=protonvpn
PROTONVPN_COUNTRY_AND_SERVER=nl-free-127.protonvpn.net
PROTONVPN_KEY=KLjfIMiuxPskM4+DaSUDmL2uSIYKJ9Wap+CHvs0Lfkw=

3.1. ProtonVPN

You will need to log in to ProtonVPN portal to download your key, follow these steps;

• Log in to ProtonVPN and go to Downloads → WireGuard configuration.
• Enter a name for the key, and select features to enable like NetShield and VPN Accelerator & click create.
• Generated config might look something like below;

# Key for <name>
# VPN Accelerator = on
PrivateKey = KLjfIMiuxPskM4+DaSUDmL2uSIYKJ9Wap+CHvs0Lfkw=
Address = 10.2.0.2/32
DNS = 10.2.0.1

[Peer]
# NL-FREE#128
PublicKey = jbTC1lYeHxiz1LNSJHQMKDTq6sHgcWxkBwXvt7GWo1E=
AllowedIPs = 0.0.0.0/0
Endpoint = 91.229.23.180:51820

• Only thing needed from the above config is PrivateKey.
• See https://protonvpn.com/support/wireguard-configurations/ for more info.

With the values from the page, change the PROTONVPN_KEY and PROTONVPN_COUNTRY_AND_SERVER.

IMPORTANT: To use a server that is best for you, please check the details in the ProtonVPN Docker page; https://github.com/tprasadtp/protonvpn-docker#protonvpn_server

3.2. NordVPN

Please visit https://support.nordvpn.com/Connectivity/Linux/1905092252/How-to-log-in-to-NordVPN-on-Linux-with-a-token.htm for more instructions on how to get your token. And https://github.com/bubuntux/nordvpn for more configuration parameters for the NordVPN container.

NordVPN by default will pick the best server for you, otherwise, please add the value in the NORDVPN_COUNTRY_AND_OR_SERVER variable. There is a comprehensive list at https://nordvpn.com/servers/ .

4. Generate the certificate

At this moment the stack only supports self-signed certificates.

Go back to the .env file and look for the section about the certificate if you want to change any parameter. An example is like;

# Certificate details
CERT_COUNTRY=CS
CERT_STATE=Classified
CERT_CITY=Classified
CERT_ORGANIZATION=Classified
CERT_OU=Classified
CERT_FQDN=${DOMAIN} # it will use the previously declared DOMAIN variable

After you have configured the parameters in the .env file, you can generate a certificate by running the command;

make generate_certificate

This will create the server.key, server.crt, and server.pfx in the /certs/ folder.

4.1. Use your own certificate

If you have your own certificate, just copy them to the /certs folder using the exact names.

Remember, the server.key, server.crt, and server.pfx have to match the uid and gid, and the permissions have to be 644 for the .crt and 600 for the .key and .pfx.

5. Enable / Disable Apps

In the same .env file, edit the Docker container profile to enabled/disabled for the apps in the stack.

The only REQUIRED app is the VPN_PROVIDER as the stack is tightly coupled to it.

It will look like this;

# Default Apps' Profiles (enabled/disabled)
BAZARR_PROFILE=disabled
CALIBRE_PROFILE=disabled
CALIBREWEB_PROFILE=disabled
FLARESOLVERR_PROFILE=enabled
JACKETT_PROFILE=disabled
LAZYLIBRARIAN_PROFILE=disabled
LIDARR_PROFILE=disabled
MYLAR_PROFILE=disabled
NGINX_PROFILE=enabled
NZBGET_PROFILE=enabled
NZBHYDRA2_PROFILE=enabled
PLEX_PROFILE=enabled
PROTONVPN_PROFILE=enabled
QBITTORRENT_PROFILE=enabled
RADARR_PROFILE=enabled
READARR_PROFILE=disabled
SONARR_PROFILE=enabled

# NOT Default Apps' Profiles (enabled/disabled)
NORDVPN_PROFILE=disabled
PROWLARR_PROFILE=disabled

6. Run the containers

Now that everything is set, please run the containers by using the command below;

docker-compose --profile enabled up --detach

OR

make start

7. Rotate your keys

All the services are pre-configured, therefore they already have API keys set.

It is strongly recommended rotating all of them for the sake of security.

8. Shutting it down

Now that everything is working, if you need to bring it down to change parameters and make adjustments, please run the command below;

docker-compose --profile enabled stop

OR

make stop

9. Backup

Now that everything is fully working. Make sure you create a backup of your configurations and changes, in order to perform the backup operation, please run;

make backup

This command will generate a backup of all the config folders.

Folders

The media type will be stored into the folders below;

App Links

These tables list the apps, protocols (HTTP or HTTPS), ports, and credentials.

Some apps are available on both, HTTP and HTTPS, whereas some are only available in one protocol.

Not all apps are fully working through the reverse proxy (Nginx). I am still working on it.

HTTP

HTTPS

HTTPS through reverse proxy (Nginx)

Indexers

Torrent

LazyLibrarian ---> NzbHydra2 ---> Jackett ---> Flaresolverr\ Lidarr ---> NzbHydra2 ---> Jackett ---> Flaresolverr\ Mylar ---> NzbHydra2 ---> Jackett ---> Flaresolverr\ Radarr ---> NzbHydra2 ---> Jackett ---> Flaresolverr\ Readarr ---> NzbHydra2 ---> Jackett ---> Flaresolverr\ Sonarr ---> NzbHydra2 ---> Jackett ---> Flaresolverr

Usenet

LazyLibrarian ---> NzbHydra2\ Lidarr ---> NzbHydra2\ Mylar ---> NzbHydra2\ Radarr ---> NzbHydra2\ Readarr ---> NzbHydra2\ Sonarr ---> NzbHydra2

Downloaders

Torrent

LazyLibrarian ---> qBitTorrent\ Lidarr ---> qBitTorrent\ Mylar ---> qBitTorrent\ Radarr ---> qBitTorrent\ Readarr ---> qBitTorrent\ Sonarr ---> qBitTorrent

Usenet

LazyLibrarian ---> NzbGet\ Lidarr ---> NzbGet\ Mylar ---> NzbGet\ Radarr ---> NzbGet\ Readarr ---> NzbGet\ Sonarr ---> NzbGet

Library Managers

Movies / Series / Music

Lidarr ---> Plex Media Server\ Radarr ---> Plex Media Server\ Sonarr ---> Plex Media Server

AudioBooks / eBooks / Comics

LazyLibrarian ---> Calibre\ Mylar ---> Calibre\ Readarr ---> Calibre

Subtitles (Movies / TV Shows)

Bazarr ---> Sonarr\ Bazarr ---> Radarr

Bandwith Control

By default, both downloaders, qBitTorrent and NzbGet, are configured to limit from 8AM to 11:59PM to;

• Download Rate - 1 Gbps
• Upload Rate - 30 Mbps (only applicable to qBitTorrent)

Outside of these hours, no speed control applied.\ If desired, it is possible to change or disable the settings in these app's configs.

Revert to original state

If you need to revert to the original code and configs, simply run;

make clean

Known Issues and future improvements

1. Lidarr is not pre-configured for the indexers because it didn't allow to add for a category issue
2. Sonarr is not configured yet on HTTPS, it requires more tweaking
3. Mylar doesn't work with qBittorrent and Nzbget using a self-signed certificate
4. Lazylibarian doesn't work with qBittorrent using a self-signed certificate.

If you can help working on any of these issues and require more information, please feel free to open a issue and reach out.

Clean up everything (including media folder)

IMPORTANT: This will ERASE every file on your media folder!

make clean_all

License

See LICENSE for full details.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Contribute / Donate

If you are using the code, entirelly or partially, forking the project, or getting inspired by it, consider becoming a sponsor, buying me a coffee, or maybe a beer, I would really appreciate it :smiley: