Configure prowlarr failing with vpn service

[Qinusty]

Configure prowlarr docs networking seems incorrect given access to radarr over localhost:7878 is not accessable on the vpn service network. https://github.com/navilg/media-stack/tree/main#configure-prowlarr

I've tried various hostnames instead of localhost but looks like something is slightly misconfigured.

[navilg]

Use http://radarr:7878

[Qinusty]

radarr:
    container_name: radarr
    image: lscr.io/linuxserver/radarr:4.7.5
    networks:
      - mynetwork
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    ports:
      - 7878:7878
    volumes:
      - radarr-config:/config
      - torrent-downloads:/downloads
    restart: "unless-stopped"

prowlarr:
    container_name: prowlarr
    image: linuxserver/prowlarr:1.6.3

    # Uncomment below if vpn is enabled
    depends_on:               # Uncomment this line if vpn is enabled
      - vpn                   # Uncomment this line if vpn is enabled
    network_mode: service:vpn # Uncomment this line if vpn is enabled

    # networks:               # Comment this line if vpn is enabled
    #   - mynetwork           # Comment this line if vpn is enabled
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    volumes:
      - prowlarr-config:/config

    # Comment below ports if VPN is enabled.
    # ports:
    #   - 9696:9696
    restart: unless-stopped

[navilg]

Let me check this on weekend

[lochot]

@navilg thank for this repo ! i am trying it and i love it :)

[Qinusty] -> i had the same problem behind my vpn, just go in your radarr container check it's ip, and use it in place of localhost to enter your docker container

docker-compose exec radarr bash

to show ip of it

ifconfig

to exit from the container (do not stop the container)

exit

[navilg]

Thanks @lochot I am able to replicate the issue. It will work when you add IP address of radarr instead of service name or if you have public DNS (with SSL configured), use your radarr HTTPS url instead. Meanwhile I will look into the issue

[navilg]

This is because prowlarr and qBittorrent are behind VPN and when you hit http://radarr:7878 It is hitting from VPN server and not from docker network. So, It is not able to resolve it. Need to find out how to make it resolve local dns.

[sbarkar]

Hey all,

What if we create another internal network?

We add an additional bridge network (let's call it internal-network). This network will be used for inter-container communication.

1. Connect all services to this new network, ensuring they can communicate with each other.
2. Keep the VPN-dependent services (like prowlarr and qbittorrent) with network_mode: service:vpn, but also connect them to the internal-network for inter-container communication.

Here's how the Docker Compose file will look after these changes:

version: "3.91"
name: media-stack
services:
  ...
  vpn:
    ...
    networks:
      - media-network
      - internal-network # New network

  qbittorrent:
    ...
    networks:
      - internal-network # New network

  radarr:
    ...
    networks:
      - media-network
      - internal-network # New network

  sonarr:
    ...
    networks:
      - media-network
      - internal-network # New network

  prowlarr:
    ...
    networks:
      - internal-network # New network

  jellyfin:
    ...
    networks:
      - media-network
      - internal-network # New network

networks:
  media-network:
    external: true
  internal-network:
    internal: true 

By adding the internal-network and connecting all services to it, you ensure that:

• All containers can communicate with each other using their service names (like radarr, sonarr, prowlarr, etc.)
• Services that need VPN (like prowlarr and qbittorrent) will still route their external traffic through the VPN.

What do you think?

[sbarkar]

Okay, please ignore anything I said in the last message.

I made it work via the Nginx proxy. Please see my code in the forked repo. I have yet to do the documentation properly.

The problem is that the connectivity needs to be improved, which makes Prowlarr inefficient. It barely syncs the Indexers. Sometimes, if it fails to sync and I force it a few times, it just goes into "cooldown" mode and does not let you manually force refresh until some time passes. In reality, I have only a few indices synced in Radarr and none in Sonarr even if the tests in the UI are successful. Any ideas on what we could do to make it more stable?

[MulverineX]

Here's my working setup https://gist.github.com/MulverineX/00a56505908c63d679188ef984820c54

[navilg]

Here's my working setup https://gist.github.com/MulverineX/00a56505908c63d679188ef984820c54

It should work when all services are behind VPN

[bl4ko]

This is a well known gluetun's issue and its workaround is documented on glutun-wiki.

Basically you should define static ip addresses for all services that are not part of the vpn stack (network_mode: service:vpn).

I have written a simple working example for the services radarr (not part of the stack), gluetun and prowlarr:

• Create a bridged network docker network create --subnet=172.18.0.0/16 mynetwork
• Set a static ip (eg. 172.18.0.22) for the radarr service

name: test
services:
  vpn:
    image: docker.io/qmcgaw/gluetun:latest
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=surfshark
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=${WIREGUARD_KEY}
      - WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESSES}
      - SERVER_COUNTRIES=Slovenia
    networks:
      - mynetwork
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 9696:9696
    restart: "unless-stopped"

  prowlarr:
    container_name: prowlarr
    image: lscr.io/linuxserver/prowlarr:latest
    depends_on:
      - vpn
    network_mode: service:vpn
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TZ}
    volumes:
      - prowlar_config:/config
    restart: unless-stopped

  radarr:
    container_name: radarr
    image: lscr.io/linuxserver/radarr:latest
    networks:
      mynetwork:
        ipv4_address: 172.18.0.22
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TZ}
    ports:
      - 7878:7878
    volumes:
      - radarr_config:/config
      - torrent_volume:/downloads:z
    restart: "unless-stopped"

volumes:
  prowlar_config:
  radarr_config:
  torrent_volume:

networks:
  mynetwork:
    external: true

• Now inside prowlarr we can access radarr with that static ip:

• you can now use this workaround for all other services that are not part of the vpn stack

[navilg]

Added the feature to enable static IP for radarr and sonnar. Since prowlarr is accessing the radarr and sonarr through VPN network, It won't be able to access them with service name or localhost.

d044f5dba1e5eb7bd57cb4fe6579fffb0b626c17

[jpmckearin]

I am not sure if this is advised, but I found that if you add a custom bridge network with the subnet/gateway ip specified and add that network to the gluetun service then you can set the Radaar Server config to http://${NET_GATEWAY}:${RADAAR_PORT} in the config for Prowlarr. This seems to remove the need to set a static ip for the Radaar server (as evidenced by the screenshot below showing the test succeeded). NOTE: I am not using the traefik/nginx external network. I am working towards that "the hard way" so will report back here if/when I get around to it.

.env

NET_GATEWAY="172.29.0.1"
NET_SUBNET="172.29.0.0/24"
RADAAR_PORT=7878
PROWLARR_PORT=9696

docker-compose.yml

networks:
  servarr:
    ipam:
      driver: default
      config:
        - subnet: ${NET_SUBNET}
          gateway: ${NET_GATEWAY}
services:
  gluetun:
    # collapsed configs...
    ports:
      # collapsed configs...
      - ${PROWLARR_PORT}:9696 # prowlarr
    networks:
      - servarr
  prowlarr:
    # collapsed configs...
    network_mode: "service:gluetun"
    depends_on:
      - gluetun
  radarr:
    # collapsed configs...
    ports:
      - ${RADAAR_PORT}:7878
    networks:
      - servarr