Hansel

Anyone managed to get this going? Been fiddling around and it's to do with the SCGI ports, but I can't quite work it out. Flood seems to want an rtorrent.sock file but that doesn't appear to exist...

Hi all, I have this up and running in Docker in Ubuntu. Everything seems fine, the VPN is working, Flood is working if I enable that and rutorrent is working otherwise. If I have rutorrent enabled on 9080 I can add it as a Download Client in Sonarr and all is fine. However, I really want to use Flood and I'm not sure how to get Sonarr/Radarr to connect in that case... just hoping someone can help me out? Thanks!

I've created a topic here in case you want to chime in at any point: https://forum.synology.com/enu/viewtopic.php?f=258&t=129572&p=477157#p477157

Its weird as that Unifi container I posted above does work with the apparmor command, so I'm not too sure what the difference is

Hi, To be honest I probably wouldn't worry about it for now, as even if you fix that error you'll still be stuck with the error I'm currently running into with apparmor. Not sure it's possible to get this one running unless someone smarter than us comes along and sorts it out You might have to use the Deluge one instead, which does work but I really want Flood running as it doesn't look like a Windows 3.1 app like Deluge and stock rtorrent

Thanks binhex. Had a crack using this as a template: https://medium.com/@ctindel/running-unifi-video-controller-in-docker-on-synology-ab8c09f7ff97#.sxozu9hne But it still doesn't seem to want to work. I tried two different docker run commands: 1. docker run --restart always --name binhex-arch-rtorrentvpn2 -h binhex-arch-rtorrentvpn2 -p 3000:3000 -p 49160:49160 -p 49170:49170 -p 35000:5000 -p 38118:8118 -p 39080:9080 -p 39443:9443 -d -v /volume1/docker/rtorrentvpn:/config -v /volume1/docker/rtorrentvpn/data:/data -e PHP_TZ=Australia/Melbourne -e VPN_REMOTE=nl.privateinternetaccess.com -e VPN_PORT=1198 -e DEBUG=true -e NAME_SERVERS=8.8.8.8,8.8.4.4 -e LAN_NETWORK=192.168.1.0/24 -e ENABLE_FLOOD=no -e ENABLE_PRIVOXY=no -e STRONG_CERTS=no -e VPN_PROV=pia -e VPN_DEVICE_TYPE=tun -e VPN_PROTOCOL=udp -e VPN_PASS=xxx -e VPN_USER=xxx -e VPN_ENABLED=yes -e PGID=0 -e PUID=0 --cap-add=SYS_ADMIN --cap-add=DAC_READ_SEARCH --cap-add=NET_BIND_SERVICE --cap-add=SYS_PTRACE --cap-add=SETUID --cap-add=SETGID --security-opt apparmor:unconfined binhex/arch-rtorrentvpn:latest This just gave a bunch of errors that seemed like it didn't have the right permissions (iptables modules out of date etc) 2. docker run --restart always --name binhex-arch-rtorrentvpn2 -h binhex-arch-rtorrentvpn2 -p 3000:3000 -p 49160:49160 -p 49170:49170 -p 35000:5000 -p 38118:8118 -p 39080:9080 -p 39443:9443 -d -v /volume1/docker/rtorrentvpn:/config -v /volume1/docker/rtorrentvpn/data:/data -e PHP_TZ=Australia/Melbourne -e VPN_REMOTE=nl.privateinternetaccess.com -e VPN_PORT=1198 -e DEBUG=true -e NAME_SERVERS=8.8.8.8,8.8.4.4 -e LAN_NETWORK=192.168.1.0/24 -e ENABLE_FLOOD=no -e ENABLE_PRIVOXY=no -e STRONG_CERTS=no -e VPN_PROV=pia -e VPN_DEVICE_TYPE=tun -e VPN_PROTOCOL=udp -e VPN_PASS=xxx -e VPN_USER=xxx -e VPN_ENABLED=yes -e PGID=0 -e PUID=0 --privileged=true --security-opt apparmor:unconfined binhex/arch-rtorrentvpn:latest This just gives the original error (nginx). Not sure if there's a combo of those I can try, or other --cap-add options I need in the first one to give it full permissions? EDIT: I also tried it with --cap-add=ALL which, as far as I'm aware, should just give it access to pretty much everything, but that still gave me the nginx error. Perhaps it's --security-opt apparmor:unconfined that isn't working.

Ok, definitely do it through the GUI. For localtime just use PHP_TZ as the variable and then UTC as the value. Also enable the "Execute Container using High Privilege" option in the container GUI. Your LAN should be your local lan. Try 192.168.1.0/24 (assuming your LAN goes from 192.168.1.1 to 192.168.1.254). Once you've set that up, then follow the instructions to set up a scheduled task on the synology as described in that post above, that's what I did. Reboot after you've set it up then give it a try.

Are you on a Synology? If so don't use the command line, use the GUI. Also are you sure 172.17.0.0/16 is your internal lan? Also it's possible your VPN isn't supported, I've no idea though to be honest.

Is it expected to see this over and over (could just be as I have debug on)?

That actually worked for me, but I'm getting one more error that I'm not sure how to solve for. For reference, this doesn't happen on the Deluge container which works perfectly. Anyone know how I can solve for this: /usr/bin/nginx: error while loading shared libraries: libdl.so.2: cannot open shared object file: Permission denied If I disable apparmor it does work, so I guess I need to edit a profile maybe? Any help appreciated. Here's the revelant log section:

Just for reference, Deluge appears to be fine so it's rtorrent specific. I'll post over there.

Ah crap. I am, but I use both so I just follow the support and forget where I am Let me see if Deluge works, that'll narrow it down a bit.

Here's the revelant log section:

Hmm. It just shows up in the Log of the container (and the supervisor.log file). Everything will "boot" up, establish a VPN connection etc, then right at the end it'll give this error and crash out (I assume).

Anyone know how I can solve for this: /usr/bin/nginx: error while loading shared libraries: libdl.so.2: cannot open shared object file: Permission denied If I disable apparmor it does work, so I guess I need to edit a profile maybe? Any help appreciated

@BakedPizza That's great, thanks a lot for that. My only issue now is that apparmor seems to be blocking something to do with nginx. /usr/bin/nginx: error while loading shared libraries: libdl.so.2: cannot open shared object file: Permission denied I did disable apparmor temporarily and it worked, so If I can fix that I'm good to go!

ok so a bit of googling on your issue points to some sort of iptables issue on the synology host, other than a reboot to see if this re-enables the missing iptables on the host im not sure where to go with this, there is a ton of stuff you could dig into but it would eat hours. you could try updating your kernel (if possible), upgraing the version of docker your running, or contacting synology themselves and see if they can talk you through getting iptables working correctly for you. sorry i cant be much more help but ive kinda come to the end of what i can guide you through from a container standpoint, im pretty confident the issue is on the host side so my advise is to look at that. No I definitely agree it's not a problem at your end. I'm just wondering if I can manually edit the rt_tables file that your script is trying to add to, and just put in the details myself. If I do that will the settings stick or does it need to be done more than once? If I can do that, could you let me know what variables it wants in that file?

Binhex, no idea how to get this working, so what if I were to manually add the details to the rt_tables file instead? Would it stick? If so, what details do I actually need to add in there?

Mmm, don't think I can recreate the run command unfortunately. Happy to supply or try anything else you can think of though.

Here's docker inspect in case that helps, while I try and work out how to get the run command. root@DiskStation:~# docker inspect --format "$(<run.tpl)" binhex-arch-rtorrentvpn1 -ash: run.tpl: No such file or directory [ { "Id": "261c9565158cd238f1a08441057b1052c27a0af93964cd5515d795b892f9453a", "Created": "2017-02-14T11:53:31.089513847Z", "Path": "/usr/bin/tini", "Args": [ "--", "/bin/bash", "/root/init.sh" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 17458, "ExitCode": 0, "Error": "", "StartedAt": "2017-02-15T21:58:05.482311855Z", "FinishedAt": "2017-02-15T06:07:47.05098826Z" }, "Image": "sha256:26154f6c835150bc8fc3024ed9044906c52bd7edca588834c1b226f1f2b98c29", "ResolvConfPath": "/volume1/@docker/containers/261c9565158cd238f1a08441057b1052c27a0af93964cd5515d795b892f9453a/resolv.conf", "HostnamePath": "/volume1/@docker/containers/261c9565158cd238f1a08441057b1052c27a0af93964cd5515d795b892f9453a/hostname", "HostsPath": "/volume1/@docker/containers/261c9565158cd238f1a08441057b1052c27a0af93964cd5515d795b892f9453a/hosts", "LogPath": "/volume1/@docker/containers/261c9565158cd238f1a08441057b1052c27a0af93964cd5515d795b892f9453a/log.db", "Name": "/binhex-arch-rtorrentvpn1", "RestartCount": 0, "Driver": "aufs", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": [ "/volume1/docker/rtorrentvpn/data:/data:rw", "/volume1/docker/rtorrentvpn:/config:rw" ], "ContainerIDFile": "", "LogConfig": { "Type": "db", "Config": {} }, "NetworkMode": "bridge", "PortBindings": { "3000/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "3000" } ], "49160/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "49160" } ], "49170/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "49170" } ], "5000/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "35000" } ], "8118/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "38118" } ], "9080/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "39080" } ], "9443/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "39443" } ] }, "RestartPolicy": { "Name": "always", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": true, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "StorageOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Env": [ "VPN_REMOTE=nl.privateinternetaccess.com", "VPN_PORT=1198", "PUID=0", "PGID=0", "DEBUG=true", "NAME_SERVERS=8.8.8.8,8.8.4.4", "LAN_NETWORK=192.168.1.0/24", "ENABLE_FLOOD=no", "ENABLE_PRIVOXY=no", "STRONG_CERTS=no", "VPN_PROV=pia", "VPN_DEVICE_TYPE=tun", "VPN_PROTOCOL=udp", "VPN_PASS=xx", "VPN_USER=xx", "VPN_ENABLED=yes", "PHP_TZ=Australia/Melbourne" ], "Override": true, "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 50, "Memory": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": null, "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": -1, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "BlkioIOps": 0, "BlkioBps": 0, "SandboxSize": 0 }, "GraphDriver": { "Name": "aufs", "Data": null }, "SynoUpTime": 1487195885, "SynoFinishTime": -1, "SynoStatus": "running", "Mounts": [ { "Source": "/volume1/docker/rtorrentvpn/data", "Destination": "/data", "Mode": "rw", "RW": true, "Propagation": "rprivate" }, { "Source": "/volume1/docker/rtorrentvpn", "Destination": "/config", "Mode": "rw", "RW": true, "Propagation": "rprivate" } ], "Config": { "Hostname": "binhex-arch-rtorrentvpn1", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "3000/tcp": {}, "49160/tcp": {}, "49170/tcp": {}, "5000/tcp": {}, "8118/tcp": {}, "9080/tcp": {}, "9443/tcp": {} }, "Tty": true, "OpenStdin": true, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "HOME=/home/nobody", "TERM=xterm", "LANG=en_GB.UTF-8", "VPN_PORT=1198", "PUID=0", "PGID=0", "DEBUG=true", "NAME_SERVERS=8.8.8.8,8.8.4.4", "LAN_NETWORK=192.168.1.0/24", "ENABLE_FLOOD=no", "ENABLE_PRIVOXY=no", "STRONG_CERTS=no", "VPN_PROV=pia", "VPN_DEVICE_TYPE=tun", "VPN_PROTOCOL=udp", "VPN_PASS=xx", "VPN_USER=xx", "VPN_ENABLED=yes", "PHP_TZ=Australia/Melbourne", "VPN_REMOTE=nl.privateinternetaccess.com" ], "Cmd": [ "/bin/bash", "/root/init.sh" ], "Image": "binhex/arch-rtorrentvpn:latest", "Volumes": { "/config": {}, "/data": {} }, "WorkingDir": "", "Entrypoint": [ "/usr/bin/tini", "--" ], "OnBuild": null, "Labels": {}, "DDSM": false }, "NetworkSettings": { "Bridge": "", "SandboxID": "4bebf222a05ffda4bab389b3074df75d4edb74bb356e5b93d83c02bb27b158c0", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "3000/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "3000" } ], "49160/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "49160" } ], "49170/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "49170" } ], "5000/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "35000" } ], "8118/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "38118" } ], "9080/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "39080" } ], "9443/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "39443" } ] }, "SandboxKey": "/var/run/docker/netns/4bebf222a05f", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "e152cc8b432f67585345c7ed3e37a85e4e3c5c3b927a50b2cc412ccbd222d855", "Gateway": "172.17.0.1", "GlobalIPv6Address": "fe80::242:ac11:7", "GlobalIPv6PrefixLen": 64, "IPAddress": "172.17.0.7", "IPPrefixLen": 16, "IPv6Gateway": "fe80::1", "MacAddress": "02:42:ac:11:00:07", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "17954bdbefc4463df1ea1848c6bce7126cdccd9b9b60535dc95bdaaaa6f33e52", "EndpointID": "e152cc8b432f67585345c7ed3e37a85e4e3c5c3b927a50b2cc412ccbd222d855", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.7", "IPPrefixLen": 16, "IPv6Gateway": "fe80::1", "GlobalIPv6Address": "fe80::242:ac11:7", "GlobalIPv6PrefixLen": 64, "MacAddress": "02:42:ac:11:00:07" } } } } ]

Ok, well let me disable that for a sec and see if the container runs properly One sec! No change unfortunately I've renabled it for now but will try and work out how to check the logs to see if there's anything interesting in there.

Ok, well let me disable that for a sec and see if the container runs properly One sec!

I have yep. I'm just trying to use this (https://gist.github.com/efrecon/8ce9c75d518b6eb863f667442d7bc679#file-run-tpl-L2) to reverse engineer the run command

can you send me your docker run command, minus username and password It's actually all handled in the GUI on the synology, but let me see if I can find out what it's doing

I've been googling frantically for the past day or so, and at the moment I'm ssh'd into the Synology running some commands. Not sure if any of this is useful: admin@Disktation:~$ ip rule ls 0: from all lookup local 2: from all lookup static-table 3: from 192.168.1.7 lookup eth0-table 32766: from all lookup main 32767: from all lookup default admin@Disktation:~$ ip route ls table eth0-table 192.168.1.0/24 via 192.168.1.7 dev eth0