[DOCKER] Transmission with PIA VPN and killswitch.

[pyrater]

I take no credit for this, i merely stumbled upon it and though the community would benefit from this docker container.

 

https://github.com/firecat53/dockerfiles/tree/master/transmission'>https://github.com/firecat53/dockerfiles/tree/master/transmission

 

"This is a Dockerfile to set up transmission-daemon with an OpenVPN client attached through PrivateInternetAccess.com and managed with pia_transmission_monitor. You need to have a network bridge (br0) already setup on the host, because pipework is used to establish the connection so the container can have it's own IP address on the network. This also avoids any port forwarding/open port issues."

 

 

Also

 

"Dockerfiles: btsync, couchpotato, crashplan, lazy librarian, plex, sabnzbd, sickbeard, syncthing,sickbeard, and transmission. Ansible playbook for configuring nginx in Docker."

 

@ https://github.com/firecat53/dockerfiles

[johnodon]

Oh my...exactly what I need!  Thx for posting!

 

John

[cirkator]

If you get it to run can you please show us the necessary steps. Thanks

[xclorist]

Anyone had any luck with this? I'm not sure where to get started manually installing a docker from outside the management ui in unraid, also pipework seems complex, anyone able to help with a build of this docker for unraid, this would be very useful

 

Thanks

[gtroyp]

I'm following this, as it —potentially—exactly what I want. The first time I have any time free I will take a look at what I can figure out and post.

 

If anyone else is working on this, post what does and doesn't work please so that we can learn from each other's efforts.

[armandocerna]

I got it working. 

 

The pipework piece is fairly simple first grab a copy of pipe work from https://github.com/jpetazzo/pipework

 

Once you start the docker transmission container it is waiting for pipework to run.  I just ran it from an ssh session.  Here is the syntax I used:

 

pipework br0 transmission 192.168.0.50/[email protected]

 

Assuming br0 is your bridged interface you can check with an ifconfig.  The IP 192.168.0.50 is the address I am assigning the transmission instance, followed by the subnet mask of my network and finally the default gateway on my network.  Once you run pipework the docker container will establish the vpn connection.  Assuming you followed his steps to get your PIA vpn credentials into the correct directory before running the docker build command. 

[armandocerna]

I had to modify his instructions a bit too after the docker build his docker run command wasn't working for me I ended up doing something like this, and since I have used the docker ui mostly I don't have a seperate containers just for volumes mount points I just define them directly in the docker run command. l used something like this, you will need to change the paths.

 

docker run -d --cap-add=NET_ADMIN --net=none --volumes-from transmission_config -v /mnt/cache/.incomplete:/incomplete -v /mnt/user/downloads/complete:/complete --name transmission transmission

 

Once you run that you can start and stop the container you just need to run pipework manually.  I think you could add it into your go file with something like

 

sleep 120; /boot/config/pipework

[bmfrosty]

This is what I'm using a Xen container for right now.  When I have some time I'll have to set it up and try and convert over.  Would be damn nice.

[bmfrosty]

What I'd really like to see is this in the templates.  Would be really damn nice.

[dinoaus]

Are there any instruction on what needs to be done to setup this docker? Followed what I could find. Not sure that its working.

[smdion]

Are there any instruction on what needs to be done to setup this docker? Followed what I could find. Not sure that its working.

 

Sadly you need to edit conf files before you build the docker, no way to put this into one of the repos without re-working the Dockerfile (I may take a stab at it later)

[spants]

I have managed to get this working and these are my quick notes.

 

download zip from https://github.com/firecat53/dockerfiles and extract Transmission directory

 

rename private_example directory to example

edit example/pia.cred to add username and password

 

create a pia_client_id by using the following command:

head -n 100 /dev/urandom | md5sum | tr -d " -"

 

edit config.ini

change username and password for transmission

 

edit Dockerfile (optional)

change the following to use fusion as a base docker:

FROM ubuntu:trusty

to

FROM phusion/baseimage:0.9.11

 

 

BUILDING the docker:

 

Type:

docker build -rm -t transmission .

 

when done:

docker run -d --cap-add=NET_ADMIN --net=none -v /mnt/disk9/docker/appdata/transmission:/config:rw  -v /mnt/user/downloads/torrents/incomplete:/incomplete:rw -v /mnt/user/downloads/torrents:/complete:rw --name transmission_run transmission

This differs to the commands the author gave as I wanted to link to my appdata and torrent directories on the unraid server rather than a volume.

 

It wont work until you setup pipework:

Unzip pipework to /boot/config and chmod +X to make it an executable

 

then use

/boot/config/pipework br0 transmission_run 192.168.1.39/[email protected]

 

*** I had permission problems with the config files. If it doesnt work (it actually takes a while -1min- to load because the vpn has to be set up, then stop the docker and do a newperms on the data directory (mine is /mnt/disk9/docker/appdata/transmission). Restart docker and pipework ***

 

You can set the docker to autostart and also add this to your GO file:

sleep 120; /boot/config/pipework br0 transmission_run 192.168.1.39/[email protected]

 

(I set the docker to 192.168.1.39 and my gateway is 192.168.1.1 = yours will be different)

 

Let me know how you get on

[dinoaus]

Thanks for that. Will try it out tonight.

 

Do you know how the container directory are mapped. I want to add a directory that transmission watch's for torrent files. I know how to change the setting for transmission, but not sure how to map the directory for the container.

[dinoaus]

Followed your instructions. Getting the following in the log file.

 

Daily restart of VPN at 2014-11-22 10:32:51.554755

Stopped transmission-daemon --config-dir /config/transmission --logfile /config/transmission/transmission.log at 2014-11-22 10:32:51.557544

Stopped openvpn --writepid /var/run/openvpn.pia_ca_north.pid --daemon ovpn-pia_ca_north --status /var/run/openvpn.pia_ca_north.status 10 --cd /config/openvpn --config /config/openvpn/pia_ca_north.conf at 2014-11-22 10:32:56.569062

Started openvpn --writepid /var/run/openvpn.pia_ca_north.pid --daemon ovpn-pia_ca_north --status /var/run/openvpn.pia_ca_north.status 10 --cd /config/openvpn --config /config/openvpn/pia_ca_north.conf at 2014-11-22 10:33:01.582384

IP for tun0 not available at 2014-11-22 10:33:31.629833

IP for tun0 not available at 2014-11-22 10:33:36.640330

IP for tun0 not available at 2014-11-22 10:33:41.653783

IP for tun0 not available at 2014-11-22 10:33:46.667251

IP for tun0 not available at 2014-11-22 10:33:51.678774

.....

.....

Device "tun0" does not exist.

[spants]

sounds like openvpn not starting...

 

if you used the appdata directory as per my version, stop the docker and look at the files in openvpn directory.

pia_client_id should be 32 chars generated earlier

 

pia.cred should have username and password on separate lines

 

You should also have pia.crt and pia_ca_north.conf in there as well.

 

You can just restart the docker to use changes. Also try a newperms on the appdata directory for this app...

[dinoaus]

Still no luck. Managed to redirect the log for openvpn.

 

Looks like the container cannot resolve the DNS address for the private internet access server.

 

Get the following in the log:;

 

Sun Nov 23 03:38:25 2014 us=885549 RESOLVE: Cannot resolve host address: ca.priv

ateinternetaccess.com: Temporary failure in name resolution

 

[dinoaus]

Ok. Got it running. What do I need to change to it to watch for torrent file in a directory?

[cirkator]

Please tell us what you did in order to get it running. Might be useful for others

[spants]

to set a watch (blackhole) directory:

 

1) stop the docker container

2) set the perms of the transmission directory (use newperms: I think there is a way of running transmission as user:nobody but I havent got that working)

3) edit settings.json and add near the end of the file:

 

"watch-dir": "/complete/blackhole",

"watch-dir-enabled": true

 

**** make sure that you add a comma to the previous end of line if there isn't one there! ****

 

4) Create a blackhole in the complete folder

5) restart docker container

6) run the pipework command again...

 

If you wanted a completely different directory not related to complete or incomplete, do the following:

 

add this to the docker run commandline: (for example) =    -v /mnt/disk9/blackhole:/blackhole:rw

 

docker run -d --cap-add=NET_ADMIN --net=none -v /mnt/disk9/docker/appdata/transmission:/config:rw  -v /mnt/user/downloads/torrents/incomplete:/incomplete:rw -v /mnt/user/downloads/torrents:/complete:rw -v /mnt/disk9/blackhole:/blackhole:rw --name transmission_run transmission

 

 

and then use /blackhole as the watch directory in the settings file.

 

Hope that helps!

 

[bmfrosty]

I don't understand the templating, but I get the feeling that this could be templated - at least partially.

 

I think it would involve having a initial install/run with an intermediate instruction to edit specific files.  I wonder if there would be a way to open up file editing to the unraid gui - it would have to cover PIA and Transmission configs.

 

Is there any good documentation on building templates?

[smdion]

I don't understand the templating, but I get the feeling that this could be templated - at least partially.

 

I think it would involve having a initial install/run with an intermediate instruction to edit specific files.  I wonder if there would be a way to open up file editing to the unraid gui - it would have to cover PIA and Transmission configs.

 

Is there any good documentation on building templates?

 

I can see if there is a way to have needed files be exposed on the host and editable...  I don't have a PIA account and don't use torrents so would need some people to test for me

 

As far as documentation... I learned by looking thru needo's GITHUB and dockerfiles... haha

[Berg]

Quick question: Does this approach allow multiple dockerized apps to use the VPN connection?

 

I was going to create the VPN tunnel on my router but this might be better by transferring the load to the server instead.

[Camm]

I know some will deride this, but one of my favourite packers (who uses arch as a base) just released this in the last few days.

 

https://registry.hub.docker.com/u/binhex/arch-delugevpn/

 

Haven't had a chance to have a look yet, but could be interesting. Considering he packages very well, could be a nice solution.

[CHBMB]

I know some will deride this, but one of my favourite packers (who uses arch as a base) just released this in the last few days.

 

https://registry.hub.docker.com/u/binhex/arch-delugevpn/

 

Haven't had a chance to have a look yet, but could be interesting. Considering he packages very well, could be a nice solution.

 

I quite like deluge, I might give it a go, only rarely use torrents though.

 

Thanks for this and to the OP for transmission, good to have options.

 

[johannvonperfect]

I know some will deride this, but one of my favourite packers (who uses arch as a base) just released this in the last few days.

 

https://registry.hub.docker.com/u/binhex/arch-delugevpn/

 

Haven't had a chance to have a look yet, but could be interesting. Considering he packages very well, could be a nice solution.

 

It looks like binhex deleted the container you saw some time today.

 

Count me among those interested in this container. It would be a great way to safely isolate Transmission form the rest of the system.