[Support] binhex - DelugeVPN


Recommended Posts

Hi,

 

I dont use unraid  but i wanted to try this container out on my dedicated server. since i connect to this machine via the external ip, for LAN_NETWORK and NAME_SERVERS what do i put? This is my first time trying to set this up. Also i have a vpn that comes with my usenetserver account so i would be using custom i guess as config.

Is there some sort of guide or example i can base myself on? i tried to search the topic but 118 pages and random keyword search isnt working out as i would hope.

 

Thanks :)

 

Edit: i think my issues is the same as

 

Edit 2 so i tried it out ...not sure it worked since i cant get to webui (log says that as well) https://paste.ee/p/hwAgE

Edited by saitoh183
Link to comment

Ok so i have it up and running

 

2018-02-23 00:36:59,526 DEBG 'deluge-script' stdout output:
[debug] VPN incoming port is 
[debug] VPN IP is 10.X.10.X
[debug] Deluge incoming port is 
[debug] Deluge IP is 10.X.10.X

So how do i connect to webui and use my thin client from my home pc  (this is a remote dedicated server)

Edited by saitoh183
Link to comment
4 hours ago, wgstarks said:

How do you access the remote server now to install dockers?

 

Via WAN IP (which is point to a subdomain). So either open a ssh to the machine and run

 

docker run -d \
    --cap-add=NET_ADMIN \
    -p 8112:8112 \
    -p 8118:8118 \
    -p 58846:58846 \
    -p 58946:58946 \
    --name=deluge \
    -v deluge_config:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=yes \
    -e VPN_USER=<user> \
    -e VPN_PASS=<pass> \
    -e VPN_PROV=custom \
    -e STRICT_PORT_FORWARD=no \
    -e ENABLE_PRIVOXY=no \
    -e LAN_NETWORK=<lan ipv4 network>/<cidr notation> \
    -e NAME_SERVERS=<name server ip(s)> \
    -e DEBUG=<true|false> \
    -e UMASK=<umask for created files> \
    -e PUID=1001 \
    -e PGID=1001 \
    binhex/arch-delugevpn

or via portainer.

 

As i said i have it up and running now but i just dont know how i am suppose to connect to it since its on 10.x.x.x and i tried sub.domain.com:8112.

 



 

 

supervisord.log

Edited by saitoh183
Link to comment

You'll either have to

1: Forward 8112 on the remote router, then you can connect to sub.domain.com:8112 but so will everybody else so that's not really secure

2: Install a docker like openvpn , setup that so you can connect to the whole remote network securely (best option) You will then access deluge via the 10.x.x.x IP

3. setup a reverse proxy with maybe the let's encrypt docker so you get a ssl certificate on your domain, and setup password authentication with htpasswd. You then access deluge via sub.domain.com/deluge or just sub.domain.com your choice. This can be setup for most dockers (second best option) 

 

All of them require forwarding ports on the remote router.  

Link to comment
59 minutes ago, strike said:

You'll either have to

1: Forward 8112 on the remote router, then you can connect to sub.domain.com:8112 but so will everybody else so that's not really secure

2: Install a docker like openvpn , setup that so you can connect to the whole remote network securely (best option) You will then access deluge via the 10.x.x.x IP

3. setup a reverse proxy with maybe the let's encrypt docker so you get a ssl certificate on your domain, and setup password authentication with htpasswd. You then access deluge via sub.domain.com/deluge or just sub.domain.com your choice. This can be setup for most dockers (second best option) 

 

All of them require forwarding ports on the remote router.  

@strike

1 isnt possible

Well i use jwilder/nginx-proxy + the LE companion. I dont know if it is possible with this to achieve point 3. I would like to be able to use my subdomain and i figure it would be the only way to get my thin client to work?

Doing point 2 seems like the best solution but i do install OpenVPN-AS on the remote machine instead of delugeVPN or im installing so i can access delugevpn from my browser?

50 minutes ago, wgstarks said:

Depending on what type remote router you are using you may also be able to install OpenVPN directly on to it to access the remote network securely.

 

I agree with @strike though. The OpenVPN-AS docker might be the best and easiest solution.

@wgstarks
Remote router?  This box is hosted at wholesaleinternet so i dont know

Edited by saitoh183
Link to comment

 

35 minutes ago, saitoh183 said:

Well i use jwilder/nginx-proxy + the LE companion. I dont know if it is possible with this to achieve point 3

 

Should work (if you use this already on the remote server then you must have ports forwarded or else it wouldn't work. You at least need port 443 forwarded to get this to work) 

 

35 minutes ago, saitoh183 said:

I would like to be able to use my subdomain and i figure it would be the only way to get my thin client to work?

 

Yeah, if you can't install a openvpn client on the thin client then this is your best option

 

35 minutes ago, saitoh183 said:

Doing point 2 seems like the best solution but i do install OpenVPN-AS on the remote machine instead of delugeVPN or im installing so i can access delugevpn from my browser?

 

Yes, you would install a OpenVPN-AS server on the remote machine and then use any openvpn client to connect securely to the server. This is not instead of delugevpn, it's just so you can access the remote network securely and be able to access delugevpn from your browser. But if you cant install a openvpn client on your thin client, then this won't work. (If so then the reverse proxy is your best bet) I don't know what kind of access you have on that thin client. 

 

But as I said all options require port forwarding on the remote side so check this first.

Edited by strike
Link to comment

@strike

 

I think there is some confusion with the term thin client. I should have specified Deluge Thin client that is on my local machine at home. :)

 

3 minutes ago, strike said:

Should work (if you use this already on the remote server then you must have ports forwarded or else it wouldn't work. You at least need port 443 forwarded to get this to work) 

 

For sure if i could setup a Reverse proxy using jwilder/nginx-proxy + the LE companion, this would be my preferred solution but i dont know what i need to configure to get it to work with this nginx container. since deluge is on 10.x.x.x, i dont know how it would work since this works with vhost and i just create an A record pointing the server ip to a new url (ie: radarr.saitoh183.com).

 

I have root access on the machine.

 

I was able to install openvpn-as and get to the configuration page but i dont know what i need to do next. But if i understand correctly, this will allow me to create a secure connection between me and my home pc which at that point i could get to deluge from my home pc. this could work also but if i could avoid having to do that, i would use this as last resort.

 

Let me break down my setup, maybe that will help get a clearer picture.

 

- Machine is hosted at wholesaleinternet

- Its a Dedicated server so i have full root  with a wan IP so i can SSH to machine.

- i setup a subdomain pointing to that ip (wsi.saitoh183.com)

- I installed on that machine Docker and i run delugeVPN + other apps

- for Reverse proxy im using jwilder/nginx-proxy

- Ideally i would like to access deluge webui via https://deluge.saitoh183.com or https://wsi.saitoh183.com/deluge but most important is to be able to connect to it via the deluge thin client over port 58846

 

Im sure im not the first person to have this type of setup. Im sure people that dont have unraid still use this deluge container

 

Link to comment
41 minutes ago, saitoh183 said:

I think there is some confusion with the term thin client. I should have specified Deluge Thin client that is on my local machine at home. :)

Ah I see.. :) Then I believe you have to forward port 58846 I think you also need the iptable-mangle-something module loaded on the host  (see the delugevpn faq, there will be a message in the log if this is not loaded) Without that you can't connect remotely.

 

41 minutes ago, saitoh183 said:

For sure if i could setup a Reverse proxy using jwilder/nginx-proxy + the LE companion, this would be my preferred solution but i dont know what i need to configure to get it to work with this nginx container. since deluge is on 10.x.x.x, i dont know how it would work since this works with vhost and i just create an A record pointing the server ip to a new url (ie: radarr.saitoh183.com).

 

 

 

You mention radarr (radarr.saitoh183.com), are you running that as a docker too? If so just do what you did with radarr, looks like you did exactly what I mean. It's the same thing

 

You also mention the IP 10.x.x.x  is this your machine's IP or are you referring to the docker network? I have never tried docker outside unraid but I believe you don't access the docker with the dockerIP:8112 but the "local machine IP":8112 locally that is. 

 

41 minutes ago, saitoh183 said:

I was able to install openvpn-as and get to the configuration page but i dont know what i need to do next. But if i understand correctly, this will allow me to create a secure connection between me and my home pc which at that point i could get to deluge from my home pc.

 

Between your home pc and the remote server yeah. 

Edited by strike
Link to comment
55 minutes ago, saitoh183 said:

I was able to install openvpn-as and get to the configuration page but i dont know what i need to do next.

The setting up instructions on the docker hub page may help with this.

 

There is also a YouTube video that I think is up to date.

 

Edit: You may also find more people with a setup similar to yours by posting in the Deluge forum. Might find another alternative that works better for you.

Edited by wgstarks
Link to comment

@strike

 

2 hours ago, strike said:

Then I believe you have to forward port 58846 I think you also need the iptable-mangle-something module loaded on the host  (see the delugevpn faq, there will be a message in the log if this is not loaded) Without that you can't connect remotely.

 

it needs to be installed on host? The FAQ is for unraid but how would i apply this on a normal server machine?

 

Edit: does this mean it is there?

 

root@ubuntu:/home/saitoh183# lsmod
Module                  Size  Used by
iptable_mangle         16384  1

 

 

2 hours ago, strike said:

You also mention the IP 10.x.x.x  is this your machine's IP or are you referring to the docker network? I have never tried docker outside unraid but I believe you don't access the docker with the dockerIP:8112 but the "local machine IP":8112 locally that is.

 

no this is the delugevpn from the supervisord.log

 

2018-02-23 12:25:49,246 DEBG 'deluge-script' stdout output:
[debug] VPN incoming port is 
[debug] VPN IP is 10.x.10.x
[debug] Deluge incoming port is 
[debug] Deluge IP is 10.x.10.x

the docker network is on 172.17.0.0/16

 

2 hours ago, strike said:

You mention radarr (radarr.saitoh183.com), are you running that as a docker too? If so just do what you did with radarr, looks like you did exactly what I mean. It's the same thing

 

I dont know if you looked at how we enable RP+LE with the jwilder container but basically all i have to do is add env to the container i want to deploy and the nginx-proxy container does the rest. but the rp is for my server ip which is 63.x.x.x (wan) and not for 10.x.x.x which the deluge is running on

 

so for radarr

 

docker create \
  --name=radarr \
    -v <path to data>:/config \
    -v <path to data>:/downloads \
    -v <path to data>:/movies \
    -v /etc/localtime:/etc/localtime:ro \
    -e TZ=<timezone> \
    -e VIRTUAL_HOST=radarr.saitoh183.com  \ <--env for jwilder/nginx -->
    -e VIRTUAL_PORT= 7878  \ <--env for jwilder/nginx -->
    -e LETSENCRYPT_HOST=radarr.saitoh183.com  \ <--env for jwilder/nginx -->
    -e LETSENCRYPT_EMAIL=<email>  \  <--env for jwilder/nginx -->
    -p 7878:7878 \
  linuxserver/radarr

and the jwilder nginx generates:

 

# radarr.saitoh183.com
upstream radarr.saitoh183.com {
				## Can be connect with "bridge" network
			# radarr
			server 172.17.0.7:7878;
}
server {
	server_name radarr.saitoh183.com;
	listen 80 ;
	access_log /var/log/nginx/access.log vhost;
	return 301 https://$host$request_uri;
}
server {
	server_name radarr.saitoh183.com;
	listen 443 ssl http2 ;
	access_log /var/log/nginx/access.log vhost;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
	ssl_prefer_server_ciphers on;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_certificate /etc/nginx/certs/radarr.saitoh183.com.crt;
	ssl_certificate_key /etc/nginx/certs/radarr.saitoh183.com.key;
	ssl_dhparam /etc/nginx/certs/radarr.saitoh183.com.dhparam.pem;
	add_header Strict-Transport-Security "max-age=31536000";
	include /etc/nginx/vhost.d/default;
	location / {
		proxy_pass http://radarr.saitoh183.com;
	}
}

 

2 hours ago, wgstarks said:

There is also a YouTube video that I think is up to date.

 

@wgstarks

Thanks i will have a look

 

@binhex

 

Maybe you have a solution ?

 

also here is my supervisord log again

supervisord.log

Edited by saitoh183
iptable
Link to comment
1 hour ago, saitoh183 said:

it needs to be installed on host? The FAQ is for unraid but how would i apply this on a normal server machine?

 

Check the log, I think it's in the faq too IIRC

 

018-02-23 00:35:21,376 DEBG 'start-script' stdout output:
[warn] Unable to load iptable_mangle module, you will not be able to connect to the applications Web UI or Privoxy outside of your LAN

2018-02-23 00:35:21,376 DEBG 'start-script' stdout output:
[info] unRAID/Ubuntu users: Please attempt to load the module by executing the following on your host: '/sbin/modprobe iptable_mangle'

I don't know what distro you're on so maybe the command could be different, google will probably help you then

 

1 hour ago, saitoh183 said:

[debug] Deluge IP is 10.x.10.x

 

is this the same ip listed under IPAddress (look at the bottom) if you run  

docker inspect <ContainerNameOrId>

 

Link to comment
6 minutes ago, strike said:

 

1 hour ago, saitoh183 said:

[debug] Deluge IP is 10.x.10.x

 

is this the same ip listed under IPAddress (look at the bottom) if you run  


docker inspect <ContainerNameOrId>

 see attachement

 

9 minutes ago, strike said:

I don't know what distro you're on so maybe the command could be different, google will probably help you then

 

Ubuntu 16.04

delugevpn

Link to comment

Then this is the delugevpn container IP not 10.x.x.x

 

"IPAddress": "172.17.0.3",

 

2 minutes ago, saitoh183 said:

Ubuntu 16.04

 

Then execute the command from the log in my last post, you probably have to stop the container, run the command and start the container. Check the log if the warning is gone

Link to comment

@strike

 

 

 

so i see this in log but i now get the webUI :)

2018-02-23 14:57:18,146 DEBG 'start-script' stderr output:
modprobe: FATAL: Module tun not found in directory /lib/modules/4.4.0-112-generic

2018-02-23 14:57:18,146 DEBG 'start-script' stdout output:
[warn] Unable to load tun kernel module using modprobe, trying insmod...

2018-02-23 14:57:18,148 DEBG 'start-script' stderr output:
insmod: ERROR: could not load module /lib/modules/tun.ko: No such file or directory

2018-02-23 14:57:18,148 DEBG 'start-script' stdout output:
[warn] Unable to load tun kernel module, assuming its dynamically loaded

but i still cant get the deluge thin client to connect

Edited by saitoh183
Link to comment

I've never seen that warning before so I don't have a clue if it's something to worry about or not.

 

7 minutes ago, saitoh183 said:

but i still cant get the deluge thin client to connect

 

Hmm.. and the port is forwarded? Probably should post a new supervisord.log file again, I'm not sure I'll be able to help anymore as I've never tried to connect with the deluge thin client, but a new log is always good

Link to comment
46 minutes ago, strike said:

Hmm.. and the port is forwarded?

Do you mean via the jwilder nginx container? For the env VIRTUAL_PORT I set it to 8112 and created a A Record that points the url to my server's wan ip so now I can use https://deluge.saitoh183.com

to get to the webUI.how can I check?i did expose the ports if that is what you mean.

 

supervisord.log

Edited by saitoh183
Link to comment

No, I mean on the remote router, port 58846 needs to be forwarded to your server. I assume you (or someone where your server is located) has forwarded ports on the remote router before. Because in order to get the jwilder nginx container to work port 443 needs to be forwarded to your server, and your container is obviously working so someone must have done it.

 

Also I hope you have set up authentication for your services behind the reverse proxy, or else anybody can mess with them. Specially now when you have published your domain name and all. You might want to get on that asap if you don't have authentication set up.  

Link to comment

I remembered now that you probably have to set up the deluge authentication file in order to connect with the thin client. I think I seen that mentioned before. You should then follow this form the faq. It's referring to couchpotato but I think it applies in your case to 

 

Quote

Q1. How do i connect CouchPotato to DelugeVPN?

 

A1. To connect CouchPotato to DelugeVPN perform the following:-

 

IMPORTANT - If your connecting to DelugeVPN from a traditional (non dockerized) installation of CouchPotato then please ensure you have configured the LAN_NETWORK (see FAQ "I'm struggling to configure LAN_NETWORK correctly, can you give some examples?" for help) environment variable for DelugeVPN (you can left click and "Edit" the configuration if you've already created the container).

 

1. Start DelugeVPN and login to the webui, then enable Preferences->Daemon->Allow Remote Connections

2. Restart DelugeVPN Docker container

3. Open Deluge authorisation file /config/auth and note the username and password, it should be in the format:-

 


<admin username>:<admin password>:<level>
 

The default value is as follows:-

 


admin:deluge:10
 

If the above doesn't exist then please add to the auth file and restart the container

5

 

I messed with this once a long time ago when I used CP and I remember I had to add a new line on top with my user:pass:10 in order to get it to work, so try that if you don't have any success

Edited by strike
Link to comment
2 minutes ago, strike said:

I messed with this once a long time ago when I used CP and I remember I had to add a new line on top with my user:pass:10 in order to get it to work, so try that if you don't have any success

 

Yeah i configure that and restarted the container.

 

So the RP works but http://wanIP:Port for the webui doesnt work so im guessing WanIP:58846 wont either

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.