[Support] binhex - rTorrentVPN


Recommended Posts

The apparmor issue with this container and nginx on Synology boxes is well known, im not aware of any workaround other than turning off apparmor, another user with the same issue:-

 

edit - interestingly i found another container that somebody was attempting to run on Synology with similar apparmor issues, they got around this by specifying the following flag to the docker run command:-

 

--security-opt apparmor:unconfined

 

give it a go guys, let me know if it helps.

 

 

Edited by binhex
Link to comment

Thanks binhex.

 

Had a crack using this as a template:  https://medium.com/@ctindel/running-unifi-video-controller-in-docker-on-synology-ab8c09f7ff97#.sxozu9hne

 

But it still doesn't seem to want to work.  I tried two different docker run commands:

 

1.

docker run --restart always --name binhex-arch-rtorrentvpn2 -h binhex-arch-rtorrentvpn2 -p 3000:3000 -p 49160:49160 -p 49170:49170 -p 35000:5000 -p 38118:8118 -p 39080:9080 -p 39443:9443 -d -v /volume1/docker/rtorrentvpn:/config -v /volume1/docker/rtorrentvpn/data:/data -e PHP_TZ=Australia/Melbourne -e VPN_REMOTE=nl.privateinternetaccess.com -e VPN_PORT=1198 -e DEBUG=true -e NAME_SERVERS=8.8.8.8,8.8.4.4 -e LAN_NETWORK=192.168.1.0/24 -e ENABLE_FLOOD=no -e ENABLE_PRIVOXY=no -e STRONG_CERTS=no -e VPN_PROV=pia -e VPN_DEVICE_TYPE=tun -e VPN_PROTOCOL=udp -e VPN_PASS=xxx -e VPN_USER=xxx -e VPN_ENABLED=yes -e PGID=0 -e PUID=0 --cap-add=SYS_ADMIN --cap-add=DAC_READ_SEARCH --cap-add=NET_BIND_SERVICE --cap-add=SYS_PTRACE --cap-add=SETUID --cap-add=SETGID --security-opt apparmor:unconfined binhex/arch-rtorrentvpn:latest

 

This just gave a bunch of errors that seemed like it didn't have the right permissions (iptables modules out of date etc)

 

2.

docker run --restart always --name binhex-arch-rtorrentvpn2 -h binhex-arch-rtorrentvpn2 -p 3000:3000 -p 49160:49160 -p 49170:49170 -p 35000:5000 -p 38118:8118 -p 39080:9080 -p 39443:9443 -d -v /volume1/docker/rtorrentvpn:/config -v /volume1/docker/rtorrentvpn/data:/data -e PHP_TZ=Australia/Melbourne -e VPN_REMOTE=nl.privateinternetaccess.com -e VPN_PORT=1198 -e DEBUG=true -e NAME_SERVERS=8.8.8.8,8.8.4.4 -e LAN_NETWORK=192.168.1.0/24 -e ENABLE_FLOOD=no -e ENABLE_PRIVOXY=no -e STRONG_CERTS=no -e VPN_PROV=pia -e VPN_DEVICE_TYPE=tun -e VPN_PROTOCOL=udp -e VPN_PASS=xxx -e VPN_USER=xxx -e VPN_ENABLED=yes -e PGID=0 -e PUID=0 --privileged=true --security-opt apparmor:unconfined binhex/arch-rtorrentvpn:latest

 

This just gives the original error (nginx).  Not sure if there's a combo of those I can try, or other --cap-add options I need in the first one to give it full permissions?

 

EDIT:  I also tried it with --cap-add=ALL which, as far as I'm aware, should just give it access to pretty much everything, but that still gave me the nginx error.  Perhaps it's --security-opt apparmor:unconfined that isn't working.

Edited by Hansel
Link to comment

Hello,


Sorry but I am still stuck trying launch this docker.

I am quite new, but is it possible that my issue come from the "$DEFAULT_GATEWAY" ?

 

I tried to run command seperately and when I try :  ip route add default via $DEFAULT_GATEWAY table rutorrent_https

It show : inet address is expected rather than "table".

 

See below the result of route :

Kernel IP routing table                                                                                          

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface                                    

default         gateway         0.0.0.0         UG    0      0        0 eth0                                     

172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0                                     

192.168.1.0     gateway         255.255.255.0   UG    0      0        0 eth0 

 

Does anyone have an idea ?

Thank you.

Link to comment
2 minutes ago, V.. said:

Hello,


Sorry but I am still stuck trying launch this docker.

I am quite new, but is it possible that my issue come from the "$DEFAULT_GATEWAY" ?

 

I tried to run command seperately and when I try :  ip route add default via $DEFAULT_GATEWAY table rutorrent_https

It show : inet address is expected rather than "table".

 

See below the result of route :

Kernel IP routing table                                                                                          

 

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface                                    

 

default         gateway         0.0.0.0         UG    0      0        0 eth0                                     

 

172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0                                     

 

192.168.1.0     gateway         255.255.255.0   UG    0      0        0 eth0 

 

 

 

Does anyone have an idea ?

Thank you.

 

Hi,

 

To be honest I probably wouldn't worry about it for now, as even if you fix that error you'll still be stuck with the error I'm currently running into with apparmor.  Not sure it's possible to get this one running unless someone smarter than us comes along and sorts it out :)

 

You might have to use the Deluge one instead, which does work but I really want Flood running as it doesn't look like a Windows 3.1 app like Deluge and stock rtorrent :D

Link to comment

Unfortunately even Deluge isn't working for me.

I really don't understand, as Haugene-transmission-openvpn and linuxserver-rutorrent containers are perfectly working.

 

I try to find an openvpn client to set up, did you look at this from your side ?

To purpuse would be to launch a container for the openvpn connection, then configure other container to use it connection.

 

Thank you.

 

Link to comment
 
Hi,
 
To be honest I probably wouldn't worry about it for now, as even if you fix that error you'll still be stuck with the error I'm currently running into with apparmor.  Not sure it's possible to get this one running unless someone smarter than us comes along and sorts it out
 
You might have to use the Deluge one instead, which does work but I really want Flood running as it doesn't look like a Windows 3.1 app like Deluge and stock rtorrent

You can get this docket running on synology boxes if your willing to disable apparmor, what I was attempting to do is disable apparmor for this particular docket container but for some reason the command I found doesn't work, it probably I'd worth asking the question as to how to do that on the synology forum

Sent from my SM-G900F using Tapatalk

Link to comment
3 minutes ago, binhex said:


You can get this docket running on synology boxes if your willing to disable apparmor, what I was attempting to do is disable apparmor for this particular docket container but for some reason the command I found doesn't work, it probably I'd worth asking the question as to how to do that on the synology forum

Sent from my SM-G900F using Tapatalk
 

 

Its weird as that Unifi container I posted above does work with the apparmor command, so I'm not too sure what the difference is :(

Link to comment
3 hours ago, Hansel said:


I've created a topic here in case you want to chime in at any point:  https://forum.synology.com/enu/viewtopic.php?f=258&t=129572&p=477157#p477157

 

i prob wont chime in as i think you got the question nailed, but i do appreciate the link, i will keep an eye on any responses, failing that you could always ditch that Synology box and get yourself a real server running unRAID :D

Link to comment

Sorry if this is a dumb question, but I tried to install this docker on Ubuntu and got the following message. Can someone point me in the right direction?

 

2017-03-22 13:59:22,474 DEBG 'start-script' stdout output:
[warn] 'tun' module not available, you will not be able to connect to ruTorrent or Privoxy outside of your LAN
[info] Synology users: Please attempt to load the module by executing the following on your host:- 'insmod /lib/modules/tun.ko'

2017-03-22 13:59:22,480 DEBG 'start-script' stdout output:
[warn] 'iptable_mangle' module not available, you will not be able to connect to ruTorrent or Privoxy outside of your LAN
[info] unRAID users: Please attempt to load the module by executing the following on your host:- '/sbin/modprobe iptable_mangle'
[info] Synology users: Please attempt to load the module by executing the following on your host:- 'insmod /lib/modules/iptable_mangle.ko'
Link to comment
17 hours ago, splnut said:

Sorry if this is a dumb question, but I tried to install this docker on Ubuntu and got the following message. Can someone point me in the right direction?

 


2017-03-22 13:59:22,474 DEBG 'start-script' stdout output:
[warn] 'tun' module not available, you will not be able to connect to ruTorrent or Privoxy outside of your LAN
[info] Synology users: Please attempt to load the module by executing the following on your host:- 'insmod /lib/modules/tun.ko'

2017-03-22 13:59:22,480 DEBG 'start-script' stdout output:
[warn] 'iptable_mangle' module not available, you will not be able to connect to ruTorrent or Privoxy outside of your LAN
[info] unRAID users: Please attempt to load the module by executing the following on your host:- '/sbin/modprobe iptable_mangle'
[info] Synology users: Please attempt to load the module by executing the following on your host:- 'insmod /lib/modules/iptable_mangle.ko'

 

the messages are fairly self explanatory (at least ive tried to write them as such) but to go into further detail, you basically dont have the required kernel modules loaded on your ubuntu box, so you need to do something like this:-

 

modprobe tun iptable_mangle

if you want to view all available modules then you can issue:-

 

find /lib/modules/`uname -r` -type f -name "*.ko"

see here for more details:-

 

https://help.ubuntu.com/community/Loadable_Modules

Edited by binhex
Link to comment
  • 2 weeks later...

I was the initial person on this forum to point out the issue the this container on Synology and the AppArmor issues.  I am also the same person who posted that on Reddit.  I have opened a trouble ticket, as well as put in a feature request and posted on the Synology forums (https://forum.synology.com/enu/viewtopic.php?f=3&t=118103).

 

Unfortunately, I still have not found a resolution other than disabling AppArmor.  Another interesting issue I have run into is Docker refuses to start other other containers after I disable AppArmor.

 

I have a startup script that runs on my Synology, which starts all my other containers, loads the proper kernel modules for this docker, and then disables AppArmor.  

 

docker start mysql //EXAMPLE CONTAINER TO START
insmod /lib64/modules/tun.ko
insmod /lib64/modules/iptable_mangle.ko
insmod /lib64/modules/xt_mark.ko
##Disabling apparmor
/usr/syno/etc.defaults/rc.sysv/apparmor.sh stop

 

I have recently been seeing posts indicating people have installed an un-castrated version of Docker on their Synology.  I might give this a shot (after backing all my data up of course).

  • Upvote 1
Link to comment

I'm experimenting with this docker after experiencing some speed issues with delugevpn as others have mentioned. Until I figure it out and am comfortable using this docker I would like to run both at the same time with pia vpn enabled but trying to start one or the other at the same time results in an "internal server error" pop up and does not start.
Can this be done or do I possibly have some other issue preventing this?

Sent from my HTC One M9 using Tapatalk

Link to comment

Hi binhex, great work on this docker! It took a couple days of fiddling, and some minor hair pulling, but it's working great!

 

Couple questions, would it be possible for you to include the filemanager and autodl-irssi plugins on your next commit?...How much beer are we talking? :D

 

I've tried installing them myself but haven't had any luck. The install process a bit more involved than copying plugins to the folder and expecting them to work, which has surprisingly worked on a couple others. 

 

The most important for me is filemanager. I've tried running ArtyumX's install script (https://github.com/ArtyumX/Filemanager-install-script-for-ruTorrent) but when I get to the last step and run ./filemanager.sh, I get the following...

 

Please type your ruTorrent path folder: /mnt/user/appdata/binhex-rtorrentvpn/rutorrent
./filemanager.sh.1: line 26: apt-get: command not found
--2017-04-10 21:15:08--  http://www.rarlab.com/rar/rarlinux-x64-5.4.0.tar.gz
Resolving www.rarlab.com (www.rarlab.com)... 5.135.104.98
Connecting to www.rarlab.com (www.rarlab.com)|5.135.104.98|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1156900 (1.1M) [application/x-gzip]
Saving to: ‘rarlinux-x64.tar.gz’

rarlinux-x64.tar.gz                                100%[================================================================================================================>]   1.10M   408KB/s    in 2.8s    

2017-04-10 21:15:11 (408 KB/s) - ‘rarlinux-x64.tar.gz’ saved [1156900/1156900]

rar/
rar/order.htm
rar/acknow.txt
rar/readme.txt
rar/rar_static
rar/default.sfx
rar/license.txt
rar/rarfiles.lst
rar/whatsnew.txt
rar/makefile
rar/rar
rar/unrar
rar/rar.txt
'rar/rar_static' -> '/usr/local/bin/rar'
svn: error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory
chown: invalid user: ‘www-data:www-data’

 

I know this isn't your script but wondering if you might know what the issue is and why it's hanging on install?

 

Here's the full filemanager.sh for reference...

 

#!/bin/bash
# Link: https://github.com/ArtyumX/Filemanager-install-script-for-ruTorrent
# --------------------------------------------------------------------------------
# "THE BEER-WARE LICENSE" (Revision 42):
# * <[email protected]> wrote this file. As long as you retain this notice you
# * can do whatever you want with this stuff. If we meet some day, and you think
# * this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp
# --------------------------------------------------------------------------------
clear


# Checking if user is root
if [ "$(id -u)" != "0" ]; then
	echo
	echo "Sorry, this script must be run as root." 1>&2
	echo
	exit 1
fi


# Asking for the ruTorrent path folder
read -p "Please type your ruTorrent path folder: " -e -i /var/www/rutorrent rutorrent_path


# Installing dependencies
apt-get install subversion zip

cd /tmp

if [ `getconf LONG_BIT` = "64" ]
then
    wget -O rarlinux-x64.tar.gz http://www.rarlab.com/rar/rarlinux-x64-5.4.0.tar.gz
    tar -xzvf rarlinux-x64.tar.gz
    rm rarlinux-x64.tar.gz
else
    wget -O rarlinux.tar.gz http://www.rarlab.com/rar/rarlinux-5.4.0.tar.gz
    tar -xzvf rarlinux.tar.gz
    rm rarlinux.tar.gz
fi

mv -v rar/rar_static /usr/local/bin/rar
chmod 755 /usr/local/bin/rar


# Installing and configuring filemanager plugin
cd $rutorrent_path/plugins/
svn co https://github.com/nelu/rutorrent-thirdparty-plugins/trunk/filemanager

cat > $rutorrent_path/plugins/filemanager/conf.php << EOF
<?php

\$fm['tempdir'] = '/tmp';                // path were to store temporary data ; must be writable
\$fm['mkdperm'] = 755;           // default permission to set to new created directories

// set with fullpath to binary or leave empty
\$pathToExternals['rar'] = '$(which rar)';
\$pathToExternals['zip'] = '$(which zip)';
\$pathToExternals['unzip'] = '$(which unzip)';
\$pathToExternals['tar'] = '$(which tar)';

// archive mangling, see archiver man page before editing

\$fm['archive']['types'] = array('rar', 'zip', 'tar', 'gzip', 'bzip2');

\$fm['archive']['compress'][0] = range(0, 5);
\$fm['archive']['compress'][1] = array('-0', '-1', '-9');
\$fm['archive']['compress'][2] = \$fm['archive']['compress'][3] = \$fm['archive']['compress'][4] = array(0);

?>
EOF


# Permissions for filemanager
chown -R www-data:www-data $rutorrent_path/plugins/filemanager
chmod -R 775 $rutorrent_path/plugins/filemanager/scripts


# End of the script
clear
echo
echo
echo -e "\033[0;32;148mInstallation done.\033[39m"

 

Edited by RallyAK
added script
Link to comment
  • 2 weeks later...
2017-04-22 14:44:40.427040 [info] Starting Supervisor...
2017-04-22 14:44:40,801 CRIT Set uid to user 0
2017-04-22 14:44:40,801 INFO Included extra file "/etc/supervisor/conf.d/rtorrent.conf" during parsing
2017-04-22 14:44:40,805 INFO supervisord started with pid 7
2017-04-22 14:44:41,808 INFO spawned: 'flood-script' with pid 121
2017-04-22 14:44:41,809 INFO spawned: 'start-script' with pid 122
2017-04-22 14:44:41,811 INFO spawned: 'rtorrent-script' with pid 123
2017-04-22 14:44:41,813 INFO spawned: 'rutorrent-script' with pid 124
2017-04-22 14:44:41,814 INFO spawned: 'privoxy-script' with pid 125
2017-04-22 14:44:41,823 DEBG 'rtorrent-script' stdout output:
[info] rTorrent config file doesnt exist, copying default to /config/rtorrent/config/...

2017-04-22 14:44:41,824 INFO success: flood-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-04-22 14:44:41,824 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-04-22 14:44:41,824 INFO success: rtorrent-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-04-22 14:44:41,824 INFO success: rutorrent-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-04-22 14:44:41,824 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-04-22 14:44:41,826 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2017-04-22 14:44:41,827 DEBG 'flood-script' stdout output:
[info] Flood enabled, waiting for rTorrent to start...

2017-04-22 14:44:41,829 DEBG 'privoxy-script' stdout output:
[info] Privoxy set to disabled

2017-04-22 14:44:41,829 DEBG fd 31 closed, stopped monitoring <POutputDispatcher at 47824559559168 for <Subprocess at 47824560591648 with name privoxy-script in state RUNNING> (stderr)>
2017-04-22 14:44:41,829 DEBG fd 27 closed, stopped monitoring <POutputDispatcher at 47824559559744 for <Subprocess at 47824560591648 with name privoxy-script in state RUNNING> (stdout)>
2017-04-22 14:44:41,830 INFO exited: privoxy-script (exit status 0; expected)
2017-04-22 14:44:41,830 DEBG received SIGCLD indicating a child quit
2017-04-22 14:44:41,831 DEBG 'rutorrent-script' stdout output:
[info] Flood enabled, preventing ruTorrent Web UI from starting...

2017-04-22 14:44:41,831 DEBG fd 26 closed, stopped monitoring <POutputDispatcher at 47824559562336 for <Subprocess at 47824559561328 with name rutorrent-script in state RUNNING> (stderr)>
2017-04-22 14:44:41,831 DEBG fd 22 closed, stopped monitoring <POutputDispatcher at 47824560399712 for <Subprocess at 47824559561328 with name rutorrent-script in state RUNNING> (stdout)>
2017-04-22 14:44:41,831 INFO exited: rutorrent-script (exit status 0; expected)
2017-04-22 14:44:41,831 DEBG received SIGCLD indicating a child quit
2017-04-22 14:44:41,833 DEBG 'rtorrent-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2017-04-22 14:44:41,837 DEBG 'start-script' stdout output:
[info] VPN default certs defined, copying to /config/openvpn/...

2017-04-22 14:44:41,841 DEBG 'start-script' stdout output:
[info] VPN config file (ovpn extension) is located at /config/openvpn/openvpn.ovpn

2017-04-22 14:44:41,843 DEBG 'start-script' stderr output:
dos2unix:
2017-04-22 14:44:41,843 DEBG 'start-script' stderr output:
converting file /config/openvpn/openvpn.ovpn to Unix format...

2017-04-22 14:44:41,925 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2017-04-22 14:44:41,930 DEBG 'start-script' stdout output:
[info] Adding 8.8.8.8 to /etc/resolv.conf

2017-04-22 14:44:41,934 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2017-04-22 14:44:41,941 DEBG 'start-script' stdout output:
[info] Adding 8.8.4.4 to /etc/resolv.conf

2017-04-22 14:44:41,947 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2017-04-22 14:44:41,957 DEBG 'start-script' stdout output:
[info] Adding 172.31.0.0/24 as route via docker eth0

2017-04-22 14:44:41,958 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2017-04-22 14:44:41,959 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.6
172.31.0.0/24 via 172.17.0.1 dev eth0

2017-04-22 14:44:41,959 DEBG 'start-script' stdout output:
--------------------

2017-04-22 14:44:41,968 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2017-04-22 14:44:42,003 DEBG 'start-script' stdout output:
[info] Docker network defined as 172.17.0.0/16

2017-04-22 14:44:42,075 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2017-04-22 14:44:42,076 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1198 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 9080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 9443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 3000 -j ACCEPT
-A INPUT -s 172.31.0.0/24 -i eth0 -p tcp -m tcp --dport 5000 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1198 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 3000 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 3000 -j ACCEPT
-A OUTPUT -d 172.31.0.0/24 -o eth0 -p tcp -m tcp --sport 5000 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2017-04-22 14:44:42,077 DEBG 'start-script' stdout output:
--------------------

2017-04-22 14:44:42,077 DEBG 'start-script' stdout output:
[info] Starting OpenVPN...

2017-04-22 14:44:42,097 DEBG 'start-script' stdout output:
[info] OpenVPN started

I enabled Flood in the setting and added the VPN username/password along with LAN network (172.31.0.0/24) but I still can't access the Flood webui. Any ideas what's going on?

Link to comment
2017-04-22 14:44:40.427040 [info] Starting Supervisor...2017-04-22 14:44:40,801 CRIT Set uid to user 02017-04-22 14:44:40,801 INFO Included extra file "/etc/supervisor/conf.d/rtorrent.conf" during parsing2017-04-22 14:44:40,805 INFO supervisord started with pid 72017-04-22 14:44:41,808 INFO spawned: 'flood-script' with pid 1212017-04-22 14:44:41,809 INFO spawned: 'start-script' with pid 1222017-04-22 14:44:41,811 INFO spawned: 'rtorrent-script' with pid 1232017-04-22 14:44:41,813 INFO spawned: 'rutorrent-script' with pid 1242017-04-22 14:44:41,814 INFO spawned: 'privoxy-script' with pid 1252017-04-22 14:44:41,823 DEBG 'rtorrent-script' stdout output:[info] rTorrent config file doesnt exist, copying default to /config/rtorrent/config/...2017-04-22 14:44:41,824 INFO success: flood-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)2017-04-22 14:44:41,824 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)2017-04-22 14:44:41,824 INFO success: rtorrent-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)2017-04-22 14:44:41,824 INFO success: rutorrent-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)2017-04-22 14:44:41,824 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)2017-04-22 14:44:41,826 DEBG 'start-script' stdout output:[info] VPN is enabled, beginning configuration of VPN2017-04-22 14:44:41,827 DEBG 'flood-script' stdout output:[info] Flood enabled, waiting for rTorrent to start...2017-04-22 14:44:41,829 DEBG 'privoxy-script' stdout output:[info] Privoxy set to disabled2017-04-22 14:44:41,829 DEBG fd 31 closed, stopped monitoring <POutputDispatcher at 47824559559168 for <Subprocess at 47824560591648 with name privoxy-script in state RUNNING> (stderr)>2017-04-22 14:44:41,829 DEBG fd 27 closed, stopped monitoring <POutputDispatcher at 47824559559744 for <Subprocess at 47824560591648 with name privoxy-script in state RUNNING> (stdout)>2017-04-22 14:44:41,830 INFO exited: privoxy-script (exit status 0; expected)2017-04-22 14:44:41,830 DEBG received SIGCLD indicating a child quit2017-04-22 14:44:41,831 DEBG 'rutorrent-script' stdout output:[info] Flood enabled, preventing ruTorrent Web UI from starting...2017-04-22 14:44:41,831 DEBG fd 26 closed, stopped monitoring <POutputDispatcher at 47824559562336 for <Subprocess at 47824559561328 with name rutorrent-script in state RUNNING> (stderr)>2017-04-22 14:44:41,831 DEBG fd 22 closed, stopped monitoring <POutputDispatcher at 47824560399712 for <Subprocess at 47824559561328 with name rutorrent-script in state RUNNING> (stdout)>2017-04-22 14:44:41,831 INFO exited: rutorrent-script (exit status 0; expected)2017-04-22 14:44:41,831 DEBG received SIGCLD indicating a child quit2017-04-22 14:44:41,833 DEBG 'rtorrent-script' stdout output:[info] VPN is enabled, checking VPN tunnel local ip is valid2017-04-22 14:44:41,837 DEBG 'start-script' stdout output:[info] VPN default certs defined, copying to /config/openvpn/...2017-04-22 14:44:41,841 DEBG 'start-script' stdout output:[info] VPN config file (ovpn extension) is located at /config/openvpn/openvpn.ovpn2017-04-22 14:44:41,843 DEBG 'start-script' stderr output:dos2unix:2017-04-22 14:44:41,843 DEBG 'start-script' stderr output:converting file /config/openvpn/openvpn.ovpn to Unix format...2017-04-22 14:44:41,925 DEBG 'start-script' stdout output:[info] Default route for container is 172.17.0.12017-04-22 14:44:41,930 DEBG 'start-script' stdout output:[info] Adding 8.8.8.8 to /etc/resolv.conf2017-04-22 14:44:41,934 DEBG 'start-script' stdout output:[info] Adding 37.235.1.174 to /etc/resolv.conf2017-04-22 14:44:41,941 DEBG 'start-script' stdout output:[info] Adding 8.8.4.4 to /etc/resolv.conf2017-04-22 14:44:41,947 DEBG 'start-script' stdout output:[info] Adding 37.235.1.177 to /etc/resolv.conf2017-04-22 14:44:41,957 DEBG 'start-script' stdout output:[info] Adding 172.31.0.0/24 as route via docker eth02017-04-22 14:44:41,958 DEBG 'start-script' stdout output:[info] ip route defined as follows...--------------------2017-04-22 14:44:41,959 DEBG 'start-script' stdout output:default via 172.17.0.1 dev eth0172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.6172.31.0.0/24 via 172.17.0.1 dev eth02017-04-22 14:44:41,959 DEBG 'start-script' stdout output:--------------------2017-04-22 14:44:41,968 DEBG 'start-script' stdout output:[info] iptable_mangle support detected, adding fwmark for tables2017-04-22 14:44:42,003 DEBG 'start-script' stdout output:[info] Docker network defined as 172.17.0.0/162017-04-22 14:44:42,075 DEBG 'start-script' stdout output:[info] iptables defined as follows...--------------------2017-04-22 14:44:42,076 DEBG 'start-script' stdout output:-P INPUT DROP-P FORWARD ACCEPT-P OUTPUT DROP-A INPUT -i tun0 -j ACCEPT-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT-A INPUT -i eth0 -p udp -m udp --sport 1198 -j ACCEPT-A INPUT -i eth0 -p tcp -m tcp --dport 9080 -j ACCEPT-A INPUT -i eth0 -p tcp -m tcp --sport 9080 -j ACCEPT-A INPUT -i eth0 -p tcp -m tcp --dport 9443 -j ACCEPT-A INPUT -i eth0 -p tcp -m tcp --sport 9443 -j ACCEPT-A INPUT -i eth0 -p tcp -m tcp --dport 3000 -j ACCEPT-A INPUT -i eth0 -p tcp -m tcp --sport 3000 -j ACCEPT-A INPUT -s 172.31.0.0/24 -i eth0 -p tcp -m tcp --dport 5000 -j ACCEPT-A INPUT -p udp -m udp --sport 53 -j ACCEPT-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT-A INPUT -i lo -j ACCEPT-A OUTPUT -o tun0 -j ACCEPT-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT-A OUTPUT -o eth0 -p udp -m udp --dport 1198 -j ACCEPT-A OUTPUT -o eth0 -p tcp -m tcp --dport 9080 -j ACCEPT-A OUTPUT -o eth0 -p tcp -m tcp --sport 9080 -j ACCEPT-A OUTPUT -o eth0 -p tcp -m tcp --dport 9443 -j ACCEPT-A OUTPUT -o eth0 -p tcp -m tcp --sport 9443 -j ACCEPT-A OUTPUT -o eth0 -p tcp -m tcp --dport 3000 -j ACCEPT-A OUTPUT -o eth0 -p tcp -m tcp --sport 3000 -j ACCEPT-A OUTPUT -d 172.31.0.0/24 -o eth0 -p tcp -m tcp --sport 5000 -j ACCEPT-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT-A OUTPUT -o lo -j ACCEPT2017-04-22 14:44:42,077 DEBG 'start-script' stdout output:--------------------2017-04-22 14:44:42,077 DEBG 'start-script' stdout output:[info] Starting OpenVPN...2017-04-22 14:44:42,097 DEBG 'start-script' stdout output:[info] OpenVPN started

I enabled Flood in the setting and added the VPN username/password along with LAN network (172.31.0.0/24) but I still can't access the Flood webui. Any ideas what's going on?


You're trying to connect to flood webui on port 5000 right!

Sent from my SM-G900F using Tapatalk

  • Upvote 1
Link to comment
4 hours ago, binhex said:


You're trying to connect to flood webui on port 5000 right!

Sent from my SM-G900F using Tapatalk
 

 

 

I sure am now. :D

 

Though I still can't access Flood webui. Do I need to download Flood separately somewhere?

 

I did notice something odd. After I've removed rTorrentVPN container and the image, docker doesn't pull everything for a new installation. For a bunch of stuff it says, "Already exists". I checked if there were orphaned images in the UI and through SSH but couldn't find any. I also deleted all the files in the appdata directory before the pull.

IMAGE ID [latest]: Pulling from binhex/arch-rtorrentvpn. 
IMAGE ID [7368fdad902f]: Already exists. 
IMAGE ID [63103ef8f895]: Already exists. 
IMAGE ID [886bc19fa75a]: Already exists. 
IMAGE ID [5ebe09dc3070]: Already exists. 
IMAGE ID [eda8514a153b]: Already exists. 
IMAGE ID [32f9f48aa48d]: Already exists. 
IMAGE ID [c95dcf8376ee]: Already exists. 
IMAGE ID [ac8f0f660af6]: Already exists. 
IMAGE ID [8a4b14f9a6c3]: Already exists. 
IMAGE ID [993283da8e1e]: Already exists. 
IMAGE ID [87106dcd4d9f]: Already exists. 
IMAGE ID [98f82b52e736]: Already exists. 
IMAGE ID [ef5a49354e56]: Already exists. 
IMAGE ID [4f735333349d]: Already exists. 
IMAGE ID [85a5678a4d9d]: Already exists. 
IMAGE ID [88049a5340b6]: Pulling fs layer. Download complete. Extracting. Pull complete. 
IMAGE ID [9b7735f4d0de]: Pulling fs layer. Download complete. Extracting. Pull complete. 
IMAGE ID [7dd04ee3c1ac]: Pulling fs layer. Downloading 100% of 2 KB. Download complete. Extracting. Pull complete. 
IMAGE ID [0386d78bf9fc]: Pulling fs layer. Downloading 100% of 4 KB. Download complete. Extracting. Pull complete. 
IMAGE ID [51847e98f26f]: Pulling fs layer. Downloading 100% of 5 KB. Download complete. Extracting. Pull complete. 
IMAGE ID [582bbac0db72]: Pulling fs layer. Downloading 100% of 86 MB. Verifying Checksum. Download complete. Extracting. Pull complete. 
Status: Downloaded newer image for binhex/arch-rtorrentvpn:latest

TOTAL DATA PULLED: 86 MB

 

Edited by Katherine
Link to comment
 
 
I sure am now. 
 
Though I still can't access Flood webui. Do I need to download Flood separately somewhere?
 
I did notice something odd. After I've removed rTorrentVPN container and the image, docker doesn't pull everything for a new installation. For a bunch of stuff it says, "Already exists". I checked if there were orphaned images in the UI and through SSH but couldn't find any. I also deleted all the files in the appdata directory before the pull.
IMAGE ID [latest]: Pulling from binhex/arch-rtorrentvpn. IMAGE ID [7368fdad902f]: Already exists. IMAGE ID [63103ef8f895]: Already exists. IMAGE ID [886bc19fa75a]: Already exists. IMAGE ID [5ebe09dc3070]: Already exists. IMAGE ID [eda8514a153b]: Already exists. IMAGE ID [32f9f48aa48d]: Already exists. IMAGE ID [c95dcf8376ee]: Already exists. IMAGE ID [ac8f0f660af6]: Already exists. IMAGE ID [8a4b14f9a6c3]: Already exists. IMAGE ID [993283da8e1e]: Already exists. IMAGE ID [87106dcd4d9f]: Already exists. IMAGE ID [98f82b52e736]: Already exists. IMAGE ID [ef5a49354e56]: Already exists. IMAGE ID [4f735333349d]: Already exists. IMAGE ID [85a5678a4d9d]: Already exists. IMAGE ID [88049a5340b6]: Pulling fs layer. Download complete. Extracting. Pull complete. IMAGE ID [9b7735f4d0de]: Pulling fs layer. Download complete. Extracting. Pull complete. IMAGE ID [7dd04ee3c1ac]: Pulling fs layer. Downloading 100% of 2 KB. Download complete. Extracting. Pull complete. IMAGE ID [0386d78bf9fc]: Pulling fs layer. Downloading 100% of 4 KB. Download complete. Extracting. Pull complete. IMAGE ID [51847e98f26f]: Pulling fs layer. Downloading 100% of 5 KB. Download complete. Extracting. Pull complete. IMAGE ID [582bbac0db72]: Pulling fs layer. Downloading 100% of 86 MB. Verifying Checksum. Download complete. Extracting. Pull complete. Status: Downloaded newer image for binhex/arch-rtorrentvpn:latestTOTAL DATA PULLED: 86 MB

 


Flood is included so no you don't need to download it, ignore the already exists, this is docker reusing layers from other docker images perfectly normal. Please post the full log /config/supervisord.log

Sent from my LG-V500 using Tapatalk

Link to comment

Hi binhex,

 

I seem to be having problems with the external VPN IP check, my VPN IP changes but it doesn't get updated in rtorrent. The only time I see anything in the logs is during startup.

 

Any hints on how to debug?

2017-04-21 14:12:46,028 DEBG 'rtorrent-script' stdout output:
[info] rTorrent not running
[info] rTorrent listening interface IP 0.0.0.0 and VPN provider IP 10.48.10.6 different, marking for reconfigure

Thanks,

Wob

Link to comment
Hi binhex,
 
I seem to be having problems with the external VPN IP check, my VPN IP changes but it doesn't get updated in rtorrent. The only time I see anything in the logs is during startup.
 
Any hints on how to debug?
2017-04-21 14:12:46,028 DEBG 'rtorrent-script' stdout output:[info] rTorrent not running[info] rTorrent listening interface IP 0.0.0.0 and VPN provider IP 10.48.10.6 different, marking for reconfigure

Thanks,
Wob


That 10.x.x.x IP is not the external IP, that's the end of the tunnel on a private range, your external IP will be different and is auto configured for rtorrent

Sent from my SM-G900F using Tapatalk

Link to comment
On 23/04/2017 at 10:08 AM, binhex said:


You're trying to connect to flood webui on port 5000 right!

Sent from my SM-G900F using Tapatalk
 

 

Sorry, you know when i said port 5000, what i actually meant was 3000 :-), taken from my readme:-

 

Access Flood (web ui)

http://<host ip>:3000/

Note:- Requires user to enable Flood via container env var (ENABLE_FLOOD).

Link to comment

Hi guys, so an important change is coming to this VPN docker image (and others in time - staggered change), in short i will be dropping the ability to configure the remote endpoint, tunnel device type, port, protocol and strong certs, instead the image will parse the ovpn file and use the values from the ovpn file.

 

Why am i doing this change?

1. less for the user to get wrong - if there are less env variables then hopefully there will be less chance of misconfiguration, im still seeing a fair bit of this happening.

2. less chance of mismatched configuration for endpoints - for certain vpn providers they require different ovpn options depending on the endpoint your connecting to, this will reduce this happening by forcing the user to download the correct ovpn file from the provider.

3. changes to port and/or certs wont break the image - currently i bake in the PIA ovpn file and cert, whilst this is convenient for the end user it also means any changes to either of these files breaks the image, thus a decision to push the responsibility of this back to the user is another reason to drop env vars.

 

It does of course come with a couple of disadvantages:-

1. possible breakage during the switch over - im testing this right now and will be trying my hardest to not break any existing configuration, the aim of this is for you not to really notice the change, until of course you attempt to use the env vars to change your endpoint and discover it no longer does anything :-) (see below)

2. switching endpoint for PIA users is slightly more tricky - so when wanting to switch endpoint for PIA a end user would have to download the ovpn file for the endpoint they want to connect to, as opposed to just modifying the env var, which in some cases maybe taken as a disadvantage (slower, maybe?), but i could see it could be relatively easy to keep a library of ovpn files and just drop in what you want to use or even edit the existing file, so its not too onerous.

 

So what do YOU have to do? - in short nothing, i have code in the latest release that ive just built that will sync up your env vars to the ovpn file, so when the final change occurs you shouldn't notice any changes, it should still connect to the same endpoint with the same port and protocol,

 

So when is this happening? - the final switch over to using ovpn file only will be around the end of MAY 2017, im leaving a gap to ensure all existing users have their env vars written to the ovpn file (will happen on start/restart of the docker after image update). After this date if you wish to switch endpoint you will need to drop in the correct ovpn file (or edit it) to point at the endpoint you want to switch to.
 

Edited by binhex
  • Upvote 1
Link to comment
On 4/24/2017 at 4:16 PM, binhex said:


That 10.x.x.x IP is not the external IP, that's the end of the tunnel on a private range, your external IP will be different and is auto configured for rtorrent

Sent from my SM-G900F using Tapatalk
 

 

Hi binhex,

 

Yeah I am aware, but it is the only reference I can see in the logs, I assumed this was the trigger for the script to kick off and change the external IP.

 

My problem is that intermittently it doesn't seem to update. Every week or so I notice not much is being uploaded, then i go into setting bittorrent and compare the IP show to my actual external IP (I find this by going to whatismyipaddress.com while using the privoxy). I usually then have to manually update it. It doesn't seem to happen with every IP change, but it does happen every week or so.

 

Not sure where to start diagnosing the issue.

 

Thanks,

Wob

Link to comment
11 hours ago, Wob76 said:

 

Hi binhex,

 

Yeah I am aware, but it is the only reference I can see in the logs, I assumed this was the trigger for the script to kick off and change the external IP.

 

My problem is that intermittently it doesn't seem to update. Every week or so I notice not much is being uploaded, then i go into setting bittorrent and compare the IP show to my actual external IP (I find this by going to whatismyipaddress.com while using the privoxy). I usually then have to manually update it. It doesn't seem to happen with every IP change, but it does happen every week or so.

 

Not sure where to start diagnosing the issue.

 

Thanks,

Wob

 

So i have code in place that will trigger the update of the configured external ip address used for rtorrent (in "rutorrent webui/bittorrent/ip host to report to tracker") every time there is a drop of the vpn tunnel, this is done via openvpn "up" script and should run every time the tunnel gets disconnected (due to vpn/isp dropout). Ive just had a look at the external ip my instance has and it matches what im seeing via the proxy, so i will keep an eye out for this occurring and dig into it if i see it happen.

  • Upvote 1
Link to comment
  • binhex locked this topic
Guest
This topic is now closed to further replies.