[Support] MarkusMcNugens Docker Repository


Recommended Posts

Welcome to MarkusMcNugens docker repo support topic! I'll be adding more docker containers over time, and will provide support for the containers below.

 

qBittorrentvpn

qbittorrentvpn-icon.png

Overview: Docker container which runs the latest headless qBittorrent client with WebUI while connecting to OpenVPN with iptables killswitch to prevent IP leakage when the tunnel goes down.

Reason: I put this container together because I couldn't find a qBittorrent docker that supported dropping in your own ovpn files like Binhex's containers do. All of them had prebuilt configuration files which aren't as user-friendly when your VPN provider isn't included.

Tags:  latest/bionic

Base Image: Ubuntu 20.04/Ubuntu 18.04

Size: 300MB/403MB

Application: https://www.qbittorrent.org/

Application Version: qBittorrent 4.3.3

Docker Hub: https://hub.docker.com/r/markusmcnugen/qbittorrentvpn/

Github: https://github.com/MarkusMcNugen/docker-qBittorrentvpn

 

Note: Default WebUI credentials can be found on the Github and Docker Hub descriptions.

Note 2: qBittorrent will throw a WebUI: Invalid Host header, port mismatch error if you use port forwarding with bridge networking due to security features to prevent DNS rebinding attacks. If you need to run qBittorrent on different ports, instead edit the WEBUI_PORT_ENV and/or INCOMING_PORT_ENV variables AND the exposed ports to change the native ports qBittorrent uses.

 

OpenConnect VPN

ocserv-icon.png

Overview: OpenConnect VPN server is an SSL VPN server that is secure, small, fast and configurable. It implements the OpenConnect SSL VPN protocol and has also (currently experimental) compatibility with clients using the AnyConnect SSL VPN protocol. The OpenConnect protocol provides a dual TCP/UDP VPN channel and uses the standard IETF security protocols to secure it. The OpenConnect client is multi-platform and available here. Alternatively, you can try connecting using the official Cisco AnyConnect client (Confirmed working on Android). The Dockerfile was written to always download and compile the latest release of OpenConnect VPN server when built.

Reason: You can never have too many kinds of VPN servers! I forked ocserv from TommyLau and updated it to the latest version of Alpine and OpenConnect Server. I made the container have persistence for configuration files, drop in your own certs if you'd like or have the container make them for you, and advanced configuration for power users that know what they are doing, and numerous other enhancements.

Base: Alpine 3.13

Size: 63.6MB

Application: https://ocserv.gitlab.io/www/index.html

Application Version: OpenConnect Server 1.1.2

Docker Hub: https://hub.docker.com/r/markusmcnugen/openconnect/

Github: https://github.com/MarkusMcNugen/docker-openconnect

 

SFTP

SFTP.png

Overview: Easy to use SFTP (SSH File Transfer Protocol) server with OpenSSH and Fail2ban installed for extra hardening against brute force attacks. Forked from atmoz/sftp.

Reason: I was using atmoz/sftp as an sftp docker container exposed to the internet for some friends to access and realized there was no banning mechanism included. I was getting hammered by brute force attacks so I forked his github repo and modified the image to include fail2ban, made some entrypoint modifications so files can be easily added/edited/viewed from the /config volume.

Base: phusion/baseimage:master-amd64

Size: 357MB

Application: https://www.openssh.com/

Application Version: Latest when docker was built on 03/22/2021

Docker Hub: https://hub.docker.com/r/markusmcnugen/sftp/

Github: https://github.com/MarkusMcNugen/docker-sftp

 

Note: Please read the Github or Docker Hub descriptions. While this container is easy to use, it does require some small configuration.

Note 2: NOT affected by the recent CVE-2021-3449 vulnerability with OpenSSL. This container runs OpenSSL 1.1.1f. Only versions 1.1.1h-1.1.1j were vulnerable per Ars Technica

 

CrushFTP 10

bDB67GE.png

Overview: Share your files securely with FTP, Implicit FTPS, SFTP, HTTP, or HTTPS using CrushFTP

Reason: I couldn't find a good CrushFTP 10 container from a quick search of dockerhub or Unraid community apps.

Tags:  latest/ubuntu

Base Image: Alpine 3.12/Ubuntu 20.04

Size: 234MB/641MB

Application: https://www.crushftp.com

Application Version: CrushFTP 10.1

Docker Hub: https://hub.docker.com/r/markusmcnugen/crushftp

Github: https://github.com/MarkusMcNugen/docker-CrushFTP

 

Edited by MarkusMcNugen
Add container notes
  • Like 3
  • Thanks 2
Link to comment
  • 2 weeks later...

Hello MarkusMcNugen,

 

First and foremost,  Thank you for these!  It's nice to see alternatives!

 

Having used binhex's dockers,  I have been able to verify that there is zero traffic going out if the VPN drops with his.   How can I be sure of this with your qbittorrentvpn client?     I like qbittorrent better than deluge and would love to use it,  but I want to be certain it can not leak info.

Edited by fmp4m
Link to comment
  • 1 month later...

How to I set the VPN username/password?

 

Currently getting this in log:

Mon Apr 2 10:45:14 2018 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Mon Apr 2 10:45:14 2018 Exiting due to fatal error

 

Link to comment
On 2/22/2018 at 9:04 AM, fmp4m said:

Hello MarkusMcNugen,

 

First and foremost,  Thank you for these!  It's nice to see alternatives!

 

Having used binhex's dockers,  I have been able to verify that there is zero traffic going out if the VPN drops with his.   How can I be sure of this with your qbittorrentvpn client?     I like qbittorrent better than deluge and would love to use it,  but I want to be certain it can not leak info.

 

The iptables script included in the container was forked from binhex's sabnzbd docker container. You are more than welcome to verify this one for yourself. Below shows the iptables list from within the container.

 

1195 = OpenVPN port

8080 = WebUI port

8999 = Incoming connections port

root@9be145563d9e:/# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -d 192.168.2.0/24 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1195 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -i eth0 -p tcp -m tcp --dport 8999 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 192.168.2.0/24 -d 192.168.2.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1195 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -d 192.168.2.0/24 -o eth0 -p tcp -m tcp --sport 8999 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

 

 

On 4/1/2018 at 12:48 AM, Oreonipples said:

Im attempting to setup this docker and I think ive got it working but I am unable to connect to the webui in chrome or firefox. Ive included the log readout below. 

Thanks!

 

 

qbittorrentvpn log.txt

 

I dont see anything in the log you provided that shows an error or why it wouldnt load. It should load up as long as you arent using the WebUI button from unRAID. qBittorrent throws a redirect header error when the WebUI is launched from the unRAID menus. Instead try loading the IP address and port directly in a browser address bar. Its a qBittorrent issue for security purposes, nothing I can do about it. The github and dockerhub descriptions explain this. I've updated the unRAID docker template to reflect this in the container description as well.

 

If it still won't load, send me the log file in /config/qBittorrent/data/logs and I'll take a look for errors.

 

 

On 4/2/2018 at 6:47 AM, noski said:

How to I set the VPN username/password?

 

Currently getting this in log:


Mon Apr 2 10:45:14 2018 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Mon Apr 2 10:45:14 2018 Exiting due to fatal error

 

 

You need to save your credentials in a file in the same directory as your .ovpn file seperated by a new line.

Example: 

jdoe

jdoepass

 

Then put this in your .ovpn file at the top:

Example: (Using credentials.conf as an example)

auth-user-pass credentials.conf
Edited by MarkusMcNugen
Link to comment
4 hours ago, Alfred Wrigfors said:

Hi,

I can't find the Username and Password to the UI anywhere... Is it the root user of my server?

 

Thanks! ;)

 

Squid got it right if you meant the qBittorrentvpn WebUI credentials. They are posted on the Github and Dockerhub descriptions. They are worth a read if you want to understand how the container fully works. You can change the admin credentials to anything you like, or disable authentication entirely for the local network. Totally up to you!

 

3 hours ago, Squid said:

Assuming qbittorrent

 

Default Credentials

Credential Default Value
WebUI Username admin
WebUI Password adminadmin

 

Thanks Squid! I didnt realize I wasnt getting email notifications from the unRAID forums. Im glad I checked back a few days ago so I could help some users and remedy that situation.

Link to comment

I'd really like to use qBittorrent over Deluge, but I'm having a bunch of trouble with this docker.

 

 

My initial issue was:

 Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: config (2.4.4)

Which I fixed by just taking the spaces out of the .ovpn file. Good to know for future reference I guess.

 

 

Sadly after that frustration was over, the docker loads, with only warnings about the way passwords are being stored, but the Web UI won't work. Currently it's just a blank page no matter how I attempt to access it. Typing it in, bookmarking it, or attempting to use the "webui" function in Unraid, which I figured I'd give a shot since.. whatever. Either way it spits out the same blank page.

 

The docker also still seems to input/output on 8080, even though I've changed it to 8114:

-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT

I thought maybe the port was locked in another docker setting, so I stopped the docker using 8080, reloaded qBittorrent 8080 as its set port, but again, just a white page.

 

...

 

As a side question, I wanted to ask if there was any interest or plans to change the docker to act more like binhex's where all of the VPN settings are done within the container setup, instead of afterwards? Not exactly important, but something I personally like about his dockers, and would like to see.

 

And are there issues stemming from this webui situation that make this docker incompatible with Sonarr/Radarr, etc? I'd hate to fuss with this thing so much, finally get it working, and then find out I can't link anything to it.

 

Link to comment
14 hours ago, Kuusou said:

I'd really like to use qBittorrent over Deluge, but I'm having a bunch of trouble with this docker.

 

 

My initial issue was:


 Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: config (2.4.4)

Which I fixed by just taking the spaces out of the .ovpn file. Good to know for future reference I guess.

 

 

Sadly after that frustration was over, the docker loads, with only warnings about the way passwords are being stored, but the Web UI won't work. Currently it's just a blank page no matter how I attempt to access it. Typing it in, bookmarking it, or attempting to use the "webui" function in Unraid, which I figured I'd give a shot since.. whatever. Either way it spits out the same blank page.

 

The docker also still seems to input/output on 8080, even though I've changed it to 8114:


-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT

I thought maybe the port was locked in another docker setting, so I stopped the docker using 8080, reloaded qBittorrent 8080 as its set port, but again, just a white page.

 

...

 

As a side question, I wanted to ask if there was any interest or plans to change the docker to act more like binhex's where all of the VPN settings are done within the container setup, instead of afterwards? Not exactly important, but something I personally like about his dockers, and would like to see.

 

And are there issues stemming from this webui situation that make this docker incompatible with Sonarr/Radarr, etc? I'd hate to fuss with this thing so much, finally get it working, and then find out I can't link anything to it.

 

 

I guess that's good to know about the ovpn file. It sounds like your VPN provider didnt give you a very well formatted file or one formatted for Windows usage.

 

The WebUI port is hardcoded, what you are changing in the container config is the open port from the container not an environmental variable I can read and replace the default with when its ran. Although that is a good idea and will be making that change this weekend.

 

The warning you are seeing is most likely this one which is an option you can include in your ovpn file:

WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

You may also see this since the credentials.conf file is writable from the host:

WARNING: file 'credentials.conf' is group or others accessible

 

It would be helpful if you would provide the qbittorrent log file in /config/qBittorrent/data/log so I can see if there is some errors being thrown about. I just recreated the container with a new config location and everything and cant seem to reproduce any errors myself. I may make this container more automated as you suggested. I'll include a USERNAME and PASSWORD variable and save them in a conf file for the user and apply the "auth-user-pass" option in the ovpn config automatically, should be similar enough to binhex's containers.

 

As for Sonarr/Radarr, I use both of them with this container with no problems.

Edited by MarkusMcNugen
Link to comment
On 4/24/2018 at 8:08 AM, whauk said:

Take mine - I have the same problem..;-}qbittorrent.log

 

Hi Whauk,

Thank you for providing that log. qBittorrent implements a security feature against DNS rebinding which seems to be messing with Bridge/HOST configurations and port forwarding done by Docker. Im about to update the container to allow people to change the official qBittorrent ports with environmental variables.

 

image.thumb.png.b0c6ece4a9c9a905a3f61240d9d8fe01.png

 

Source: https://github.com/qbittorrent/qBittorrent/issues/7641

Edited by MarkusMcNugen
Link to comment
On 4/24/2018 at 8:08 AM, whauk said:

Take mine - I have the same problem..;-}qbittorrent.log

 

Container and template have been updated. You can now provide the VPN username and password to environmental variables and it will create the credentials.conf file and configure your ovpn config file automatically. You can also edit the WEBUI_PORT_ENV and INCOMING_PORT_ENV variables (Youll need to change the exposed ports as well) to modify the ports qBittorrent uses without having to do port forwarding and getting the DNS rebinding issue.

 

If you already have the container installed you may need to delete and recreate it to get the new template applied, or just simply update the container and add the variables to the config yourself. You can see the template here.

Edited by MarkusMcNugen
Link to comment

I'm having the same error previously reported:

 

Quote

Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: config (2.4.4)

 

I'm not sure which file has the extra spaces, or what formatting it should have. If it matters, all VPN config files are from PIA, which are publicly available here.

 

I assume the above is why I can't access the WebUI for QBittorrent in the browser.

Edited by Demiurgous
Link to comment
19 hours ago, Demiurgous said:

I'm having the same error previously reported:

 

 

I'm not sure which file has the extra spaces, or what formatting it should have. If it matters, all VPN config files are from PIA, which are publicly available here.

 

I assume the above is why I can't access the WebUI for QBittorrent in the browser.

 

Please attach your ovpn file (You can remove the keys from the file before posting)

Link to comment

Woops, didn't realize what logs were which.

It seems your update fixed the white screen for me though.

 

My issue now is that changing the two given webui ports to the port I want seems to keep the 8080 port involvement, and then not let me access the webui anymore.

 

If I just use 8080 it works fine. is there something else I need to edit here that I cant see?

qbittorrent.log

firefox_2018-05-04_00-58-53.png

 

Edit: I was reading up on the other qBittorrent dockers and they seem to have the same issue. It might be a limitation of some kind. Let me know if you work around it. I'd love to change the port.

 

Edit2: I'm unable to tunnel Radarr and Sonarr through the docker to use as a.. proxy.. for my proxy.., which I currently do with my other torrent client. Is there a workaround for this, or something I need to enable/do differently? Or would you simply recommend doing it a different way if I'd like to utilize this container from now on?

 

Also I wanted to thank you for creating, working on, and updating/fixing this container. I had been waiting for someone to do so for a while, and even looked into options for doing it myself, but have little experience with dockers in unraid, so having a ready, or mostly ready option is just beautiful.

Edited by Kuusou
Link to comment
  • 2 months later...

@MarkusMcNugen Hi and firstly thanks so much for this amazing docker. The VPN credentials part was by far the easiest of any docker I've used here. Binhex's dockers are great but require a crazy amount of configuring to get working. Just being able to drop my .ovpn config server file of choice in and throw in my username and password is exactly the kind of simplicity I honestly expected from other dockers, instead of being tailored the hard way to only work with one or two providers.

 

I have a problem though. No matter what I do or what interface or port I choose, I absolutely cannot open the WebUI. You said that clicking "WebUI" from unraid doesn't work. But neither does going to http://<MYIP>:8080 or whatever port that I pick. I've tried every interface I've created and made available except Host. I either just get a completely blank page or a "page cannot be displayed" error.

 

Can you give me a hand?

 

Also is there any chance you could set up some kind of SSL and .htaccess security for this? I know I'm just being lazy asking for it but running over HTTP is kinda crazy in this day and age.

 

When I get the WebUI sorted I'm going to try and reverse proxy this so I can access it from the web but keep it secure with .htaccess. I'm happy to do both in the meantime but without the webui loading I can't do anything.

 

I'd post a log but it looks like everything is meant to be working correctly. It's just the UI that does not load. I did attach my .ovpn config file though.

 

Here's the last part:

 

Quote

2018-07-22 10:45:25.469077 [info] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent-daemon.log.
2018-07-22 10:45:26.516308 [info] qBittorrent PID: 196
2018-07-22 10:45:26.528414 [info] Started qBittorrent daemon successfully...

 

Thanks, and I seriously hope I see more dockers from you with the same simplicity.

se44.nordvpn.com.udp.ovpn

Edited by plantsandbinary
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.