MarkusMcNugen Posted February 7, 2018 Share Posted February 7, 2018 (edited) Welcome to MarkusMcNugens docker repo support topic! I'll be adding more docker containers over time, and will provide support for the containers below. qBittorrentvpn Overview: Docker container which runs the latest headless qBittorrent client with WebUI while connecting to OpenVPN with iptables killswitch to prevent IP leakage when the tunnel goes down. Reason: I put this container together because I couldn't find a qBittorrent docker that supported dropping in your own ovpn files like Binhex's containers do. All of them had prebuilt configuration files which aren't as user-friendly when your VPN provider isn't included. Tags: latest/bionic Base Image: Ubuntu 20.04/Ubuntu 18.04 Size: 300MB/403MB Application: https://www.qbittorrent.org/ Application Version: qBittorrent 4.3.3 Docker Hub: https://hub.docker.com/r/markusmcnugen/qbittorrentvpn/ Github: https://github.com/MarkusMcNugen/docker-qBittorrentvpn Note: Default WebUI credentials can be found on the Github and Docker Hub descriptions. Note 2: qBittorrent will throw a WebUI: Invalid Host header, port mismatch error if you use port forwarding with bridge networking due to security features to prevent DNS rebinding attacks. If you need to run qBittorrent on different ports, instead edit the WEBUI_PORT_ENV and/or INCOMING_PORT_ENV variables AND the exposed ports to change the native ports qBittorrent uses. OpenConnect VPN Overview: OpenConnect VPN server is an SSL VPN server that is secure, small, fast and configurable. It implements the OpenConnect SSL VPN protocol and has also (currently experimental) compatibility with clients using the AnyConnect SSL VPN protocol. The OpenConnect protocol provides a dual TCP/UDP VPN channel and uses the standard IETF security protocols to secure it. The OpenConnect client is multi-platform and available here. Alternatively, you can try connecting using the official Cisco AnyConnect client (Confirmed working on Android). The Dockerfile was written to always download and compile the latest release of OpenConnect VPN server when built. Reason: You can never have too many kinds of VPN servers! I forked ocserv from TommyLau and updated it to the latest version of Alpine and OpenConnect Server. I made the container have persistence for configuration files, drop in your own certs if you'd like or have the container make them for you, and advanced configuration for power users that know what they are doing, and numerous other enhancements. Base: Alpine 3.13 Size: 63.6MB Application: https://ocserv.gitlab.io/www/index.html Application Version: OpenConnect Server 1.1.2 Docker Hub: https://hub.docker.com/r/markusmcnugen/openconnect/ Github: https://github.com/MarkusMcNugen/docker-openconnect SFTP Overview: Easy to use SFTP (SSH File Transfer Protocol) server with OpenSSH and Fail2ban installed for extra hardening against brute force attacks. Forked from atmoz/sftp. Reason: I was using atmoz/sftp as an sftp docker container exposed to the internet for some friends to access and realized there was no banning mechanism included. I was getting hammered by brute force attacks so I forked his github repo and modified the image to include fail2ban, made some entrypoint modifications so files can be easily added/edited/viewed from the /config volume. Base: phusion/baseimage:master-amd64 Size: 357MB Application: https://www.openssh.com/ Application Version: Latest when docker was built on 03/22/2021 Docker Hub: https://hub.docker.com/r/markusmcnugen/sftp/ Github: https://github.com/MarkusMcNugen/docker-sftp Note: Please read the Github or Docker Hub descriptions. While this container is easy to use, it does require some small configuration. Note 2: NOT affected by the recent CVE-2021-3449 vulnerability with OpenSSL. This container runs OpenSSL 1.1.1f. Only versions 1.1.1h-1.1.1j were vulnerable per Ars Technica CrushFTP 10 Overview: Share your files securely with FTP, Implicit FTPS, SFTP, HTTP, or HTTPS using CrushFTP Reason: I couldn't find a good CrushFTP 10 container from a quick search of dockerhub or Unraid community apps. Tags: latest/ubuntu Base Image: Alpine 3.12/Ubuntu 20.04 Size: 234MB/641MB Application: https://www.crushftp.com Application Version: CrushFTP 10.1 Docker Hub: https://hub.docker.com/r/markusmcnugen/crushftp Github: https://github.com/MarkusMcNugen/docker-CrushFTP Edited March 30, 2021 by MarkusMcNugen Add container notes 3 2 Quote Link to comment
sparklyballs Posted February 8, 2018 Share Posted February 8, 2018 this would be better off here https://lime-technology.com/forums/forum/47-docker-containers/ Quote Link to comment
Squid Posted February 8, 2018 Share Posted February 8, 2018 2 hours ago, sparklyballs said: this would be better off here https://lime-technology.com/forums/forum/47-docker-containers/ A mod will move accordingly as only certain people can create new topics in that forum Quote Link to comment
MarkusMcNugen Posted February 11, 2018 Author Share Posted February 11, 2018 Added OpenConnect VPN Server Quote Link to comment
DieFalse Posted February 22, 2018 Share Posted February 22, 2018 (edited) Hello MarkusMcNugen, First and foremost, Thank you for these! It's nice to see alternatives! Having used binhex's dockers, I have been able to verify that there is zero traffic going out if the VPN drops with his. How can I be sure of this with your qbittorrentvpn client? I like qbittorrent better than deluge and would love to use it, but I want to be certain it can not leak info. Edited February 22, 2018 by fmp4m Quote Link to comment
Oreonipples Posted April 1, 2018 Share Posted April 1, 2018 Im attempting to setup this docker and I think ive got it working but I am unable to connect to the webui in chrome or firefox. Ive included the log readout below. Thanks! qbittorrentvpn log.txt Quote Link to comment
noski Posted April 2, 2018 Share Posted April 2, 2018 How to I set the VPN username/password? Currently getting this in log: Mon Apr 2 10:45:14 2018 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache. Mon Apr 2 10:45:14 2018 Exiting due to fatal error Quote Link to comment
MarkusMcNugen Posted April 6, 2018 Author Share Posted April 6, 2018 (edited) On 2/22/2018 at 9:04 AM, fmp4m said: Hello MarkusMcNugen, First and foremost, Thank you for these! It's nice to see alternatives! Having used binhex's dockers, I have been able to verify that there is zero traffic going out if the VPN drops with his. How can I be sure of this with your qbittorrentvpn client? I like qbittorrent better than deluge and would love to use it, but I want to be certain it can not leak info. The iptables script included in the container was forked from binhex's sabnzbd docker container. You are more than welcome to verify this one for yourself. Below shows the iptables list from within the container. 1195 = OpenVPN port 8080 = WebUI port 8999 = Incoming connections port [email protected]:/# iptables -S -P INPUT DROP -P FORWARD ACCEPT -P OUTPUT DROP -A INPUT -i tun0 -j ACCEPT -A INPUT -s 192.168.2.0/24 -d 192.168.2.0/24 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 1195 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT -A INPUT -s 192.168.2.0/24 -i eth0 -p tcp -m tcp --dport 8999 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A OUTPUT -o tun0 -j ACCEPT -A OUTPUT -s 192.168.2.0/24 -d 192.168.2.0/24 -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 1195 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT -A OUTPUT -d 192.168.2.0/24 -o eth0 -p tcp -m tcp --sport 8999 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT On 4/1/2018 at 12:48 AM, Oreonipples said: Im attempting to setup this docker and I think ive got it working but I am unable to connect to the webui in chrome or firefox. Ive included the log readout below. Thanks! qbittorrentvpn log.txt I dont see anything in the log you provided that shows an error or why it wouldnt load. It should load up as long as you arent using the WebUI button from unRAID. qBittorrent throws a redirect header error when the WebUI is launched from the unRAID menus. Instead try loading the IP address and port directly in a browser address bar. Its a qBittorrent issue for security purposes, nothing I can do about it. The github and dockerhub descriptions explain this. I've updated the unRAID docker template to reflect this in the container description as well. If it still won't load, send me the log file in /config/qBittorrent/data/logs and I'll take a look for errors. On 4/2/2018 at 6:47 AM, noski said: How to I set the VPN username/password? Currently getting this in log: Mon Apr 2 10:45:14 2018 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache. Mon Apr 2 10:45:14 2018 Exiting due to fatal error You need to save your credentials in a file in the same directory as your .ovpn file seperated by a new line. Example: jdoe jdoepass Then put this in your .ovpn file at the top: Example: (Using credentials.conf as an example) auth-user-pass credentials.conf Edited April 10, 2018 by MarkusMcNugen Quote Link to comment
Alfred Wrigfors Posted April 9, 2018 Share Posted April 9, 2018 Hi, I can't find the Username and Password to the UI anywhere... Is it the root user of my server? Thanks! Quote Link to comment
Squid Posted April 9, 2018 Share Posted April 9, 2018 Assuming qbittorrent Default Credentials Credential Default Value WebUI Username admin WebUI Password adminadmin Quote Link to comment
MarkusMcNugen Posted April 10, 2018 Author Share Posted April 10, 2018 4 hours ago, Alfred Wrigfors said: Hi, I can't find the Username and Password to the UI anywhere... Is it the root user of my server? Thanks! Squid got it right if you meant the qBittorrentvpn WebUI credentials. They are posted on the Github and Dockerhub descriptions. They are worth a read if you want to understand how the container fully works. You can change the admin credentials to anything you like, or disable authentication entirely for the local network. Totally up to you! 3 hours ago, Squid said: Assuming qbittorrent Default Credentials Credential Default Value WebUI Username admin WebUI Password adminadmin Thanks Squid! I didnt realize I wasnt getting email notifications from the unRAID forums. Im glad I checked back a few days ago so I could help some users and remedy that situation. Quote Link to comment
Alfred Wrigfors Posted April 10, 2018 Share Posted April 10, 2018 19 hours ago, Squid said: Assuming qbittorrent Default Credentials Credential Default Value WebUI Username admin WebUI Password adminadmin Thank you SOOOOOOO mush! Quote Link to comment
Kuusou Posted April 14, 2018 Share Posted April 14, 2018 I'd really like to use qBittorrent over Deluge, but I'm having a bunch of trouble with this docker. My initial issue was: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: config (2.4.4) Which I fixed by just taking the spaces out of the .ovpn file. Good to know for future reference I guess. Sadly after that frustration was over, the docker loads, with only warnings about the way passwords are being stored, but the Web UI won't work. Currently it's just a blank page no matter how I attempt to access it. Typing it in, bookmarking it, or attempting to use the "webui" function in Unraid, which I figured I'd give a shot since.. whatever. Either way it spits out the same blank page. The docker also still seems to input/output on 8080, even though I've changed it to 8114: -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT I thought maybe the port was locked in another docker setting, so I stopped the docker using 8080, reloaded qBittorrent 8080 as its set port, but again, just a white page. ... As a side question, I wanted to ask if there was any interest or plans to change the docker to act more like binhex's where all of the VPN settings are done within the container setup, instead of afterwards? Not exactly important, but something I personally like about his dockers, and would like to see. And are there issues stemming from this webui situation that make this docker incompatible with Sonarr/Radarr, etc? I'd hate to fuss with this thing so much, finally get it working, and then find out I can't link anything to it. Quote Link to comment
MarkusMcNugen Posted April 14, 2018 Author Share Posted April 14, 2018 (edited) 14 hours ago, Kuusou said: I'd really like to use qBittorrent over Deluge, but I'm having a bunch of trouble with this docker. My initial issue was: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: config (2.4.4) Which I fixed by just taking the spaces out of the .ovpn file. Good to know for future reference I guess. Sadly after that frustration was over, the docker loads, with only warnings about the way passwords are being stored, but the Web UI won't work. Currently it's just a blank page no matter how I attempt to access it. Typing it in, bookmarking it, or attempting to use the "webui" function in Unraid, which I figured I'd give a shot since.. whatever. Either way it spits out the same blank page. The docker also still seems to input/output on 8080, even though I've changed it to 8114: -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT I thought maybe the port was locked in another docker setting, so I stopped the docker using 8080, reloaded qBittorrent 8080 as its set port, but again, just a white page. ... As a side question, I wanted to ask if there was any interest or plans to change the docker to act more like binhex's where all of the VPN settings are done within the container setup, instead of afterwards? Not exactly important, but something I personally like about his dockers, and would like to see. And are there issues stemming from this webui situation that make this docker incompatible with Sonarr/Radarr, etc? I'd hate to fuss with this thing so much, finally get it working, and then find out I can't link anything to it. I guess that's good to know about the ovpn file. It sounds like your VPN provider didnt give you a very well formatted file or one formatted for Windows usage. The WebUI port is hardcoded, what you are changing in the container config is the open port from the container not an environmental variable I can read and replace the default with when its ran. Although that is a good idea and will be making that change this weekend. The warning you are seeing is most likely this one which is an option you can include in your ovpn file: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this You may also see this since the credentials.conf file is writable from the host: WARNING: file 'credentials.conf' is group or others accessible It would be helpful if you would provide the qbittorrent log file in /config/qBittorrent/data/log so I can see if there is some errors being thrown about. I just recreated the container with a new config location and everything and cant seem to reproduce any errors myself. I may make this container more automated as you suggested. I'll include a USERNAME and PASSWORD variable and save them in a conf file for the user and apply the "auth-user-pass" option in the ovpn config automatically, should be similar enough to binhex's containers. As for Sonarr/Radarr, I use both of them with this container with no problems. Edited April 14, 2018 by MarkusMcNugen Quote Link to comment
Kuusou Posted April 14, 2018 Share Posted April 14, 2018 I attached the log for you. Thanks for the quick help. qBittLog.txt Quote Link to comment
MarkusMcNugen Posted April 17, 2018 Author Share Posted April 17, 2018 On 4/14/2018 at 3:28 PM, Kuusou said: I attached the log for you. Thanks for the quick help. qBittLog.txt Thanks, but unfortunately that is not the log I needed. I need the qBittorrent log that is stored in /mnt/cache/appdata/qbittorrentvpn/qBittorrent/data/logs Quote Link to comment
whauk Posted April 24, 2018 Share Posted April 24, 2018 Take mine - I have the same problem..;-}qbittorrent.log Quote Link to comment
MarkusMcNugen Posted April 28, 2018 Author Share Posted April 28, 2018 (edited) On 4/24/2018 at 8:08 AM, whauk said: Take mine - I have the same problem..;-}qbittorrent.log Hi Whauk, Thank you for providing that log. qBittorrent implements a security feature against DNS rebinding which seems to be messing with Bridge/HOST configurations and port forwarding done by Docker. Im about to update the container to allow people to change the official qBittorrent ports with environmental variables. Source: https://github.com/qbittorrent/qBittorrent/issues/7641 Edited April 28, 2018 by MarkusMcNugen Quote Link to comment
MarkusMcNugen Posted April 29, 2018 Author Share Posted April 29, 2018 (edited) On 4/24/2018 at 8:08 AM, whauk said: Take mine - I have the same problem..;-}qbittorrent.log Container and template have been updated. You can now provide the VPN username and password to environmental variables and it will create the credentials.conf file and configure your ovpn config file automatically. You can also edit the WEBUI_PORT_ENV and INCOMING_PORT_ENV variables (Youll need to change the exposed ports as well) to modify the ports qBittorrent uses without having to do port forwarding and getting the DNS rebinding issue. If you already have the container installed you may need to delete and recreate it to get the new template applied, or just simply update the container and add the variables to the config yourself. You can see the template here. Edited April 29, 2018 by MarkusMcNugen Quote Link to comment
whauk Posted April 30, 2018 Share Posted April 30, 2018 Thanks, I'll give it a shot. Quote Link to comment
Demiurgous Posted May 1, 2018 Share Posted May 1, 2018 (edited) I'm having the same error previously reported: Quote Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: config (2.4.4) I'm not sure which file has the extra spaces, or what formatting it should have. If it matters, all VPN config files are from PIA, which are publicly available here. I assume the above is why I can't access the WebUI for QBittorrent in the browser. Edited May 1, 2018 by Demiurgous Quote Link to comment
MarkusMcNugen Posted May 2, 2018 Author Share Posted May 2, 2018 19 hours ago, Demiurgous said: I'm having the same error previously reported: I'm not sure which file has the extra spaces, or what formatting it should have. If it matters, all VPN config files are from PIA, which are publicly available here. I assume the above is why I can't access the WebUI for QBittorrent in the browser. Please attach your ovpn file (You can remove the keys from the file before posting) Quote Link to comment
Kuusou Posted May 4, 2018 Share Posted May 4, 2018 (edited) Woops, didn't realize what logs were which. It seems your update fixed the white screen for me though. My issue now is that changing the two given webui ports to the port I want seems to keep the 8080 port involvement, and then not let me access the webui anymore. If I just use 8080 it works fine. is there something else I need to edit here that I cant see? qbittorrent.log Edit: I was reading up on the other qBittorrent dockers and they seem to have the same issue. It might be a limitation of some kind. Let me know if you work around it. I'd love to change the port. Edit2: I'm unable to tunnel Radarr and Sonarr through the docker to use as a.. proxy.. for my proxy.., which I currently do with my other torrent client. Is there a workaround for this, or something I need to enable/do differently? Or would you simply recommend doing it a different way if I'd like to utilize this container from now on? Also I wanted to thank you for creating, working on, and updating/fixing this container. I had been waiting for someone to do so for a while, and even looked into options for doing it myself, but have little experience with dockers in unraid, so having a ready, or mostly ready option is just beautiful. Edited May 16, 2018 by Kuusou Quote Link to comment
jaxder Posted July 17, 2018 Share Posted July 17, 2018 Any chance of implementing the qBittorrent search feature into this docker? Quote Link to comment
plantsandbinary Posted July 22, 2018 Share Posted July 22, 2018 (edited) @MarkusMcNugen Hi and firstly thanks so much for this amazing docker. The VPN credentials part was by far the easiest of any docker I've used here. Binhex's dockers are great but require a crazy amount of configuring to get working. Just being able to drop my .ovpn config server file of choice in and throw in my username and password is exactly the kind of simplicity I honestly expected from other dockers, instead of being tailored the hard way to only work with one or two providers. I have a problem though. No matter what I do or what interface or port I choose, I absolutely cannot open the WebUI. You said that clicking "WebUI" from unraid doesn't work. But neither does going to http://<MYIP>:8080 or whatever port that I pick. I've tried every interface I've created and made available except Host. I either just get a completely blank page or a "page cannot be displayed" error. Can you give me a hand? Also is there any chance you could set up some kind of SSL and .htaccess security for this? I know I'm just being lazy asking for it but running over HTTP is kinda crazy in this day and age. When I get the WebUI sorted I'm going to try and reverse proxy this so I can access it from the web but keep it secure with .htaccess. I'm happy to do both in the meantime but without the webui loading I can't do anything. I'd post a log but it looks like everything is meant to be working correctly. It's just the UI that does not load. I did attach my .ovpn config file though. Here's the last part: Quote 2018-07-22 10:45:25.469077 [info] Starting qBittorrent daemon...Logging to /config/qBittorrent/data/logs/qbittorrent-daemon.log.2018-07-22 10:45:26.516308 [info] qBittorrent PID: 1962018-07-22 10:45:26.528414 [info] Started qBittorrent daemon successfully... Thanks, and I seriously hope I see more dockers from you with the same simplicity. se44.nordvpn.com.udp.ovpn Edited October 12, 2018 by plantsandbinary Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.