[Support] binhex - PrivoxyVPN


Recommended Posts

@binhex My indexers stopped working recently, timeouts between them and sonarr/radarr.  I'm assuming this update is the issue.  I updated all the dockers and configured it (I think) correctly.  I started with Jackett to see if I could get it to work and have it going through the DelugePrivoxy.  I validated this by doing the curl ifconfig.io on both dockers and was given the same IP.  

 

I cannot, however, get the webUI to load for jackett.  I've been over the FAQ and cannot find what i'm missing, can someone lend a hand?

Deluge1.jpg

Deluge2.jpg

Deluge3.jpg

Jackett.jpg

Edited by DaSlinky
clarification
Link to comment

Hi @binhex I posted on the wrong thread the other day, reposting on this, the correct thread as didn't want you to think I was ungrateful!

 

I have managed to get all my containers talking to each other in your container now and can now access all my containers WebUI's and they are all talking to each other.  The answers were there in your guide & Q&A I just needed some help understanding a few things.

 

Just wanted to say a MASSIVE thank you for your work, time and patience, it is HUGELY appreciated!

  • Thanks 1
Link to comment
Just poking the "wireguard" with a stick again. Also more than willing to contribute to some sort of "bounty" reward if it's a feature that's otherwise not seen as viable.

Wireguard is supported and has been for a while, but maybe I’m misunderstanding your question?


Sent from my iPhone using Tapatalk
  • Thanks 1
Link to comment
1 hour ago, Jorgen said:


Wireguard is supported and has been for a while, but maybe I’m misunderstanding your question?


Sent from my iPhone using Tapatalk

 

It's possible I'm doing a lot of the misunderstanding :)

 

For some reason I was under the impression that whilst wireguard was supported, it wasn't fully supported for using other containers with it? I'm not sure what lead me to believe that (and the more explanation i've typed below, the less this makes sense, derp). 

 

I've since deleted everything I've typed because as I tried to explain it I double checked things and it didn't actually match up with what I thought. INow I'm not even sure what issues I have. I think it's just a lot of me not knowing quite what I'm doing haha. Your previous answers in this thread have been useful though, thank you.

 

edit: for posterity sake and anybody else coming into issues and not sure what it is, (shoutout to the UnraidCommunity discord for pointing me to it) 

 

https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

 

Quote

Q26. I have recently updated my Docker image for DelugeVPN/PrivoxyVPN/SABnzbdVPN/qBittorrentVPN and have setup Sonarr/Radarr/Lidarr...etc to use Privoxy (proxy server), but this is now no longer able to connect to the 'Download Client' (e.g. Deluge, rTorrent, qBittorrent, SABnzbd), why is this and how can i fix it?.

 

A26. Due to iptables tightening you need to now bypass local addresses for proxy connection in index applications, for Sonarr/Radarr/Lidarr this can be achieved by editing the value for 'Ignored Addresses' under the Settings/General/Proxy and entering in the IP address of the unRAID server running the VPN container. This will then bypass using Privoxy (proxy server) for connections to the local server, and thus allow a direct connection to the download client.

An alternative method to this is to setup Jackett, then configure Jackett to use Privoxy. You then simply point Sonarr/Radarr/Lidarr...etc at Jackett as an 'Indexer' and you are done, there is NO need to configure a proxy for Sonarr/Radarr/Lidarr...etc in this configuration, as Jackett is already doing the proxying for you.

 

All this confusing and hair pulling, and all I had to do was add the server IP to the "ignored addresses" value in the privoxy settings. And I'm sure this has been posted here already too! Time for a nap, I love this community 

Edited by drewgi
  • Like 1
Link to comment
 
All this confusing and hair pulling, and all I had to do was add the server IP to the "ignored addresses" value in the privoxy settings. And I'm sure this has been posted here already too! Time for a nap, I love this community 

Glad you worked it out!
It can be confusing with the two different methods of using the VPN tunnel, each one with its own quirks on how to set it up.


Sent from my iPhone using Tapatalk
  • Like 1
Link to comment
15 minutes ago, Jorgen said:


Glad you worked it out!
It can be confusing with the two different methods of using the VPN tunnel, each one with its own quirks on how to set it up.


Sent from my iPhone using Tapatalk

a side note on wireguard, as part of my iptables testing i discovered that external access to the webui of the application running in the vpn container was not permitted when running wireguard, after scratching my head for several hours i discovered the fix is to restrict what traffic gets forced down the tunnel, this fix is now in place (pia users only), and should now work for external access via port forward (weirdly reverse proxy to web ui was fine!).

  • Thanks 1
Link to comment
12 minutes ago, binhex said:

a side note on wireguard, as part of my iptables testing i discovered that external access to the webui of the application running in the vpn container was not permitted when running wireguard, after scratching my head for several hours i discovered the fix is to restrict what traffic gets forced down the tunnel, this fix is now in place (pia users only), and should now work for external access via port forward (weirdly reverse proxy to web ui was fine!).

 

I've moved over to using a separate privoxy docker now vs what I had before I switched to wireguard (qbittorent with privoxy), and was struggling to access the UI even though I was getting no run errors/no errors with the vpn itself. I guess that explains that? What a head scratcher! Thanks for all the work you do :) I switched over most of my containers to binhex about a year ago and never looked back

Edited by drewgi
Link to comment

I've gone through all the setting, but for the life of me I cannot find where to do this from Q/A 25.  Everything appears to be wanting to route through the VPN, but there's no WebUI on my dockers now.

 

Quote

The other change you will need to do is when defining connections from an application to another application in the same container network (as is the case in this scenario) then you will need to set the host to 'localhost' and NOT the LAN IP address, this is because the applications are now bound to the same network and thus should communicate over 'localhost'.

 

Link to comment
19 hours ago, mbc0 said:

Hi removed binhex tag I posted on the wrong thread the other day, reposting on this, the correct thread as didn't want you to think I was ungrateful!

 

I have managed to get all my containers talking to each other in your container now and can now access all my containers WebUI's and they are all talking to each other.  The answers were there in your guide & Q&A I just needed some help understanding a few things.

 

Just wanted to say a MASSIVE thank you for your work, time and patience, it is HUGELY appreciated!

 

 

@mbc0  What was your issue and how did you resolve it?  Just curious because i'm having a hell of a time getting my WebUIs on the containers to work.

Link to comment
9 hours ago, DaSlinky said:

Just curious because i'm having a hell of a time getting my WebUIs on the containers to work.

are you routing your containers through a vpn enabled container OR are you using privoxy and setting the proxy settings for your applications?.

 

saw the screenshots above, ok so you are routing jackett (and others, but lets concentrate on jackett) through delugevpn, i see from the screenshot you have added in port 9117 (jacketts default port) to ADDITIONAL_PORTS, a good start!, HOWEVER you are missing the port itself, you need to add the port to the delugepvn container too, without that there is no connection from host to jackett.

 

so add a new port to delugevpn, host port. = <whatever you want as long as its not in use> e.g. 9117, and then container port of 9117 (do not change this).

Link to comment
1 hour ago, binhex said:

are you routing your containers through a vpn enabled container OR are you using privoxy and setting the proxy settings for your applications?.

 

saw the screenshots above, ok so you are routing jackett (and others, but lets concentrate on jackett) through delugevpn, i see from the screenshot you have added in port 9117 (jacketts default port) to ADDITIONAL_PORTS, a good start!, HOWEVER you are missing the port itself, you need to add the port to the delugepvn container too, without that there is no connection from host to jackett.

 

so add a new port to delugevpn, host port. = <whatever you want as long as its not in use> e.g. 9117, and then container port of 9117 (do not change this).

I orphaned my DelugeVPN last night... so I'll have to recreate this.  So i'm clear can you validate that the Jackett settings are correct above and I'll be doing the following to the DelugeVPN container.

 

Creating the following ports in Deluge.  Variable name in caps.

  • ADDITIONAL_PORTS: this will have whatever ports I need to forward.  9117 for Jackett.  This can/will house multiple ports.
  • HOST PORT: Pick some random unused port (is there a range?) Is this what is used for the WebUI? This is a single or can house multiple ports.
  • CONTAINER PORT: This has to match the container that's being routed.  Assuming a new one to be created for each routed container.

I owe you a few beers come payday BinHex!

Link to comment
6 minutes ago, DaSlinky said:

So i'm clear can you validate that the Jackett settings are correct above

nearly correct, you didnt remove ALL ports from jackett, please do this.

 

6 minutes ago, DaSlinky said:

ADDITIONAL_PORTS: this will have whatever ports I need to forward.  9117 for Jackett.  This can/will house multiple ports.

correct, and yes multiple ports, with comma to separate.

 

7 minutes ago, DaSlinky said:

HOST PORT: Pick some random unused port (is there a range?) Is this what is used for the WebUI? This is a single or can house multiple ports.

to be clear this is NOT a env var, create a port and define the the 'host' side of the port, port has to be unused, can be whatever you want but most people pick 6000 range, has to be a single port only, if you need other ports then add more.

 

8 minutes ago, DaSlinky said:

CONTAINER PORT: This has to match the container that's being routed.  Assuming a new one to be created for each routed container.

again to be clear, this is not a env var, its the 'container' side of the port you just created in the above step.

 

you really need to read Q24. it really is all explained in there to be honest:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Link to comment
13 minutes ago, binhex said:

nearly correct, you didnt remove ALL ports from jackett, please do this.

 

correct, and yes multiple ports, with comma to separate.

 

to be clear this is NOT a env var, create a port and define the the 'host' side of the port, port has to be unused, can be whatever you want but most people pick 6000 range, has to be a single port only, if you need other ports then add more.

 

again to be clear, this is not a env var, its the 'container' side of the port you just created in the above step.

 

you really need to read Q24. it really is all explained in there to be honest:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Trust me, been over that more times then <insert explicative>.  I think its a knowledge barrier on my part.

 

I went and removed the 9117 in Jackett.  I leave the WebUI line alone or pull that out because the instructions in A24 say to remove all the ports.

 

I was thinking those were 3  separate entries. They're to be two entries?  One for all the container ports (additional_ports, multiple) and  a single entry per container, like the one below.  This will route the traffic within the Deluge VPN and over to Jackett?

 

image.png.cde46e5d5c2b593f7098dc4dc29a50b5.png

Link to comment
2 minutes ago, DaSlinky said:

 One for all the container ports (additional_ports, multiple) and  a single entry per container, like the one below. 

correct, with ADDITIONAL_PORTS being an env var - just stressing this port.

 

4 minutes ago, DaSlinky said:

This will route the traffic within the Deluge VPN and over to Jackett?

this will allow incoming traffic from your lan on <host port you decide> to container port for the app, just like a normal port mapping does on a non routed container, there is nothing special here, the only 'magic sauce' is the ADDITIONAL_PORTS env var, this punches holes in the firewall to allow you to connect.

Link to comment
20 minutes ago, binhex said:

'magic sauce' is the ADDITIONAL_PORTS env var, this punches holes in the firewall to allow you to connect.

I see you stressing the ENV VAR pretty hard.  In my earlier Deluge build I had the Additional Ports already supplied, apparently in the one from last night its no longer there.  I need to add this as a VARIABLE and not a PORT with the below settings.

 

I have Jackett PORT entry as Contrainer Port: 9117, HOST PORT 6000

Additional Entry as below.

 

Save/apply all settings

Start DelugeVPN, validate its getting different IP

Start Jackett, validate its getting the same IP as Deluge

No WebUI option

 

image.png.fa5bf7c6a851227f99772465a25e27cf.png

Link to comment
2 minutes ago, DaSlinky said:

No WebUI option

when you say no webui option, do you mean you dont see the 'web ui' when you left click jackett?, if so that is completely expected, it wont be there, as its now routing through delugevpn, you need to fire up a web browser and navigate to http://<your host ip address>:6000

Link to comment
1 hour ago, binhex said:

when you say no webui option, do you mean you dont see the 'web ui' when you left click jackett?, if so that is completely expected, it wont be there, as its now routing through delugevpn, you need to fire up a web browser and navigate to http://<your host ip address>:6000

Configured the the ENV VAR as a VARIABLE as shown above, the Jackett entry as well, browse to http://192.168.1.159:6000 and nothing.  Shutdown the array and rebooted the entire system (someone said that worked for them), same thing.   

Link to comment
1 hour ago, DaSlinky said:

Please and Thanks BinHex

im running out of those, been doing support fallout for days!.

 

ok can you screenshot ADDITIONAL_PORTS env var, i want to ensure the key is set not just the name, also can you set VPN_INPUT_PORTS also to 9117 PLEASE :-).

 

Link to comment
17 minutes ago, binhex said:

im running out of those, been doing support fallout for days!.

 

ok can you screenshot ADDITIONAL_PORTS env var, i want to ensure the key is set not just the name, also can you set VPN_INPUT_PORTS also to 9117 PLEASE :-).

 

 

Done, Should I do something for VPN OUTPUT ports?

 

D6.jpg.9560a8d198ec63cada1a0d4c3b6921df.jpgD5.jpg.f069aaac3fb5a604e96204b3a535fcae.jpg

Link to comment
7 minutes ago, DaSlinky said:

Done, Should I do something for VPN OUTPUT ports?

not required for jackett, this is used when you want to talk from a container running inside the vpn network to another container running on the lan, this is not the case for jackett.

 

can you please attach /config/Jackett/ServerConfig.json i want to ensure its not set to use a proxy or external access hasnt been accidently disabled.

 

also please restart jackett, just in case its not bound correctly to the vpn network, then try web ui

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.