Docker container which runs the latest headless qBittorrent client with WebUI while connecting to OpenVPN with iptables killswitch to prevent IP leakage when the tunnel goes down.
- Base: Ubuntu 20.04
- Always builds latest qBittorrent client
- Size: 300MB
- Selectively enable or disable OpenVPN support
- IP tables kill switch to prevent IP leaking when VPN connection fails
- Specify name servers to add to container
- Configure UID, GID, and UMASK for config files and downloads by qBittorrent
- WebUI\CSRFProtection set to false by default for Unraid users
- Restart container if health check is failed
The container is available from the Docker registry and this is the simplest way to get it. To run the container use this command:
docker run --name torrent --restart always --privileged -d \
-v ~/tor/config/:/config \
-v ~/tor/downloads/:/downloads \
-e "VPN_ENABLED=yes" \
-e "VPN_TYPE=openvpn" \
-e "VPN_ENABLED=yes" \
-e "LAN_NETWORK=192.168.1.0/24" \
-e "NAME_SERVERS=8.8.8.8,8.8.4.4" \
-e "HEALTH_CHECK_HOST=one.one.one.one" \
-e "HEALTH_CHECK_INTERVAL=10" \
-e "HEALTH_CHECK_PING_AMOUNT=10" \
-p 8080:8080 \
-p 8999:8999 \
-p 8999:8999/udp \
torrent:0.3
Variable | Required | Function | Example |
---|---|---|---|
VPN_ENABLED |
Yes | Enable VPN? (yes/no) Default:yes | VPN_ENABLED=yes |
VPN_USERNAME |
No | If username and password provided, configures ovpn file automatically | VPN_USERNAME=ad8f64c02a2de |
VPN_PASSWORD |
No | If username and password provided, configures ovpn file automatically | VPN_PASSWORD=ac98df79ed7fb |
LAN_NETWORK |
Yes | Local Network with CIDR notation | LAN_NETWORK=192.168.1.0/24 |
HEALTH_CHECK_HOST |
Yes | Host for ping | HEALTH_CHECK_HOST=one.one.one.one |
HEALTH_CHECK_INTERVAL |
Yes | Interval between ping in a seconds | HEALTH_CHECK_INTERVAL=10 |
HEALTH_CHECK_PING_AMOUNT |
Yes | Number of ping requests | HEALTH_CHECK_PING_AMOUNT=10 |
NAME_SERVERS |
No | Comma delimited name servers | NAME_SERVERS=8.8.8.8,8.8.4.4 |
PUID |
No | UID applied to config files and downloads | PUID=99 |
PGID |
No | GID applied to config files and downloads | PGID=100 |
UMASK |
No | GID applied to config files and downloads | UMASK=002 |
WEBUI_PORT_ENV |
No | Applies WebUI port to qBittorrents config at boot (Must change exposed ports to match) | WEBUI_PORT_ENV=8080 |
INCOMING_PORT_ENV |
No | Applies Incoming port to qBittorrents config at boot (Must change exposed ports to match) | INCOMING_PORT_ENV=8999 |
Volume | Required | Function | Example |
---|---|---|---|
config |
Yes | qBittorrent and OpenVPN config files | /your/config/path/:/config |
downloads |
No | Default download path for torrents | /your/downloads/path/:/downloads |
Port | Proto | Required | Function | Example |
---|---|---|---|---|
8080 |
TCP | Yes | qBittorrent WebUI | 8080:8080 |
8999 |
TCP | Yes | qBittorrent listening port | 8999:8999 |
8999 |
UDP | Yes | qBittorrent listening port | 8999:8999/udp |
Access http://IPADDRESS:PORT from a browser on the same network.
Credential | Default Value |
---|---|
WebUI Username |
admin |
WebUI Password |
adminadmin |
WebUI\CSRFProtection must be set to false in qBittorrent.conf if using an unconfigured reverse proxy or forward request within a browser. This is the default setting unless changed. This file can be found in the dockers config directory in /qBittorrent/config
qBittorrent throws a WebUI: Invalid Host header, port mismatch error if you use port forwarding with bridge networking due to security features to prevent DNS rebinding attacks. If you need to run qBittorrent on different ports, instead edit the WEBUI_PORT_ENV and/or INCOMING_PORT_ENV variables AND the exposed ports to change the native ports qBittorrent uses.
The container will fail to boot if VPN_ENABLED
is set to yes or empty and a .ovpn is not present in the /config/openvpn directory. Drop a .ovpn file from your VPN provider into /config/openvpn and start the container again. You may need to edit the ovpn configuration file to load your VPN credentials from a file by setting auth-user-pass
.
Note: The script will use the first ovpn file it finds in the /config/openvpn directory. Adding multiple ovpn files will not start multiple VPN connections.
auth-user-pass credentials.conf
username
password
User ID (PUID) and Group ID (PGID) can be found by issuing the following command for the user you want to run the container as:
id <username>
If you are having issues with this container please submit an issue on GitHub. Please provide logs, docker version and other information that can simplify reproducing the issue. Using the latest stable verison of Docker is always recommended. Support for older version is on a best-effort basis.
To build this container, clone the repository and cd into it.
$ ./build.sh
OR
$ docker build -t torrent:0.3 ./
docker run --name torrent --restart always --privileged -d \
-v ~/tor/config/:/config \
-v ~/tor/downloads/:/downloads \
-e "VPN_ENABLED=yes" \
-e "VPN_TYPE=openvpn" \
-e "VPN_ENABLED=yes" \
-e "LAN_NETWORK=192.168.1.0/24" \
-e "NAME_SERVERS=8.8.8.8,8.8.4.4" \
-e "HEALTH_CHECK_HOST=one.one.one.one" \
-e "HEALTH_CHECK_INTERVAL=10" \
-e "HEALTH_CHECK_PING_AMOUNT=10" \
-p 8080:8080 \
-p 8999:8999 \
-p 8999:8999/udp \
torrent:0.3
This will start a container as described in the "Run container from Docker registry" section.