funkemunky/protonvpn-qbittorrent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updating to allow for getting info from external wireguard servers
Continuous Integration / docker (push) Successful in 23s
Details

Browse Source
This commit is contained in:
Dawson
2026-05-06 11:13:35 -04:00
parent 26c7087183
commit 634fe3fde6
3 changed files with 101 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+3 -1
View File
@@ -1,9 +1,11 @@
FROM alpine:3.22 FROM alpine:3.22
ENV LOCAL_IPV4_SUBNETS="192.168.0.0/16" ENV LOCAL_IPV4_SUBNETS="192.168.0.0/16"
ENV MANAGE_WIREGUARD="true"
ENV TZ="UTC" ENV TZ="UTC"
ENV WEBUI_HOST="http://localhost:8080" ENV WEBUI_HOST="http://localhost:8080"
ENV WIREGUARD_INTERFACE="wg0" ENV WIREGUARD_INTERFACE="wg0"
ENV GATEWAY_IP="10.2.0.1"
RUN apk add --update --no-cache \ RUN apk add --update --no-cache \
bash ca-certificates curl iproute2 iptables ip6tables jq libnatpmp tzdata wireguard-tools \ bash ca-certificates curl iproute2 iptables ip6tables jq libnatpmp tzdata wireguard-tools \
@@ -13,6 +15,6 @@ RUN apk add --update --no-cache \
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
HEALTHCHECK --start-period=15s --interval=60s --timeout=10s --retries=3 \ HEALTHCHECK --start-period=15s --interval=60s --timeout=10s --retries=3 \
CMD ping -c 1 10.2.0.1 || exit 1 CMD ping -c 1 "${GATEWAY_IP:-10.2.0.1}" || exit 1
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]
README.md
+11 -7
View File
@@ -13,10 +13,14 @@ Tools
### Recommended Environment Variables ### Recommended Environment Variables
| Variable | Default | Examples | Description | | Variable | Default | Examples | Description |
| -------- | ------- | ----- | ---------- | |-----------------------|-------------------------|------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
| `TZ` | `UTC` | `America/Denver` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight. | `TZ` | `UTC` | `America/Denver` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight. |
| `WIREGUARD_INTERFACE` | `wg0` | `wg0`, `wg1`, ... | Set the wireguard interface name to use. | `MANAGE_WIREGUARD` | `true` | `false` | Set to `false` when this container should only manage Proton NAT-PMP and qBittorrent while sharing another WireGuard container's network namespace. |
| `LOCAL_IPV4_SUBNETS` | `192.168.0.0/16` | `192.168.0.0/16, 10.0.0.0/8` | Comma separated list of local subnet CIDRs to be allowed outside the wireguard tunnel. | `WIREGUARD_INTERFACE` | `wg0` | `wg0`, `wg1`, ... | Set the wireguard interface name to use. |
| `WEBUI_HOST` | `http://localhost:8080` | <URL to qBittorrent Web UI> | URL to the qBittorrent Web UI. Authentication must be disabled to localhost connections unless `WEBUI_USERNAME` and `WEBUI_PASSWORD` are set. | `GATEWAY_IP` | `10.2.0.1` | `10.2.0.1` | Proton VPN NAT-PMP gateway IP. |
| `WEBUI_USERNAME` | | `admin` | Optional qBittorrent Web UI username. Use this if localhost authentication bypass is not enabled. | `LOCAL_IPV4_SUBNETS` | `192.168.0.0/16` | `192.168.0.0/16, 10.0.0.0/8` | Comma separated list of local subnet CIDRs to be allowed outside the wireguard tunnel. |
| `WEBUI_PASSWORD` | | `adminadmin` | Optional qBittorrent Web UI password. Use this if localhost authentication bypass is not enabled. | `WEBUI_HOST` | `http://localhost:8080` | <URL to qBittorrent Web UI> | URL to the qBittorrent Web UI. Authentication must be disabled to localhost connections unless `WEBUI_USERNAME` and `WEBUI_PASSWORD` are set. |
| `QBITTORRENT_HOST` | | `localhost` | Alternative way to set the qBittorrent Web UI host. Used with `QBITTORRENT_PORT`. |
| `QBITTORRENT_PORT` | | `8088` | Alternative way to set the qBittorrent Web UI port. Used with `QBITTORRENT_HOST`. |
| `WEBUI_USERNAME` | | `admin` | Optional qBittorrent Web UI username. Use this if localhost authentication bypass is not enabled. |
| `WEBUI_PASSWORD` | | `adminadmin` | Optional qBittorrent Web UI password. Use this if localhost authentication bypass is not enabled. |
entrypoint.sh
+16 -5
View File
@@ -11,6 +11,11 @@ fatal() {
exit 1 exit 1
} }
MANAGE_WIREGUARD="${MANAGE_WIREGUARD:-true}"
WIREGUARD_INTERFACE="${WIREGUARD_INTERFACE:-wg0}"
GATEWAY_IP="${GATEWAY_IP:-10.2.0.1}"
if [[ "${MANAGE_WIREGUARD}" == "true" ]]; then
iptables-save | tee /tmp/rules.v4.$$.conf iptables-save | tee /tmp/rules.v4.$$.conf
ip6tables-save | tee /tmp/rules.v6.$$.conf ip6tables-save | tee /tmp/rules.v6.$$.conf
@@ -26,8 +31,6 @@ fi
# sysctl is set by container, wg-quick will then error # sysctl is set by container, wg-quick will then error
sed -i "s:sysctl -q net.ipv4.conf.all.src_valid_mark=1:echo Skipping setting net.ipv4.conf.all.src_valid_mark:" /usr/bin/wg-quick sed -i "s:sysctl -q net.ipv4.conf.all.src_valid_mark=1:echo Skipping setting net.ipv4.conf.all.src_valid_mark:" /usr/bin/wg-quick
WIREGUARD_INTERFACE="${WIREGUARD_INTERFACE:-wg0}"
if [ ! -f "/etc/wireguard/${WIREGUARD_INTERFACE}.conf" ]; then if [ ! -f "/etc/wireguard/${WIREGUARD_INTERFACE}.conf" ]; then
fatal "Error: Configuration file /etc/wireguard/${WIREGUARD_INTERFACE}.conf does not exist" fatal "Error: Configuration file /etc/wireguard/${WIREGUARD_INTERFACE}.conf does not exist"
fi fi
@@ -85,19 +88,27 @@ ip6tables -A OUTPUT ! -o ${WIREGUARD_INTERFACE} -m mark ! --mark ${WIREGUARD_FWM
iptables-save | tee /tmp/rules.v4.${WIREGUARD_INTERFACE}.$$.conf iptables-save | tee /tmp/rules.v4.${WIREGUARD_INTERFACE}.$$.conf
ip6tables-save | tee /tmp/rules.v6.${WIREGUARD_INTERFACE}.$$.conf ip6tables-save | tee /tmp/rules.v6.${WIREGUARD_INTERFACE}.$$.conf
else
info "Using externally managed wireguard interface: ${WIREGUARD_INTERFACE}"
wg show ${WIREGUARD_INTERFACE} || true
fi
sleep 8 & sleep 8 &
wait ${!} wait ${!}
# check to see if tunnel allows port forwarding # check to see if tunnel allows port forwarding
natpmpc -g 10.2.0.1 natpmpc -g "${GATEWAY_IP}"
# give some delay until qbittorrent container launches # give some delay until qbittorrent container launches
sleep 5 & sleep 5 &
wait ${!} wait ${!}
# qbittorrent webui host # qbittorrent webui host
if [[ -n "${QBITTORRENT_HOST:-}" || -n "${QBITTORRENT_PORT:-}" ]]; then
WEBUI_HOST="http://${QBITTORRENT_HOST:-localhost}:${QBITTORRENT_PORT:-8080}"
else
WEBUI_HOST="${WEBUI_HOST:-http://localhost:8080}" WEBUI_HOST="${WEBUI_HOST:-http://localhost:8080}"
fi
WEBUI_USERNAME="${WEBUI_USERNAME:-}" WEBUI_USERNAME="${WEBUI_USERNAME:-}"
WEBUI_PASSWORD="${WEBUI_PASSWORD:-}" WEBUI_PASSWORD="${WEBUI_PASSWORD:-}"
WEBUI_COOKIE_JAR="/tmp/qbittorrent-webui.$$.cookie" WEBUI_COOKIE_JAR="/tmp/qbittorrent-webui.$$.cookie"
@@ -138,10 +149,10 @@ fi
# loop now forever keeping port forward up to date (protonvpn) # loop now forever keeping port forward up to date (protonvpn)
# https://protonvpn.com/support/port-forwarding-manual-setup # https://protonvpn.com/support/port-forwarding-manual-setup
while true; do while true; do
tcp_output=$(natpmpc -a 1 0 tcp 60 -g 10.2.0.1) tcp_output=$(natpmpc -a 1 0 tcp 60 -g "${GATEWAY_IP}")
tcp_port=$(echo "${tcp_output}" | sed -n 's/.*Mapped public port \([0-9]\+\).*/\1/p') tcp_port=$(echo "${tcp_output}" | sed -n 's/.*Mapped public port \([0-9]\+\).*/\1/p')
udp_output=$(natpmpc -a 1 0 udp 60 -g 10.2.0.1) udp_output=$(natpmpc -a 1 0 udp 60 -g "${GATEWAY_IP}")
udp_port=$(echo "${udp_output}" | sed -n 's/.*Mapped public port \([0-9]\+\).*/\1/p') udp_port=$(echo "${udp_output}" | sed -n 's/.*Mapped public port \([0-9]\+\).*/\1/p')
if ! [[ "${tcp_port}" =~ ^[0-9]+$ && "${udp_port}" =~ ^[0-9]+$ ]]; then if ! [[ "${tcp_port}" =~ ^[0-9]+$ && "${udp_port}" =~ ^[0-9]+$ ]]; then