Docker-compose explanation #104
Comments
|
Anyone? |
|
My understanding is this is the CIDR block for your local network. So like mine is 192.168.1.0/24 which is super common. You should be able to find this in your router or running something like ipconfig /all on Windows. Find your network device, and then check the subnet mask. Most likely it's 255.255.255.0 which is /24. |
Cool thanks! Explains a lot. And do you also happen to know anything about the VPN settings and which traffic is tunneled over VPN? |
|
Docker containers each have their own network so they should all go over your open internet, unless you specify a VPN connection for the container. If you have access into the container directly (I use Portainer and I can get into it easily), you can run something like curl ifconfig.io and it will return the IP so you can double verify. |
I run portainer too, so yes, I can verify. The thing is; with the configuration of my docker containers as displayed above I want to know if I am connecting my whole server or only that container over VPN. |
|
My understanding is it would just be that container over VPN. If you run that command in a different container to check take note of the IP. If it matches your public IP (You can check that by just typing What is my ip into Google), then it isn't going over VPN. If it doesn't match, then that public IP is from your VPN provider and that container is going over VPN. Hope that helps. |
|
Cool thanks. I tried running docker-compose with the configuration as showed above. Sadly, I get Anyone? |
|
So did you run it with this:
Where is says "/your/storage/path/" it will need to be changed to your storage path on your host. Same with the config. I am guessing /path/to/config/directory does not exist on your host system. |
I have a samba mount as a path to the storage. My config folder exists but it does not contain anything. What should be in there? About the docker compose file: |
|
Ok, lets do these one at a time. You are supposed to change the "/path/to/config/directory" part in the compose file to your actual config directory where the docker user has permissions to read and write. I thought you where using Portainer correct? If so you can use its volume manager to deal with the config dir. Change this: What VPN provider are you paying for? That is going to dictate the VPN settings you will need to use. Do you have a subscription with NordVPN? On the host system what is your storage path? "/your/storage/path" is a placeholder and you need to change it to your actual path where you are storing your downloads i.e. "/home/pi/downloads" If you do not have an account with a supported VPN this container will not work as far as I know. |
Yes I do use Portainer. But to clarify; I have my docker compose file placed in
Done, already did it first time. My folder is named
Yes I have a paid subscription for NordVPN. So wondering what settings do apply. Is it also required to download these config files from their website?
I have a folder within the Here you can find my current settings: As you know, config is now still empty. Hope you can help me out. Thanks in advance! |
|
I understand now. Try rolling back to a previous image? I had to roll back to dd4cd24 due to a syntax error in latest (looks to be a pull request to address it)
Maybe that will help? My only other idea is to use the absolute path instead of relative in the volume section. The errors you where seeing make me think it is a permission issue. In my Portainer I don't use Compose files or Stacks very often, most of my containers are configured via the Container tab. Here is my ENV:
And here is my VOLUMES:
for my config dir it is managed by Portainer's Volume system and its mount point is this on my host: /srv/dev-disk-by-label-Home/docker has the owner:group as root:root with permisions set to drwx--x--- or 710 Hope this helps! |
Thanks for your elaborate explanation. I will verify the permissions of the folder. Then my next step will be a rollback if that doesn't work. I noticed that your PGID is 100 instead of 1000. Might this be a thing maybe? Never had any problems with absolute or relative paths so I guess that might not be a thing. And, I see you have a config.ovpn file. Is this created when running the image correctly or did you make it? What does it contain? |
|
The PGID is because on my Debian system the group "users" has ID 100. You should be able to check your GID by entering this command as your regular user: here is some info from my logs. I don't think that config file is being used. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-setup-permissions: executing... [cont-init.d] 01-setup-permissions: exited 0. [cont-init.d] 02-setup-openvpn: executing... Mon Nov 29 10:29:01 2021 TUN/TAP device tun0 opened Mon Nov 29 10:29:01 2021 Persist state set to: ON INFO: Trying to use OpenVPN provider: NORDVPN A nordvpn/configure-openvpn.sh A nordvpn/updateConfigs.sh Exported revision 3246. Provider NORDVPN has a custom startup script, executing it Downloading user specified config. NORDVPN_PROTOCOL is set to: UDP 2021-11-29 10:29:04 Checking curl installation 2021-11-29 10:29:04 Removing existing configs 2021-11-29 10:29:04 Selecting the best server... 2021-11-29 10:29:04 Searching for group: legacy_p2p 2021-11-29 10:29:04 Searching for technology: openvpn_udp 2021-11-29 10:29:04 Best server : us8948.nordvpn.com 2021-11-29 10:29:04 Downloading config: default.ovpn 2021-11-29 10:29:04 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us8948.nordvpn.com.udp.ovpn 2021-11-29 10:29:04 Using OpenVPN CONFIG :: 2021-11-29 10:29:04 Downloading config: .ovpn 2021-11-29 10:29:04 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/.udp.ovpn INFO: Found OpenVPN configuration: "" for provider "NORDVPN" using it [cont-init.d] 02-setup-openvpn: exited 0. [cont-init.d] 03-setup-iptables: executing... [cont-init.d] 03-setup-iptables: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. |
|
The rollback has worked, we're one step further and this is one line which I noticed in the log: Next to that, portainer gives me the so called 'last output': When changing the line But cannot access.... Maybe it sounds weird but can it be that I cannot access the container because it was tunnelled over VPN? |
PGID is correct. Would you mind looking at my previous comment? |
Looks like the route could not be added to the routing table. I don't know if that is an issue or how to fix, maybe uncle Google will have some insight. In your compose file it has port 8888 on host forwarded to 8080 on container. You need to go to http://localhost:8888 (if you are using the host machine browser) or http://192.168.1.2:8888 or whatever your host IP is. Once you are in you should be able to check your VPN by going here https://ipleak.net/ and doing the torrent check on that page. The IP grabbed from the magnet link should be through the VPN if it all works right. Good luck! You are almost there. |
By changing By going to localhost:8888 I sadly enough get: Unauthorized. Nothing else. Tried fixing in this way but didn't work |
|
Are you using the host machines browser or are you using another computer on the network like a laptop or desktop? |
Just a computer in the network. The whole connecting to vpn appears to be working |
Then localhost:8888 is not what will take you to the qbittorrent webui as localhost refers to the computer you are using (your local host). You need to enter the IP address to your docker host. For example in my setup I would go to http://192.168.0.13:8080 as my server is at IP 192.168.0.13 and the port I forwarded out of the container is 8080. You will need to go to http://your.server.ip.address:8888 to get to the qbittorrent webui. |
Sorry, that's my typo! I go to the ip:port and get the message |
|
Do you need to change the port to 8888? I think qbittorrent is not a fan of port forwarding in docker due to CSRF. If you can have it on 8080 try that, if not then you will have to figure out how to change the webui port to 8888 in qbitorrent.conf. |
Well, it is quite easy to change the port in the qbittorrent.conf, and I can also then change it in the docker compose file. But still, without success. My pihole is running on 8080 Changed the pi hole port, used 8080 for this one. No success. Maybe it helps that it is mentioned: Other findings are: Maybe the env settings help: CONFIG_DIR | /config I notice the OBT_WEBUI_PORT is still 8080 here, maybe it overrules? |
|
Try changing the LAN and LOCAL_NETWORK to 192.168.1.0/24 from 192.168.1.1/24 leave the 10.8.1.0/24 You can always give the OBT_WEBUI_PORT a change and see what happens |
YES! This did the trick, it works!!! Thanks a lot for your great support. Now still need to check the ip address, but I guess I can do that through /bin/bash... Oh, and it works over port 8888. The thing is: if you change port = 8888:8080 it will work too. If you want to change the port in the qbittorent.conf file....does not work. Because at every restart this file is changed again by QBT_WEBUI_PORT default value (8080). Unless you define it in your docker compose file to use a different port. |
|
Score. Go to ipleak.net to check your VPN torrent setup with their magnet link. |
First need to figure out how to open magnet links. Currently, it reports I can only open magnet when I access the GUI through https, so not there yet. Anyway, I want to access my torrent server only locally, so I think it is not required to use port 443 right? |
|
Right click and copy the magnet link then in qbittorent top left button is add torrent. Paste the magnet link into the text box. It's up to you and your local network security if you want to use https or not. I recommend using a reverse proxy if you want to access anything remotely that way everything is in https etc. Looks like you got it. |
Yeah, everything is working now. Also running a nginx proxy manager for reverse proxy, but I not really figured that out yet. For now, I copied the magnet link and dropped it in the text box to download the torrent. It is stuck on Now start downloading....if torrents still work nowadays. It appears not a single torrents is actually downloading...too bad. After some research decided to add a environment variable UPDATE: got it working. Somehow, when letting the downloads run my network speed drops to like 0.5 mbps and a ping of half a second. Even though the torrent speeds are limited and they download very slow. Any idea where this network flooding comes from? Disabled utp, runs like a charm! |
Information
Before starting my container with docker compose I want to know a few things. I am not a network expert so that's why I am asking you. I don't want to mess up my other services.
Current setup
I am running a raspberry pi server in my network with several services. As a gateway I have a DDWRT flashed router with a external HDD connected. This HDD is shared over samba. I have set the path of this drive in my docker-compose file. I am not running NordVPN on my router.
docker-compose.ymlfile ordocker runcommandI copied the docker-compose file and adjusted a few things. My question is: what do I have to fill in
LAN? My gateway 192.168.1.1? Or what does it mean??? And; will this docker container only be connected over vpn on its own? Or will my other containers also be tunneled over VPN? Because this I want to avoid. Maybe you have other suggestions for me? I just want a torrenting service to download data to my hdd at my samba share. Thanks in advance. Underneath you can find my docker compose file.The text was updated successfully, but these errors were encountered: