this post was submitted on 24 Jan 2025

45 points (97.9% liked)

Selfhosted

41554 readers

591 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

I am trying to connect qbittorrent and wireguard. (feddit.org)

submitted 6 days ago* (last edited 4 days ago) by dunes@feddit.org to c/selfhosted@lemmy.world

16 comments fedilink hide all child comments

My solution uses qBittorrent with Glutun and it works great. My Docker Compose file is based on this one https://github.com/TechHutTV/homelab/blob/main/media/arr-compose.yaml. I simply removed some of the services I didn't need. I recommend watching his YouTube video(Same video on Odysee) if you can't get it to work.

I am trying to have a QBitTorrent Docker container that is accessible on my local network and connects to WireGuard. I know this is a basic question, and I'm sorry if I'm wasting your time. I am using a separate user for this that i have add to the docker group.

I can't access the web interface what have i configured wrong.

Here is my docker compose file.

***
services:
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Europe/London
      - WEBUI_PORT=8080
      - TORRENTING_PORT=6881
    volumes:
      - /home/torrent/torrent/:/config
      - /home/torrent/download/:/downloads 
    network_mode: service:wireguard
    depends_on:
      - wireguard
    restart: always

  wireguard:
    image: lscr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
    - NET_ADMIN
    - SYS_MODULE
    environment:
    - PUID=1001
    - PGID=1001
    - TZ=Europe/London
    ports:
    - 51820:51820/udp
    volumes:
    - /home/torrent/wireguard/:/config
    - /home/torrent/wireguard/london.conf/:/config/wg0.conf
    sysctls:
    - net.ipv4.conf.all.src_valid_mark=1
    restart: always

all 17 comments

sorted by: hot top controversial new old

[–] pwet@lemmynsfw.com 11 points 6 days ago

I would advice you to use Gluetun instead of crude Wireguard. Within gluetun you just have to set the port for the qbittorrent's gui to be accessible locally, and open docker's firewall for qbittorrent. Then set qbittorrent container to use Gluetun's network.

[–] fhein@lemmy.world 6 points 5 days ago

This is my wireguard docker setup:

version: "3.6"
services:
  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=116
      - PGID=122
      - TZ=Europe/Stockholm
      - ALLOWEDIPS=192.168.1.0/24
    volumes:
      - /data/torrent/wireguard/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 192.168.1.111:8122:8122  # Deluge webui
      - 192.168.1.111:9127:9127  # jackett webui
      - 192.168.1.111:9666:9666  # prowlarr webui
      - 51820:51820/udp           # wireguard
      - 192.168.1.111:58426:58426  # Deluge RPC
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=1
      - net.ipv6.conf.default.disable_ipv6=1
    restart: unless-stopped

Can reach the webuis from LAN, no other network configuration was necessary. 192.168.1.111 is the server's LAN address. The other services are configured very similar to your qbittorrent, and don't expose any ports. Can't promise it's 100% correct but it's working for me.

[–] matron1049@lemmy.dbzer0.com 8 points 5 days ago* (last edited 5 days ago) (1 children)

Move the ports you are exposing from the qbit container to the wireguard container. The VPN container should be the only one exposing ports in this case.

But like someone else said, the gluetun image works really well for this.

[–] dunes@feddit.org 2 points 5 days ago

Thanks for the suggestion. This is what I ended up doing, and it works really well.

[–] catloaf@lemm.ee 4 points 6 days ago (1 children)

You haven't asked a question or indicated a problem.

[–] dunes@feddit.org 3 points 6 days ago (1 children)

Fixed now.

[–] rfvizarra@lemmy.ml 1 points 6 days ago (2 children)

mind sharing how? Thanks

[–] dunes@feddit.org 3 points 6 days ago (1 children)

Not fixed the issue but the post.

[–] rfvizarra@lemmy.ml 2 points 5 days ago

Ahh, ok. I have the same issue :(

[–] shaserlark@sh.itjust.works 2 points 5 days ago

https://hotio.dev/containers/qbittorrent/

Why don’t you use the hotio container? That already has it baked in

[–] chema@lemmy.world 3 points 6 days ago (1 children)

You can't access your instance because the only way to reach the container is through the VPN server (as it should be). You have to open a hole in the container's firewall to access it through the local network.

In the [Interface] section in your Wireguard configuration, add the following lines:

PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

PreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT

Replace the value of HOMENET with whichever network you're accessing it from, mine's set to the docker network because it's behind an nginx reverse proxy.

[–] dunes@feddit.org 1 points 6 days ago* (last edited 6 days ago)

Still doesn't work. My wireguard conf file looks like this.

Change the HOMENET= to my internal ip range i found with ip addr show.

[Interface]
PrivateKey = MyPrivateKey
Address = 1.1.1.1
DNS = 1.1.1.1

PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

PreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT

[Peer]
PublicKey = MyPublicKey
AllowedIPs = 0.0.0.0/0
Endpoint = 1.1.1.1

[–] __init__@programming.dev 3 points 6 days ago (1 children)

This doesn’t exactly answer your question, but I use the binhex qbittorrent-vpn image for this. It might work for you too unless you were wanting to be able to reuse the same wireguard container for something else?

[–] dunes@feddit.org 1 points 6 days ago (1 children)

Thanks for the recommendation. My only concern is trust because the containers do not appear to have many downloads

[–] plantsmakemehappy@lemmy.world 4 points 6 days ago (1 children)

Look at hotio instead, recommended by me and popular among those that support the *arrs.

[–] dunes@feddit.org 1 points 6 days ago

Thanks looks a lot simpler to setup.