Torrent Safely Over a VPN With This Simple One-Click Guide
Вставка
- Опубліковано 11 чер 2024
- Learn how to route containers over any VPN provider (well, almost) using the config below! I use a Torrent stack example to spin up Docker containers qBittorrent, Sonarr, Jackett, Prowlarr, and route it through Gluetun so that your traffic is protected.
NordVPN: ref.nordvpn.com/MkwWsHpnBtY
Docker Compose: github.com/JamesTurland/JimsG...
Gluetun: github.com/qdm12/gluetun
NordVPN Wireguard Settings: github.com/qdm12/gluetun-wiki...
Discord: / discord
Twitter: / jimsgarage_
Reddit: / jims-garage
GitHub: github.com/JamesTurland/JimsG...
00:00 - Routing a Container through a VPN (Overview)
00:52 - Torrent Stack
02:10 - Gluetun & Container Overview (Docker Compose)
06:14 - Deploy Containers in Docker
07:23 - Check the Containers Are Running
08:58 - qBittorrent Web GUI
09:23 - Outro - Наука та технологія
Hey, it actually works!
Thank you so much for this video. My new favourite channel!
Thanks, for your support 😊 glad it worked for you.
after three days of messing around with separate stacks for these apps and following other guides this video finally works. thank you
Great to hear!
Life saver video I was trying to figure out how to access my docker when it was routing via gluetun. I just needed those port mappings and boom. Thank you sir!
You're welcome 😁
Finally found how to specify to user a container for the networking. The most important piece of info for me, " network_mode: "service:gluetun"". Thank you, everything automatized now. 👍🏼
You're welcome 😁
Hi Jim!
Some have the ability to point things out in a understandable way.
Just plane and simple for the common man.
You are one of them!
Thank you for the video.
Thanks, really appreciate the feedback
@@Jims-Garage
You're welcome.
was struggling with this for hours. Your guide was so clear, thank you very much....
Glad to hear it, thank you
Thanks for the demo and info, have a great day
This was super helpful, thanks so much for the video and the great info on your github. With the great commenting and docs i was able to adjust the yaml pretty quickly and everything worked on the first deploy, which I think is a first for me. Thanks!
That's awesome, thank you for the feedback 🙂
@@Jims-Garage Long shot question- have you had any experience getting Nord meshnet running in a container to give remote access to local hosts?
@@Evakron no, unfortunately not. I'll have a look asap
Great tutorial, works like a charm! Thanks!!
You're welcome 😁
Excellent video, keep up the great work!
Thanks!
Great video as usual, very informative and brilliant step-by-step instructions. Apps without dark mode should be cast into a digital black hole!
Thanks! I totally agree with you on the dark mode 😂
Amazing videos and great content. Thank you for everything. You mentioned we can also use the traefik proxy to make use of SSL certs accessing Radarr and Sonarr. How do I use it? Would you be able to upload a code in your Git Hub for the arr-stack using traefik and Local DNS defined in the PiHole?
As the proxy network is separate how do we make sure arr-stack uses only the Gluetun network and not the proxy network to download?
Awesome content, thank you!
You're welcome 😁
Hi Jim, love the vids! Are all these docker containers from all your vids OK to put on one VM instance or should they be split into a few VMs?
You can run them all on single Docker host. I've tried my best to manage port conflicts but I could have missed something. That should be all you'll ever need to change.
@@Jims-Garage nice one thanks
Love to see a proxmox lxc stack setup this way!
I will come onto LXCs soon. Might not be the best idea to be downloading torrents on an LXC though due to security (they share the host's Kernel and it's not always guaranteed what you're downloading...)
@@Jims-Garagedoesn’t doing this in unprivileged fix that host issue? Or maybe I got that wrong concept
Another banger, Jim! I'm just curious... You mention at 3:51 routing it through traefik. But how would that work? Doesn't that all need to go through the proxy network? I tried my hand at popping over the all the labels and tried deploying but it failed saying that "service prowlarr declares mutually exclusive `network_mode` and `networks`"
Thanks. You should be able to use an external Traefik service
@@Jims-GarageA video about how to do it would be great. Also, access by domain instead port would be even better.
@@AngelCerveraClaudio I'll try to remember to update it. You should be able to copy and amend the Traefik labels off most of my other videos.
Finally I found a clear explanation about how to install everything, thank you so much! I was able to make gluetun works perfecty. However then I follow you other guide to download everything on a NAS that I mount in "/media/share" however, I'm not able to make neither QB nor Sonarr to write on a folder that I named downloaded, can you help on this? Thank you!
Have you tested that your SMB is mounted correctly first?
@@Jims-GarageYes, I'm able to read and write from outside the containers with no problem (again thank you for your other guide!) My problem is that QB does not write on the NAS. Should I change this:
" - /home/ubuntu/docker/arr-stack/qbittorrent/downloads:/downloads"
to this
" - /media/share/downloads:/downloads" ?
I was trying it but seems not enough, do I need to add other parameters to the containers? 🙏
I'm trying to set this up with a wireguard server that I already run on a VPS. Unfortunately it doesn't work when I configure the vpn provider to be custom
What if I don't want to use a VPN: how would the docker-compose file change?
The gluetun can be separate to single container and use `network_mode:"container:/gluetun"` makes the single gluetun container can be used for every container
Thanks, that's useful to know.
Do we need to add the new container's port to gluetun compose file and then redeploy gluetun?
@@jims888 yes, those step are the same
@@xanzut Thanks
Webui for qbittorrent doesn't work, all containers are healthy and working as intended. Do I am missing something?
I have not drilled in to the docker-compose very far as its Friday night here. I would have thought all the download folders would point to the same location. So if Sonarr/Radarr drops a torrent file then QBit will see it.
Good spot, thanks, let me double check :) I sometimes end up tweaking the config afterwards so always refer to the current file in GitHub
Thanks for the video, it helped me set up my thing real fast. Just a request, see if you can make your video frame a lot smaller from now on please, thank you.
Thanks, noted and fixed already in later videos.
@@Jims-Garage that's good to know, cheers!
Brill stuff thanks
Glad you enjoyed it
Every time I restart gluetun it changes my Drive names. System is now up to system5. Any idea what’s up with that?
Can you do a tutorial for this but for truenas scale?! Thanks!
This was super helpful. Missing port mappings and now things are working. Trying to test if things halt if gluton goes down and containers don't leak any traffic without it. Do you know if this works as Kill Switch option that we see in VPN providers client?
Should do as it's the only network route. You could also add a firewall rule on top to help.
@@Jims-Garage got it. Do you have a video on firewall? recently discovered your channel and going to go through lot of content from it now. would be great if you can point that out. Thanks!
@@Andy15792 yes, look for Sophos XG and OPNSense
What did you mean by when you said you can access those services through the ip address of the docker container? Which ip am I supposed to use if I want to aces any of the services I have running under the vpn setup?
You'll access the services locally by going to dockerIP:ServicePort
Just a small addition to the compose-file, but correct me if I'm wrong. To prevent gluetun being active too late, the "depends on" should be depending on gluetun being healthy:
depends_on:
gluetun:
condition: service_healthy
That could be an improvement, I'm not sure if healthy means it has a valid connection though? I would make sure I use my firewall in front of the container as well.
I tried this but it seems like depends_on is no longer supported. Did you have any luck?
You actually helped me resolve the issue of why mines wasnt working. THANK YOU!!! The wiki of gluetun was 0 help.
Glad it helped you 😀
Great video, but I just put gluetun in a container alone because I like that more, so I had to use "container:/gluetun" in the network_mode and also remove the depends-on. I was wondering what would happen if gluetun goes down, I guess the connection of qbittorrent must stop because of network_mode: "container:/gluetun" right?
Correct 😁
Hi James,
I' am stuck at Glueton.
For now i don't want tot use the Nordvpn Wireguard option and stick with Lynx.
I'am confused what i must put in the Glueton fields.
Also:
Do i need the Nordvpn Linux client? Otherwise i think you can't connect to Nordvpn.
Lynx is WireGuard with another name. Use UDP if you don't want to use lynx. It'll be just as quick.
Followed all this and it's definitely working, but I'm not well versed in arrstacks. How would I direct things to download to a network share folder?
You would need to mount a network share to the host machine, then amend the volume mount to use the share.
Hi jim. I have followed your guide step and i have successfully make the qbittorrent. I wonder if i can pass gluetun to other containers such as dockur/windows? It is windows in a container
You can, just replicate the part in the container yaml that references Gluetun as the network. That will send all traffic through it.
@@Jims-Garage i’ve tried but encountered some error. Related to kvm network. Im not very good with docker so right now i just give up😅
I've found this super easy to follow along, with only one question. Do I need to create an OpenVPN account? I have NordVPN and can't get wireguard to work. Thanks for the awesome content!
No, openvpn is free to download and use. I recommend using UDP over WireGuard for NordVPN (or use nordlynx)
@@Jims-GarageIf I were to use nordlynx how should I change the docker compose info?
@@rexhavoc376 I don't know if gluetun supports it. You'll need to check their documentation.
@@Jims-GarageAlright. How do I know what my openvpn_user and openvpn_password is? Do I need to set up openvpn in another container first? Thanks again for all your help
@@rexhavoc376 log in to your NordVPN account and find the credentials for manual config
Is there a way to add a kill switch on this template? If my vpn disconnects or stop working, qbittorrent stops. Does that make sense?
I would use your firewall. Restrict outbound traffic specially to an IP address associated with the VPN.
I have a pretty similar setup but I also decided to bind the interface in qbit's settings (im also running the whole thing in proxmox). I'm wondering how reliable this setup is and if you had any problems with leaking.
Pin it behind your firewall to restrict to the VPN IP range, that should help
@@Jims-Garage Thank you!
so should i setup docker on my proxmox or should i add this to my trueness since its doing all my vpn traffic and my torrenting? or can you run 2 dockers? have this setup on both?
I would run this on Docker in a Proxmox VM. You can then mount a NAS network share into the Docker Torrent container, best of both worlds IMO.
@@Jims-Garage oh ok so your running everything on in this series that evolves docker through proxmox then doing network shares that’s just where I was lost following the series now I can start this journey just waiting on a motherboard then I can start the firewall stuff first. Then go into the nas then all the trafic network stuff.
Hello! Does the volumes have to be paths as the existing dockers or should it create its own?
Volumes should be dynamically created.
@@Jims-Garage Thank you so much! This has been the best tutorial I've found yet and I watched so many. I finally got it working!
@@XerkoGames you're welcome 😁
Hello, i have one problem here, if any one can help it would be life saver for me
i just copied the docker-compose from the above video, and followed the steps now i can add download client but cant add sonarr to prowler why ?
You should be able to add any container behind gluetun.
Maybe you can help me out. I’m using omv to run the docker compose file, I finally managed to up the docker file you example with a few minor tweaks to include different services and remove jackett. When i check the status in Portainer everything is healthy except gluetun. The logs state a timeout error. Idk what to do next
I’m using TorGuard btw as my vpn provider.
Do you have any logs from the gluetun container? Could be as simple as wrong credentials
@@Jims-Garagewell I think it somehow resolved itself. After repeatedly taking it down and then going back to check if anything was copied incorrectly and bringing it back up it would still do the same thing. Until I left it alone and gluetun would keep retrying the connection. After about several retries I guess it finally made the connection and it gives me a healthy status. I know it gives off the warning as well that timeouts are a sign that wireguard might not be working correctly but when the logs shows the ip address, it’s using the one given from my vpn somewhere in Canada. (I’m not in Canada)
I have gluetun and qbittorrent up and running with no apparent errors but when i add a test torrent file i'm getting no download speeds/connection. I have given chatGPT the logs for gluetun and qbittorrent and he says its mint but gave this as a step to try.
"Verify that port forwarding is correctly set up for the ports used by qBittorrent (8085 for the WebUI, and 6881 for TCP and UDP). Without proper port forwarding, incoming connections might be blocked, affecting torrent downloading."
Could this be the problem? Is it safe to set up that port fowarding in my router?
Port forwarding shouldn't be necessary as the VPN will do that their end and send the traffic back down the tunnel. I would check gluetun logs to ensure that it has connected.
Hi Jim, i saw the similar method on other youtubers video too. Since this method requires you to remove port mapping for the jackett/qb etc, do they only use defaults? No way to change it?
I think you can change the ports either with environment variables or just in the config.
Will routing a container through a VPN prevent me from accessing the container’s web interface over my normal LAN?
Yes, you are able to.
Great video, when I use the standard localip:port for portainer this works as per usual. When I change this port to the qbittorrent port. There is no longer anything working. Have I got something wrong. Is there a new ip address?
It should be using the IP address of the virtual machine
@@Jims-Garage I managed to fix it. It turned out that qbittorrent uses localip: port instead of https. Probably a silly thing I overlooked. Thanks for the video though.
Although there are lots of useful docs out there having a video of someone doing it is really helpful reference.
I can't access the web UI's of any apps :( is it because I'm trying to use Mullvad and they discontinued port forwarding?
This routes traffic out over a VPN, it's not a VPN to connect remotely from. You'd likley want to have WireGuard or something similar if you want to access local services remotely.
@@Jims-Garage I was confused. Couldn't tell the error since the containers kept restarting. I ran the same docker-compose.yml on another machine and it worked with no problems! 👍
don't suppose there is a blog post on this with the yml included? i know I'm asking a lot
All my config files are on my GitHub, check the link in the description.
@@Jims-Garage nice one, found it thanks
localhost:8085 showing error
can u help?
container running without any problem
Put the IP instead of localhost.
followed this and it works flawlessly, however I cant connect sonarr or radarr to my plex container. Any ideas how I'd do this?
Make sure that they're on the same network.
I couldn't connect sonar or radarr as i'd need to give them and external IP as they're directed through the vpn. However I reconfigured plex to update the library when changes to folder directories were detected so problem solved
To deploy this on proxmox, what's a good way to run docker? A ubuntu vm?
ttech has it 'proxmox ve helper-scripts' > Docker LXC
Yes, I have a docker installation video earlier on.
If I run this on a VPS, is the VPN gonna make it impossible for me to reach the VPS?
That's the problem I'm having right now. What I want to achieve is run all the traffic of the torrent client through the VPN, what Sonarr and Radarr do is more or less unimportant, I would imagine.
No, simply add a WireGuard container as well and connect to it via that. Check my WireGuard video out.
@@Jims-Garage, thanks for the suggestion. In this case, it is not viable option for me. My users are used to having access directly by using FQDN that available over the internet, getting them to install a VPN client would be too much right now.
@@dirgosalga you can still expose normally. Gluetun is only sending outbound over the VPN (hence how you can access locally)
Help! banging several days! using same setup - working gluetun and e.g. qbittorrent - how can i access webgui after switching it to use gluetun network? normally eg. 192.168.1.25:8181 would work. it is ip of my qnap locall adress running docker. I'm reaching it all over my home network. But when it is connected to gluetun network with exopsed there same port - what adres ip have i use? thanks!!
localhost:port
Wow :) Everything works except one little thing, i am running a QNAP nas and using container station for my "application" all containers are running but i think i have one issue? how do i give access to my "NAS" storage? i think i only can access stuff "inside the containers". ?
Mount a share into the container. Might need to create a share first.
@@Jims-Garage And this is done from adding it under volumes: part in configuration file?. sorry i am a real beginner in this container/docker stuff :)
@@AndersBergwall Correct. Left of the colon : is the host location, right of the colon is where it's mounted inside the container (you typically never change the right hand side)
@@Jims-Garage ⭐⭐⭐⭐⭐
If you have time for stupid questions then here is one for you :) I have managed to follow this guide and everything is working :) However, when using the qbittorrent download AND i THINK when i use the unrar once completed option, the /tmp folder of my QNAP gets filled.. this space is only 400mb (why?) maybe its something i configured when i first setup the nas (but i dont think so)... so any suggestions? my guess is that unrar stores temporary in the /TMP folder, i tried move /tmp to another drive or location but.. yeah.. not successful (or dont know if i should).
nice. looks like its all working (i just have gluetun and QBT running) when i change the "~~~/downloads: /downloads" line in the QBT part to a dir that is a mounted nfs share to my library of torrents QBT is unable to write to it. if i just leave it as : /downloads works fine but the VM is little and i do want to write to the NAS. ive messed with permissions til im blue in the face. if someone sees this and has a clue lemme know! This is the perfect solution to my dumb windows vm with surfshark wasting resources when it just sits and does one thing. i can use that license for something i need a desktop for. thanks!!
It's almost certainly a permissions issue. It might be worth running as root to check things first, then reintroducing proper accounts. I'm guessing you've checked the host can access the nfs?
@@Jims-GarageI think it was. i spun up a fresh ubuntu server since I had done some tinkering on the first one and went step by step and setup autofs and bingo it was fine. downloads to the share fine. the one last little thing you might know is when using wireguard (surfshark) the portainer logs show it being good as far as i can tell but QBT doesnt see any trackers so nothing downloads (im not a torrent power user) If i use the pertinent gluetun settings for OpenVPN it works just fine. its much faster than the windows VM i was using. Thanks Jim! I subscribed
Happen to know if an ovpn can be used and how? Instead of username and password. Thanks
Yes, you can github.com/qdm12/gluetun-wiki/blob/main/setup/openvpn-configuration-file.md
@@Jims-Garage thanks Jim! I'll try this out
does anyone have time to do a discord chat and walk me through how to do this on my NAS? Pleassssseeee
Create a thread in discord, I imagine you'll have some help
4:46 did I miss the bit about how to get Nord VPN wireguard credentials?
It's in the comments on files on GitHub
Thanks for replying, but I think I need a whole video on this I've been at it for 2 days and still no joy 😂
any way to run the docker compose automatic on reboot ?
Why would you need to? Cron can do this though.
@@Jims-Garage If my Zimaboard does a reboot (for whatever reason) now I need to manually SSH into the board and run docker compose up... not a big problem but still
@@ronsone8373 change the restart policy to always.
I was able to follow every step until the very end, and for some reason I cannot enter admin admin for the user and password, I don’t understand where you are, are you in ubuntu? I thought we were doing this in the server, how is there a gui?
when I go into my qbittorent.log file, I see "WebAPI login failure" 10 times, and after 5 times the reason changes from invalid credentials to IP has been banned
The end part is the qbittorrent gui, use your credentials specified or leave blank for the default (I think)
@@Jims-Garage but where do i need to access this from? Within the ubuntu machine or on my host machine? Does it not matter? Also how do I link my qbittorent to my surfshark that is within the container, to only work when it’s on?
If this is too much trouble to answer, any guidance towards a community that could assist would be greatly appreciated!!!
@@BabyJesusBro you access it through any machine's web browser (e.g. gaming PC) as long as it has access (if it's on the same network you're fine).
I don't use surf shark but I believe that gluetun supports it, their documentation will help you out.
Consider joining my discord and creating a help thread, there's loads of great people on there.
Can this be modified to run on kubernetes?
Yea, this could run in Kubernetes. Trickier but doable.
@@Jims-Garage That would be really swell to have some tips on that front.
Can you show setting this up in k3s
Check out my Docker Compose -> Kubernetes migration video and have a go. One thing to consider is that you don't want to download to your longhorn or replicated storage (that will drastically increase wear).
Can you add radarr
Have a try at adding yourself, it's the same as all of the other containers. Jump on Discord if you're stuck.
Can't access qbittorrent web ui. Tried a million different ways.
How are you trying to access it? IP:Port or through a reverse proxy?
you missed the part where to obtain the wireguard key
It isn't officially supported but this script should help you. gist.github.com/bluewalk/7b3db071c488c82c604baf76a42eaad3
@@Jims-Garage would you happen to be able to do a setup for VPN Unlimited?
Is this setup safe? For ip leaks and what not
Yes, but worth limiting egress with a firewall rule as well. Limit it to only the VPN IP address space.
@@Jims-Garage thanks! Would running iptables or ufw on the vm I hosted the dockers on be sufficient?
@@Liam.s yes, that's helpful.
@@Jims-Garage you’re amazing man! Thank you!
@@Liam.s you're welcome. Hop on Discord if you haven't already (and hit the sub please 😉)
Title says one click. Shows no one click step. what did i miss?
Configure your compose, hit return