mirrors/docker-transmission-openvpn
1
0
Fork 0
mirror of https://github.com/haugene/docker-transmission-openvpn.git synced 2025-08-06 06:17:07 +02:00
Code Issues Projects Releases Wiki Activity

Improving documentation, not done but getting somewhere #1558

Browse Source
This commit is contained in:
Kristian Haugene 2020-11-26 22:53:37 +01:00
parent de6ec44c4a
commit f6093588a8
21 changed files with 437 additions and 844 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
DockerEnv
View File

@ -1,87 +0,0 @@
#Remove # for variables you want to use
#OPENVPN_PROVIDER=
#OPENVPN_CONFIG=
#OPENVPN_USERNAME=
#OPENVPN_PASSWORD=
#OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
#LOCAL_NETWORK=
#ENABLE_UFW=false
#UFW_ALLOW_GW_NET=false
#UFW_EXTRA_PORTS=
#UFW_DISABLE_IPTABLES_REJECT=false
#GLOBAL_APPLY_PERMISSIONS=true
#TRANSMISSION_ALT_SPEED_DOWN=50
#TRANSMISSION_ALT_SPEED_ENABLED=false
#TRANSMISSION_ALT_SPEED_TIME_BEGIN=540
#TRANSMISSION_ALT_SPEED_TIME_DAY=127
#TRANSMISSION_ALT_SPEED_TIME_ENABLED=false
#TRANSMISSION_ALT_SPEED_TIME_END=1020
#TRANSMISSION_ALT_SPEED_UP=50
#TRANSMISSION_BIND_ADDRESS_IPV4=0.0.0.0
#TRANSMISSION_BIND_ADDRESS_IPV6=::
#TRANSMISSION_BLOCKLIST_ENABLED=false
#TRANSMISSION_BLOCKLIST_URL=http://www.example.com/blocklist
#TRANSMISSION_CACHE_SIZE_MB=4
#TRANSMISSION_DHT_ENABLED=true
#TRANSMISSION_DOWNLOAD_DIR=/data/completed
#TRANSMISSION_DOWNLOAD_QUEUE_ENABLED=true
#TRANSMISSION_DOWNLOAD_QUEUE_SIZE=5
#TRANSMISSION_ENCRYPTION=1
#TRANSMISSION_IDLE_SEEDING_LIMIT=30
#TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=false
#TRANSMISSION_INCOMPLETE_DIR=/data/incomplete
#TRANSMISSION_INCOMPLETE_DIR_ENABLED=true
#TRANSMISSION_LPD_ENABLED=false
#TRANSMISSION_MESSAGE_LEVEL=2
#TRANSMISSION_PEER_CONGESTION_ALGORITHM=
#TRANSMISSION_PEER_ID_TTL_HOURS=6
#TRANSMISSION_PEER_LIMIT_GLOBAL=240
#TRANSMISSION_PEER_LIMIT_PER_TORRENT=60
#TRANSMISSION_PEER_PORT=51413
#TRANSMISSION_PEER_PORT_RANDOM_HIGH=65535
#TRANSMISSION_PEER_PORT_RANDOM_LOW=49152
#TRANSMISSION_PEER_PORT_RANDOM_ON_START=false
#TRANSMISSION_PEER_SOCKET_TOS=default
#TRANSMISSION_PEX_ENABLED=true
#TRANSMISSION_PORT_FORWARDING_ENABLED=false
#TRANSMISSION_PREALLOCATION=1
#TRANSMISSION_PREFETCH_ENABLED=true
#TRANSMISSION_QUEUE_STALLED_ENABLED=true
#TRANSMISSION_QUEUE_STALLED_MINUTES=30
#TRANSMISSION_RATIO_LIMIT=2
#TRANSMISSION_RATIO_LIMIT_ENABLED=false
#TRANSMISSION_RENAME_PARTIAL_FILES=true
#TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=false
#TRANSMISSION_RPC_BIND_ADDRESS=0.0.0.0
#TRANSMISSION_RPC_ENABLED=true
#TRANSMISSION_RPC_HOST_WHITELIST=
#TRANSMISSION_RPC_HOST_WHITELIST_ENABLED=false
#TRANSMISSION_RPC_PASSWORD=password
#TRANSMISSION_RPC_PORT=9091
#TRANSMISSION_RPC_URL=/transmission/
#TRANSMISSION_RPC_USERNAME=username
#TRANSMISSION_RPC_WHITELIST=127.0.0.1,::1
#TRANSMISSION_RPC_WHITELIST_ENABLED=false
#TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=true
#TRANSMISSION_SCRIPT_TORRENT_DONE_ENABLED=false
#TRANSMISSION_SCRIPT_TORRENT_DONE_FILENAME=
#TRANSMISSION_SEED_QUEUE_ENABLED=false
#TRANSMISSION_SEED_QUEUE_SIZE=10
#TRANSMISSION_SPEED_LIMIT_DOWN=100
#TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED=false
#TRANSMISSION_SPEED_LIMIT_UP=100
#TRANSMISSION_SPEED_LIMIT_UP_ENABLED=false
#TRANSMISSION_START_ADDED_TORRENTS=true
#TRANSMISSION_TRASH_ORIGINAL_TORRENT_FILES=false
#TRANSMISSION_UMASK=2
#TRANSMISSION_UPLOAD_SLOTS_PER_TORRENT=14
#TRANSMISSION_UTP_ENABLED=false
#TRANSMISSION_WATCH_DIR=/data/watch
#TRANSMISSION_WATCH_DIR_ENABLED=true
#TRANSMISSION_HOME=/data/transmission-home
#TRANSMISSION_WATCH_DIR_FORCE_GENERIC=false
#WEBPROXY_ENABLED=false
#WEBPROXY_PORT=8888
#WEBPROXY_USERNAME=
#WEBPROXY_PASSWORD=
#LOG_TO_STDOUT=false

48
README.md
View File

@ -4,41 +4,40 @@
[![Docker Pulls](https://img.shields.io/docker/pulls/haugene/transmission-openvpn.svg)](https://hub.docker.com/r/haugene/transmission-openvpn/)
[![Join the chat at https://gitter.im/docker-transmission-openvpn/Lobby](https://badges.gitter.im/docker-transmission-openvpn/Lobby.svg)](https://gitter.im/docker-transmission-openvpn/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
## Version 3.0 released - we have some breaking changes (but not much)
This container contains OpenVPN and Transmission with a configuration
where Transmission is running only when OpenVPN has an active tunnel.
It has built in support for many popular VPN providers to make the setup easier.
Those of you who are following this project knows that we have had some larger changes coming for a while.
Hobby projects often get last in line for some love and care, and it took longer than I hoped but here we are.
## Before you continue
Some highlights on version 3.0:
* We're dropping the ubuntu based image and making alpine the default (reduce double maintenance)
* We're making Transmission settings persistent by default, removing the need for all the environment variables (but keeping support for it)
* We're making it easier to provide your own OpenVPN (.ovpn) config file - adding scripts in the container to modify provider configs as needed to fit the container setup. (still in early stages at this point)
* We're adding a standardized way to add scripts for doing necessary setup of a provider. This usually means to download a .ovpn config bundle, unpack it and modify it correctly to work in this container.
The documentation for this image is here:
Hopefully these changes will improve the usability of this container. As maintainers we also hope that it will free up time to keep the container up to date and stable instead of managing thousands of .ovpn files coming and going.
https://haugene.github.io/docker-transmission-openvpn/
I'll try to keep a list of breaking changes here, and add to it if we come across more:
* The CREATE_TUN_DEVICE variable now defaults to true. Mounting /dev/net/tun will lead to an error message in the logs unless you explicitly set it to false.
* The DOCKER_LOG variable is renamed to LOG_TO_STDOUT
* If Transmission is running but you can't connect to torrents, try deleting (or rename to .backup) the settings.json file and restart.
Start there if you're having issues or questions about your container.
If you can't find your answer in the docs, please
[search for similar issues](https://github.com/haugene/docker-transmission-openvpn/issues?q=is%3Aissue+your+issue)
(open and closed) before opening a new one.
PS: Now more than ever. We appreciate that you report bugs and issues when you find them. But as there might be more than ususal, please make sure you search and look for a similar one before possibly creating a duplicate.
And you can always revert back to the latest tag on the 2.x versions which is 2.14. Instead of running with `haugene/transmission-openvpn` simply use `haugene/transmission-openvpn:2.14` instead. We hope that won't be necessary though :)
Still can't figure it out? Open a new issue and share the details of your setup and some logs.
Without that it's hard to help you. If you have a proposal for better documentation, come
with it. PR's are always welcome! :)
## Quick Start
This container contains OpenVPN and Transmission with a configuration
where Transmission is running only when OpenVPN has an active tunnel.
It bundles configuration files for many popular VPN providers to make the setup easier.
These examples shows valid setups using PIA as provider for both
docker run and docker-compose. Note that you should read some documentation
at some point, but this is a good place to start.
### Docker run
```
$ docker run --cap-add=NET_ADMIN -d \
-v /your/storage/path/:/data \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=France \
-e OPENVPN_CONFIG=france \
-e OPENVPN_USERNAME=user \
-e OPENVPN_PASSWORD=pass \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.0.0/16 \
--log-driver json-file \
--log-opt max-size=10m \
@ -46,22 +45,21 @@ $ docker run --cap-add=NET_ADMIN -d \
haugene/transmission-openvpn
```
## Docker Compose
### Docker Compose
```
version: '3.3'
services:
transmission-openvpn:
cap_add:
- NET_ADMIN
volumes:
- '/your/storage/path/:/data'
environment:
- OPENVPN_PROVIDER=PIA
- OPENVPN_CONFIG=France
- OPENVPN_CONFIG=france
- OPENVPN_USERNAME=user
- OPENVPN_PASSWORD=pass
- WEBPROXY_ENABLED=false
- LOCAL_NETWORK=192.168.0.0/16
cap_add:
- NET_ADMIN
logging:
driver: json-file
options:

97
docs/building-blocks.md Normal file
View File

@ -0,0 +1,97 @@
# The basic building blocks
## The goal
The core functionality of this image is to let the user run a
VPN tunnel and Transmission as easy as possible. Transmission
should only run while the VPN is active and any disconnect
from VPN should cause Transmission to stop.
The container should provide community best practices on how to configure the kill switch, firewall and tweaks on the
OpenVPN configs to make it run as fast and secure as possible.
## It goes like this
To understand how it works, this is the most important events
and who/what starts them.
1. You start the container
2. The container starts OpenVPN
3. OpenVPN starts/stops Transmission
When you start the container it is instructed to run a script
to start OpenVPN. This is defined in [the Dockerfile](https://github.com/haugene/docker-transmission-openvpn/blob/master/Dockerfile).
This script is responsible for doing initial setup and prepare what is needed for OpenVPN to run successfully.
## Starting OpenVPN
The main purpose of the startup script is to figure out which OpenVPN config to use.
OpenVPN itself can be started with a single argument, and that is the config file.
We also add a few more to tell it to start Transmission when the VPN tunnel is
started and to stop Transmission when OpenVPN is stopped. That's it.
Apart from that the script does some firewall config, vpn interface setup and possibly other
things based on your settings. There are also some reserved script names that a user can mount/add to
the container to include their own scripts as a part of the setup or teardown of the container.
Anyways! You have probably seen the docker run and docker-compose configuration examples
and you've put two and two together: This is where environment variables comes in.
Setting environment variables is a common way to pass configuration options to containers
and it is the way we have chosen to do it here.
So far we've explained the need for `OPENVPN_PROVIDER` and `OPENVPN_CONFIG`. We use the
combination of these two to find the right config. `OPENVPN_CONFIG` is not set as a mandatory
option as each provider should have a default config that will be used if none is set.
With the config file identified we're ready to start OpenVPN, the only thing missing are probably
a username and password. There are some free providers out there, but they are the exceptions to the rule.
We have to inject the username/password into the config somehow. Again there are exceptions but the majority
of configs from regular providers contain a line with `auth-user-pass` which will make OpenVPN prompt for username
and password when you start a connection. That will obviously not work for us so we need to modify that option.
If it's followed by a path to a file, it will read the first line of that file as username and the second line as password.
You provide your username and password as `OPENVPN_USERNAME` and `OPENVPN_PASSWORD`. These will be
written into two lines in a file called `/config/openvpn-credentials.txt` on startup by the start script.
Having written your username/password to a file, we can successfully start OpenVPN.
## Starting Transmission
We're using the `up` option from OpenVPN to start Transmission.
> --up cmd<br>
> &nbsp;&nbsp;&nbsp;&nbsp;Run command cmd after successful TUN/TAP device open
This means that Transmission will be started when OpenVPN has connected successfully and opened the tunnel device.
We are having OpenVPN call the [tunnelUp.sh](https://github.com/haugene/docker-transmission-openvpn/blob/master/openvpn/tunnelUp.sh)
script which in turn will call the start scripts for
[Transmission](https://github.com/haugene/docker-transmission-openvpn/blob/master/transmission/start.sh) and
[Tinyproxy](https://github.com/haugene/docker-transmission-openvpn/blob/master/tinyproxy/start.sh).
The up script will be called with a number of parameters from OpenVPN, and among them is the IP of the tunnel interface.
This IP is the one we've been assigned by DHCP from the OpenVPN server we're connecting to.
We use this value to override Transmissions bind address, so we'll only listen for traffic from peers on the VPN interface.
The startup script checks to see if one of the [alternative web ui's](config-options.md#alternative_web_uis) should be used for Transmission.
It also sets up the user that Transmission should be run as, based on the PUID and PGID passed by the user
along with selecting preferred logging output and a few other tweaks.
Before starting Transmission we also need to see if there are any settings that should be overridden.
One example of this is binding Transmission to the IP we've gotten from our VPN provider.
Here we check if we find any environment variables that match a setting that we also see in settings.json.
This is described in the [config section](config-options/#transmission_configuration_options).
Setting a matching environment variable will then override the setting in Transmission.
OpenVPN does not pass the environment variables it was started with to Transmission.
To still be able to access them when starting Transmission, we're writing the ones we need to a file when starting OpenVPN.
That way we can read them back and use them here. With the environment variables in place
[this script](https://github.com/haugene/docker-transmission-openvpn/blob/master/transmission/updateSettings.py) then overwrites
the selected properties in settings.json and we're ready to start Transmission itself.
After starting Transmission there is an optional step that some providers have;
to get an open port and set it in Transmission. **Opening a port in your local router does not work**.
I made that bold because it's a recurring theme. It's not intuitive until it is I guess.
Since all your traffic is going through the VPN, which is kind of the point, the port you have to open is not on your router.
Your router's external IP address is the destination of those packets. It is on your VPN providers end that it has to be opened.
Some providers support this, other don't. We try to write scripts for those that do and that script will be executed
after starting Transmission if it exists for your provider.
At this point Transmission is running and everything is great!
But you might not be able to access it, and that's the topic of the [networking section](vpn-networking.md).

36
docs/arguments.md → docs/config-options.md
View File

@ -80,22 +80,6 @@ Transmission options changed in the WebUI or in settings.json will be overridden
PS: `TRANSMISSION_BIND_ADDRESS_IPV4` will be overridden to the IP assigned to your OpenVPN tunnel interface.
This is to prevent leaking the host IP.
### Web proxy configuration options
This container also contains a web-proxy server to allow you to tunnel your web-browser traffic through the same OpenVPN tunnel.
This is useful if you are using a private tracker that needs to see you login from the same IP address you are torrenting from.
The default listening port is 8888. Note that only ports above 1024 can be specified as all ports below 1024 are privileged
and would otherwise require root permissions to run.
Remember to add a port binding for your selected (or default) port when starting the container.
If you set Username and Password it will enable BasicAuth for the proxy
| Variable | Function | Example |
| ------------------ | ----------------------- | ----------------------- |
| `WEBPROXY_ENABLED` | Enables the web proxy | `WEBPROXY_ENABLED=true` |
| `WEBPROXY_PORT` | Sets the listening port | `WEBPROXY_PORT=8888` |
| `WEBPROXY_USERNAME`| Sets the BasicAuth username | `WEBPROXY_USERNAME=test` |
| `WEBPROXY_PASSWORD`| Sets the BasicAuth password | `WEBPROXY_PASSWORD=password` |
### User configuration options
By default everything will run as the root user. However, it is possible to change who runs the transmission process.
@ -121,4 +105,22 @@ By default Transmission will log to a file in `TRANSMISSION_HOME/transmission.lo
To log to stdout instead set the environment variable `LOG_TO_STDOUT` to `true`.
*Note*: By default stdout is what container engines read logs from. Set this to true to have Tranmission logs in commands like `docker logs` and `kubectl logs`. OpenVPN currently only logs to stdout.
*Note*: By default stdout is what container engines read logs from. Set this to true to have Tranmission logs in commands like `docker logs` and `kubectl logs`. OpenVPN currently only logs to stdout.
### Custom scripts
If you ever need to run custom code before or after transmission is executed or stopped, you can use the custom scripts feature.
Custom scripts are located in the /scripts directory which is empty by default.
To enable this feature, you'll need to mount the /scripts directory.
Once /scripts is mounted you'll need to write your custom code in the following bash shell scripts:
| Script | Function |
| ----------------------------------- | ------------------------------------------------------------ |
| /scripts/openvpn-pre-start.sh | This shell script will be executed before openvpn start |
| /scripts/transmission-pre-start.sh | This shell script will be executed before transmission start |
| /scripts/transmission-post-start.sh | This shell script will be executed after transmission start |
| /scripts/transmission-pre-stop.sh | This shell script will be executed before transmission stop |
| /scripts/transmission-post-stop.sh | This shell script will be executed after transmission stop |
Don't forget to include the #!/bin/bash shebang and to make the scripts executable using chmod a+x

15
docs/custom-scripts.md
View File

@ -1,15 +0,0 @@
If you ever need to run custom code before or after transmission is executed or stopped, you can use the custom scripts feature.
Custom scripts are located in the /scripts directory which is empty by default.
To enable this feature, you'll need to mount the /scripts directory.
Once /scripts is mounted you'll need to write your custom code in the following bash shell scripts:
| Script | Function |
| ----------------------------------- | ------------------------------------------------------------ |
| /scripts/openvpn-pre-start.sh | This shell script will be executed before openvpn start |
| /scripts/transmission-pre-start.sh | This shell script will be executed before transmission start |
| /scripts/transmission-post-start.sh | This shell script will be executed after transmission start |
| /scripts/transmission-pre-stop.sh | This shell script will be executed before transmission stop |
| /scripts/transmission-post-stop.sh | This shell script will be executed after transmission stop |
Don't forget to include the #!/bin/bash shebang and to make the scripts executable using chmod a+x

16
docs/dockerenv.md
View File

@ -1,16 +0,0 @@
Another way is to use a docker env file where you can easily store all your env variables and maintain multiple configurations for different providers.
In the GitHub repository there is a provided [DockerEnv](https://github.com/haugene/docker-transmission-openvpn/blob/master/DockerEnv) file with all the current transmission and openvpn environment variables. You can use this to create local configurations
by filling in the details and removing the # of the ones you want to use.
Please note that if you pass in env. variables on the command line these will override the ones in the env file.
See explanation of variables above.
To use this env file, use the following to run the docker image:
```
$ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
--env-file /your/docker/env/file \
-p 9091:9091 \
haugene/transmission-openvpn
```

28
docs/faq.md Executable file
View File

@ -0,0 +1,28 @@
* [The container runs, but I can't access the web ui](#the_container_runs_but_i_cant_access_the_web_ui)
* [RTNETLINK answers: File exists](#rtnetlink_answers_file_exists)
* [TUNSETIFF tun: Operation not permitted](#tunsetiff_tun_operation_not_permitted)
* [AUTH: Received control message: AUTH_FAILED](#auth_received_control_message_auth_failed)
## The container runs, but I can't access the web ui
[TODO](https://github.com/haugene/docker-transmission-openvpn/issues/1558): Short explanation and link to [networking](vpn-networking.md)
## RTNETLINK answers: File exists
[TODO](https://github.com/haugene/docker-transmission-openvpn/issues/1558): Conflicting LOCAL_NETWORK values. Short explanation and link to [networking](vpn-networking.md)
## TUNSETIFF tun: Operation not permitted
[TODO](https://github.com/haugene/docker-transmission-openvpn/issues/1558): Permissions issue. Is NET_ADMIN given? Does it work with --privileged? Some platforms has it harder than others.
## AUTH: Received control message: AUTH_FAILED
If your logs end like this, the wrong username/password was sent to your VPN provider:
```
AUTH: Received control message: AUTH_FAILED
SIGTERM[soft,auth-failure] received, process exiting
```
[TODO](https://github.com/haugene/docker-transmission-openvpn/issues/1558): Special chars in password? Separate credentials for OpenVPN? Check file content of /config/openvpn-credentials.txt and contact provider

68
docs/index.md
View File

@ -15,54 +15,44 @@
<a href="https://gitter.im/docker-transmission-openvpn/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge">
<img alt="Join the chat at https://gitter.im/docker-transmission-openvpn/Lobby" src="https://badges.gitter.im/docker-transmission-openvpn/Lobby.svg" />
</a>
<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=73XHRSK65KQYC">
<img alt="Donate with PayPal" src="https://img.shields.io/badge/Donate-PayPal-green.svg">
</a>
<a href="https://www.patreon.com/haugene">
<img alt="Donate with Patreon" src="https://github.com/haugene/docker-transmission-openvpn/raw/master/images/patreon.png">
</a>
</p>
## Quick Start
## Overview
This container contains OpenVPN and Transmission with a configuration where Transmission is running only when OpenVPN has an active tunnel. It bundles configuration files for many popular VPN providers to make the setup easier.
You have found the documentation. That usually means that you either:
You need to specify your provider and credentials with environment variables, as well as mounting volumes where the data should be stored. An example run command to get you going is provided below.
1. Want to read a bit about how the image is built and how it works
2. Want to get started, and are looking for a setup guide
3. Already have a setup, but something is broken
It also bundles an installation of Tinyproxy to also be able to proxy web traffic over your VPN, as well as scripts for opening a port for Transmission if you are using PIA or Perfect Privacy providers.
We'll try to address them here but no matter which one of them it is, knowing
more about this image makes it easier to understand how it should be and what
could be wrong. So starting with number 1 is never a bad idea.
```
$ docker run --cap-add=NET_ADMIN -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
-e CREATE_TUN_DEVICE=true \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=CA\ Toronto \
-e OPENVPN_USERNAME=user \
-e OPENVPN_PASSWORD=pass \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.0.0/16 \
--log-driver json-file \
--log-opt max-size=10m \
-p 9091:9091 \
haugene/transmission-openvpn
```
**NB:** These pages are under re-construction. Follow the issue [here](https://github.com/haugene/docker-transmission-openvpn/issues/1558) and feel free to comment or help out :) Also we just released version 3.0, so if you have some breakage - [please read here](v3.md).
## Please help out (about:maintenance)
## Good places to start
This image was created for my own use, but sharing is caring, so it had to be open source.
It has now gotten quite popular, and that's great! But keeping it up to date, providing support, fixes
and new features takes a lot of time.
* [The basic building blocks](building-blocks.md)
* [Running the container](run-container.md)
* [VPN and networking in containers](vpn-networking.md)
* [Supported providers and server locations](supported-providers.md)
* [Provider specific features/instructions](provider-specific.md)
* [Configuration options list](config-options.md)
I'm therefore kindly asking you to donate if you feel like you're getting a good tool
and you're able to spare some dollars to keep it functioning as it should. There's a couple of ways to do it:
## Troubleshooting
Become a patron, supporting the project with a small monthly amount.
* [Frequently asked questions](faq.md)
* Debugging your setup (coming)
* [Tips & Tricks](tips-tricks.md)
[![Donate with Patreon](https://github.com/haugene/docker-transmission-openvpn/raw/master/images/patreon.png)](https://www.patreon.com/haugene)
## Additional features
Make a one time donation through PayPal.
[![Donate with PayPal](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=73XHRSK65KQYC)
Or use this referral code to DigitalOcean and get 25$ in credits, if you're interested in a cloud setup.
[![Credits on DigitalOcean](https://raw.githubusercontent.com/haugene/docker-transmission-openvpn/master/images/digitalocean.png)](https://m.do.co/c/ca994f1552bc)
You can also help out by submitting pull-requests or helping others with
open issues or in the gitter chat. A big thanks to everyone who has contributed so far!
And if you could be interested in joining as collaborator, let me know.
* [Web proxy: Tinyproxy](web-proxy.md)
* [RSS Plugin support](rss-plugin.md)

21
docs/known-issues.md
View File

@ -1,21 +0,0 @@
#### Use Google DNS servers
Some have encountered problems with DNS resolving inside the docker container.
This causes trouble because OpenVPN will not be able to resolve the host to connect to.
If you have this problem use dockers --dns flag to override the resolv.conf of the container.
For example use googles dns servers by adding --dns 8.8.8.8 --dns 8.8.4.4 as parameters to the usual run command.
#### Restart container if connection is lost
If the VPN connection fails or the container for any other reason loses connectivity, you want it to recover from it. One way of doing this is to set environment variable `OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60` and use the --restart=always flag when starting the container. This way OpenVPN will exit if ping fails over a period of time which will stop the container and then the Docker deamon will restart it.
#### Reach sleep or hybernation on your host if no torrents are active
By befault Transmission will always [scrape](https://en.wikipedia.org/wiki/Tracker_scrape) trackers, even if all torrents have completed their activities, or they have been paused manually. This will cause Transmission to be always active, therefore never allow your host server to be inactive and go to sleep/hybernation/whatever. If this is something you want, you can add the following variable when creating the container. It will turn off a hidden setting in Tranmsission which will stop the application to scrape trackers for paused torrents. Transmission will become inactive, and your host will reach the desidered state.
```
-e "TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=false"
```
#### Running it on a NAS
Several popular NAS platforms supports Docker containers. You should be able to set up and configure this container using their web interfaces. Remember that you need a TUN/TAP device to run the container. To set up the device it's probably simplest to install a OpenVPN package for the NAS. This should set up the device. If not, there are some more detailed instructions below.
#### Questions?
If you are having issues with this container please submit an issue on GitHub.
Please provide logs, docker version and other information that can simplify reproducing the issue.
Using the latest stable version of Docker is always recommended. Support for older version is on a best-effort basis.

7
docs/nordvpn-script.md → docs/provider-specific.md
View File

@ -1,4 +1,9 @@
## NORDVPN API
## COMING SOON
**NOTE:** This page is just moved from it's previous location. A re-write is coming.
I'm [on it (#1558)](https://github.com/haugene/docker-transmission-openvpn/issues/1558)
### NORDVPN
The update script is based on the NordVPN API. The API sends back the best recommended OpenVPN configuration file based on the filters given.

511
docs/readme.md
View File

@ -1,511 +0,0 @@
# OpenVPN and Transmission with WebUI
[![Docker Automated build](https://img.shields.io/docker/automated/haugene/transmission-openvpn.svg)](https://hub.docker.com/r/haugene/transmission-openvpn/)
[![Docker Pulls](https://img.shields.io/docker/pulls/haugene/transmission-openvpn.svg)](https://hub.docker.com/r/haugene/transmission-openvpn/)
[![Join the chat at https://gitter.im/docker-transmission-openvpn/Lobby](https://badges.gitter.im/docker-transmission-openvpn/Lobby.svg)](https://gitter.im/docker-transmission-openvpn/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
This container contains OpenVPN and Transmission with a configuration
where Transmission is running only when OpenVPN has an active tunnel.
It bundles configuration files for many popular VPN providers to make the setup easier.
You need to specify your provider and credentials with environment variables,
as well as mounting volumes where the data should be stored.
An example run command to get you going is provided below.
It also bundles an installation of Tinyproxy to also be able to proxy web traffic over your VPN,
as well as scripts for opening a port for Transmission if you are using PIA or Perfect Privacy providers.
GL HF! And if you run into problems, please check the README twice and try the gitter chat before opening an issue :)
## Please help out (about:maintenance)
This image was created for my own use, but sharing is caring, so it had to be open source.
It has now gotten quite popular, and that's great! But keeping it up to date, providing support, fixes
and new features takes a lot of time.
I'm therefore kindly asking you to donate if you feel like you're getting a good tool
and you're able to spare some dollars to keep it functioning as it should. There's a couple of ways to do it:
Become a patron, supporting the project with a small monthly amount.
[![Donate with Patreon](images/patreon.png)](https://www.patreon.com/haugene)
Make a one time donation through PayPal.
[![Donate with PayPal](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=73XHRSK65KQYC)
Or use this referral code to DigitalOcean and get 25$ in credits, if you're interested in a cloud setup.
[![Credits on DigitalOcean](images/digitalocean.png)](https://m.do.co/c/ca994f1552bc)
You can also help out by submitting pull-requests or helping others with
open issues or in the gitter chat. A big thanks to everyone who has contributed so far!
And if you could be interested in joining as collaborator, let me know.
## Run container from Docker registry
The container is available from the Docker registry and this is the simplest way to get it.
To run the container use this command:
```
$ docker run --cap-add=NET_ADMIN -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
-e CREATE_TUN_DEVICE=true \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=CA\ Toronto \
-e OPENVPN_USERNAME=user \
-e OPENVPN_PASSWORD=pass \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.0.0/16 \
--log-driver json-file \
--log-opt max-size=10m \
-p 9091:9091 \
haugene/transmission-openvpn
```
You must set the environment variables `OPENVPN_PROVIDER`, `OPENVPN_USERNAME` and `OPENVPN_PASSWORD` to provide basic connection details.
The `OPENVPN_CONFIG` is an optional variable. If no config is given, a default config will be selected for the provider you have chosen.
Find available OpenVPN configurations by looking in the openvpn folder of the GitHub repository. The value that you should use here is the filename of your chosen openvpn configuration *without* the .ovpn file extension. For example:
```
-e "OPENVPN_CONFIG=ipvanish-AT-Vienna-vie-c02"
```
You can also provide a comma separated list of openvpn configuration filenames.
If you provide a list, a file will be randomly chosen in the list, this is useful for redundancy setups. For example:
```
-e "OPENVPN_CONFIG=ipvanish-AT-Vienna-vie-c02,ipvanish-FR-Paris-par-a01,ipvanish-DE-Frankfurt-fra-a01"
```
If you provide a list and the selected server goes down, after the value of ping-timeout the container will be restarted and a server will be randomly chosen, note that the faulty server can be chosen again, if this should occur, the container will be restarted again until a working server is selected.
To make sure this work in all cases, you should add ```--pull-filter ignore ping``` to your OPENVPN_OPTS variable.
As you can see, the container also expects a data volume to be mounted.
This is where Transmission will store your downloads, incomplete downloads and look for a watch directory for new .torrent files.
By default a folder named transmission-home will also be created under /data, this is where Transmission stores its state.
### Supported providers
This is a list of providers that are bundled within the image. Feel free to create an issue if your provider is not on the list, but keep in mind that some providers generate config files per user. This means that your login credentials are part of the config an can therefore not be bundled. In this case you can use the custom provider setup described later in this readme. The custom provider setting can be used with any provider.
| Provider Name | Config Value (`OPENVPN_PROVIDER`) |
| :---------------------- | :-------------------------------- |
| Anonine | `ANONINE` |
| AnonVPN | `ANONVPN` |
| BlackVPN | `BLACKVPN` |
| BTGuard | `BTGUARD` |
| Cryptostorm | `CRYPTOSTORM` |
| Cypherpunk | `CYPHERPUNK` |
| FastestVPN | `FASTESTVPN` |
| FreeVPN | `FREEVPN` |
| FrootVPN | `FROOT` |
| FrostVPN | `FROSTVPN` |
| GhostPath | `GHOSTPATH` |
| Giganews | `GIGANEWS` |
| HideMe | `HIDEME` |
| HideMyAss | `HIDEMYASS` |
| IntegrityVPN | `INTEGRITYVPN` |
| IPVanish | `IPVANISH` |
| IronSocket | `IRONSOCKET` |
| Ivacy | `IVACY` |
| IVPN | `IVPN` |
| Mullvad | `MULLVAD` |
| Newshosting | `NEWSHOSTING` |
| NordVPN | `NORDVPN` |
| OVPN | `OVPN` |
| Perfect Privacy | `PERFECTPRIVACY` |
| Private Internet Access | `PIA` |
| PrivateVPN | `PRIVATEVPN` |
| ProtonVPN | `PROTONVPN` |
| proXPN | `PROXPN` |
| proxy.sh | `PROXYSH ` |
| PureVPN | `PUREVPN` |
| RA4W VPN | `RA4W` |
| SaferVPN | `SAFERVPN` |
| SlickVPN | `SLICKVPN` |
| Smart DNS Proxy | `SMARTDNSPROXY` |
| SmartVPN | `SMARTVPN` |
| Surfshark | `SURFSHARK` |
| TigerVPN | `TIGER` |
| TorGuard | `TORGUARD` |
| Trust.Zone | `TRUSTZONE` |
| TunnelBear | `TUNNELBEAR` |
| UsenetServerVPN | `USENETSERVER` |
| Windscribe | `WINDSCRIBE` |
| VPNArea.com | `VPNAREA` |
| VPN.AC | `VPNAC` |
| VPN.ht | `VPNHT` |
| VPNBook.com | `VPNBOOK` |
| VPNFacile | `VPNFACILE` |
| VPNTunnel | `VPNTUNNEL` |
| VyprVpn | `VYPRVPN` |
| VPNUnlimited | `VPNUNLIMITED` |
### Required environment options
| Variable | Function | Example |
| ------------------ | --------------------------------- | ------------------------------------------------------------------------------------------------------- |
| `OPENVPN_PROVIDER` | Sets the OpenVPN provider to use. | `OPENVPN_PROVIDER=provider`. Supported providers and their config values are listed in the table above. |
| `OPENVPN_USERNAME` | Your OpenVPN username | `OPENVPN_USERNAME=asdf` |
| `OPENVPN_PASSWORD` | Your OpenVPN password | `OPENVPN_PASSWORD=asdf` |
### Network configuration options
| Variable | Function | Example |
| ------------------- | --------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| `OPENVPN_CONFIG` | Sets the OpenVPN endpoint to connect to. | `OPENVPN_CONFIG=UK Southampton` |
| `OPENVPN_OPTS` | Will be passed to OpenVPN on startup | See [OpenVPN doc](https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html) |
| `LOCAL_NETWORK` | Sets the local network that should have access. Accepts comma separated list. | `LOCAL_NETWORK=192.168.0.0/24` |
| `CREATE_TUN_DEVICE` | Creates /dev/net/tun device inside the container, mitigates the need mount the device from the host | `CREATE_TUN_DEVICE=true` |
### Firewall configuration options
When enabled, the firewall blocks everything except traffic to the peer port and traffic to the rpc port from the LOCAL_NETWORK and the internal docker gateway.
If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to the range of peer ports defined by TRANSMISSION_PEER_PORT_RANDOM_HIGH and TRANSMISSION_PEER_PORT_RANDOM_LOW.
| Variable | Function | Example |
| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
| `ENABLE_UFW` | Enables the firewall | `ENABLE_UFW=true` |
| `UFW_ALLOW_GW_NET` | Allows the gateway network through the firewall. Off defaults to only allowing the gateway. | `UFW_ALLOW_GW_NET=true` |
| `UFW_EXTRA_PORTS` | Allows the comma separated list of ports through the firewall. Respects UFW_ALLOW_GW_NET. | `UFW_EXTRA_PORTS=9910,23561,443` |
| `UFW_DISABLE_IPTABLES_REJECT` | Prevents the use of `REJECT` in the `iptables` rules, for hosts without the `ipt_REJECT` module (such as the Synology NAS). | `UFW_DISABLE_IPTABLES_REJECT=true` |
### Health check option
Because your VPN connection can sometimes fail, Docker will run a health check on this container every 5 minutes to see if the container is still connected to the internet. By default, this check is done by pinging google.com once. You change the host that is pinged.
| Variable | Function | Example |
| ------------------- | ------------------------------------------------------------------ | ------------ |
| `HEALTH_CHECK_HOST` | this host is pinged to check if the network connection still works | `google.com` |
### Permission configuration options
By default the startup script applies a default set of permissions and ownership on the transmission download, watch and incomplete directories. The GLOBAL_APPLY_PERMISSIONS directive can be used to disable this functionality.
| Variable | Function | Example |
| -------------------------- | -------------------------------------- | -------------------------------- |
| `GLOBAL_APPLY_PERMISSIONS` | Disable setting of default permissions | `GLOBAL_APPLY_PERMISSIONS=false` |
### Alternative web UIs
You can override the default web UI by setting the ```TRANSMISSION_WEB_HOME``` environment variable. If set, Transmission will look there for the Web Interface files, such as the javascript, html, and graphics files.
[Combustion UI](https://github.com/Secretmapper/combustion), [Kettu](https://github.com/endor/kettu) and [Transmission-Web-Control](https://github.com/ronggang/transmission-web-control/) come bundled with the container. You can enable either of them by setting```TRANSMISSION_WEB_UI=combustion```, ```TRANSMISSION_WEB_UI=kettu``` or ```TRANSMISSION_WEB_UI=transmission-web-control```, respectively. Note that this will override the ```TRANSMISSION_WEB_HOME``` variable if set.
| Variable | Function | Example |
| ----------------------- | -------------------------------- | --------------------------------------------------------------------------------------------------------------- |
| `TRANSMISSION_WEB_HOME` | Set Transmission web home | `TRANSMISSION_WEB_HOME=/path/to/web/ui` |
| `TRANSMISSION_WEB_UI` | Use the specified bundled web UI | `TRANSMISSION_WEB_UI=combustion`, `TRANSMISSION_WEB_UI=kettu` or `TRANSMISSION_WEB_UI=transmission-web-control` |
### Transmission configuration options
You may override Transmission options by setting the appropriate environment variable.
The environment variables are the same name as used in the transmission settings.json file
and follow the format given in these examples:
| Transmission variable name | Environment variable name |
| -------------------------- | ------------------------------------- |
| `speed-limit-up` | `TRANSMISSION_SPEED_LIMIT_UP` |
| `speed-limit-up-enabled` | `TRANSMISSION_SPEED_LIMIT_UP_ENABLED` |
| `ratio-limit` | `TRANSMISSION_RATIO_LIMIT` |
| `ratio-limit-enabled` | `TRANSMISSION_RATIO_LIMIT_ENABLED` |
As you can see the variables are prefixed with `TRANSMISSION_`, the variable is capitalized, and `-` is converted to `_`.
Transmission options changed in the WebUI or in settings.json will be overridden at startup and will not survive after a reboot of the container. You may want to use these variables in order to keep your preferences.
PS: `TRANSMISSION_BIND_ADDRESS_IPV4` will be overridden to the IP assigned to your OpenVPN tunnel interface.
This is to prevent leaking the host IP.
### Web proxy configuration options
This container also contains a web-proxy server to allow you to tunnel your web-browser traffic through the same OpenVPN tunnel.
This is useful if you are using a private tracker that needs to see you login from the same IP address you are torrenting from.
The default listening port is 8888. Note that only ports above 1024 can be specified as all ports below 1024 are privileged
and would otherwise require root permissions to run.
Remember to add a port binding for your selected (or default) port when starting the container.
| Variable | Function | Example |
| ------------------ | ----------------------- | ----------------------- |
| `WEBPROXY_ENABLED` | Enables the web proxy | `WEBPROXY_ENABLED=true` |
| `WEBPROXY_PORT` | Sets the listening port | `WEBPROXY_PORT=8888` |
| `WEBPROXY_USERNAME`| Sets the BasicAuth username | `WEBPROXY_USERNAME=test` |
| `WEBPROXY_PASSWORD`| Sets the BasicAuth password | `WEBPROXY_PASSWORD=password` |
### User configuration options
By default everything will run as the root user. However, it is possible to change who runs the transmission process.
You may set the following parameters to customize the user id that runs transmission.
| Variable | Function | Example |
| -------- | ------------------------------------------- | ----------- |
| `PUID` | Sets the user id who will run transmission | `PUID=1003` |
| `PGID` | Sets the group id for the transmission user | `PGID=1003` |
### Dropping default route from iptables (advanced)
Some VPNs do not override the default route, but rather set other routes with a lower metric.
This might lead to the default route (your untunneled connection) to be used.
To drop the default route set the environment variable `DROP_DEFAULT_ROUTE` to `true`.
*Note*: This is not compatible with all VPNs. You can check your iptables routing with the `ip r` command in a running container.
### Custom pre/post scripts
If you ever need to run custom code before or after transmission is executed or stopped, you can use the custom scripts feature.
Custom scripts are located in the /scripts directory which is empty by default.
To enable this feature, you'll need to mount the /scripts directory.
Once /scripts is mounted you'll need to write your custom code in the following bash shell scripts:
| Script | Function |
| ----------------------------------- | ------------------------------------------------------------ |
| /scripts/openvpn-pre-start.sh | This shell script will be executed before openvpn start |
| /scripts/transmission-pre-start.sh | This shell script will be executed before transmission start |
| /scripts/transmission-post-start.sh | This shell script will be executed after transmission start |
| /scripts/transmission-pre-stop.sh | This shell script will be executed before transmission stop |
| /scripts/transmission-post-stop.sh | This shell script will be executed after transmission stop |
Don't forget to include the #!/bin/bash shebang and to make the scripts executable using chmod a+x
### RSS plugin
The Transmission RSS plugin can optionally be run as a separate container. It allow to download torrents based on an RSS URL, see [Plugin page](https://github.com/nning/transmission-rss).
```
$ docker run -d \
-e "RSS_URL=<URL>" \
--link <transmission-container>:transmission \
--name "transmission-rss" \
haugene/transmission-rss
```
#### Use docker env file
Another way is to use a docker env file where you can easily store all your env variables and maintain multiple configurations for different providers.
In the GitHub repository there is a provided DockerEnv file with all the current transmission and openvpn environment variables. You can use this to create local configurations
by filling in the details and removing the # of the ones you want to use.
Please note that if you pass in env. variables on the command line these will override the ones in the env file.
See explanation of variables above.
To use this env file, use the following to run the docker image:
```
$ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
--env-file /your/docker/env/file \
-p 9091:9091 \
haugene/transmission-openvpn
```
## Access the WebUI
But what's going on? My http://my-host:9091 isn't responding?
This is because the VPN is active, and since docker is running in a different ip range than your client the response
to your request will be treated as "non-local" traffic and therefore be routed out through the VPN interface.
### How to fix this
The container supports the `LOCAL_NETWORK` environment variable. For instance if your local network uses the IP range 192.168.0.0/24 you would pass `-e LOCAL_NETWORK=192.168.0.0/24`.
Alternatively you can reverse proxy the traffic through another container, as that container would be in the docker range. There is a reverse proxy being built with the container. You can run it using the command below or have a look in the repository proxy folder for inspiration for your own custom proxy.
```
$ docker run -d \
--link <transmission-container>:transmission \
-p 8080:8080 \
haugene/transmission-openvpn-proxy
```
## Access the RPC
You need to add a / to the end of the URL to be able to connect. Example: http://my-host:9091/transmission/rpc/
## Known issues, tips and tricks
#### Use Google DNS servers
Some have encountered problems with DNS resolving inside the docker container.
This causes trouble because OpenVPN will not be able to resolve the host to connect to.
If you have this problem use dockers --dns flag to override the resolv.conf of the container.
For example use googles dns servers by adding --dns 8.8.8.8 --dns 8.8.4.4 as parameters to the usual run command.
#### Restart container if connection is lost
If the VPN connection fails or the container for any other reason loses connectivity, you want it to recover from it. One way of doing this is to set environment variable `OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60` and use the --restart=always flag when starting the container. This way OpenVPN will exit if ping fails over a period of time which will stop the container and then the Docker deamon will restart it.
#### Reach sleep or hybernation on your host if no torrents are active
By befault Transmission will always [scrape](https://en.wikipedia.org/wiki/Tracker_scrape) trackers, even if all torrents have completed their activities, or they have been paused manually. This will cause Transmission to be always active, therefore never allow your host server to be inactive and go to sleep/hybernation/whatever. If this is something you want, you can add the following variable when creating the container. It will turn off a hidden setting in Tranmsission which will stop the application to scrape trackers for paused torrents. Transmission will become inactive, and your host will reach the desidered state.
```
-e "TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=false"
```
#### Running it on a NAS
Several popular NAS platforms supports Docker containers. You should be able to set up and configure this container using their web interfaces. Remember that you need a TUN/TAP device to run the container. To set up the device it's probably simplest to install a OpenVPN package for the NAS. This should set up the device. If not, there are some more detailed instructions below.
#### Questions?
If you are having issues with this container please submit an issue on GitHub.
Please provide logs, docker version and other information that can simplify reproducing the issue.
Using the latest stable version of Docker is always recommended. Support for older version is on a best-effort basis.
## Adding new providers
If your VPN provider is not in the list of supported providers you could always create an issue on GitHub and see if someone could add it for you. But if you're feeling up for doing it yourself, here's a couple of pointers.
You clone this repository and create a new folder under "openvpn" where you put the .ovpn files your provider gives you. Depending on the structure of these files you need to make some adjustments. For example if they come with a ca.crt file that is referenced in the config you need to update this reference to the path it will have inside the container (which is /etc/openvpn/...). You also have to set where to look for your username/password.
There is a script called adjustConfigs.sh that could help you. After putting your .ovpn files in a folder, run that script with your folder name as parameter and it will try to do the changes described above. If you use it or not, reading it might give you some help in what you're looking to change in the .ovpn files.
Once you've finished modifying configs, you build the container and run it with OPENVPN_PROVIDER set to the name of the folder of configs you just created (it will be lowercased to match the folder names). And that should be it!
So, you've just added your own provider and you're feeling pretty good about it! Why don't you fork this repository, commit and push your changes and submit a pull request? Share your provider with the rest of us! :) Please submit your PR to the dev branch in that case.
### Using a custom provider
If you want to run the image with your own provider without building a new image, that is also possible. For some providers, like AirVPN, the .ovpn files are generated per user and contains credentials. They should not be added to a public image. This is what you do:
Add a new volume mount to your `docker run` command that mounts your config file:
`-v /path/to/your/config.ovpn:/etc/openvpn/custom/default.ovpn`
Then you can set `OPENVPN_PROVIDER=CUSTOM`and the container will use the config you provided. If you are using AirVPN or other provider with credentials in the config file, you still need to set `OPENVPN_USERNAME` and `OPENVPN_PASSWORD` as this is required by the startup script. They will not be read by the .ovpn file, so you can set them to whatever.
Note that you still need to modify your .ovpn file as described in the previous section. If you have an separate ca.crt, client.key or client.crt file in your volume mount should be a folder containing both the ca.crt and the .ovpn config.
Mount the folder contianing all the required files instead of the openvpn.ovpn file.
`-v /path/to/your/config/:/etc/openvpn/custom/`
Additionally the .ovpn config should include the full path on the docker container to the ca.crt and additional files.
`ca /etc/openvpn/custom/ca.crt`
If `-e OPENVPN_CONFIG=` variable has been omitted from the `docker run` command the .ovpn config file must be named default.ovpn. IF `-e OPENVPN_CONFIG=` is used with the custom provider the .ovpn config and variable must match as described above.
## Controlling Transmission remotely
The container exposes /config as a volume. This is the directory where the supplied transmission and OpenVPN credentials will be stored.
If you have transmission authentication enabled and want scripts in another container to access and
control the transmission-daemon, this can be a handy way to access the credentials.
For example, another container may pause or restrict transmission speeds while the server is streaming video.
## Running on ARM (Raspberry PI)
Since the Raspberry PI runs on an ARM architecture instead of x64, the existing x64 images will not
work properly. There are 2 additional Dockerfiles created. The Dockerfiles supported by the Raspberry PI are Dockerfile.armhf -- there is
also an example docker-compose-armhf file that shows how you might use Transmission/OpenVPN and the
corresponding nginx reverse proxy on an RPI machine.
You can use the `latest-armhf` tag for each images (see docker-compose-armhf.yml) or build your own images using Dockerfile.armhf.
## Make it work on Synology NAS
Here are the steps to run it on a Synology NAS (Tested on DSM 6) :
- Connect as _admin_ to your Synology SSH
- Switch to root with command `sudo su -`
- Enter your _admin_ password when prompted
- Create a TUN.sh file anywhere in your synology file system by typing `vim /volume1/foldername/TUN.sh`
replacing _foldername_ with any folder you created on your Synology
- Paste @timkelty 's script :
```
#!/bin/sh
# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
if ( [ ! -d /dev/net ] ); then
mkdir -m 755 /dev/net
fi
mknod /dev/net/tun c 10 200
chmod 0755 /dev/net/tun
fi
# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
insmod /lib/modules/tun.ko
fi
```
- Save the file with [escape] + `:wq!`
- Go in the folder containing your script : `cd /volume1/foldername/`
- Check permission with `chmod 0755 TUN.sh`
- Run it with `./TUN.sh`
- Return to initial directory typing `cd`
- Create the DNS config file by typing `vim /volume1/foldername/resolv.conf`
- Paste the following lines :
```
nameserver 8.8.8.8
nameserver 8.8.4.4
```
- Save the file with [escape] + `:wq!`
- Create your docker container with a the following command line:
# Tested on DSM 6.1.4-15217 Update 1, Docker Package 17.05.0-0349
docker run \
--cap-add=NET_ADMIN \
--device=/dev/net/tun \
-d \
-v /volume1/foldername/resolv.conf:/etc/resolv.conf \
-v /volume1/yourpath/:/data \
-e "OPENVPN_PROVIDER=PIA" \
-e "OPENVPN_CONFIG=CA\ Toronto" \
-e "OPENVPN_USERNAME=XXXXX" \
-e "OPENVPN_PASSWORD=XXXXX" \
-e "LOCAL_NETWORK=192.168.0.0/24" \
-e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \
-e "PGID=100" \
-e "PUID=1234" \
-p 9091:9091 \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
--name "transmission-openvpn-syno" \
haugene/transmission-openvpn:latest
- To make it work after a nas restart, create an automated task in your synology web interface : go to **Settings Panel > Task Scheduler ** create a new task that run `/volume1/foldername/TUN.sh` as root (select '_root_' in 'user' selectbox). This task will start module that permit the container to run, you can make a task that run on startup. These kind of task doesn't work on my nas so I just made a task that run every minute.
- Enjoy
## systemd Integration
On many modern linux systems, including Ubuntu, systemd can be used to start the transmission-openvpn at boot time, and restart it after any failure.
Save the following as `/etc/systemd/system/transmission-openvpn.service`, and replace the OpenVPN PROVIDER/USERNAME/PASSWORD directives with your settings, and add any other directives that you're using.
This service is assuming that there is a `bittorrent` user set up with a home directory at `/home/bittorrent/`. The data directory will be mounted at `/home/bittorrent/data/`. This can be changed to whichever user and location you're using.
OpenVPN is set to exit if there is a connection failure. OpenVPN exiting triggers the container to also exit, then the `Restart=always` definition in the `transmission-openvpn.service` file tells systems to restart things again.
```
[Unit]
Description=haugene/transmission-openvpn docker container
After=docker.service
Requires=docker.service
[Service]
User=bittorrent
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill transmission-openvpn
ExecStartPre=-/usr/bin/docker rm transmission-openvpn
ExecStartPre=/usr/bin/docker pull haugene/transmission-openvpn
ExecStart=/usr/bin/docker run \
--name transmission-openvpn \
--cap-add=NET_ADMIN \
--device=/dev/net/tun \
-v /home/bittorrent/data/:/data \
-e "OPENVPN_PROVIDER=TORGUARD" \
-e "OPENVPN_USERNAME=bittorrent@example.com" \
-e "OPENVPN_PASSWORD=hunter2" \
-e "OPENVPN_CONFIG=CA\ Toronto" \
-e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \
-e "TRANSMISSION_UMASK=0" \
-p 9091:9091 \
--dns 8.8.8.8 \
--dns 8.8.4.4 \
haugene/transmission-openvpn
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
```
Then enable and start the new service with:
```
$ sudo systemctl enable /etc/systemd/system/transmission-openvpn.service
$ sudo systemctl restart transmission-openvpn.service
```
If it is stopped or killed in any fashion, systemd will restart the container. If you do want to shut it down, then run the following command and it will stay down until you restart it.
```
$ sudo systemctl stop transmission-openvpn.service
# Later ...
$ sudo systemctl start transmission-openvpn.service
```

98
docs/run-container.md Executable file
View File

@ -0,0 +1,98 @@
# Running the container
Many platforms ship with a Docker runtime and have their own way of setting this up.
I'm then thinking about NAS servers specifically, but also Unraid and others. In addition to this we have
the container management solutions like [Portainer](https://www.portainer.io/)
This page will only discuss the tooling that a Docker installation comes with. That means `docker run ..`
and `docker-compose`. In the end that is what the other managers do as well and it's the common ground here.
I'm very happy to set up a platform specific installation page and link to it from here.
Open an issue or PR if you want to contribute with documentation for your favourite platform.
The images available on the Docker Hub are multiarch manifests. This means that they point to multiple images
that are built for different CPU architectures like ARM for Raspberry Pi. You can `haugene/transmission-openvpn`
on any of these architectures and Docker will get the correct one.
## Starting the container
The example Docker run command looks like this:
```
$ docker run --cap-add=NET_ADMIN -d \
-v /your/storage/path/:/data \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=france \
-e OPENVPN_USERNAME=user \
-e OPENVPN_PASSWORD=pass \
-e LOCAL_NETWORK=192.168.0.0/16 \
--log-driver json-file \
--log-opt max-size=10m \
-p 9091:9091 \
haugene/transmission-openvpn
```
The example docker-compose.yml looks like this:
```
version: '3.3'
services:
transmission-openvpn:
cap_add:
- NET_ADMIN
volumes:
- '/your/storage/path/:/data'
environment:
- OPENVPN_PROVIDER=PIA
- OPENVPN_CONFIG=france
- OPENVPN_USERNAME=user
- OPENVPN_PASSWORD=pass
- LOCAL_NETWORK=192.168.0.0/16
logging:
driver: json-file
options:
max-size: 10m
ports:
- '9091:9091'
image: haugene/transmission-openvpn
```
These configs are equivalent. Running `docker-compose up` with that compose file will result in
the same options being sent to the Docker engine as the run statement before it.
## Three things to remember
#### 1. The container assumes that you mount a folder to /data
Technically you don't have to do this, but it is by far the most manageable way of getting
the downloaded files onto your host system **and** Transmission will store it's state there.
So if you don't mount this directory then you will loose all your torrents on image updates.
#### 2. It is not mandatory, but setting OPENVPN_CONFIG is good
If you don't set this then there should be a default config for each provider that is chosen, and that should work fine.
The benefit of choosing yourself is that you can choose a region that is closer to you and that might be better for speed.
I also believe that tinkering with this builds some familiarity with the image and some confidence and understanding for future debugging.
We're now moving towards a setup where we download the configs for our providers when the container starts.
That is great from a maintenance perspective, but it also means that we don't know the valid choices for the providers ahead of time.
A tip for finding out is to set `OPENVPN_CONFIG=dummy` and start it. This will fail, but in the logs it will print all the valid options.
Pro tip: choose multiple servers. For example: `OPENVPN_CONFIG=france,sweden,austria,italy,belgium`
This will ensure a location near you, but at the same time it will allow some redundancy. Set Docker to restart the container
automatically and you have a failover mechanism. The container chooses one of the configs at random when it starts and it will bounce
from server to server until it finds one that works.
#### 3. You might not be able to access the Web UI on the first try
The `LOCAL_NETWORK=192.168.0.0/16` tries to fix this for you, but it might not work if your local LAN DHCP server hands out addresses outside that range.
If your local network is in the `10.x.y.z` space for example then you need to set `LOCAL_NETWORK=10.x.0.0/16` or `LOCAL_NETWORK=10.x.y.0/24`.
These are called CIDR addresses and you can read up on them. The short story is that /24 will allow for any value in the last digit place
while /16 will allow any value in the two last places. Be sure to only allow IPs that are in the [private IP ranges](https://en.wikipedia.org/wiki/Private_network).
This option punches a hole in the VPN for the IPs that you specify. It is neccessary to reach your Web UI but narrower ranges are better than wide ones.
With that said. If you know that you're on a "typical" network with your router at 192.168.1.1, then `LOCAL_NETWORK=192.168.1.0/24` is better than `LOCAL_NETWORK=192.168.0.0/16`. That way you only allow access form 192.168.1.x instead of 192.168.x.y.
There is an alternative to the LOCAL_NETWORK environment variable, and that is a reverse proxy in the same docker network as the vpn container.
Because this topic is both quite complex and very important there is a separate page on [VPN and Networking](vpn-networking.md) in the container and it goes into depth on why this is.

41
docs/run-from-docker-registry.md
View File

@ -1,41 +0,0 @@
The container is available from the Docker registry and this is the simplest way to get it.
To run the container use this command:
```
$ docker run --cap-add=NET_ADMIN -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
-e CREATE_TUN_DEVICE=true \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=CA\ Toronto \
-e OPENVPN_USERNAME=user \
-e OPENVPN_PASSWORD=pass \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.0.0/16 \
--log-driver json-file \
--log-opt max-size=10m \
-p 9091:9091 \
haugene/transmission-openvpn
```
You must set the environment variables `OPENVPN_PROVIDER`, `OPENVPN_USERNAME` and `OPENVPN_PASSWORD` to provide basic connection details.
The `OPENVPN_CONFIG` is an optional variable. If no config is given, a default config will be selected for the provider you have chosen.
Find available OpenVPN configurations by looking in the openvpn folder of the GitHub repository. The value that you should use here is the filename of your chosen openvpn configuration *without* the .ovpn file extension. For example:
```
-e "OPENVPN_CONFIG=ipvanish-AT-Vienna-vie-c02"
```
You can also provide a comma separated list of openvpn configuration filenames.
If you provide a list, a file will be randomly chosen in the list, this is useful for redundancy setups. For example:
```
-e "OPENVPN_CONFIG=ipvanish-AT-Vienna-vie-c02,ipvanish-FR-Paris-par-a01,ipvanish-DE-Frankfurt-fra-a01"
```
If you provide a list and the selected server goes down, after the value of ping-timeout the container will be restarted and a server will be randomly chosen, note that the faulty server can be chosen again, if this should occur, the container will be restarted again until a working server is selected.
To make sure this work in all cases, you should add ```--pull-filter ignore ping``` to your OPENVPN_OPTS variable.
As you can see, the container also expects a data volume to be mounted.
This is where Transmission will store your downloads, incomplete downloads and look for a watch directory for new .torrent files.
By default a folder named transmission-home will also be created under /data, this is where Transmission stores its state.

6
docs/run-on-arm.md
View File

@ -1,6 +0,0 @@
### Running on ARM (Raspberry PI)
Since the Raspberry PI runs on an ARM architecture instead of x64, the existing x64 images will not
work properly. There are 2 additional Dockerfiles created. The Dockerfiles supported by the Raspberry PI are Dockerfile.armhf -- there is
also an example docker-compose-armhf file that shows how you might use Transmission/OpenVPN and the
corresponding nginx reverse proxy on an RPI machine.
You can use the `latest-armhf` tag for each images (see docker-compose-armhf.yml) or build your own images using Dockerfile.armhf.

55
docs/systemd-integration.md
View File

@ -1,55 +0,0 @@
On many modern linux systems, including Ubuntu, systemd can be used to start the transmission-openvpn at boot time, and restart it after any failure.
Save the following as `/etc/systemd/system/transmission-openvpn.service`, and replace the OpenVPN PROVIDER/USERNAME/PASSWORD directives with your settings, and add any other directives that you're using.
This service is assuming that there is a `bittorrent` user set up with a home directory at `/home/bittorrent/`. The data directory will be mounted at `/home/bittorrent/data/`. This can be changed to whichever user and location you're using.
OpenVPN is set to exit if there is a connection failure. OpenVPN exiting triggers the container to also exit, then the `Restart=always` definition in the `transmission-openvpn.service` file tells systems to restart things again.
```
[Unit]
Description=haugene/transmission-openvpn docker container
After=docker.service
Requires=docker.service
[Service]
User=bittorrent
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill transmission-openvpn
ExecStartPre=-/usr/bin/docker rm transmission-openvpn
ExecStartPre=/usr/bin/docker pull haugene/transmission-openvpn
ExecStart=/usr/bin/docker run \
--name transmission-openvpn \
--cap-add=NET_ADMIN \
-v /home/bittorrent/data/:/data \
-e "OPENVPN_PROVIDER=TORGUARD" \
-e "OPENVPN_USERNAME=bittorrent@example.com" \
-e "OPENVPN_PASSWORD=hunter2" \
-e "OPENVPN_CONFIG=CA Toronto" \
-e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \
-e "TRANSMISSION_UMASK=0" \
-p 9091:9091 \
--dns 8.8.8.8 \
--dns 8.8.4.4 \
haugene/transmission-openvpn
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
```
Then enable and start the new service with:
```
$ sudo systemctl enable /etc/systemd/system/transmission-openvpn.service
$ sudo systemctl restart transmission-openvpn.service
```
If it is stopped or killed in any fashion, systemd will restart the container. If you do want to shut it down, then run the following command and it will stay down until you restart it.
```
$ sudo systemctl stop transmission-openvpn.service
# Later ...
$ sudo systemctl start transmission-openvpn.service
```

84
docs/tips-tricks.md Executable file
View File

@ -0,0 +1,84 @@
#### Use Google DNS servers
Some have encountered problems with DNS resolving inside the docker container.
This causes trouble because OpenVPN will not be able to resolve the host to connect to.
If you have this problem use dockers --dns flag to override the resolv.conf of the container.
For example use googles dns servers by adding --dns 8.8.8.8 --dns 8.8.4.4 as parameters to the usual run command.
#### Restart container if connection is lost
If the VPN connection fails or the container for any other reason loses connectivity, you want it to recover from it. One way of doing this is to set environment variable `OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60` and use the --restart=always flag when starting the container. This way OpenVPN will exit if ping fails over a period of time which will stop the container and then the Docker deamon will restart it.
#### Let other containers use VPN
Relevant issues...
#### Reach sleep or hybernation on your host if no torrents are active
By befault Transmission will always [scrape](https://en.wikipedia.org/wiki/Tracker_scrape) trackers, even if all torrents have completed their activities, or they have been paused manually. This will cause Transmission to be always active, therefore never allow your host server to be inactive and go to sleep/hybernation/whatever. If this is something you want, you can add the following variable when creating the container. It will turn off a hidden setting in Tranmsission which will stop the application to scrape trackers for paused torrents. Transmission will become inactive, and your host will reach the desidered state.
```
-e "TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=false"
```
#### Running it on a NAS
Several popular NAS platforms supports Docker containers. You should be able to set up
and configure this container using their web interfaces. As of version 3.0 of this image
creates a TUN interface inside the container by default. This previously had to be mounted
from the host which was an issue for some NAS servers. The assumption is that this should
now be fixed. If you have issues and the logs seem to blame "/dev/net/tun" in some way
then you might consider trying to mount a host device and see if that works better.
Setting up a TUN device is probably easiest to accomplish by installing an OpenVPN package
for the NAS. This should set up the device and you can mount it.
#### Systemd Integration
On many modern linux systems, including Ubuntu, systemd can be used to start the transmission-openvpn at boot time, and restart it after any failure.
Save the following as `/etc/systemd/system/transmission-openvpn.service`, and replace the OpenVPN PROVIDER/USERNAME/PASSWORD directives with your settings, and add any other directives that you're using.
This service is assuming that there is a `bittorrent` user set up with a home directory at `/home/bittorrent/`. The data directory will be mounted at `/home/bittorrent/data/`. This can be changed to whichever user and location you're using.
OpenVPN is set to exit if there is a connection failure. OpenVPN exiting triggers the container to also exit, then the `Restart=always` definition in the `transmission-openvpn.service` file tells systems to restart things again.
```
[Unit]
Description=haugene/transmission-openvpn docker container
After=docker.service
Requires=docker.service
[Service]
User=bittorrent
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill transmission-openvpn
ExecStartPre=-/usr/bin/docker rm transmission-openvpn
ExecStartPre=/usr/bin/docker pull haugene/transmission-openvpn
ExecStart=/usr/bin/docker run \
--name transmission-openvpn \
--cap-add=NET_ADMIN \
-v /home/bittorrent/data/:/data \
-e "OPENVPN_PROVIDER=TORGUARD" \
-e "OPENVPN_USERNAME=bittorrent@example.com" \
-e "OPENVPN_PASSWORD=hunter2" \
-e "OPENVPN_CONFIG=CA Toronto" \
-e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \
-p 9091:9091 \
--dns 8.8.8.8 \
--dns 8.8.4.4 \
haugene/transmission-openvpn
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
```
Then enable and start the new service with:
```
$ sudo systemctl enable /etc/systemd/system/transmission-openvpn.service
$ sudo systemctl restart transmission-openvpn.service
```
If it is stopped or killed in any fashion, systemd will restart the container. If you do want to shut it down, then run the following command and it will stay down until you restart it.
```
$ sudo systemctl stop transmission-openvpn.service
# Later ...
$ sudo systemctl start transmission-openvpn.service
```

23
docs/v3.md Normal file
View File

@ -0,0 +1,23 @@
# Version 3.0 released - we have some breaking changes (but not much)
Those of you who are following this project knows that we have had some larger changes coming for a while.
Hobby projects often get last in line for some love and care, and it took longer than I hoped but here we are.
Some highlights on version 3.0:
* We're dropping the ubuntu based image and making alpine the default (reduce double maintenance)
* We're making Transmission settings persistent by default, removing the need for all the environment variables (but keeping support for it)
* We're making it easier to provide your own OpenVPN (.ovpn) config file - adding scripts in the container to modify provider configs as needed to fit the container setup. (still in early stages at this point)
* We're adding a standardized way to add scripts for doing necessary setup of a provider. This usually means to download a .ovpn config bundle, unpack it and modify it correctly to work in this container.
Hopefully these changes will improve the usability of this container. As maintainers we also hope that it will free up time to keep the container up to date and stable instead of managing thousands of .ovpn files coming and going.
I'll try to keep a list of breaking changes here, and add to it if we come across more:
* The CREATE_TUN_DEVICE variable now defaults to true. Mounting /dev/net/tun will lead to an error message in the logs unless you explicitly set it to false.
* The DOCKER_LOG variable is renamed to LOG_TO_STDOUT
* If Transmission is running but you can't connect to torrents, try deleting (or rename to .backup) the settings.json file and restart.
PS: Now more than ever. We appreciate that you report bugs and issues when you find them. But as there might be more than ususal, please make sure you search and look for a similar one before possibly creating a duplicate.
And you can always revert back to the latest tag on the 2.x versions which is 2.14. Instead of running with `haugene/transmission-openvpn` simply use `haugene/transmission-openvpn:2.14` instead. We hope that won't be necessary though :)

6
docs/access.md → docs/vpn-networking.md
View File

@ -1,3 +1,9 @@
## COMING SOON
**NOTE:** This page is just moved from it's previous location. A re-write is coming and I know that
there are links to this page that promises more than what's here now. I'm [on it (#1558)](https://github.com/haugene/docker-transmission-openvpn/issues/1558)
## Access the WebUI
But what's going on? My http://my-host:9091 isn't responding?
This is because the VPN is active, and since docker is running in a different ip range than your client the response

15
docs/web-proxy.md Normal file
View File

@ -0,0 +1,15 @@
### Web proxy configuration options
This container also contains a web-proxy server to allow you to tunnel your web-browser traffic through the same OpenVPN tunnel.
This is useful if you are using a private tracker that needs to see you login from the same IP address you are torrenting from.
The default listening port is 8888. Note that only ports above 1024 can be specified as all ports below 1024 are privileged
and would otherwise require root permissions to run.
Remember to add a port binding for your selected (or default) port when starting the container.
If you set Username and Password it will enable BasicAuth for the proxy
| Variable | Function | Example |
| ------------------ | ----------------------- | ----------------------- |
| `WEBPROXY_ENABLED` | Enables the web proxy | `WEBPROXY_ENABLED=true` |
| `WEBPROXY_PORT` | Sets the listening port | `WEBPROXY_PORT=8888` |
| `WEBPROXY_USERNAME`| Sets the BasicAuth username | `WEBPROXY_USERNAME=test` |
| `WEBPROXY_PASSWORD`| Sets the BasicAuth password | `WEBPROXY_PASSWORD=password` |

BIN
images/digitalocean.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.0 KiB

19
mkdocs.yml
View File

@ -8,17 +8,16 @@ markdown_extensions:
permalink: True
separator: "_"
nav:
- 'Home': 'index.md'
- 'Run from Docker registry': 'run-from-docker-registry.md'
- 'Overview': 'index.md'
- 'Image Building Blocks': 'building-blocks.md'
- 'VPN and Networking': 'vpn-networking.md'
- 'Running the container': 'run-container.md'
- 'Supported providers': 'supported-providers.md'
- 'Arguments': 'arguments.md'
- 'Custom pre/post scripts': 'custom-scripts.md'
- 'Provider specific settings': 'provider-specific.md'
- 'Configuration options': 'config-options.md'
- 'Frequently asked questions': 'faq.md'
- 'Tips & Tricks': 'tips-tricks.md'
- 'RSS plugin': 'rss-plugin.md'
- 'Use docker env file': 'dockerenv.md'
- 'Access': 'access.md'
- 'Running on ARM': 'run-on-arm.md'
- 'NORDVPN update script': 'nordvpn-script.md'
- 'Systemd integration': 'systemd-integration.md'
- 'Known issues, tips and tricks': 'known-issues.md'
- 'Web Proxy': 'web-proxy.md'
plugins:
- search