hotio/qbittorrent
GitHub
docker.io
/ ghcr.io
qBittorrent
/ VueTorrent
00
Starting the container¶
docker run --rm \
--name qbittorrent \
-p 8080:8080 \
-e PUID=1000 \
-e PGID=1000 \
-e UMASK=002 \
-e TZ="Etc/UTC" \
-v /<host_folder_config>:/config \
cr.hotio.dev/hotio/qbittorrent
version: "3.7"
services:
qbittorrent:
container_name: qbittorrent
image: cr.hotio.dev/hotio/qbittorrent
ports:
- "8080:8080"
environment:
- PUID=1000
- PGID=1000
- UMASK=002
- TZ=Etc/UTC
volumes:
- /<host_folder_config>:/config
docker run --rm \
--name qbittorrent \
-p 8080:8080 \
-p 8118:8118 \
-e PUID=1000 \
-e PGID=1000 \
-e UMASK=002 \
-e TZ="Etc/UTC" \
-e VPN_ENABLED="true" \
-e VPN_LAN_NETWORK="" \
-e VPN_CONF="wg0" \
-e VPN_ADDITIONAL_PORTS="" \
-e VPN_IP_CHECK_DELAY="5" \
-e VPN_IP_CHECK_EXIT="true" \
-e PRIVOXY_ENABLED="false" \
-v /<host_folder_config>:/config \
--cap-add=NET_ADMIN \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--sysctl="net.ipv6.conf.all.disable_ipv6=0" \
cr.hotio.dev/hotio/qbittorrent
version: "3.7"
services:
qbittorrent:
container_name: qbittorrent
image: cr.hotio.dev/hotio/qbittorrent
ports:
- "8080:8080"
- "8118:8118"
environment:
- PUID=1000
- PGID=1000
- UMASK=002
- TZ=Etc/UTC
- VPN_ENABLED=true
- VPN_LAN_NETWORK
- VPN_CONF=wg0
- VPN_ADDITIONAL_PORTS
- VPN_IP_CHECK_DELAY=5
- VPN_IP_CHECK_EXIT=true
- PRIVOXY_ENABLED=false
volumes:
- /<host_folder_config>:/config
cap_add:
- NET_ADMIN
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
In most cases you'll need to add additional volumes, depending on your own personal preference, to get access to your files.
Login credentials
The default qBittorrent username is admin
and the default password is adminadmin
. If this doesn't work you're probably running Unraid and you'll most likely have to change the internal port on which the WebUI runs to match the external port.
Tags¶
Tag | Description | Version | Commit SHA | Commit Message | Last Updated | Age |
---|
Tags
The above table reflects the current state of the Git repository. The docker repository is mainly in sync, unless builds fail or commits are pushed for which no builds are started (usually indicated with [skip ci]
in the commit message). You can click on the tag's name to go to its corresponding branch on GitHub, clicking the commit sha brings you to the git diff of that commit.
Changing the WebUI port¶
Under certain circumstances it's required to run the WebUI on a different internal port, you can do that by modifying the environment variable WEBUI_PORTS
accordingly. It should be in the format xxxx/tcp,xxxx/udp
, take a look at the default with docker logs
(variable is printed at container start) or docker inspect
.
VueTorrent¶
This image comes bundled with the alternative Web UI VueTorrent, to enable it you'll have to adjust your settings like pictured below.
WireGuard VPN support¶
This is probably not going to work if your OS has no kernel with WireGuard support.
Tested Operating Systems:
- Ubuntu 18.04
- Ubuntu 20.04
- Unraid 6.8.3
- Unraid 6.9 RC2
- macOS Big Sur 11.2.1 Apple M1
There needs to be a file wg0.conf
located in /config/wireguard
and you need to set the variable VPN_ENABLED
to true
for the VPN to start.
The part with net.ipv6.conf.all.disable_ipv6=0
can be removed or set to 1
if there is no need for ipv6, no attempt will be made in that case to set ip6tables rules and can prevent an error if the module ip6table_filter
isn't loaded on the host. The WireGuard configuration should not have any ipv6 related stuff when ipv6 is disabled, otherwise creating the interface will fail. If your vpn provider supports ipv6 and you keep it enabled, you'll have full ipv6 connectivity over the vpn connection (confirmed with Mullvad). If for any reason there's a failure trying to setup ip6tables rules, you'll probably need to do sudo modprobe ip6table_filter
on the host, this will mostly happen on systems that have ipv6 completely disabled.
The environment variable VPN_LAN_NETWORK
can be set to for example 192.168.1.0/24
, 192.168.1.0/24,192.168.44.0/24
or 192.168.1.33
, so you can get access to the webui or other additional ports (see below).
If you need to expose additional ports you can use VPN_ADDITIONAL_PORTS
, for example VPN_ADDITIONAL_PORTS=7878/tcp,9117/tcp
. Every port in this list will be blocked on the vpn interface, so that there's no risk that they might be exposed to the world via the vpn (mostly there in case your vpn provider screws up and piece of mind). Why would you need this? Wanting to route traffic from other containers over the vpn is probably the most used scenario.
wg0.conf example¶
This is an example of how your wg0.conf
should look like.
[Interface]
PrivateKey = supersecretprivatekey
Address = xx.xx.xxx.xxx/32
DNS = 1.1.1.1
[Peer]
PublicKey = publickey
AllowedIPs = 0.0.0.0/0
Endpoint = xxx.x.xxx.x:51820
TorGuard instructions¶
Warning
The following instructions are no longer needed if you re-download a config from the TorGuard website or if this is your first time doing it.
While Mullvad is pretty straightforward to setup by using the wg0.conf
example from above, TorGuard is a bit more complex.
Our wg0.conf
should look something like this:
# TorGuard WireGuard Config
[Interface]
PrivateKey = secretprivatekey
ListenPort = 51820
DNS = 1.1.1.1
Address = xx.xx.xxx.xx/24
PreUp = bash /config/wireguard/torguard.sh
[Peer]
PublicKey = publickey
AllowedIPs = 0.0.0.0/0
Endpoint = xx.xxx.xx.xxx:1443
PersistentKeepalive = 25
Pay attention to PreUp = bash /config/wireguard/torguard.sh
in our config. That command will execute the below script that you should create in /config/wireguard/torguard.sh
, this script will get executed just before starting WireGuard.
1 2 3 4 5 6 7 |
|
You will also have to add the additional environment variables TORGUARD_USER
and TORGUARD_PASS
or fill them in into the script directly (see curl
command). These credentials can be found here.
My experience with getting TorGuard working wasn't the smoothest journey to say the least. I had to click around quite a bit and finally after generating my 3rd config it worked. On the Netherlands
server for example I didn't get any internet connectivity and at first I was unable to get port forwarding working on the Germany
server. All of a sudden after generating the 3rd config and also pasting in the ip found under My Fixed IPs
, that seems to populate when doing a Port Forward Request, I managed to get port forwarding working. So don't give up too soon, it can all work eventually.
WireGuard Go¶
This image includes wireguard-go
, the Go implementation of WireGuard which runs in userspace. Systems like Synology, Qnap or others with missing kernel modules can make use of this to establish a WireGuard VPN connection. It requires the following two changes.
A change to your wg0.conf
, due to a long lasting bug in WireGuard on these systems. You'll need to change the AllowedIPs
line to have WireGuard start up properly. Also an extra PostUp
might have to be added, play with them to see what works best for your particular system.
[Interface]
...
PostUp = wg set wg0 fwmark 51820 && ip -4 rule add not fwmark 51820 table 51820 && ip -4 rule add table main suppress_prefixlength 0 && iptables-restore -n
...
...
[Peer]
...
AllowedIPs = 0.0.0.0/1,128.0.0.0/1
...
Next, you'll also need to add a device mapping.
--device /dev/net/tun:/dev/net/tun
devices:
- /dev/net/tun:/dev/net/tun