6d ago

I am trying to connect qbittorrent and wireguard.

My solution uses qBittorrent with Glutun and it works great. My Docker Compose file is based on this one https://github.com/TechHutTV/homelab/blob/main/media/arr-compose.yaml. I simply removed some of the services I didn't need. I recommend watching his YouTube video(Same video on Odysee) if you can't get it to work.

I am trying to have a QBitTorrent Docker container that is accessible on my local network and connects to WireGuard. I know this is a basic question, and I'm sorry if I'm wasting your time. I am using a separate user for this that i have add to the docker group.

I can't access the web interface what have i configured wrong.

Here is my docker compose file. ```

services: qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent environment: - PUID=1001 - PGID=1001 - TZ=Europe/London - WEBUI_PORT=8080 - TORRENTING_PORT=6881 volumes: - /home/torrent/torrent/:/config - /home/torrent/download/:/downloads network_mode: service:wireguard depends_on: - wireguard restart: always

wireguard: image: lscr.io/linuxserver/wireguard container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=1001 - PGID=1001 - TZ=Europe/London ports: - 51820:51820/udp volumes: - /home/torrent/wireguard/:/config - /home/torrent/wireguard/london.conf/:/config/wg0.conf sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: always

16 comments

I would advice you to use Gluetun instead of crude Wireguard. Within gluetun you just have to set the port for the qbittorrent's gui to be accessible locally, and open docker's firewall for qbittorrent. Then set qbittorrent container to use Gluetun's network.

This is my wireguard docker setup:

 undefined

    
version: "3.6"
services:
  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=116
      - PGID=122
      - TZ=Europe/Stockholm
      - ALLOWEDIPS=192.168.1.0/24
    volumes:
      - /data/torrent/wireguard/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 192.168.1.111:8122:8122  # Deluge webui
      - 192.168.1.111:9127:9127  # jackett webui
      - 192.168.1.111:9666:9666  # prowlarr webui
      - 51820:51820/udp           # wireguard
      - 192.168.1.111:58426:58426  # Deluge RPC
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=1
      - net.ipv6.conf.default.disable_ipv6=1
    restart: unless-stopped

Can reach the webuis from LAN, no other network configuration was necessary. 192.168.1.111 is the server's LAN address. The other services are configured very similar to your qbittorrent, and don't expose any ports. Can't promise it's 100% correct but it's working for me.

Move the ports you are exposing from the qbit container to the wireguard container. The VPN container should be the only one exposing ports in this case.
But like someone else said, the gluetun image works really well for this.
- Thanks for the suggestion. This is what I ended up doing, and it works really well.

You haven't asked a question or indicated a problem.
- Fixed now.
  
  mind sharing how? Thanks

https://hotio.dev/containers/qbittorrent/
Why don’t you use the hotio container? That already has it baked in

You can't access your instance because the only way to reach the container is through the VPN server (as it should be). You have to open a hole in the container's firewall to access it through the local network.
In the [Interface] section in your Wireguard configuration, add the following lines:
PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT
Replace the value of HOMENET with whichever network you're accessing it from, mine's set to the docker network because it's behind an nginx reverse proxy.
- Still doesn't work. My wireguard conf file looks like this.
  Change the HOMENET= to my internal ip range i found with ip addr show.
  undefined
  
  [Interface] PrivateKey = MyPrivateKey Address = 1.1.1.1 DNS = 1.1.1.1 PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT PreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT [Peer] PublicKey = MyPublicKey AllowedIPs = 0.0.0.0/0 Endpoint = 1.1.1.1

This doesn’t exactly answer your question, but I use the binhex qbittorrent-vpn image for this. It might work for you too unless you were wanting to be able to reuse the same wireguard container for something else?
- Thanks for the recommendation. My only concern is trust because the containers do not appear to have many downloads
  
  Look at hotio instead, recommended by me and popular among those that support the *arrs.

16 comments