Skip to content

Instantly share code, notes, and snippets.

@0xcaff
Last active May 13, 2023 23:35
Show Gist options
  • Save 0xcaff/2c151e649aebe85cca7a2503cf6e0bd9 to your computer and use it in GitHub Desktop.
Save 0xcaff/2c151e649aebe85cca7a2503cf6e0bd9 to your computer and use it in GitHub Desktop.
OpenVPN, rTorrent and Flood Docker Compose Configuration

The Setup

This is a docker-compose file for a simple, secure torrent setup. It includes rTorrent (a torrent client), flood (a web interface for rTorrent), OpenVPN (to tunnel traffic through your ISP) and a simple iptables firewall to allow rTorrent to only access the internet through a VPN.

To run everything, put your open vpn configuration file in ./vpn.ovpn and the other configuration files from this gist in a directory then go to that directory and run

docker-compose up

Now flood can be accessed by visiting localhost:3000.

🎉

version: '3.4'
services:
# This service sets up a firewall which only allows traffic to the docker
# network and the specified destination (ip, port protocol). See its repo for
# more information: https://github.com/0xcaff/docker-simple-firewall
firewall:
image: quay.io/0xcaff/simple-firewall:latest
# Needed by the image to setup the fireall.
cap_add:
- net_admin
# The DNS servers which are used through the VPN.
dns:
- 8.8.8.8
- 8.8.4.4
environment:
# The only address, port and protocol combination allowed through the
# firewall. This should be the address, port and protocol of the VPN
# service.
ALLOW_IP_ADDRESS: 178.60.78.125
ALLOW_PORT: 1194
ALLOW_PROTO: udp
# TCP connections will be accepted at this port once the firewall is
# configured.
FIREWALL_READY_SIGNAL_PORT: 60000
# The only traffic allowed out of this container is traffic to this network
# and traffic to the specified ip address.
networks:
- local
# A service which creates an openvpn tunnel. Check out its repo for more
# information: https://github.com/0xcaff/docker-openvpn-client
vpn:
image: quay.io/0xcaff/openvpn-client:latest
# Needed for OpenVPN to work.
cap_add:
- net_admin
devices:
- /dev/net/tun
# Share the network stack of the firewall client container. When this
# container binds ports, they can be reached through the "firewall" service.
network_mode: service:firewall
volumes:
# This is the wait-for script from https://github.com/Eficode/wait-for. It
# is used to ensure that the VPN only starts after the firewall is
# configured. This is done so if the VPN tries to connect to a non-allowed
# address the failure is fast.
- ./wait-for/wait-for:/wait-for
# The VPN configuration file.
- ./vpn.ovpn:/vpn/config/config.ovpn
# Start openvpn after the firewall is done.
command: "/wait-for localhost:60000 -- openvpn --config /vpn/config/config.ovpn"
# A service with the rtorrent torrent client. See the repository for more
# information: https://github.com/0xcaff/docker-rtorrent
rtorrent:
image: 0xcaff/rtorrent:latest
# Share the network stack of the firewall client container. When this
# container binds ports, they can be reached through the "firewall" service.
network_mode: service:firewall
# SCGI is exposed on port 5000.
volumes:
# rTorrent configuration file.
- ./rtorrent.rc:/rtorrent/.rtorrent.rc
# rTorrent persistant state.
- downloaded:/rtorrent/downloaded
- session:/rtorrent/.rtorrent.session
# This is the wait-for script from https://github.com/Eficode/wait-for. It
# is used to ensure that the rtorrent starts only after the firewall is
# initialized.
- ./wait-for/wait-for:/wait-for
# Waits for the firewall to be set up before running rtorrent. The VPN may
# or may not be ready but no traffic will be leaked because of the firewall.
entrypoint: "/bin/sh"
command: "/wait-for localhost:60000 -- rtorrent"
# A service containing flood, a web interface for rtorrent.
flood:
image: 0xcaff/flood
depends_on:
- rtorrent
environment:
# Configuration for flood. Check out this file for all possible
# configuration options:
# https://github.com/jfurrow/flood/blob/master/config.docker.js
#
# The host and port the rTorrent SCGI API can be reached at.
RTORRENT_SCGI_HOST: firewall
RTORRENT_SCGI_PORT: 5000
volumes:
- flood:/data
# Expose the flood web interface port.
ports:
- 3000:3000
# The firewall destination (vpn, firewall, rtorrent) is only accessible
# through the local network.
networks:
- local
volumes:
downloaded:
driver: local
session:
driver: local
flood:
driver: local
networks:
# A network for connecting local services.
local:
directory = ~/downloaded
session = ~/.rtorrent.session
system.daemon.set = true
scgi_port = 0.0.0.0:5000
@kionei
Copy link

kionei commented Jul 9, 2020

So far I've gotten everything up and running, technically, but once I register with Flood that container crashes. Logs suggest errors with npm / node / flood. I'm still new to docker; I'm not even sure if one can update node / npm / flood in an existing container. Is this compose still viable for new installations?

@Drewskiola
Copy link

Drewskiola commented Jan 24, 2022

This script hangs and does not continue after the line that says flood server starting on port 3000. The flood login does come up through the host browser but that's about it. I did clone the wait-for directory as mentioned in a previous post which did solve some initial issues in getting the script going.

Any ideas? I am running fedora 33.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment