Skip to content

Instantly share code, notes, and snippets.

@auladinglese
Forked from 0xcaff/0_README.md
Last active February 21, 2020 21:10
Show Gist options
  • Save auladinglese/b9523ffaaf8dcff4b2591a7b33c3a19f to your computer and use it in GitHub Desktop.
Save auladinglese/b9523ffaaf8dcff4b2591a7b33c3a19f to your computer and use it in GitHub Desktop.
OpenVPN, rTorrent and Flood Docker Compose Configuration

The Setup

This is a docker-compose file for a simple, secure torrent setup. It includes rTorrent (a torrent client), flood (a web interface for rTorrent), OpenVPN (to tunnel traffic through your ISP) and a simple iptables firewall to allow rTorrent to only access the internet through a VPN.

To run everything, put your open vpn configuration file in ./vpn.ovpn and the other configuration files from this gist in a directory then go to that directory and run

docker-compose up

Now flood can be accessed by visiting localhost:3000.

🎉

version: '3.4'
services:
# This service sets up a firewall which only allows traffic to the docker
# network and the specified destination (ip, port protocol). See its repo for
# more information: https://github.com/0xcaff/docker-simple-firewall
firewall:
image: quay.io/0xcaff/simple-firewall:latest
# Needed by the image to setup the fireall.
cap_add:
- net_admin
# The DNS servers which are used through the VPN.
dns:
- 8.8.8.8
- 8.8.4.4
environment:
# The only address, port and protocol combination allowed through the
# firewall. This should be the address, port and protocol of the VPN
# service.
ALLOW_IP_ADDRESS: 178.60.78.125
ALLOW_PORT: 1194
ALLOW_PROTO: udp
# TCP connections will be accepted at this port once the firewall is
# configured.
FIREWALL_READY_SIGNAL_PORT: 60000
# The only traffic allowed out of this container is traffic to this network
# and traffic to the specified ip address.
networks:
- local
# A service which creates an openvpn tunnel. Check out its repo for more
# information: https://github.com/0xcaff/docker-openvpn-client
vpn:
image: quay.io/0xcaff/openvpn-client:latest
# Needed for OpenVPN to work.
cap_add:
- net_admin
devices:
- /dev/net/tun
# Share the network stack of the firewall client container. When this
# container binds ports, they can be reached through the "firewall" service.
network_mode: service:firewall
volumes:
# This is the wait-for script from https://github.com/Eficode/wait-for. It
# is used to ensure that the VPN only starts after the firewall is
# configured. This is done so if the VPN tries to connect to a non-allowed
# address the failure is fast.
- ./wait-for/wait-for:/wait-for
# The VPN configuration file.
- /home/alarm/torrent/vpnconfig/vpn.ovpn:/vpn/config/config.ovpn
# Start openvpn after the firewall is done.
command: "/wait-for localhost:60000 -- openvpn --config /vpn/config/config.ovpn"
# A service with the rtorrent torrent client. See the repository for more
# information: https://github.com/0xcaff/docker-rtorrent
rtorrent:
image: 0xcaff/rtorrent:latest
# Share the network stack of the firewall client container. When this
# container binds ports, they can be reached through the "firewall" service.
network_mode: service:firewall
# SCGI is exposed on port 5000.
volumes:
# rTorrent configuration file.
- /home/alarm/torrent/rtorrent.rc:/rtorrent/.rtorrent.rc
# rTorrent persistant state.
- /home/alarm/downloaded:/rtorrent/downloaded
- session:/rtorrent/.rtorrent.session
# This is the wait-for script from https://github.com/Eficode/wait-for. It
# is used to ensure that the rtorrent starts only after the firewall is
# initialized.
- ./wait-for/wait-for:/wait-for
# Waits for the firewall to be set up before running rtorrent. The VPN may
# or may not be ready but no traffic will be leaked because of the firewall.
entrypoint: "/bin/sh"
command: "/wait-for localhost:60000 -- rtorrent"
# A service containing flood, a web interface for rtorrent.
flood:
image: 0xcaff/flood
depends_on:
- rtorrent
environment:
# Configuration for flood. Check out this file for all possible
# configuration options:
# https://github.com/jfurrow/flood/blob/master/config.docker.js
#
# The host and port the rTorrent SCGI API can be reached at.
RTORRENT_SCGI_HOST: firewall
RTORRENT_SCGI_PORT: 5000
volumes:
- /home/alarm/torrent/flood:/data
# Expose the flood web interface port.
ports:
- 3000:3000
# The firewall destination (vpn, firewall, rtorrent) is only accessible
# through the local network.
networks:
- local
volumes:
downloaded:
driver: local
session:
driver: local
flood:
driver: local
networks:
# A network for connecting local services.
local:
directory = ~/downloaded
session = ~/.rtorrent.session
system.daemon.set = true
scgi_port = 0.0.0.0:5000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment