Skip to content

Instantly share code, notes, and snippets.

@ivan-c
Forked from 0xcaff/0_README.md
Created September 7, 2018 05:57
Show Gist options
  • Save ivan-c/e3b78a8162d8f0b9febdb446f1e9f0db to your computer and use it in GitHub Desktop.
Save ivan-c/e3b78a8162d8f0b9febdb446f1e9f0db to your computer and use it in GitHub Desktop.
OpenVPN, rTorrent and Flood Docker Compose Configuration
[submodule "wait-for"]
path = wait-for
url = https://github.com/Eficode/wait-for

The Setup

This is a docker-compose file for a simple, secure torrent setup. It includes rTorrent (a torrent client), flood (a web interface for rTorrent), OpenVPN (to tunnel traffic through your ISP) and a simple iptables firewall to allow rTorrent to only access the internet through a VPN.

To run everything, put your open vpn configuration file in ./vpn.ovpn and the other configuration files from this gist in a directory then go to that directory and run

docker-compose up

Now flood can be accessed by visiting localhost:3000.

🎉

version: '3.4'
services:
# This service sets up a firewall which only allows traffic to the docker
# network and the specified destination (ip, port protocol). See its repo for
# more information: https://github.com/0xcaff/docker-simple-firewall
firewall:
build:
context: https://github.com/0xcaff/docker-simple-firewall.git
# Needed by the image to setup the firewall.
cap_add:
- net_admin
# The DNS servers which are used through the VPN.
dns:
- 8.8.8.8
- 8.8.4.4
environment:
# The only address, port and protocol combination allowed through the
# firewall. This should be the address, port and protocol of the VPN
# service.
ALLOW_IP_ADDRESS:
ALLOW_PORT:
ALLOW_PROTO: udp
# TCP connections will be accepted at this port once the firewall is
# configured.
FIREWALL_READY_SIGNAL_PORT: 60000
# The only traffic allowed out of this container is traffic to this network
# and traffic to the specified ip address.
networks:
- local
# A service which creates an openvpn tunnel. Check out its repo for more
# information: https://github.com/0xcaff/docker-openvpn-client
vpn:
build:
context: https://github.com/jessfraz/dockerfiles.git#pull/397/head
dockerfile: openvpn/Dockerfile
# Needed for OpenVPN to work.
cap_add:
- net_admin
devices:
- /dev/net/tun
# Share the network stack of the firewall client container. When this
# container binds ports, they can be reached through the "firewall" service.
network_mode: service:firewall
volumes:
# This is the wait-for script from https://github.com/Eficode/wait-for. It
# is used to ensure that the VPN only starts after the firewall is
# configured. This is done so if the VPN tries to connect to a non-allowed
# address the failure is fast.
- ./wait-for/wait-for:/wait-for
# The VPN configuration file.
- ./vpn.ovpn:/vpn/config/config.ovpn
# Start openvpn after the firewall is done.
entrypoint: "/bin/sh"
command: "/wait-for localhost:60000 -- openvpn --config $OVPN_FILE --auth-user-pass $PASSWORD_FILE"
# A service with the rtorrent torrent client. See the repository for more
# information: https://github.com/0xcaff/docker-rtorrent
rtorrent:
environment:
PUID: ${PUID:-1000}
PGID: ${PGID:-1000}
build:
context: https://github.com/looselyrigorous/docker-rtorrent.git#0.2
# Share the network stack of the firewall client container. When this
# container binds ports, they can be reached through the "firewall" service.
network_mode: service:firewall
volumes:
- "rtorrent-sock:/socket"
# rTorrent persistant state.
- "./watch:/watch"
- "./config:/config"
- "./session:/session"
- "./download:/download"
# This is the wait-for script from https://github.com/Eficode/wait-for. It
# is used to ensure that the rtorrent starts only after the firewall is
# initialized.
- ./wait-for/wait-for:/wait-for
# Waits for the firewall to be set up before running rtorrent. The VPN may
# or may not be ready but no traffic will be leaked because of the firewall.
entrypoint: "/bin/sh"
command: "/wait-for localhost:60000 -- rtorrent"
# exit 0 on first run (`Copying default configuration`?) unless auto-restart enabled
restart: unless-stopped
# A service containing flood, a web interface for rtorrent.
flood:
build:
context: https://github.com/jfurrow/flood.git#pull/671/head
depends_on:
- rtorrent
environment:
# Configuration for flood. Check out this file for all possible
# configuration options:
# https://github.com/jfurrow/flood/blob/master/config.docker.js
#
RTORRENT_SOCK: 'true'
volumes:
- "rtorrent-sock:/data"
# Expose the flood web interface port.
ports:
- 3000:3000
# The firewall destination (vpn, firewall, rtorrent) is only accessible
# through the local network.
networks:
- local
volumes:
rtorrent-sock: {}
networks:
# A network for connecting local services.
local:
directory = ~/downloaded
session = ~/.rtorrent.session
system.daemon.set = true
scgi_port = 0.0.0.0:5000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment