Deluge is a lightweight, free, cross-platform BitTorrent client.
The image below is from binhex/arch-deluge-vpn. It will install Deluge, a VPN client, and Privoxy.
This is the Docker command:
docker run --restart=always -d \
--cap-add=NET_ADMIN \
-p 8112:8112 \
-p 8118:8118 \
-p 58846:58846 \
--name=deluge \
-v /srv/app-data/deluge:/config \
-v /srv/downloads:/data \
-v /srv/downloads:/downloads \
-v /srv/media:/media \
-v /srv/seeds:/seeds \
-v /etc/localtime:/etc/localtime:ro \
-e VPN_ENABLED=yes \
-e VPN_USER=type-in-your-username-here \
-e VPN_PASS=type-in-your-password-here \
-e VPN_REMOTE=ca.privateinternetaccess.com \
-e VPN_PORT=1194 \
-e VPN_PROTOCOL=udp \
-e VPN_PROV=pia \
-e ENABLE_PRIVOXY=yes \
-e LAN_NETWORK=10.0.1.0/24 \
-e DEBUG=false \
-e PUID=999 \
-e PGID=1001 \
-e UMASK=003 \
-e MASK=003 \
binhex/arch-delugevpn
- This assumes all your files are under
/srv - This command configures PIA as the VPN provider, I have not tested with any other providers.
- Replace
VPN_REMOTEwith whichever works best for you - Replace
LAN_NETWORKwith the network segment for your own home- Yours is probably
192.168.1.0/24or172.xx.0.0/16
- Yours is probably
PGIDis themediagroup that is shared across all containers. Replace with your own.PUIDis a separatedelugeaccount that I created. Replace with your own.- To enable port forwarding, follow these instructions.
- Under Daemon, enable Allow Remote Connections
nginx is a lightweight web server that is most often used as a proxy and security layer for other websites. We use nginx here as a single place to perform SSL termination and virtual hosting of each of our other services.
This configuration allows me to access all my services from the web, using the pattern "https://mydomain.com/", such as "https://mydomain.com/radarr"
I install nginx directly on the host OS, not inside Docker, because I want to be able to access any part of the file system without having to reconfigure the container.
This file would go in '/etc/nginx/sites-enabled/media-server'
###
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
###
# Configuration for media server
#
# Rewrite all HTTP to HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# these files will have been generated by letsencrypt using these instructions
# https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
# to produce these file, the command line would be:
#
# sudo letsencrypt certonly --webroot -w /var/www/html -d your.domain -d your.other.domains
ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem;
# these are external files in the /snippets directory so that they can be referenced from other sites
# and also to keep the main config clean
include snippets/ssl-params.conf;
include snippets/proxy.conf;
server_name _;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# Proxy to various applications via other ports
location /couchpotato/ {
proxy_pass http://127.0.0.1:5050/couchpotato/;
}
location /deluge {
# note: in this case, the trailing slash is required
proxy_pass http://127.0.0.1:8112/;
proxy_set_header X-Deluge-Base "/deluge/";
}
location /headphones/ {
proxy_pass https://127.0.0.1:8181;
}
location /jackett/ {
proxy_pass http://127.0.0.1:9117;
}
location /nzbget/ {
proxy_pass http://127.0.0.1:6789;
client_max_body_size 50m;
}
location /nzbhydra/ {
proxy_pass http://127.0.0.1:5075/nzbhydra/;
}
location /radarr/ {
proxy_pass http://127.0.0.1:7878;
}
location /sonarr/ {
proxy_pass http://127.0.0.1:8989;
}
location /plexpy/ {
proxy_pass http://127.0.0.1:8113;
}
location /subsonic/ {
proxy_pass http://127.0.0.1:8114/subsonic/;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
}
}
- When you create your certificate with letsencrypt, you will want to replace the filename.
- This configuration also points to a subsonic server, but frankly I don't really dig it so you can omit that section if you want.
- Note that there are two files in a 'snippets' folder. These files should go into '/etc/nginx/snippets'
-
To install letsencrypt itself, follow these directions.
-
Once letsencrypt is installed, you can run this command to install your certificates in the expected place.
sudo letsencrypt certonly --webroot -w /var/www/html -d your.domain -d your.other.domains
EDIT: The SSL configuration below has been modified based on feedback from /u/Laorcc
snippets/ssl-params.conf
# from https://cipherli.st/
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# follow the directions in https://gist.github.com/plentz/6737338 to generate this file
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
-
This configuration requires that you generate your own
dhparam.pem. You can do that with the following commands:cd /etc/sslsudo openssl dhparam -out dhparam.pem 2048Note: Some resources recommend 4096 rather than 2048, but this takes a really long time. What you can do is generate two versions,
dhparam2048.pemto use right away, and then later on createdhparam4096.pemusing the 4096 parameter if you want the extra measure of security.
snippets/proxy.conf
# This is a collection of proxy rules I've collected for my various apps
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# SSL proxying headers
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_set_header Cookie "";
- Notice that
proxy_set_header Cookie "";is commented out. I haven't found a need for it, but your mileage may vary.
NZBGet is a high performance usenet downloader written in C++ for faster performance than most other alternatives.
This command will install the NZBGet container.
docker run --restart=always -d \
--name nzbget \
-p 6789:6789 \
-e PGID=1001 -e PUID=998 \
-v /srv/app-data/nzbget:/config \
-v /srv/downloads:/data \
-v /srv/downloads:/downloads \
-v /srv/media:/media \
linuxserver/nzbget
- Replace your
PGIDandPUID. Mine aremediaandnzbget.
- Under Security, set Umask to
002
(based on official Plex documentation)
This will create a permanent Plex container on your system.
docker run --restart=always -d \
--name plex \
--network=host \
-e TZ="America/Chicago" \
-e PLEX_CLAIM="type-in-your-plex-claim-here" \
-v /srv/app-data/plexmediaserver:/config \
-v /srv/tmp/plexmediaserver/transcode:/transcode \
-v /srv/backups/plex:/plexbackup \
-v /srv/media:/media \
-e PLEX_UID=119 \
-e PLEX_GID=1001 \
plexinc/pms-docker:plexpass
- Visit this page to get a Plex claim token.
- Remove ":plexpass" if you don't have a PlexPass subscription.
- This assumes everything is under a '/srv' directory, but you can change it to whatever.
- I create a Linux group called 'media' to share all my configuration and media files. Create your own and enter the GID in place of mine.
- I create a user called 'plex' to run this container. Create your own and enter the UID in place of mine.
PlexPy is a Python-based monitoring and tracking tool for Plex Media Server.
Use this command to install PlexPy.
docker run --restart=always -d \
--name=plexpy \
-v /srv/app-data/plexpy:/config \
-v /srv/app-data/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Logs:/logs:ro \
-e PGID=1001 -e PUID=119 \
-e TZ=America/Chicago \
-p 8113:8181 \
linuxserver/plexpy
- Substitute your own PGID and PUID values. I have a user called 'plexpy' and a group called 'media'
- Note that port
8113maps to8181. I do this because 8181 looks just a little too likely to conflict with something else, so I map it so that I can better prevent that from happening.
- Under Web Interface:
- Leave HTTP Port at
8181, because docker is remapping it for you - Set
HTTP Roottoplexpy - Enable HTTP Proxy
- HTTPS should not be enabled, since nginx is terminating it for you.
- Leave HTTP Port at
Radarr is an application that automates downloading of movies. It is a fork of Sonarr. In this setup, Radarr uses Jackett and NZBHydra as its indexing sources, and uses Deluge and NZBGet as its download clients.
This command will install a permanent Radarr container.
docker run --restart=always -d \
--name=radarr \
-v /srv/app-data/radarr:/config \
-v /srv/media:/media \
-v /srv/downloads:/data \
-v /srv/downloads:/downloads \
-e PUID=126 \
-e PGID=1001 \
-e TZ=America/Chicago \
-p 7878:7878 \
linuxserver/radarr
- Replace PGID and PUID with your own. I created a group called 'media' and user 'radarr'.
- Add your Jackett and NZB Hydra indexers to Sonarr and Radarr like this. Jackett is a Torznab server, while NZB Hydra is a Newznab server.
- Set URL Base to
/radarr - Disable SSL, because nginx is terminating it for you
- Add the Deluge client like this.
- Add the NZBGet client like this.
- Under Permissions:
- Enable Set Permissions
- Set File chmod mask to
0664 - Set Folder chmod mask to
0775
Sonarr is an application that automates downloading of TV shows. In this setup, Sonarr uses Jackett and NZBHydra as its indexing sources, and uses Deluge and NZBGet as its download clients.
This command will install a permanent Sonarr container.
docker run --restart=always -d \
-p 8989:8989 \
-p 9897:9897 \
--name=sonarr \
-v /srv/media:/media \
-v /srv/downloads:/data \
-v /srv/downloads:/downloads \
-v /srv/app-data/sonarr:/config \
-v /etc/localtime:/etc/localtime:ro \
-e PUID=996 \
-e PGID=1001 \
binhex/arch-sonarr
- Replace PGID and PUID with your own. I created a group called 'media' and user 'sonarr'.
- Add your Jackett and NZB Hydra indexers to Sonarr and Radarr like this. Jackett is a Torznab server, while NZB Hydra is a Newznab server.
- Set "URL Base" to "/sonarr"
- Disable SSL, because nginx is terminating it for you
- Add the Deluge client like this.
- Add the NZBGet client like this.
- Under Permissions:
- Enable Set Permissions
- Set File chmod mask to
0664 - Set Folder chmod mask to
0775