Hi, seem to be unable to get the docker image to run. The traefik container always fails with this log:

"""
time="2023-05-13T22:04:30Z" level=info msg="Configuration loaded from flags."
time="2023-05-13T22:04:33Z" level=error msg="Unable to obtain ACME certificate for domains "localhost": cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge" routerName=jellyfin@docker rule="(Host(localhost) && PathPrefix(/jellyfin))" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-05-13T22:04:35Z" level=error msg="Unable to obtain ACME certificate for domains "localhost": cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge" providerName=myresolver.acme rule="(Host(localhost) && PathPrefix(/jellyfin))" routerName=jellyfin@docker ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-05-13T22:05:01Z" level=error msg="Unable to obtain ACME certificate for domains "localhost": cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=prowlarr@docker rule="(Host(localhost) && PathPrefix(/prowlarr))" providerName=myresolver.acme """

Hey, let me start by saying how great this is!

I wanted to ask if there are plans on adding Plex support. Couldn't find any issue around it so here we are 😅.

Cheers

Hi.

Would you make a structure to use it in a local way?

I mean, i just want to use it in my lan network, i don't want the parts for cloudflare, let's encrypt, vpn, etc.

Thanks in advance.

Hey

Love the script and the documentation makes it pretty straightforward to set up.

I'm trying to add other containers such as syncthing, pigallery. I got syncthing working easily enough but not sure how to get it to have the same URL structure (nas.domain.com/syncthing). pigallery requires nginx and those ports (80,443) are taken so again, I'm not sure how to configure that.

Would be awesome if there was documentation for adding other generic docker containers to the existing set up.

My pihole is showing that my nas is pinging google.com every few seconds. It is running tailscale and traefik (also syncthing)

Any idea why it would be doing this so frequently? Not sure which logs to look at.

Thanks

I’m looking to understand how we ensure containers configured to use the VPN container do not leak traffic if the VPN is down. Does a kill switch prevent any traffic if PIA has issues? Is there anything I can do to confirm no leaks?

Due to my location I have to put Prowlarr behind the VPN in order to add indexers successfully. This works fine and I have adjusted the widget URL to account for this.

All works well but this then breaks the app in Sonarr and Radarr. Makes sense as the Prowlarr URL has changed from http://prowlarr:9696/prowlarr to http://vpn:9696/prowlarr.

Updating the Prowlarr URL does not fix the issue. Working on the assumption that therefore Sonarr and Radarr should also sit behind the VPN but updating their respective URL's still returns the same error.

I revert everything back pre-VPN and everything seems to then work fine but indexers are broken.

Deploying on Synology DS918+
I disabled the DSM usage of port 80 and 443 to allow using this following these directions.
sed -i -e 's/80/81/' -e 's/443/444/' /usr/syno/share/nginx/server.mustache /usr/syno/share/nginx/DSM.mustache /usr/syno/share/nginx/WWWService.mustache
then running
synosystemctl restart nginx

I then followed your quick start instructions on the readme

what ends up happeing is the vpn fires up , *arrs run and jellyfin runs but the qbittorrent does not seem to work and does not end up in the new docker network

when going to host/qbittorrent on the browser it just times out

Hi, Thanks for creating this stack it is very helpful.

I am able to get everything to work except Jellyfin through traefik.

When I try to go to myurl.com/jellyfin I get Application error: a client-side exception has occurred (see the browser console for more information).

The console doesnt have any useful info and neither does does the traefik and jellyfin logs.

I am able to use all other services just fine.
Also if I expose the 8096 port in docker-compose.yml for Jellyfin I am able to access Jellyfin through 196.0.x.xxx:8096

I have tried setting up various options from https://jellyfin.org/docs/general/networking/traefik2/ but have had no luck fixing this issue.

Any ideas?

I did the configuration as suggested in the repository except for the VPN. Everything seems to be working as expected, but I cannot get the SSL certificates to work.

I'm using cloudflare domain and DNS.

I'm getting this error in the traefik container:

level=debug msg="legolog: [INFO] [MySubDomain.MyDomain.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/9999999999"
level=debug msg="legolog: [INFO] [MySubDomain.MyDomain.com] acme: Could not find solver for: tls-alpn-01"
level=debug msg="legolog: [INFO] [MySubDomain.MyDomain.com] acme: Could not find solver for: http-01"
level=debug msg="legolog: [INFO] [MySubDomain.MyDomain.com] acme: use dns-01 solver"
level=debug msg="legolog: [INFO] [MySubDomain.MyDomain.com] acme: Preparing to solve DNS-01"
level=debug msg="legolog: [INFO] [MySubDomain.MyDomain.com] acme: Cleaning DNS-01 challenge"
level=debug msg="legolog: [WARN] [MySubDomain.MyDomain.com] acme: cleaning up failed: cloudflare: could not find the start of authority for _acme-challenge.MySubDomain.MyDomain.com.: NOERROR "
level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/9999999999"
level=debug msg="Serving default certificate for request: \"localhost\""
level=error msg="Unable to obtain ACME certificate for domains \"MySubDomain.MyDomain.com\": unable to generate a certificate for the domains [MySubDomain.MyDomain.com]: error: one or more domains had a problem:\n[MySubDomain.MyDomain.com] [MySubDomain.MyDomain.com] acme: error presenting token: cloudflare: could not find the start of authority for _acme-challenge.MySubDomain.MyDomain.com.: NOERROR\n" routerName=sonarr@docker rule="(Host(`MySubDomain.MyDomain.com`) && PathPrefix(`/sonarr`))" providerName=myresolver.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory"

Here's the changes that I've made in the docker compose:

version: "3.9"
services:
  traefik:
    command:
      - --log.level=DEBUG
  qbittorrent:
      # network_mode: "service:vpn"
      # depends_on:
      #   vpn:
      #     condition: service_healthy
      labels:
        - homepage.widget.url=http://qbittorrent:8080
  # vpn:
  jellyfin:
    # devices:
    #   - /dev/dri/renderD128:/dev/dri/renderD128
    #   - /dev/dri/card0:/dev/dri/card0

Thanks for the great setup. Everything works fine, but I am running into a problem with Jellyseerr and Jellyfin. When I select to use Jellyfin in Jellyseerr it gets stuck on syncing. I can't click continue because of it. Also, the logs don't seem to be very helpful. Any pointers? Added as Jellyfin URL: http://jellyfin:8096/jellyfin.

docker-compose logs jellyseerr

Attaching to jellyseerr
jellyseerr | yarn run v1.22.19
jellyseerr | $ NODE_ENV=production node dist/index.js
jellyseerr | 2024-03-11T01:04:11.188Z [info]: Commit Tag: $GIT_SHA 
jellyseerr | 2024-03-11T01:04:11.459Z [info]: Starting Overseerr version 1.7.0 
jellyseerr | warn - You have enabled experimental features (scrollRestoration, largePageDataBytes) in next.config.js.
jellyseerr | warn - Experimental features are not covered by semver, and may cause unexpected or broken application behavior. Use at your own risk.
jellyseerr | 
jellyseerr | 2024-03-11T01:04:12.193Z [info][Notifications]: Registered notification agents 
jellyseerr | 2024-03-11T01:04:12.215Z [info][Jobs]: Scheduled jobs loaded 
jellyseerr | 2024-03-11T01:04:12.329Z [info][Server]: Server ready on port 5055 
jellyseerr | 2024-03-11T01:05:00.011Z [debug][Jobs]: Starting scheduled job: Download Sync 
jellyseerr | 2024-03-11T01:05:00.015Z [info][Jobs]: Starting scheduled job: Plex Recently Added Scan 
jellyseerr | 2024-03-11T01:05:00.016Z [info][Plex Scan]: Scan starting {"sessionId":"f55a9d1b-8a28-465a-bdb9-452967fdf1da"}
jellyseerr | 2024-03-11T01:05:00.024Z [error][Plex Scan]: Scan interrupted {"errorMessage":"connect ECONNREFUSED 127.0.0.1:32400"}
jellyseerr | 2024-03-11T01:06:00.008Z [debug][Jobs]: Starting scheduled job: Download Sync 

docker-compose logs jellyfin

[...]
jellyfin | [21:06:40] [INF] [11] Emby.Server.Implementations.Session.SessionManager: Creating new access token for user 3c7f8df2-075e-4cd7-9ee3-2fdbd6f33d87
jellyfin | [21:06:40] [INF] [36] Emby.Server.Implementations.HttpServer.WebSocketManager: WS 172.64.236.108 request
jellyfin | [21:09:28] [INF] [41] Emby.Server.Implementations.Session.SessionWebSocketListener: Sending ForceKeepAlive message to 1 inactive WebSockets.
jellyfin | [21:09:40] [INF] [22] Emby.Server.Implementations.Session.SessionWebSocketListener: Sending ForceKeepAlive message to 1 inactive WebSockets.
jellyfin | [21:09:52] [INF] [22] Emby.Server.Implementations.Session.SessionWebSocketListener: Lost 1 WebSockets.

Here is my docker compose file:

version: "3.9"
services:
  traefik:
    image: traefik:v2.9
    container_name: traefik
    restart: always
    environment:
      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
      - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
      - CLOUDFLARE_ZONE_API_TOKEN=${CLOUDFLARE_ZONE_API_TOKEN}
      - LETS_ENCRYPT_EMAIL=${LETS_ENCRYPT_EMAIL}
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web-secure.address=:443
      - --entrypoints.web.http.redirections.entryPoint.to=web-secure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
    ports:
      - "8081:80"
      - "443:443"
    volumes:
      - ./letsencrypt:/letsencrypt
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  sonarr:
    image: lscr.io/linuxserver/sonarr
    container_name: sonarr
    environment:
      - PUID=${USER_ID}
      - PGID=${GROUP_ID}
      - TZ=${TIMEZONE}
    volumes:
      - ./sonarr:/config
      - ${DATA_ROOT}:/data
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.routers.sonarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sonarr`))
      - traefik.http.routers.sonarr.tls=true
      - traefik.http.routers.sonarr.tls.certresolver=myresolver
      - traefik.http.services.sonarr.loadbalancer.server.port=8989
      - homepage.group=Media
      - homepage.name=Sonarr
      - homepage.icon=sonarr.png
      - homepage.href=/sonarr
      - homepage.description=Series management
      - homepage.weight=0
      - homepage.widget.type=sonarr
      - homepage.widget.url=http://sonarr:8989/sonarr
      - homepage.widget.key=${SONARR_API_KEY}
  radarr:
    image: lscr.io/linuxserver/radarr
    container_name: radarr
    environment:
      - PUID=${USER_ID}
      - PGID=${GROUP_ID}
      - TZ=${TIMEZONE}
    volumes:
      - ./radarr:/config
      - ${DATA_ROOT}:/data
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.routers.radarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/radarr`))
      - traefik.http.routers.radarr.tls=true
      - traefik.http.routers.radarr.tls.certresolver=myresolver
      - traefik.http.services.radarr.loadbalancer.server.port=7878
      - homepage.group=Media
      - homepage.name=Radarr
      - homepage.icon=radarr.png
      - homepage.href=/radarr
      - homepage.description=Movies management
      - homepage.weight=1
      - homepage.widget.type=radarr
      - homepage.widget.url=http://radarr:7878/radarr
      - homepage.widget.key=${RADARR_API_KEY}
  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    container_name: prowlarr
    environment:
      - PUID=${USER_ID}
      - PGID=${GROUP_ID}
      - TZ=${TIMEZONE}
    volumes:
      - ./prowlarr:/config
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.routers.prowlarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/prowlarr`))
      - traefik.http.routers.prowlarr.tls=true
      - traefik.http.routers.prowlarr.tls.certresolver=myresolver
      - traefik.http.services.prowlarr.loadbalancer.server.port=9696
      - homepage.group=Download
      - homepage.name=Prowlarr
      - homepage.icon=prowlarr.png
      - homepage.href=/prowlarr
      - homepage.description=Indexers management
      - homepage.weight=4
      - homepage.widget.type=prowlarr
      - homepage.widget.url=http://prowlarr:9696/prowlarr
      - homepage.widget.key=${PROWLARR_API_KEY}
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:libtorrentv1
    container_name: qbittorrent
    environment:
      - PUID=${USER_ID}
      - PGID=${GROUP_ID}
      - TZ=${TIMEZONE}
      - WEBUI_PORT=8080
    volumes:
      - ./qbittorrent:/config
      - ${DOWNLOAD_ROOT}:/data/torrents
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.routers.qbittorrent.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/qbittorrent`))
      - traefik.http.routers.qbittorrent.tls=true
      - traefik.http.routers.qbittorrent.tls.certresolver=myresolver
      - traefik.http.services.qbittorrent.loadbalancer.server.port=8080
      - traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix
      # https://github.com/qbittorrent/qBittorrent/issues/5693#issuecomment-552146296
      - traefik.http.middlewares.qbittorrent-stripprefix.stripPrefix.prefixes=/qbittorrent
      # https://community.traefik.io/t/middleware-to-add-the-if-needed/1895/19
      - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.regex=(^.*\/qbittorrent$$)
      - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.replacement=$$1/
      - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.permanent=false
      #- com.centurylinklabs.watchtower.depends-on=/vpn
      - homepage.group=Download
      - homepage.name=qBittorrent
      - homepage.icon=qbittorrent.png
      - homepage.href=/qbittorrent
      - homepage.description=Bittorrent client
      - homepage.weight=5
      - homepage.widget.type=qbittorrent
      - homepage.widget.url=http://qbittorrent:8080/qbittorrent      
      - homepage.widget.username=admin
      - homepage.widget.password=adminadmin
  jellyfin:
    image: lscr.io/linuxserver/jellyfin
    container_name: jellyfin
    environment:
      - PUID=${USER_ID}
      - PGID=${GROUP_ID}
      - TZ=${TIMEZONE}
      - JELLYFIN_PublishedServerUrl=${HOSTNAME}/jellyfin
    volumes:
      - ./jellyfin:/config
      - ${DATA_ROOT}:/data
    ports:
      - "7359:7359/udp"
      - "1900:1900/udp"
    devices:
      - /dev/dri/renderD128:/dev/dri/renderD128
      - /dev/dri/card0:/dev/dri/card0
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.routers.jellyfin.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyfin`))
      - traefik.http.routers.jellyfin.tls=true
      - traefik.http.routers.jellyfin.tls.certresolver=myresolver
      - traefik.http.services.jellyfin.loadbalancer.server.port=8096
      - homepage.group=Media
      - homepage.name=Jellyfin
      - homepage.icon=jellyfin.png
      - homepage.href=/jellyfin
      - homepage.description=Media server
      - homepage.weight=3
      - homepage.widget.type=jellyfin
      - homepage.widget.url=http://jellyfin:8096/jellyfin
      - homepage.widget.key=${JELLYFIN_API_KEY}
  homepage:
    image: ghcr.io/benphelps/homepage:latest
    container_name: homepage
    environment:
      - HOMEPAGE_VAR_TITLE=${HOMEPAGE_VAR_TITLE}
      - HOMEPAGE_VAR_SEARCH_PROVIDER=${HOMEPAGE_VAR_SEARCH_PROVIDER}
      - HOMEPAGE_VAR_HEADER_STYLE=${HOMEPAGE_VAR_HEADER_STYLE}
      - HOMEPAGE_VAR_WEATHER_CITY=${HOMEPAGE_VAR_WEATHER_CITY}
      - HOMEPAGE_VAR_WEATHER_LAT=${HOMEPAGE_VAR_WEATHER_LAT}
      - HOMEPAGE_VAR_WEATHER_LONG=${HOMEPAGE_VAR_WEATHER_LONG}
      - HOMEPAGE_VAR_WEATHER_TIME=${TIMEZONE}
      - HOMEPAGE_VAR_WEATHER_UNIT=${HOMEPAGE_VAR_WEATHER_UNIT}
    volumes:
      - ./homepage:/app/config
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${DATA_ROOT}:/data
    restart: always
    command: [sh, -c, "cp -n /app/config/tpl/*.yaml /app/config && node server.js"]
    labels:
      - traefik.enable=true
      - traefik.http.routers.homepage.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/`))
      - traefik.http.routers.homepage.tls=true
      - traefik.http.routers.homepage.tls.certresolver=myresolver
      - traefik.http.services.homepage.loadbalancer.server.port=3000
  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    restart: always
    environment:
      - WATCHTOWER_CLEANUP=true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

networks:
default:
name: docker-compose-nas

Here my .env

COMPOSE_FILE=docker-compose.yml
COMPOSE_PATH_SEPARATOR=:
USER_ID=1000
GROUP_ID=1000
TIMEZONE=America/Mexico_City
DATA_ROOT=./data
DOWNLOAD_ROOT=./data/torrents
HOSTNAME=localhost
SONARR_API_KEY=...
RADARR_API_KEY=...
PROWLARR_API_KEY=...
JELLYFIN_API_KEY=...
HOMEPAGE_VAR_TITLE=Docker-Compose NAS
HOMEPAGE_VAR_SEARCH_PROVIDER=google
HOMEPAGE_VAR_HEADER_STYLE=boxed
HOMEPAGE_VAR_WEATHER_CITY=Mexico City
HOMEPAGE_VAR_WEATHER_LAT=19.4326
HOMEPAGE_VAR_WEATHER_LONG=-99.1332
HOMEPAGE_VAR_WEATHER_UNIT=metric

hi,

im quite new to docker and will try out your packge, but didnt have the time yet.

Can you please add whisparr optionally to your package?

You can find it here: https://github.com/whisparr/whisparr

Also is it possible to integrate JDownlaoder into the bunch?
Mind, that I did not try your package or any of the Rrr Apps at all yet, so this may already be possible?
Can you tell me how that would work?

Also is it possible to integrate replacing jellyfin optionally with plex?

I will be running the containers on a Synology NAS.

Thanks!

Hey!

Love this repo... wondering how I would go about modifying it such that I have a sabnzbd container that can be resolved via 'nas.mydomain.com/sabnzbd'

Unsure which parts of the config need to change and how but would appreciate any guidance :)

Due to a bug in 4.6.1 the default password doesn't work and it won't generate a temp password either. Details here: https://www.reddit.com/r/unRAID/comments/180ou0b/psa_if_you_cant_login_to_qbittorrent_pass/

I haven't found a solution as manually adding a password to the conf gets erased when restarting the container

Hi,
Thank you for your great work !

I can't figure out how hardlinks work.
I have the same file structure as you:

data
├── torrents
│  ├── movies
│  └── tv
└── media
   ├── movies
   └── tv

qBittorent downloads files in /data/torrents. /data/torrents/movies and /data/torrents/tv both stay empty.
My files permissions for all files and directories inside data: drwxrwxr-x xxx xxx

If go inside a container using this cmd: docker exec -ti sonarr bash my files permission has a different user and grp:
drwxrwxr-x abc abc . Is it normal ?

the "create hardlink" in both Radarr and Sonarr configuration are ticked

Even though everything seems correctly configured, files from /data/torrents are not automatically linked to /data/media. What did I miss ?

Thanks in advance for your help.

Hi. Thanks for the great package.
I would like to replace jellyfin and wireguard-pia with plex and expressvpn.

I already have a plex server running on another container (I know how to include it in the same network as this package).
But the expressvpn ... it's a bit more complicated i think.
Here is the compose fille i've use and i's getting an error 404 when accessing the homepage container.
I've removed the jellyfin and replaced the wireguard.
I had to change port for expressvpn from 8080 to 8082. Was getting "Error response from daemon: driver failed programming external connectivity on endpoint traefik (bfceefef6fd5aab2fbf085c9e434ad264edec5b099e0384c38d2cb031d0a73e9): Bind for 0.0.0.0:80 failed: port is already allocated"
Had to comment . Was getting "cp: can't stat '/app/config/tpl/*.yaml': No such file or directory"

If you know of an easy way to integrate them, let me know (maybe something obvious will jump)

version: "3.9"
services:
traefik:
image: traefik:v2.9
container_name: traefik
restart: always
environment:
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
- CLOUDFLARE_ZONE_API_TOKEN=${CLOUDFLARE_ZONE_API_TOKEN}
- LETS_ENCRYPT_EMAIL=${LETS_ENCRYPT_EMAIL}
command:
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web-secure.address=:443
- --entrypoints.web.http.redirections.entryPoint.to=web-secure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --certificatesresolvers.myresolver.acme.dnschallenge=${DNS_CHALLENGE:-true}
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_CHALLENGE_PROVIDER:-cloudflare}
- --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
- --certificatesresolvers.myresolver.acme.caserver=${LETS_ENCRYPT_CA_SERVER:-https://acme-v02.api.letsencrypt.org/directory}
- --certificatesresolvers.myresolver.acme.email=${LETS_ENCRYPT_EMAIL}
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
ports:
- "80:80"
- "443:443"
volumes:
- ./letsencrypt:/letsencrypt
- "/var/run/docker.sock:/var/run/docker.sock:ro"
sonarr:
image: lscr.io/linuxserver/sonarr
container_name: sonarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
volumes:
- ./sonarr:/config
- ${DATA_ROOT}:/data
restart: always
labels:
- traefik.enable=true
- traefik.http.routers.sonarr.rule=(Host(${HOSTNAME}) && PathPrefix(/sonarr))
- traefik.http.routers.sonarr.tls=true
- traefik.http.routers.sonarr.tls.certresolver=myresolver
- traefik.http.services.sonarr.loadbalancer.server.port=8989
- homepage.group=Media
- homepage.name=Sonarr
- homepage.icon=sonarr.png
- homepage.href=/sonarr
- homepage.description=Series management
- homepage.weight=0
- homepage.widget.type=sonarr
- homepage.widget.url=http://sonarr:8989/sonarr
- homepage.widget.key=${SONARR_API_KEY}
radarr:
image: lscr.io/linuxserver/radarr
container_name: radarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
volumes:
- ./radarr:/config
- ${DATA_ROOT}:/data
restart: always
labels:
- traefik.enable=true
- traefik.http.routers.radarr.rule=(Host(${HOSTNAME}) && PathPrefix(/radarr))
- traefik.http.routers.radarr.tls=true
- traefik.http.routers.radarr.tls.certresolver=myresolver
- traefik.http.services.radarr.loadbalancer.server.port=7878
- homepage.group=Media
- homepage.name=Radarr
- homepage.icon=radarr.png
- homepage.href=/radarr
- homepage.description=Movies management
- homepage.weight=1
- homepage.widget.type=radarr
- homepage.widget.url=http://radarr:7878/radarr
- homepage.widget.key=${RADARR_API_KEY}
prowlarr:
image: lscr.io/linuxserver/prowlarr:latest
container_name: prowlarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
volumes:
- ./prowlarr:/config
restart: always
labels:
- traefik.enable=true
- traefik.http.routers.prowlarr.rule=(Host(${HOSTNAME}) && PathPrefix(/prowlarr))
- traefik.http.routers.prowlarr.tls=true
- traefik.http.routers.prowlarr.tls.certresolver=myresolver
- traefik.http.services.prowlarr.loadbalancer.server.port=9696
- homepage.group=Download
- homepage.name=Prowlarr
- homepage.icon=prowlarr.png
- homepage.href=/prowlarr
- homepage.description=Indexers management
- homepage.weight=4
- homepage.widget.type=prowlarr
- homepage.widget.url=http://prowlarr:9696/prowlarr
- homepage.widget.key=${PROWLARR_API_KEY}
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:libtorrentv1
container_name: qbittorrent
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
- WEBUI_PORT=8080
volumes:
- ./qbittorrent:/config
- ${DOWNLOAD_ROOT}:/data/torrents
restart: always
network_mode: "service:vpn"
depends_on:
vpn:
condition: service_healthy
labels:
- traefik.enable=true
- traefik.http.routers.qbittorrent.rule=(Host(${HOSTNAME}) && PathPrefix(/qbittorrent))
- traefik.http.routers.qbittorrent.tls=true
- traefik.http.routers.qbittorrent.tls.certresolver=myresolver
- traefik.http.services.qbittorrent.loadbalancer.server.port=8080
- traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix
# qbittorrent/qBittorrent#5693 (comment)
- traefik.http.middlewares.qbittorrent-stripprefix.stripPrefix.prefixes=/qbittorrent
# https://community.traefik.io/t/middleware-to-add-the-if-needed/1895/19
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.regex=(^.*/qbittorrent$$)
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.replacement=$$1/
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.permanent=false
#- com.centurylinklabs.watchtower.depends-on=/vpn
- homepage.group=Download
- homepage.name=qBittorrent
- homepage.icon=qbittorrent.png
- homepage.href=/qbittorrent
- homepage.description=Bittorrent client
- homepage.weight=5
- homepage.widget.type=qbittorrent
- homepage.widget.url=http://vpn:8080
- homepage.widget.username=admin
- homepage.widget.password=adminadmin
vpn:
image: misioslav/expressvpn:latest
container_name: vpn

restart: unless-stopped

ports: # ports from which container that uses vpn connection will be available in local network
  - 8082:80 # example
environment:
  - WHITELIST_DNS=192.168.1.2,8.8.8.8  # Comma seperated list of dns servers you wish to use and whitelist via iptables
  - CODE=My_activation_code # Activation Code from vpn https://www.vpn.com/support/troubleshooting/find-activation-code/
  - SERVER=smart # By default container will connect to smart location, list of available locations you can find below

- DDNS=yourDdnsDomain # optional

- IP=yourStaticIp # optional - won't work if DDNS is setup

- BEAERER=ipInfoAccessToken # optional can be taken from ipinfo.io

  - HEALTHCHECK=healthchecks.ioId # optional can be taken from healthchecks.io
  - NETWORK=on #optional and set to on by default
  - PROTOCOL=lightway_udp \ #optional set default to lightway_udp see protocol and cipher section for more information
  - CIPHER=chacha20 \ #optional set default to chacha20 see protocol and cipher section for more information
cap_add:
  - NET_ADMIN
devices:
  - /dev/net/tun
stdin_open: true
tty: true
command: /bin/bash
privileged: true
volumes:
  - ./pia:/pia
  - ./pia-shared:/pia-shared

healthcheck:
  test: ping -c 1 www.google.com || exit 1
  interval: 30s
  timeout: 10s
  retries: 3
restart: always
labels:
  # network mode is not supported: https://github.com/containrrr/watchtower/issues/1286#issuecomment-1214291660
  - com.centurylinklabs.watchtower.enable=false

homepage:
image: ghcr.io/benphelps/homepage:latest
container_name: homepage
environment:
- HOMEPAGE_VAR_TITLE=${HOMEPAGE_VAR_TITLE}
- HOMEPAGE_VAR_SEARCH_PROVIDER=${HOMEPAGE_VAR_SEARCH_PROVIDER}
- HOMEPAGE_VAR_HEADER_STYLE=${HOMEPAGE_VAR_HEADER_STYLE}
- HOMEPAGE_VAR_WEATHER_CITY=${HOMEPAGE_VAR_WEATHER_CITY}
- HOMEPAGE_VAR_WEATHER_LAT=${HOMEPAGE_VAR_WEATHER_LAT}
- HOMEPAGE_VAR_WEATHER_LONG=${HOMEPAGE_VAR_WEATHER_LONG}
- HOMEPAGE_VAR_WEATHER_TIME=${TIMEZONE}
- HOMEPAGE_VAR_WEATHER_UNIT=${HOMEPAGE_VAR_WEATHER_UNIT}
volumes:
- ./homepage:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${DATA_ROOT}:/data
restart: always

command: [sh, -c, "cp -n /app/config/tpl/*.yaml /app/config && node server.js"]

labels:
  - traefik.enable=true
  - traefik.http.routers.homepage.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/`))
  - traefik.http.routers.homepage.tls=true
  - traefik.http.routers.homepage.tls.certresolver=myresolver
  - traefik.http.services.homepage.loadbalancer.server.port=3000

watchtower:
image: containrrr/watchtower
container_name: watchtower
restart: always
environment:
- WATCHTOWER_CLEANUP=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock

networks:
default:
name: docker-compose-nas

Hey!

I'm having an issue to see qBittorrent. This is the error I can see from the homepage:

API Error: Unknown error
URL: http://vpn:8080/api/v2/torrents/info
Raw Error:
{
    "errno": -111,
    "code": "ECONNREFUSED",
    "syscall": "connect",
    "address": "172.20.0.2",
    "port": 8080
}

Everything is under a subdomain. I've created an A record pointing to my local IP. Let's encrypt is returning certs and everything seems ok... except qBittorrent.
I also notice the service is restarting after a while (maybe 1 minute or so)

Some logs:

VPN:

docker logs vpn
Fetching next-gen PIA server list
Verified OK
Verified server list
Registering public key with PIA endpoint; id: spain, cn: madrid403, ip: ***
Generating /etc/wireguard/wg0.conf
Using PIA DNS servers: 10.0.0.243,10.0.0.242
Port forwarding is available at this location
Successfully generated /etc/wireguard/wg0.conf
Fri Nov  3 11:06:04 UTC 2023: Bringing up WireGuard interface wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.1.243.244 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] iptables-restore -n

interface: wg0
  public key: ***
  private key: (hidden)
  listening port: 55182
  fwmark: 0xca6c

peer: ***
  endpoint: 212.102.49.186:1337
  allowed ips: 0.0.0.0/0

Fri Nov  3 11:06:04 UTC 2023: WireGuard successfully started
Fri Nov  3 11:06:04 UTC 2023: Allowing network access to 172.20.0.2/16 on eth0
Fri Nov  3 11:06:04 UTC 2023: Firewall enabled: Blocking non-WireGuard traffic
Fri Nov  3 11:06:04 UTC 2023: Allowing network access to 192.168.0.0/16 on eth0
Fri Nov  3 11:06:04 UTC 2023: Adding route to 192.168.0.0/16
Fri Nov  3 11:06:04 UTC 2023: Starting port forward script
Fri Nov  3 11:06:04 UTC 2023: Verifying API requests. CN: madrid403
Fri Nov  3 11:06:04 UTC 2023: Getting PF token
Fri Nov  3 11:06:04 UTC 2023: Reusing previous PF token
Fri Nov  3 11:06:04 UTC 2023: Obtained PF token. Expires at 2024-01-03T05:26:30.973490606Z
Fri Nov  3 11:06:04 UTC 2023: Server accepted PF bind
Fri Nov  3 11:06:04 UTC 2023: Forwarding on port 38678
Fri Nov  3 11:06:04 UTC 2023: Rebind interval: 900 seconds
Fri Nov  3 11:06:04 UTC 2023: Port dumped to /pia-shared/port.dat
Fri Nov  3 11:06:04 UTC 2023: This script should remain running to keep the forwarded port alive
Fri Nov  3 11:06:04 UTC 2023: Press Ctrl+C to exit
Fri Nov  3 11:06:04 UTC 2023: Running /scripts/pf_success.sh
Fri Nov  3 11:06:04 UTC 2023: Allowing incoming traffic on port 38678
Fri Nov  3 11:06:04 UTC 2023: Running user-defined command: /pia-shared/portupdate-qbittorrent.sh
Setting qBittorrent port settings (38678)...
Ok.qBittorrent port updated successfully (38678)...

And qBittorrent:

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080

The Web UI administrator username is: admin
The Web UI administrator password has not been changed from the default: adminadmin
This is a security risk, please change your password in program preferences.
[migrations] started
[migrations] no migrations found
usermod: no changes
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1000
User GID:    1000
───────────────────────────────────────

[custom-init] No custom files found, skipping...
WebUI will be started shortly after internal preparations. Please wait...
[ls.io-init] done.

A hand is more than welcome!

Thank you for this project. You saved me a lot of time! Kudos to you!

The healthcheck for qbittorrent is defined as
test: [ "CMD", "curl", "--fail", "http://127.0.0.1:8080/api/v2/app/version" ]

When I execute that command it fails with error 403.
The healthcheck succeeds if I only check for /

# docker compose exec -it qbittorrent curl --fail "http://127.0.0.1:8080/api/v2/app/version"                         
curl: (22) The requested URL returned error: 403                           
# docker compose exec -it qbittorrent curl --fail "http://127.0.0.1:8080/"                                               
<!DOCTYPE html> 
...

Not very familiar with qbt, maybe it makes sense to use another check.

It seems the || exit 1 did not restart the VPN container when it failed.

Adding https://hub.docker.com/r/willfarrell/autoheal will fix it and make the whole stack more resilient.

I am unable to access the qBittorrent web UI and receive the below error.

Application error: a client-side exception has occurred (see the browser console for more information).

This seems to be the case regardless of whether I access via the VPN or not (tested by commenting out network_mode: "service:vpn" in the docker-compose.yaml). qBittorrent logs return the below.

(N) 2023-10-29T14:00:50 - Using built-in Web UI.
(W) 2023-10-29T14:00:50 - Couldn't load Web UI translation for selected locale (C).

This indicates an error with no locale being set but I am unable to set one without UI access.

The steps to generate the first letsencrypt cert were successful, but I am getting an email saying it will expire. What are the steps to renew, and is there any way to automate this?

Thanks

First of all thank you for this, it works like a charm!
just fyi I raplaced cloudflare part with
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
and it also works like a charm, the only difference is that you initially have to have domain pointing to your public IP and open the ports, once you get the certificate you can point your domain back to local IP and close the ports.

changing path prefix for heimdall to

• traefik.http.routers.heimdall.rule=(Host(${HOSTNAME}) && PathPrefix(/heimdall) || PathPrefix(/heimdall))
  turns into 404, any idea why or how to fix that?

And if one were to add nextcloud or photoprism or similar, how would that same path be replaced? just like
- traefik.http.routers.heimdall.rule=(Host(${HOSTNAME}) && PathPrefix(/nextcloud) || PathPrefix(/nextcloud))

Since heimdall is not working why would nextcloud and would you have any idea how to fix it and make nextcloud/heimdall stil accessible? My idea is to add a few more services to this and make it one giant media stack.

Thanks!

Is there a step by step guide or video for this build? Maybe using Nord VPN. Please?

Add Unpackerr to handle multi part files in qBittorrent.

i encounter a "Bad Gateway" error when I try to open the jellyfin page. Is there any step or config that could be related to this error?

So i am able to setup sonarr just fine but with radarr when i follow the steps to set /data as the root directory it is blank. If i bin/bash into the container and cd then ls it all shows up. Do i have an issue with permissions? I have matched the file structure as stated in the readme.

hello,

sorry, if this is a dumb question, but I have only installed docker containers through the Synology Container Manager so far.

I cloned the github and created a new shared folder on my NAS DS218+.

I read the Synology Quirks and adjusted the settings accordingly like UID and disable SSTP.

Then "cp .env.example .env" and edited the file.

But when running "docker compose up -d" via SSH as root I get:
unknown shorthand flag: 'd' in -d

And with "docker compose up" I get
docker: 'compose' is not a docker command.

Also can you help me set ProtonVPN as the provider for Qbitorrent?

It can be done with this container:
https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/protonvpn.md

Id like to use OpenVPN instead of wireguard, because I read the Wireguard binary may be deleted with a DSM Update.

I read it can be done by creating a docker-compose.override.yml but im not sure how that would need to look like as i have never written a compose file.

Also how do I disable the DNS / Certificate Setup?

If I connect to my Wireguard VPN Server on my Router will I still be able to use Tailscale to connect directly?
Or do I need a Certificate for that?

I attached my .env file.

Thanks!

.env.txt

Hi there.

I am not able to get a torrent to start downloading in qBittorrent .
It fails with a 'permission denied' error when attempting to write to the host file system.

Here is the error from qbittorrent.log:
(W) 2023-08-14T14:49:58 - File error alert. Torrent: "2023-05-03-raspios-bullseye-armhf.img.xz". File: "/mnt/data/torrents/2023-05-03-raspios-bullseye-armhf.img.xz". Reason: "2023-05-03-raspios-bullseye-armhf.img.xz mkdir (/mnt/data/torrents/2023-05-03-raspios-bullseye-armhf.img.xz) error: Permission denied"

I have an external USB drive mounted in /mnt/data with 777 permissions. There is also a directory called torrents inside the data directory.

I am using these settings in the .env file:

USER_ID=1000
GROUP_ID=1000
TIMEZONE="Europe/London"
DATA_ROOT="/mnt/data"
DOWNLOAD_ROOT="/mnt/data/torrents"

The user and group ids are correctly assigned.

I have noticed a couple of discrepancies that I don't understand.
In the qBittorrent section of the Readme it says: Set the default save path to /data/torrents in Settings
I guess this should say /mnt/data/torrents right?

Also I noticed that in the qBittorrent section of the docker-compse.yml, it has:

volumes:
  - ./qbittorrent:/config
  - ${DOWNLOAD_ROOT}:/data/torrents

Is the DOWNLOAD_ROOT mapping correct here? In the qbittorrent container documentation they use this:

volumes:
  - /path/to/appdata/config:/config
  - /path/to/downloads:/downloads

You can see that the DOWNLOAD_ROOT should map to /downloads. Is that right?

Thanks in advance

The *arrs configurations and databases should be backed up externally in case of failure. Using rclone would probably be the most flexible option.

This is probably my own issue but I can't seem to get the adguard hostname/ip to resolve. I have tried looking for dhcp settings I'm missing or something similar, but an numeric or url or ip address I try in the .env doesn't resolve. There are no issues in the container logs for docker. If its something I'm missing, perhaps just giving an example of how to do it correctly would help in the readme! Not sure whats happening exactly, and thank you for the help, and this repo.

Hello again!

Is it possible to run a jellyfin container on one machine (separate from the downloaders) but still have it resolve via nas.mydomain.com/jellyfin ?

So to use the nas with jellyfin clients other than a pc/phone browser i have to setup this SSL certificate i think since the apps reject self signed certificates. I am a little lost on what i need to sign up for and to put in the environment file so that your scripts can do their magic. Could you expand the readme section or point to an instruction. If using a synology can i use these steps? [https://kb.synology.com/en-uk/DSM/tutorial/How_to_enable_HTTPS_and_create_a_certificate_signing_request_on_your_Synology_NAS]

I am having an error vpn container is unhealthy when doing sudo docker compose up -d.

I did not edit the .env (Actually I do not know what to modify).

Is it mandatory to use PIA ?

P.D. I am unfamiliar with Docker

Hey!

Not sure if this is an issue with this config or if it's a setting with my VPN/Router/etc. that I haven't properly configured. However, I am unable to seed anything post download and I don't want to destroy my ratio on my trackers.

Is there any setting I need to change on either QBIT itself or perhaps PIA to enable uploading? Do I need to do anything with proxy settings?

Thanks in advance

Newbie question, has anyone tried Saltbox (was previously called Cloudbox) and can compare these two? They both seem equally popular and quite similar.

I did the standard install and can access jellyfin through https://omv.local/jellyfin in my webbrowser, but I get a connection failure when pasting that same url in jellyfin media player. I'm using the TRAEFIK DEFAULT CERT since I didn't want to sign up for cloudflare. Any tips?

Hello, I am currently testing your solution and everything is working perfectly.

But I can't access my jellyfin server from the mobile app, yet the app detects the server but still won't connect to it.

However, the server is local and my phone is on the same network.

On the screenshots you can see that when you click on the selected server it tests all possible solutions but still fails.

Using Compose profiles seem more elegant than using COMPOSE_FILE.

Hello,

I followed all the procedures, my docker is active, however when I type my IP to access the services if I leave http://mon-ip I get the error 404 page not found, if I want to access Sonarr etc, it turns in the void.

My docker runs on Ubuntu server, my client is on w10 with firewall disabled...

Do you have any clues?

Thanks

Hi,

Is it possible to add a Bazarr support to handle subtitles ?

I have tried it myself but I can't make it work.

bazarr:
image: lscr.io/linuxserver/bazarr
container_name: bazarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
volumes:
- ./bazarr:/config
- ${DATA_ROOT}:/data
restart: always
healthcheck:
test: [ "CMD", "curl", "--fail", "http://127.0.0.1:6767/bazarr/ping" ]
interval: 5s
retries: 10
labels:
- traefik.enable=true
- traefik.http.routers.bazarr.rule=(Host(${HOSTNAME}) && PathPrefix(/bazarr))
- traefik.http.routers.bazarr.tls=true
- traefik.http.routers.bazarr.tls.certresolver=myresolver
- traefik.http.services.sonarr.loadbalancer.server.port=6767
- homepage.group=Media
- homepage.name=Sonarr
- homepage.icon=sonarr.png
- homepage.href=/bazarr
- homepage.description=Subtitles management
- homepage.weight=0
- homepage.widget.type=bazarr
- homepage.widget.url=http://bazarr:6767/bazarr

Bazarr seems up and running but I'm not able to access the web interface. I guess it's a reverse proxy misconfiguration.

bazarr | 2024-01-20 20:06:18,448 - root (7f94d516ab48) : INFO (server:67) - BAZARR is started and waiting for request on http://0.0.0.0:6767

Thanks in advance

I couldn't figure out for the longest time why my qbit container was getting absolute butt cheeks for speed. I used to get 40-50MBps and then a few months ago I started not being able to get above 1 MBps. Finally last night I found a solution. I'm just posting this here in case anyone struggles with the same problem. I thought it was an issue with my vpn provider not supporting port forwarding but after splurging on another vpn service I was still seeing the same issues.

I won't pretend to understand the internals of the torrent protocol (more specifically libtorrent) but reverting QBIT to be the last version where it used libtorrent 1.x instead of 2.x resulted in me getting my speeds back.

Changing the image line of this config was the secret sauce:

qbittorrent:
  image: lscr.io/linuxserver/qbittorrent:libtorrentv1-release-4.5.0_v1.2.18-ls7