Gluetun using ProtonVPN docker, with the following apps running through:
Qbittorrent
Sonarr/Radarr/Readarr/Prowlarr
Jellyseerr
Deemix - though I’m having trouble finding good arls lately
Slskd
Requester - linked to discord
Do you have users or did you do all this just for yourself?
Myself and my family and a few friends.
how is the rest of your setup? Do you use a reverse proxy for this? Can you give us a small high level “network overview” on how you provide the services to friends and family?
Do you use Docker? If so, can you share your configs? How do you do backups?
*.domain points to my server, nginx reverse proxy separates it out between the various services. I have jellyfin and navidrome. As well as audiobookshelf for my wife. No hardware transcoding.
Everything is Docker except nginx. I have gluetun routing everything that my ISP probably wouldn’t like through a VPN.
Jellyseerr, I thought would be more popular, but it turns out requestrr is doing most of the media grabbing now days. My brother has a family discord, I attached to it.
The only thing I stress about backups with is my music. I could (and have) rebuilt my server in a day. But it’s taken years to build my library. It’s syncthing’d between my server, laptop, and my brother’s computer (who helps build the library). It’s also syncing to pcloud, but less regularly. Movies are trivial to regrab, and TV can be hit or miss, but it’s still not worth the effort to back it up.
Last time I upgraded my server, I just copied out my Docker compose files and config folders. As well as my nginx. Since then, if I had to, I could back up everything and restore from a single folder.
I’ll attach my docker for my torrent stack below. It’s a single large docker because it’s easier to make services use the VPN if they’re attached like that. The rest of my services that don’t run through VPN are individuals that I can stop without commenting them out.
Nice, thanks!
I actually use lots of the same software apart from Traefik instead of nginx and my own wireguard reverse proxy in the WWW with an external IP.
I solved a similar problem with having irreplaceable audio files by using a friend backup system where I just gave a few friends a free hard disk with the condition they install syncthing so I can give them even more free music from time to time.
I’ve never messed with Traefik. I did a 5 second internet search for “best reverse proxy”, but later realized it would never matter at my scale of less than a dozen. I guess caddy is supposed to be really good and easy to use, but I still find more guides for nginx.
version: “3.7” services: gluetun: image: qmcgaw/gluetun:latest cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun
environment: #WIREGUARD ENVIRONMENT
- VPN_SERVICE_PROVIDER=custom
- VPN_SERVICE_PROVIDER=mullvad
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=asdf#Mullvad
- WIREGUARD_ADDRESSES=asdf #Mullvad
- WIREGUARD_PUBLIC_KEY=asdf=#ProtonVPN
- WIREGUARD_PRIVATE_KEY=asdf=#ProtonVPN
- WIREGUARD_PRESHARED_KEY= #ProtonVPN
- WIREGUARD_ADDRESSES=asdf#ProtonVPN
- SERVER_CITIES=New York NY
- FIREWALL_VPN_INPUT_PORTS=55106
- VPN_ENDPOINT_PORT=51820
environment: - VPN_SERVICE_PROVIDER=protonvpn - OPENVPN_USER=asdf - OPENVPN_PASSWORD=asdf - SERVER_COUNTRIES=United States,Canada ports: - 5055:5055 #Jellyseerr - 8123:8123 #QBT web interface - 6881:6881/tcp #QBT Torrenting - 6881:6881/udp #Above - 9000:9000 #gluetun
- 9117:9117 #Jackett
- 9696:9696 #Prowlarr
- 8686:8686 #Lidarr
- 6595:6595 #Deemix - 8787:8787 #Readarr - 8888:8888/tcp #gluetun - 8388:8388/tcp #gluetun - 8388:8388/udp #gluetun - 8989:8989 #Sonarr - 7878:7878 #Radarr
- 7575:7575 #Homarr
- 4000:4000 #Midarr
- 5100:5000 #slskd http - 5101:5001 #slskd https - 50000:50000 #slskd connections - 4545:4545 #requestrr
qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest #Master
image: cr.hotio.dev/hotio/qbittorrent #With VueTorrent Built in
container_name: qbittorrent network_mode: "service:gluetun" environment: - PUID=1000 - PGID=1001 - TZ=America/New_York - WEBUI_PORT=8123 - DOCKER_MODS=arafatamim/linuxserver-io-mod-vuetorrent volumes: - ./qbittorrent:/config - /External/Downloads:/downloads
ports:
- 8080:8080
- 6881:6881
- 6881:6881/udp
restart: unless-stopped
prowlarr: image: lscr.io/linuxserver/prowlarr:develop container_name: prowlarr network_mode: “service:gluetun” environment: - PUID=1000 - PGID=1001 - TZ=America/New_York - AUTO_UPDATE=true #optional
- RUN_OPTS=<run options here> #optional
volumes: - ./prowlarr:/config
- /External/Prowlarr:/downloads
ports:
- 9696:9696
restart: unless-stopped
sonarr: image: lscr.io/linuxserver/sonarr:latest container_name: sonarr network_mode: “service:gluetun” environment: - PUID=1000 - PGID=1000 - TZ=America/New_York volumes: - ./sonarr:/config - /External/Jellyfin/TV:/tv #optional - /External/Downloads:/downloads #optional - /home/butter/Jellyfin/TV:/internalTV
ports:
- 8989:8989
- 8990:8123
restart: unless-stopped
radarr: image: lscr.io/linuxserver/radarr:latest container_name: radarr network_mode: “service:gluetun” environment: - PUID=1000 - PGID=1000 - TZ=America/New_York volumes: - ./radarr:/config - /External/Jellyfin/Movies:/movies #optional - /External/Downloads:/downloads #optional - /home/butter/Jellyfin:/internalmovies
ports:
- 7878:7878
restart: unless-stopped
homarr:
container_name: homarr
image: ghcr.io/ajnart/homarr:latest
network_mode: “service:gluetun”
restart: unless-stopped
volumes:
- ./homarr/configs:/app/data/configs
- ./homarr/icons:/app/public/icons
ports:
- ‘7575:7575’
jellyseerr: image: fallenbagel/jellyseerr:latest network_mode: “service:gluetun” container_name: jellyseerr environment: - LOG_LEVEL=debug - TZ=America/New_York
ports:
- 5055:5055
volumes: - ./jellyseerr:/app/config restart: unless-stopped
readarr: image: lscr.io/linuxserver/readarr:develop container_name: readarr network_mode: “service:gluetun” environment: - PUID=1000 - PGID=1000 - TZ=America/New_York volumes: - ./readarr:/config - /External/Books:/books #optional - /External/Downloads:/downloads #optional
ports:
- 8787:8787
restart: unless-stopped
lidarr:
container_name: lidarr
network_mode: “service:gluetun”
image: lscr.io/linuxserver/lidarr:latest #Official
image: youegraillot/lidarr-on-steroids #Fork based off guide online; Very outdated
image: cr.hotio.dev/hotio/lidarr #Fork from Reddit
#ports: # - "8686:8686"
environment:
- PUID=1000
- PGID=1000
- UMASK=002
- TZ=America/New_York
volumes:
- ./lidarr:/config
- ./deemix:/config_deemix
- /External/Music/Lidarr:/music #optional
- /External/Downloads/Lidarr:/downloads #optional
lidarr-extended:
image: randomninjaatk/lidarr-extended:latest
container_name: lidarr-extended
network_mode: “service:gluetun”
volumes:
- ./lidarr-extended:/config
- /External/Downloads/Lidarr:/downloads-lidarr-extended
- /External/Music/Lidarr:/music
- /External/Music/Lidarr/Videos:/music-videos
environment:
- TZ=America/New_York
- PUID=1000
- PGID=1000
- enableAudioScript=true
- enableVideoScript=false
- scriptInterval=5m
- configureLidarrWithOptimalSettings=true
- searchSort=date
- audioFormat=native
- audioBitrate=lossless
- requireQuality=true
- enableReplaygainTags=true
- audioLyricType=both
- dlClientSource=deezer
- arlToken=
- tidalCountryCode=US
- addDeezerTopArtists=false
- addDeezerTopAlbumArtists=false
- addDeezerTopTrackArtists=false
- topLimit=10
- addRelatedArtists=false
- numberOfRelatedArtistsToAddPerArtist=5
- addFeaturedVideoArtists=false
- plexUrl=http://x.x.x.x:32400
- plexToken=Token_Goes_Here
- youtubeSubtitleLanguage=en
- enableQueueCleaner=true
- matchDistance=5
- enableBeetsTagging=true
- beetsMatchPercentage=90
ports:
- 8686:8686
restart: unless-stopped
midarr:
container_name: midarr
image: ghcr.io/midarrlabs/midarr-server:latest
network_mode: “service:gluetun”
ports:
- 4000:4000
volumes:
Database path
- ./midarr:/app/database
Media path
- /External/Jellyfin/Movies:/radarr/movies/path
- /External/Jellyfin/TV:/sonarr/shows/path
environment:
App config
- APP_URL=http://localhost:4000
- APP_MAILER_FROM=
- SENDGRID_API_KEY=someAPIKEY
Admin account
- SETUP_ADMIN_EMAIL=
- SETUP_ADMIN_NAME=
- SETUP_ADMIN_PASSWORD= # minimum length 12
Radarr integration
- RADARR_BASE_URL=localhost:7878
- RADARR_API_KEY=asdf
Sonarr integration
- SONARR_BASE_URL=localhost:8989
- SONARR_API_KEY=asdf
slskd: image: slskd/slskd container_name: slskd network_mode: “service:gluetun” volumes: - ./slskd:/app - /External/Music:/music - /External/Books:/audiobooks restart: always
deemix: image: registry.gitlab.com/bockiii/deemix-docker container_name: Deemix network_mode: “service:gluetun” volumes: - /External/Music/Deezer:/downloads - ./Deezer:/config environment: - PUID=1000 - PGID=1000 - UMASK_SET=022 - DEEMIX_SINGLE_USER=true
ports:
- 6595:6595
requestrr: container_name: requestrr network_mode: “service:gluetun”
ports:
- ‘4545:4545’
volumes: - ./requestrr:/root/config restart: unless-stopped image: darkalfx/requestrr
Newbie question for you. I’m in the process of building myself a server for the first time after running Jellyfin on my computer for a while. One issue I had on my computer is every time I have my VPN connected to download content, my server is unavailable. How does this work on a server?
I’m also going to recommend gluetun. It lets you run any docker through the VPN. I use it for grey areas, like Prowlarr or slskd.
It works by creating a new network adapter that can only access the VPN. If your VPN expires or otherwise goes down, all of your services stop.
https://github.com/qdm12/gluetun
I also dropped an example config in another comment.
Use this qbittorrent docker image, which works with VPNs:
So it basically only routes your torrent client through the vpn instead of your whole system?
Yep. It even exposes the web ui, only the torrenting is behind your vpn.
Oh wow that’s great. I had been hoping to find something like that! Thanks!
Thanks!
You can have multiple routes. If you put your download software in one network namespace which only has the route via VPN to the internet (default / 0.0.0.0 / ::) you can make sure that it always downloads via VPN. You can still provide services via another route. To be 100% sure I’d also use a firewall for this.
every time I have my VPN connected to download content, my server is unavailable
Is that the inbuilt kill-switch of your VPN? Which VPN software do you use, which provider?
Thanks for the explanation. Hopefully I can figure all that out when the time comes.
“Is that the inbuilt kill-switch of your VPN? Which VPN software do you use, which provider?”
To be clear I meant remote access and access on other devices. So I can still access my JellyFin server on my computer when my vpn is connected, but if I try to access it on my TV or outside my home network it tells me the server is down. I’ve always assumed it’s just because the vpn is hiding my actual ip that my server is connected to so other devices can’t see it.