My solution uses qBittorrent with Glutun and it works great. My Docker Compose file is based on this one https://github.com/TechHutTV/homelab/blob/main/media/arr-compose.yaml. I simply removed some of the services I didn’t need. I recommend watching his YouTube video(Same video on Odysee) if you can’t get it to work.
I am trying to have a QBitTorrent Docker container that is accessible on my local network and connects to WireGuard. I know this is a basic question, and I’m sorry if I’m wasting your time. I am using a separate user for this that i have add to the docker group.
I can’t access the web interface what have i configured wrong.
Here is my docker compose file.
---
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
- PUID=1001
- PGID=1001
- TZ=Europe/London
- WEBUI_PORT=8080
- TORRENTING_PORT=6881
volumes:
- /home/torrent/torrent/:/config
- /home/torrent/download/:/downloads
network_mode: service:wireguard
depends_on:
- wireguard
restart: always
wireguard:
image: lscr.io/linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1001
- PGID=1001
- TZ=Europe/London
ports:
- 51820:51820/udp
volumes:
- /home/torrent/wireguard/:/config
- /home/torrent/wireguard/london.conf/:/config/wg0.conf
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: always
You can’t access your instance because the only way to reach the container is through the VPN server (as it should be). You have to open a hole in the container’s firewall to access it through the local network.
In the
[Interface]section in your Wireguard configuration, add the following lines:PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECTPreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPTReplace the value of
HOMENETwith whichever network you’re accessing it from, mine’s set to the docker network because it’s behind an nginx reverse proxy.Still doesn’t work. My wireguard conf file looks like this.
Change the
HOMENET=to my internal ip range i found withip addr show.[Interface] PrivateKey = MyPrivateKey Address = 1.1.1.1 DNS = 1.1.1.1 PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT PreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT [Peer] PublicKey = MyPublicKey AllowedIPs = 0.0.0.0/0 Endpoint = 1.1.1.1