Synology + Docker + VPN + Transmission (+ LunaSea)

[pixelrogue]

Nah, the publised ports need to move from the idvidual services to the gluten container, as all other containers will share the network namespace of the gluten container.

You can only publish ports when the bridge network is used - which is only the case for the gluten container.

so all published ports moved to gluetun container....and each service will know which port after moving them?


---
Update - publish button remains disabled when moving ports to gluetun.

sonarr:
    image: linuxserver/sonarr:latest
    network_mode: service:gluetun
    restart: always
    container_name: sonarr-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/sonarr:/media-store/sonarr:rw
      - /volume1/docker/media-center-config/sonarr:/config:rw
     
  gluetun:
   image: qmcgaw/gluetun
   container_name: gluetun
   network_mode: bridge
   cap_add:
     - NET_ADMIN
   ports:
     - 8888:8888/tcp # HTTP proxy
     - 8989:8989 #sonarr
     - 8388:8388/tcp # Shadowsocks
     - 8388:8388/udp # Shadowsocks
     - 8000:8000/tcp # Built-in HTTP control server
   volumes:

 

[one-eyed-king]

for the first part: Yep, like I already wrote.

For the second part:
I guess this one went over your head: by using network_mode: "service:gluten" the services hook into the same network interface. The rules are not different than running applications on your host: no two processess (in this case isolated in different containers) can bind the same port.

I kind of remember now , why I usualy don't involve myelf into discussions about vpn in containers ^^

 

[pixelrogue]

getting closer...moved the sonarr ip to the gluetun code spot and low and behold the stack deployed (no errors,) started and sonarr appears to be up and running (yea!)

version: "2.4"
services:

  sonarr:
    image: linuxserver/sonarr:latest
    network_mode: service:gluetun
    restart: always
    container_name: sonarr-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/sonarr:/media-store/sonarr:rw
      - /volume1/docker/media-center-config/sonarr:/config:rw

  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    #network_mode: service:gluetun
    network_mode: bridge
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8989:8989 #sonarr
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8000:8000/tcp # Built-in HTTP control server
    volumes:
      - /volume1/docker/media-center-config/gluetun:/gluetun:rw
    environment:
      - OPENVPN_USER=xxxx
      - OPENVPN_PASSWORD=xxxx
      - VPNSP=xxx
      - VPN_TYPE=openvpn
      - PGID=100
      - PUID=1032
      - TZ=America/New_York
    restart: always

How can you test? Getting IP of router would not be relevant in this situation?

Added in Radarr..both Sonarr and Radarr are running as expected.
Gluetun appears stuck on Starting status...no errors. Manual stop/restart = same difference. Delete rebuilt = no change.

 

[Telos]

How can you test?

Wouldn't you launch sonarr by NAS_IP:8989?

Then see traffic on your VPN provider account? Hmmm...

 

[pixelrogue]

Wouldn't you launch sonarr by NAS_IP:8989?

Then see traffic on your VPN provider account? Hmmm...

saying I would need to dig into VPN provider account and view logs (which they apparently do not keep?)hoping there is a tool or command somewhere to see the ips used for each service w/o having to visit the vpn provider.

 

[Telos]

saying I would need to dig into VPN provider account and view logs

I get real-time use per connection >>>

Usage Stats

 

[pixelrogue]

Not as familiar. Is that a generic tool that will work with any certificate? Mainly looking for a tool or way to check ports are routed as expected through VPN, and way to test so traffic stops when vpn disconnects.

 

[pixelrogue]

UPDATE: MILE STONE MARK

All services are running. All services appear to be directing traffic through vpn (not yet tested).

Container for reference:

version: "2.4"
services:

  sonarr:
    image: linuxserver/sonarr:latest
    network_mode: service:gluetun
    restart: always
    container_name: sonarr-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/sonarr:/media-store/sonarr:rw
      - /volume1/docker/media-center-config/sonarr:/config:rw

  radarr:
    image: linuxserver/radarr:latest
    network_mode: service:gluetun
    restart: always
    container_name: radarr-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/radarr:/media-store/radarr:rw
      - /volume1/docker/media-center-config/radarr:/config:rw

  jackett:
    image: linuxserver/jackett:latest
    network_mode: service:gluetun
    restart: always
    container_name: jackett-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/jackett:/media-store/jackett:rw
      - /volume1/docker/media-center-config/jackett:/config:rw

  lidarr:
    image: linuxserver/lidarr:latest
    network_mode: service:gluetun  
    restart: always
    container_name: lidarr-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/lidarr:/media-store/lidarr:rw
      - /volume1/docker/media-center-config/lidarr:/config:rw

  couchpotato:
    image: linuxserver/couchpotato:latest
    network_mode: service:gluetun
    restart: always
    container_name: couchpotato-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/lidarr:/media-store/couchpotato:rw
      - /volume1/docker/media-center-config/couchpotato:/config:rw

  transmission:
    image: linuxserver/transmission:latest
    network_mode: service:gluetun
    restart: always
    container_name: transmission-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/raw:/media-store/raw:rw
      - /volume1/docker/media-center-config/transmission:/config:rw
      
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    #network_mode: service:gluetun
    network_mode: bridge
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8000:8000/tcp # Built-in HTTP control server
      - 9091:9091 #transmission
      - 5050:5050 #couchpotato
      - 8686:8686 #lidarr 
      - 9117:9117 #jackett
      - 7878:7878 #radarr
      - 8989:8989 #sonarr 
    volumes:
      - /volume1/docker/media-center-config/gluetun:/gluetun:rw
    environment:
      - OPENVPN_USER=xxxxx
      - OPENVPN_PASSWORD=xxxxx
      - VPNSP=xxxxx
      - VPN_TYPE=openvpn
      - PGID=100
      - PUID=1032
      - TZ=America/New_York
    restart: always

 

[Telos]

Quite an accomplishment!

 

[pixelrogue]

Small step and good demarcation line. Need to celebrate small wins. Not done yet - marking the moment for others who follow... in a less clumsy manner. Couldn’t have gotten 1/2 this far with the great people here.

1. Learn how to test connections
   (what tool is above for OpenVPN?)
   
   
2. Get LunaSea connected
   
   
3. Configure Apps

 

[Rusty]

Learn how to test connections

Use the console option for the sonarr container (via Portainer) to bash into it. Then you can run traceroute command to see if your traffic has any trace towards your ISP or is all inside the VPN tunnel.

 

[pixelrogue]

Use the console option for the sonarr container (via Portainer) to bash into it. Then you can run traceroute command to see if your traffic has any trace towards your ISP or is all inside the VPN tunnel.

Few strange (newbie things)

• Container consoles from portainer are barely happening...more like a page refresh than a console.
• Got one to run from portainer (as root,) however no data on pings and trace-routes.
• I can run terminal from the docker instance of same service > terminal > create > launch with command
• Running ping works from docker > gluetun. Same for traceroute and first glance indicates vpn in place.
• Ping and traceroute works as expected from gluetun container, runtime error from sonarr (presuming this is to be expected?)
• Have one index for sonarr, ran a few searches and looking for logs and traceroutes yet not finding recent data.

 

[Akira]

torguard offer a torrent IP checker, that would at least let you know if Transmission is routing correctly.

https://torguard.net/checkmytorrentipaddress.php?

 

[pixelrogue]

Use the console option for the sonarr container (via Portainer) to bash into it. Then you can run traceroute command to see if your traffic has any trace towards your ISP or is all inside the VPN tunnel.

Few strange (newbie things)

• Container consoles from portainer are barely happening...more like a page refresh than a console.
• Got one to run from portainer (as root,) however no data on pings and trace-routes.
• I can run terminal from the docker instance of same service > terminal > create > launch with command
• Running ping works from docker > gluetun. Same for traceroute and first glance indicates vpn in place.
• Ping and traceroute works as expected from gluetun container, runtime error from sonarr (presuming this is to be expected?)
• Have one index for sonarr, ran a few searches and looking for logs and traceroutes yet not finding recent data.

torguard offer a torrent IP checker, that would at least let you know if Transmission is routing correctly.

https://torguard.net/checkmytorrentipaddress.php?

Is there a dependency on being a torguard customer to use the tool? Not locating a synology package...

 

[Akira]

No, it's a torrent, add it into transmission and it'll tell you your torrent IP address.

 

[pixelrogue]

No, it's a torrent, add it into transmission and it'll tell you your torrent IP address.

No way..that’s cool...can’t wait to give that try.

 

[pixelrogue]

No, it's a torrent, add it into transmission and it'll tell you your torrent IP address.

Am remote for a few hours more and would love to get this tested while remote. iOS seems to reject the link as is. Thought there would be a way to send a file to download through Synology from iPhone...

 

[pixelrogue]

UPDATE

• Appears something broke - none of the services are connecting online. No indexers. I can add new material, but indexers not connecting. Unable to get services connected to Transmission post gluetun addition to compose.
  Services give error "Unable to connect to Tramission." Transmission UI in browser is up and running.
  
  
• Local IP (which is fixed, static and still works for browser UIs) appears to no longer work for services.
  Had Transmission, indexers connected to services using fixed IP. Fixed IP no longer working, but localhost works. (?)
  Indexers, same thing. Working...now not working. Swap out the static IP for localhost:port and it works.
  
  
• Anyone available for elaboration on bash to test vpn? If so see a few post #54.
  
  
• LunaSea is connected and working. This went smoothly, where on the Mac it appeared to require a number of special hoops and CLI voodoo so thought this might be one of more challenging steps - it wasn't.
  
  
• While the Torrent Leak tool works (and it is great,) I am not finding a way to get that to work from Synology Docker.
  Only way to manually add a url appears through the Upload > Or enter a URL: which is not right.
  Trying anyway, returns an error for an IP. Not convinced this error is related to the tasks at hand.
  Flagged IP is the same as w/I Transmission settings...might be related.
  
  
• Unrelated ~ not seeing a means to password protect this install of Transmission, a feature which I thought was a basic function in any Transmission.

version: "2.4"services:

  sonarr:
    image: linuxserver/sonarr:latest
    network_mode: service:gluetun
    restart: always
    container_name: sonarr-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/sonarr:/media-store/sonarr:rw
      - /volume1/docker/media-center-config/sonarr:/config:rw

  radarr:
    image: linuxserver/radarr:latest
    network_mode: service:gluetun
    restart: always
    container_name: radarr-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/radarr:/media-store/radarr:rw
      - /volume1/docker/media-center-config/radarr:/config:rw

  jackett:
    image: linuxserver/jackett:latest
    network_mode: service:gluetun
    restart: always
    container_name: jackett-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/jackett:/media-store/jackett:rw
      - /volume1/docker/media-center-config/jackett:/config:rw

  lidarr:
    image: linuxserver/lidarr:latest
    network_mode: service:gluetun
    restart: always
    container_name: lidarr-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/lidarr:/media-store/lidarr:rw
      - /volume1/docker/media-center-config/lidarr:/config:rw

  couchpotato:
    image: linuxserver/couchpotato:latest
    network_mode: service:gluetun
    restart: always
    container_name: couchpotato-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/lidarr:/media-store/couchpotato:rw
      - /volume1/docker/media-center-config/couchpotato:/config:rw

  transmission:
    image: linuxserver/transmission:latest
    network_mode: service:gluetun
    restart: always
    container_name: transmission-stack2
    environment:
      - PGID=100
      - PUID=1032
    volumes:
      - /volumeUSB1/usbshare/raw:/media-store/raw:rw
      - /volume1/docker/media-center-config/transmission:/config:rw
  
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    #network_mode: service:gluetun
    network_mode: bridge
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8000:8000/tcp # Built-in HTTP control server
      - 9091:9091 #transmission
      - 5050:5050 #couchpotato
      - 8686:8686 #lidarr
      - 9117:9117 #jackett
      - 7878:7878 #radarr
      - 8989:8989 #sonarr
    volumes:
      - /volume1/docker/media-center-config/gluetun:/gluetun:rw
    environment:
      - OPENVPN_USER=xxxxx
      - OPENVPN_PASSWORD=xxxxx
      - VPNSP=xxxxx
      - VPN_TYPE=openvpn
      - PGID=100
      - PUID=1032
      - TZ=America/New_York
    restart: always

When the paths are inside the docker compose, do they need to added to the service settings for download clients separately? Had Sonarr working w/Tranmission for a bit (prior to gluetun) w/o adding remote path mappings.
Here is a sonarr mapping attempt, and some of the options give a directory that you need to channel and select, was not finding the expected location for local path.

 

[Rusty]

Unrelated ~ not seeing a means to password protect this install of Transmission, a feature which I thought was a basic function in any Transmission

maybe using qBit client instead? It has a login screen.

 

[pixelrogue]

maybe using qBit client instead? It has a login screen.

Found it odd. Lower priority atm as a number of things stopped working.
The local static ip stopped working (maybe required given gluetun?)

Set up two sample files for transmission testing, only one tracker atm. Both went from Sonarr to transmission. One shows as download but only from 1 peer with empty gray status bar but zero data transferred either directions. The other shows as red stays bar zero data either direction status of returning metadata.
Wondering what is getting in the way?
Stats showing 1.13 megs downloaded.