Put rtorrent behind a vpn

2025-05-01 20:23:49 +02:00 · 2025-05-01 20:23:49 +02:00 · 02647f6ecc
commit 02647f6ecc
parent ab78ed6835
7 changed files with 88 additions and 79 deletions
--- a/scripts/Common/Software/docker/services/jellyfin/docker-compose.base.yml
+++ b/scripts/Common/Software/docker/services/jellyfin/docker-compose.base.yml
@ -102,22 +102,26 @@ services:
      - ./data/downloads:/downloads
      - rtorrent:/data/rtorrent
  rtorrent:
+    extends:
+      service: privoxy
+    environment:
+      PVPN_CMD_ARGS: --p2p --random
+    volumes:
+      - ./data/proton/rtorrent:/data/proton
+  rtorrent_backend:
    build:
-      dockerfile: ./proton.Dockerfile
-      target: rtorrent
+      dockerfile: ./rtorrent.Dockerfile
      context: .
    restart: unless-stopped
-    profiles:
-      - rtorrent
-    hostname: rtorrent
+    depends_on:
+      rtorrent:
+        condition: service_healthy
+    network_mode: service:rtorrent
    environment:
      PUID: 1337
      PGID: 1337
      PHOME: /config
-      PVPN_CMD_ARGS: --p2p --random
      MAX_UPTIME: 43200
-    sysctls:
-      net.ipv4.conf.all.rp_filter: 2
    command: -o ratio.enable=
             -o ratio.min.set=200
             -o ratio.max.set=10000
@ -127,11 +131,6 @@ services:
      - /etc/localtime:/etc/localtime:ro
      - rtorrent:/data/rtorrent
      - ./data/downloads:/downloads
-      - ./data/proton/rtorrent:/data/proton
-    devices:
-      - /dev/net/tun
-    cap_add:
-      - NET_ADMIN
  jdownloader:
    image: jlesage/jdownloader-2
    restart: unless-stopped
--- a/scripts/Common/Software/docker/services/jellyfin/proton.Dockerfile
+++ b/scripts/Common/Software/docker/services/jellyfin/proton.Dockerfile
@ -42,23 +42,3 @@ ENV PVPN_USERNAME= \
 RUN mkdir -p /data/proton
 ENTRYPOINT [ "proton-entrypoint" ]
 CMD [ "supervisord" ]
-
-FROM vpn AS rtorrent
-
-RUN apt-get update \
-    && apt-get upgrade -y \
-    && apt-get install -y \
-        natpmpc \
-        supervisor \
-    && rm -rf /var/lib/apt/lists/*
-
-RUN mkdir -p /data/rtorrent
-COPY --chmod=777 --from=jesec/rtorrent / /
-COPY --chmod=755 ./rtorrent-entrypoint.sh /usr/local/bin/rtorrent-entrypoint
-COPY --chmod=755 ./rtorrent-wrapper.sh /usr/local/bin/rtorrent-wrapper
-COPY ./rtorrent.conf /etc/supervisor/conf.d/supervisord.conf
-ENTRYPOINT [ "proton-entrypoint", "rtorrent-entrypoint" ]
-
-ENV NATPMP_TIMEOUT=60 \
-    NATPMP_INTERVAL= \
-    MAX_UPTIME=
--- a/scripts/Common/Software/docker/services/jellyfin/rtorrent-entrypoint.sh
+++ b/scripts/Common/Software/docker/services/jellyfin/rtorrent-entrypoint.sh
@ -1,46 +0,0 @@
-#!/usr/bin/env bash
-fallback="$(expr ${NATPMP_TIMEOUT} \* 3 / 4)"
-export NATPMP_INTERVAL="${NATPMP_INTERVAL:-$fallback}"
-
-groupadd --gid $PGID $USERNAME >/dev/null
-useradd --create-home --home-dir $PHOME $USERNAME --uid $PUID -g $USERNAME 2>/dev/null
-chown $USERNAME:$USERNAME $PHOME
-chown $USERNAME:$USERNAME "/etc/rtorrent"
-mkdir -p /config/.local/share
-chown $USERNAME:$USERNAME /data
-chown -R $USERNAME:$USERNAME /data/rtorrent
-rm -rf /config/.local/share/rtorrent
-ln -s /data/rtorrent /config/.local/share/
-chown -R $USERNAME:$USERNAME /config
-echo "Opening a port using NAT-PMP for $NATPMP_TIMEOUT seconds…"
-output="$(natpmpc -g 10.2.0.1 -a 0 0 tcp "$NATPMP_TIMEOUT")"
-natpmpc -g 10.2.0.1 -a 0 0 udp "$NATPMP_TIMEOUT"
-port="$(echo "$output" | grep -m 1 " public port [[:digit:]]\+ " | sed "s/.* public port \([[:digit:]]\+\).*/\\1/")"
-echo "Port $port has been opened for P2P data transfer!"
-echo "The NAT-PMP port forwarding will be updated every $NATPMP_INTERVAL seconds"
-export PEERPORT="$port"
-
-set -m
-
-{
-    while true
-    do
-        echo "Refreshing NAT-PMP port forwarding…"
-        natpmpc -g 10.2.0.1 -a 0 0 udp "$NATPMP_TIMEOUT"
-        natpmpc -g 10.2.0.1 -a 0 0 tcp "$NATPMP_TIMEOUT"
-        echo "NAT-PMP port forwarding has been refreshed!"
-        sleep "$NATPMP_INTERVAL"
-    done
-} &
-
-cmd="rtorrent -o network.port_range.set=$PEERPORT-$PEERPORT,system.daemon.set=true $@"
-
-if [ ${MAX_UPTIME:-0} -gt 0 ]
-then
-    sudo -iu $USERNAME $cmd &
-    pid=$!
-    sleep "$MAX_UPTIME"
-    pkill -9 $pid
-else
-    sudo -u $USERNAME $cmd
-fi
--- a/scripts/Common/Software/docker/services/jellyfin/rtorrent.Dockerfile
+++ b/scripts/Common/Software/docker/services/jellyfin/rtorrent.Dockerfile
@ -0,0 +1,19 @@
+FROM debian
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y \
+            natpmpc \
+            supervisor \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN mkdir -p /data/rtorrent
+COPY --chmod=755 --from=jesec/rtorrent / /
+COPY --chmod=755 ./rtorrent/update-natpmp.sh /usr/local/bin/update-natpmp
+COPY --chmod=755 ./rtorrent/rtorrent-entrypoint.sh /usr/local/bin/rtorrent-entrypoint
+COPY ./rtorrent/supervisord.conf /etc/supervisor/supervisord.conf
+ENTRYPOINT [ "rtorrent-entrypoint" ]
+
+ENV USERNAME=proton \
+    NATPMP_TIMEOUT=60 \
+    NATPMP_INTERVAL= \
+    MAX_UPTIME=
--- a/scripts/Common/Software/docker/services/jellyfin/rtorrent/rtorrent-entrypoint.sh
+++ b/scripts/Common/Software/docker/services/jellyfin/rtorrent/rtorrent-entrypoint.sh
@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+fallback="$(expr ${NATPMP_TIMEOUT} \* 3 / 4)"
+NATPMP_INTERVAL="${NATPMP_INTERVAL:-$fallback}"
+groupadd --gid $PGID $USERNAME >/dev/null
+useradd --create-home --home-dir $PHOME $USERNAME --uid $PUID -g $USERNAME 2>/dev/null
+chown -R $USERNAME:$USERNAME "/etc/rtorrent"
+mkdir -p $PHOME/.local/share
+chown $USERNAME:$USERNAME /data
+chown -R $USERNAME:$USERNAME /data/rtorrent
+rm -rf $PHOME/.local/share/rtorrent
+ln -s /data/rtorrent $PHOME/.local/share/
+chown $USERNAME:$USERNAME $PHOME
+
+echo "Opening a port using NAT-PMP for $NATPMP_TIMEOUT seconds…"
+output="$(natpmpc -g 10.2.0.1 -a 0 0 tcp "$NATPMP_TIMEOUT")"
+natpmpc -g 10.2.0.1 -a 0 0 udp "$NATPMP_TIMEOUT"
+port="$(echo "$output" | grep -m 1 " public port [[:digit:]]\+ " | sed "s/.* public port \([[:digit:]]\+\).*/\\1/")"
+echo "Port $port has been opened for P2P data transfer!"
+echo "The NAT-PMP port forwarding will be updated every $NATPMP_INTERVAL seconds"
+
+RTORRENT_PORT="$port" \
+RTORRENT_ARGS="$@" \
+NATPMP_INTERVAL="$NATPMP_INTERVAL" \
+supervisord
--- a/scripts/Common/Software/docker/services/jellyfin/rtorrent/supervisord.conf
+++ b/scripts/Common/Software/docker/services/jellyfin/rtorrent/supervisord.conf
@ -0,0 +1,24 @@
+[supervisord]
+nodaemon=true
+logfile=/dev/null
+logfile_maxbytes=0
+
+[include]
+files=/etc/supervisor/conf.d/*
+
+[program:update-natpmp]
+command=update-natpmp
+user=root
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/fd/2
+stderr_logfile_maxbytes=0
+
+[program:rtorrent]
+user=%(ENV_USERNAME)s
+environment=HOME="%(ENV_PHOME)s",USER="%(ENV_USERNAME)s"
+command=rtorrent -o network.port_range.set="%(ENV_RTORRENT_PORT)s"-"%(ENV_RTORRENT_PORT)s",system.daemon.set=true %(ENV_RTORRENT_ARGS)s
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/fd/2
+stderr_logfile_maxbytes=0
--- a/scripts/Common/Software/docker/services/jellyfin/rtorrent/update-natpmp.sh
+++ b/scripts/Common/Software/docker/services/jellyfin/rtorrent/update-natpmp.sh
@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+while true
+do
+    echo "Refreshing NAT-PMP port forwarding…"
+    natpmpc -g 10.2.0.1 -a 0 0 udp "$NATPMP_TIMEOUT"
+    natpmpc -g 10.2.0.1 -a 0 0 tcp "$NATPMP_TIMEOUT"
+    echo "NAT-PMP port forwarding has been refreshed!"
+    sleep "$NATPMP_INTERVAL"
+done