/pia-qbittorrent-docker

Private internet access & qBittorrent Docker

Primary LanguageShellMIT LicenseMIT

Private Internet Access Client (qBittorrent+OpenVPN+Iptables+DNS over TLS on alpine/ubuntu)

Nextgen (GEN4) Server compatible

latest version Pulls from DockerHub

⚠️ Your qbittorrent.conf may not be compatible with 4.4.0 and may need to be deleted

Lightweight qBittorrent & Private Internet Access VPN client

PIA Docker OpenVPN

Click to show base components

Features

  • Configure everything with environment variables

    • Destination region
    • Internet protocol
    • Level of encryption
    • PIA Username and password
    • DNS Servers

  • Self contained qBittorrent

  • Exposed webUI

  • Downloads & config Volumes

  • The iptables firewall allows traffic only with needed PIA servers (IP addresses, port, protocol) combinations

  • OpenVPN reconnects automatically on failure

Setup

  1. Requirements

    • A Private Internet Access username and password - Sign up referral link
    • External firewall requirements, if you have one
      • Allow outbound TCP 853 to 1.1.1.1 to allow Unbound to resolve the PIA domain name at start. You can then block it once the container is started.
      • For UDP normal encryption, allow outbound UDP 1198
      • For the built-in web HTTP proxy, allow inbound TCP 8888
    • Docker API 1.25 to support init

  2. Launch the container with:

    docker run -d --init --name=pia --cap-add=NET_ADMIN -v /My/Downloads/Folder/:/downloads \
    -p 8888:8888 -e REGION="Netherlands" -e USER=xxxxxxx -e PASSWORD=xxxxxxxx \
    j4ym0/pia-qbittorrent

    Note that you can:

    • Change the many environment variables available
    • Use -p 8888:8888/tcp to access the HTTP web proxy
    • Pass additional arguments to openvpn using Docker's command function (commands after the image name)

Testing

Check the PIA IP address matches your expectations

try http://checkmyip.torrentprivacy.com/

Environment variables

Environment variable Default Description
REGION Netherlands One of the PIA regions
USER Your PIA username
PASSWORD Your PIA password
WEBUI_PORT 8888 1024 to 65535 internal port for HTTP proxy
! DNS_SERVERS 209.222.18.222,209.222.18.218,103.196.38.38,103.196.38.39 DNS servers to use, comma separated

PIA DNS Servers 209.222.18.222 and 209.222.18.218 Handshake DNS Servers 103.196.38.38 and 103.196.38.39

Connect to it

You can connect via your web browser using http://127.0.0.1:8888 or you public ip / LAN if you have forwarding set up

Default username: admin Default Password: adminadmin

For the paranoids

  • You can review the code which essential consists in the Dockerfile and entrypoint.sh

  • Any issues please raise them!!

  • Build the images straight from git:

    docker build -t j4ym0/pia-qbittorrent https://github.com/j4ym0/pia-qbittorrent-docker.git
  • clone the repository and build:

    git clone https://github.com/j4ym0/pia-qbittorrent-docker.git
    cd pia-qbittorrent-docker
    docker build -t j4ym0/pia-qbittorrent .
  • Using docker compose:

      git clone https://github.com/j4ym0/pia-qbittorrent-docker.git
      cd pia-qbittorrent-docker
      docker-compose up -d
  • The download and unziping of PIA openvpn files is done at build for the ones not able to download the zip files

  • Checksums for PIA openvpn zip files are not used as these files change often (but HTTPS is used)

  • PIA Nextgen servers are used

  • DNS Leaks tests seems to be ok, NEED FEEDBACK

TODOs

  • More DNS leack testing
  • Edit config from environment vars

License

This repository is under an MIT license