⚠️ Yourqbittorrent.confmay not be compatible with 4.4.0 and may need to be deleted
Lightweight qBittorrent & Private Internet Access VPN client
Click to show base components
- Ubuntu 23.04 for a base image
- Alpine 3.16.0 for a base image
- OpenVPN 2.6.1 to tunnel to PIA nextgen servers
- IPtables 1.8.8 enforces the container to communicate only through the VPN or with other containers in its virtual network (acts as a killswitch)
-
Configure everything with environment variables
- Destination region
- Internet protocol
- Level of encryption
- PIA Username and password
- DNS Servers
-
Self contained qBittorrent
-
Exposed webUI
-
Downloads & config Volumes
-
The iptables firewall allows traffic only with needed PIA servers (IP addresses, port, protocol) combinations
-
OpenVPN reconnects automatically on failure
-
Port forwarding for seeding
-
Requirements
- A Private Internet Access username and password - Sign up referral link
- External firewall requirements, if you have one
- Allow outbound TCP 853 to 1.1.1.1 to allow Unbound to resolve the PIA domain name at start. You can then block it once the container is started.
- For VPN connection allow outbound UDP 1198
- For the built-in web HTTP proxy, allow inbound TCP 8888
- Docker API 1.25 to support
init
-
Launch the container with:
Basic Launch
docker run -d --init --name=pia --restart unless-stopped --cap-add=NET_ADMIN -v /My/Downloads/Folder/:/downloads \ -p 8888:8888 -e REGION="Netherlands" -e USER=xxxxxxx -e PASSWORD=xxxxxxxx \ j4ym0/pia-qbittorrentAdvanced Launch
docker run -d --init --name=pia --restart unless-stopped --cap-add=NET_ADMIN \ -v /My/Downloads/Folder/:/downloads -v /qBittorrent/config/:/config \ -p 8888:8888 -e REGION="Netherlands" -e USER=xxxxxxx -e PASSWORD=xxxxxxxx \ -e UID=3 -e GID=3 -e TZ=Etc/UTC -e PORT_FORWARDING=true \ j4ym0/pia-qbittorrentNote that you can:
- Change the many environment variables available
- Use
-p 8888:8888/tcpto access the HTTP web proxy - Pass additional arguments to openvpn using Docker's command function (commands after the image name)
Check the PIA IP address matches your expectations
try WhatisMyIP.net torrent-ip-checker
| Environment variable | Default | Description |
|---|---|---|
REGION |
Netherlands |
One of the PIA regions |
USER |
Your PIA username | |
PASSWORD |
Your PIA password | |
PORT_FORWARDING |
false |
Set to true if you with to enable port forwarding from PIA |
WEBUI_PORT |
8888 |
1024 to 65535 internal port for HTTP proxy |
DNS_SERVERS |
209.222.18.222,209.222.18.218,103.196.38.38,103.196.38.39 |
DNS servers to use, comma separated |
UID |
The UserID (default 700) | |
GID |
The GroupID (default 700) | |
TZ |
The Timzeone |
Port forwarding port will be added to qBittorrent settings on startup. A port can last for up to 2 months.
To get the user id, run id -u USER
To get the group id for a user, run id -g USER
PIA DNS Servers 209.222.18.222 and 209.222.18.218
Handshake DNS Servers 103.196.38.38 and 103.196.38.39
If you enable port forwarding by adding -e PORT_FORWARDING=true your pia-qbittorrent, your container will be opened to the outside. This is beneficial when seeding/uploading. On startup a port will be requested from Private Internet Access, this port will then be opened on the containers firewall and added to the qBittorrent config. qBittorrent will then bind to that port on launch.
You can not specify a port, Private Internet Access assign a random port to your connection that will change every time. The port will be assigned for a maximum of 2 months. The container will have to keep in contact with PIA to keep the port alive and the port may be revoke if the container is not able to keep in contact.
If the internet connection is lossed for a short time, the port remains open.
If the internet connection is lost for longer than 15 minutes the port should remain open until the port is reassigned. Although the container is designed to restart if there is an issue with port forwarding (exit code 5), i have yet to experience a port becoming unavailable. If you seem to have an issue, restart the container or goto File and use the exit qBittorrent from the webUI. The container will restart if --restart unless-stopped is set .
You can connect via your web browser using http://127.0.0.1:8888 or you public ip / LAN if you have forwarding set up
Default username: admin
Default Password: adminadmin
The default password can be found in the output log from the container. View it with docker logs pia-qbittorrent
-
You can review the code which essential consists in the Dockerfile and entrypoint.sh
-
Any issues please raise them!!
-
Build the images straight from git:
docker build -t j4ym0/pia-qbittorrent https://github.com/j4ym0/pia-qbittorrent-docker.git
-
clone the repository and build:
git clone https://github.com/j4ym0/pia-qbittorrent-docker.git cd pia-qbittorrent-docker docker build -t j4ym0/pia-qbittorrent .
-
Using docker compose:
git clone https://github.com/j4ym0/pia-qbittorrent-docker.git cd pia-qbittorrent-docker docker-compose up -d -
The download and unziping of PIA openvpn files is done at build for the ones not able to download the zip files
-
Checksums for PIA openvpn zip files are not used as these files change often (but HTTPS is used)
-
PIA Nextgen servers are used
-
DNS Leaks tests seems to be ok, NEED FEEDBACK
- More DNS leak testing
- Edit config from environment vars
This repository is under an MIT license