[Docker](http://www.docker.io) is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
running a docker with a torrent client and vpn INSIDE the container... bad idea?
okay, I've got some docker savvy, and have been building a compose project that starts up a variety of home-media services (calibre-web, mediamonkey, plex, etc.).
currently, im working on a qbittorrent service for the compose file. obviously, I need a vpn for any kind of torrenting activity, that's just a given. all the guides and projects I see online take the route of running the composition on a host machine and having the VPN on the host machine providing protection for the traffic coming and going to the docker services; I'd to avoid this so my host doesn't always need to be VPN connected and so the VPN doesnt interfere with the other services my machine is providing.
with that in mind, I guess my questions are: is there anything wrong with installing openvpn stuff on the qbittorrent docker container? are there a security ramifications I haven't considered?
edit: grammar
There's a couple docker containers out their built just for that.
I'm not seeing them, or at best in finding one's with the privileged flag set and I'm reluctant to set it. it doesn't feel like i should have to give the container privilege just to run a vpn...
You definitely could run your VPN process within the same container as your download client. However, my suggestion would be to run the VPN process within it's own container, and then point your other containers to it's network (u/SP3NGL3R provides a good example of this).
Note usage of the "cap_add" and "privileged" settings on the vpn container, and how the "network_mode" for other containers point back to the vpn service.
Not only does this preserve the best-practice of single-process containers, but it provides and easier way of running other containers behind the VPN as well.
this is good stuff
thanks dude
i've been reluctant to add the cap_add and privileged stuff, because the last time i did it seemed to mess with the host network in such a way that it would trigger the nordvpn network killswitch on my host, so i would occasionally get network dropouts
ill give u/sp3ngl3r 's paste a once over. it seems pretty similar in concept to this one here... https://github.com/bubuntux/nordvpn
I run one compose/stack that does two networking paths.
VPN + NZB + Torrent (it's WireGuard, but should be same for OpenVPN)
NoVPN + *arrs
It works perfectly, and uses the VPN where I want only.
Here: https://pastebin.com/YAtyjPZN
I use gluetun https://github.com/qdm12/gluetun supports multiple vpn providers
Qbitorrentvpn
I used to do this, docker, torrent client with vpn but than I discovered real-debrid which is basically downloads the torrent for you and you can download it full speed via web. Later I discovered that Real-debrid has an API extension and you can mount all torrent downloads as a virtual drive. It’s absolutely end game in regards of torrent handling, no more torrent client, no more uploading etc.
Check out yams.media. great setup. With gluetun VPN and qbittorrent