My solution uses qBittorrent with Glutun and it works great. My Docker Compose file is based on this one https://github.com/TechHutTV/homelab/blob/main/media/arr-compose.yaml. I simply removed some of the services I didn’t need. I recommend watching his YouTube video(Same video on Odysee) if you can’t get it to work.

I am trying to have a QBitTorrent Docker container that is accessible on my local network and connects to WireGuard. I know this is a basic question, and I’m sorry if I’m wasting your time. I am using a separate user for this that i have add to the docker group.

I can’t access the web interface what have i configured wrong.

Here is my docker compose file.

---
services:
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Europe/London
      - WEBUI_PORT=8080
      - TORRENTING_PORT=6881
    volumes:
      - /home/torrent/torrent/:/config
      - /home/torrent/download/:/downloads 
    network_mode: service:wireguard
    depends_on:
      - wireguard
    restart: always

  wireguard:
    image: lscr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
    - NET_ADMIN
    - SYS_MODULE
    environment:
    - PUID=1001
    - PGID=1001
    - TZ=Europe/London
    ports:
    - 51820:51820/udp
    volumes:
    - /home/torrent/wireguard/:/config
    - /home/torrent/wireguard/london.conf/:/config/wg0.conf
    sysctls:
    - net.ipv4.conf.all.src_valid_mark=1
    restart: always
  • @chemaEnglish
    36 days ago

    You can’t access your instance because the only way to reach the container is through the VPN server (as it should be). You have to open a hole in the container’s firewall to access it through the local network.

    In the [Interface] section in your Wireguard configuration, add the following lines:

    PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

    PreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT

    Replace the value of HOMENET with whichever network you’re accessing it from, mine’s set to the docker network because it’s behind an nginx reverse proxy.

    • @[email protected]OPEnglish
      16 days ago

      Still doesn’t work. My wireguard conf file looks like this.

      Change the HOMENET= to my internal ip range i found with ip addr show.

      [Interface]
PrivateKey = MyPrivateKey
Address = 1.1.1.1
DNS = 1.1.1.1

PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

PreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT

[Peer]
PublicKey = MyPublicKey
AllowedIPs = 0.0.0.0/0
Endpoint = 1.1.1.1