use api, req priv, force options set

6 years ago · 391f1a2346
parent 7029c2fe2e
commit 391f1a2346
5 changed files with 53 additions and 79 deletions
--- a/README.md
+++ b/README.md
@ -17,7 +17,7 @@ Latest stable Privoxy release from Arch Linux repo.
 **Usage**
 ```
 docker run -d \
-    --cap-add=NET_ADMIN \
+    --privileged=true \
    -p 6881:6881 \
    -p 6881:6881/udp \
    -p 8080:8080 \
@ -59,7 +59,7 @@ Password:- adminadmin
 **PIA example**
 ```
 docker run -d \
-    --cap-add=NET_ADMIN \
+    --privileged=true \
    -p 6881:6881 \
    -p 6881:6881/udp \
    -p 8080:8080 \
@ -106,7 +106,7 @@ port_random = no
 **AirVPN example**
 ```
 docker run -d \
-    --cap-add=NET_ADMIN \
+    --privileged=true \
    -p 6881:6881 \
    -p 6881:6881/udp \
    -p 8080:8080 \
--- a/build/qbittorrent.conf
+++ b/build/qbittorrent.conf
@ -12,13 +12,6 @@ user = nobody
 command = /home/nobody/watchdog.sh
 umask = 000

-[program:qbittorrent-script]
-autorestart = false
-startsecs = 0
-user = nobody
-command = /home/nobody/qbittorrent.sh
-umask = 000
-
 [program:privoxy-script]
 autorestart = false
 startsecs = 0
--- a/config/nobody/qbittorrent/config/qbittorrent.conf
+++ b/config/nobody/qbittorrent/config/qbittorrent.conf
@ -2,14 +2,12 @@
 enabled=false
 program=

-[LegalNotice]
-Accepted=true
-
 [Preferences]
-Connection\UPnP=false
 Connection\PortRangeMin=6881
-Downloads\SavePath=/data/
-Downloads\ScanDirsV2=@Variant(\0\0\0\x1c\0\0\0\0)
-Downloads\TempPath=/data/incomplete/
+Connection\UPnP=false
+General\UseRandomPort=false
+WebUI\CSRFProtection=false
+WebUI\LocalHostAuth=true
+WebUI\UseUPnP=false
 WebUI\Address=*
 WebUI\ServerDomains=*
--- a/run/nobody/qbittorrent.sh
+++ b/run/nobody/qbittorrent.sh
@ -1,91 +1,68 @@
 #!/bin/bash

-# kill qbittorrent (required due to the fact qbittorrent cannot cope with dynamic changes to port)
+# change incoming port using the qbittorrent api - note this requires anonymous authentication via webui
+# option 'Bypass authentication for clients on localhost'
 if [[ "${qbittorrent_running}" == "true" ]]; then

-	# note its not currently possible to change port and/or ip address whilst running, thus the sigterm
-	echo "[info] Sending SIGTERM (-15) to 'qbittorrent-nox' (will terminate qbittorrent) due to port/ip change..."
-
-	# SIGTERM used here as SIGINT does not kill the process
-	pkill -SIGTERM "qbittorrent-nox"
-
-	# make sure 'qbittorrent-nox' process DOESNT exist before re-starting
-	while pgrep -x "qbittorrent-nox" &> /dev/null
-	do
-
-		sleep 0.5s
-
-	done
-
-fi
-
-echo "[info] Removing session lock file (if it exists)..."
-rm -f /config/qBittorrent/data/BT_backup/session.lock
-
-echo "[info] Attempting to start qBittorrent..."
-
-if [[ "${VPN_ENABLED}" == "yes" ]]; then
-
 	if [[ "${VPN_PROV}" == "pia" && -n "${VPN_INCOMING_PORT}" ]]; then

-		# run qBittorrent (daemonized, non-blocking), specifying listening interface and port
-		/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume
-
-		# set qbittorrent port to current vpn port (used when checking for changes on next run)
-		qbittorrent_port="${VPN_INCOMING_PORT}"
-
-	else
-
-		# run qBittorrent (daemonized, non-blocking), specifying listening interface
-		/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume
+		curl -i -X POST -d "json=%7B%22listen_port%22%3A${VPN_INCOMING_PORT}%7D" "http://localhost:${WEBUI_PORT}/command/setPreferences"

 	fi

-	# set qbittorrent ip to current vpn ip (used when checking for changes on next run)
-	qbittorrent_ip="${vpn_ip}"
-
 else

-	# run tmux attached to qBittorrent (daemonized, non-blocking)
+	echo "[info] Removing session lock file (if it exists)..."
+	rm -f /config/qBittorrent/data/BT_backup/session.lock
+
+	echo "[info] Attempting to start qBittorrent..."
+
+	# run qBittorrent (daemonized, non-blocking) - note qbittorrent requires docker privileged flag
 	/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume

-fi
+	# make sure process qbittorrent-nox DOES exist
+	retry_count=30
+	while true; do

-# make sure process qbittorrent DOES exist
-retry_count=30
-while true; do
+		if ! pgrep -x "qbittorrent-nox" > /dev/null; then

-	if ! pgrep -x "qbittorrent-nox" > /dev/null; then
+			retry_count=$((retry_count-1))
+			if [ "${retry_count}" -eq "0" ]; then

-		retry_count=$((retry_count-1))
-		if [ "${retry_count}" -eq "0" ]; then
+				echo "[warn] Wait for qBittorrent process to start aborted"
+				break

-			echo "[warn] Wait for qBittorrent process to start aborted"
-			break
+			else

-		else
+				if [[ "${DEBUG}" == "true" ]]; then
+					echo "[debug] Waiting for qBittorrent process to start..."
+				fi
+
+				sleep 1s

-			if [[ "${DEBUG}" == "true" ]]; then
-				echo "[debug] Waiting for qBittorrent process to start..."
 			fi

-			sleep 1s
+		else
+
+			echo "[info] qBittorrent process started"
+			break

 		fi

-	else
+	done

-		echo "[info] qBittorrent process started"
-		break
+	echo "[info] Waiting for qBittorrent process to start listening on port ${WEBUI_PORT}..."

-	fi
+	while [[ $(netstat -lnt | awk "\$6 == \"LISTEN\" && \$4 ~ \".${WEBUI_PORT}\"") == "" ]]; do
+		sleep 0.1
+	done

-done
+	# change incoming port using the qbittorrent api - note this requires anonymous authentication via webui
+	# option 'Bypass authentication for clients on localhost'
+	if [[ "${VPN_PROV}" == "pia" && -n "${VPN_INCOMING_PORT}" ]]; then

-echo "[info] Waiting for qBittorrent process to start listening on port ${WEBUI_PORT}..."
+		curl -i -X POST -d "json=%7B%22listen_port%22%3A${VPN_INCOMING_PORT}%7D" "http://localhost:${WEBUI_PORT}/command/setPreferences"

-while [[ $(netstat -lnt | awk "\$6 == \"LISTEN\" && \$4 ~ \".${WEBUI_PORT}\"") == "" ]]; do
-	sleep 0.1
-done
+	fi

-echo "[info] qBittorrent process listening"
+fi
--- a/run/nobody/watchdog.sh
+++ b/run/nobody/watchdog.sh
@ -1,7 +1,7 @@
 #!/bin/bash

 # define destination file path for qbittorrent config file
-qbittorrent_config="/config/qBittorrent/config/qbittorrent.conf"
+qbittorrent_config="/config/qBittorrent/config/qBittorrent.conf"

 # if qbittorrent config file doesnt exist then copy default to host config volume
 if [[ ! -f "${qbittorrent_config}" ]]; then
@ -37,6 +37,12 @@ while true; do

 	if [[ "${VPN_ENABLED}" == "yes" ]]; then

+		# forcibly set allow anonymous access from localhost to api (used to change incoming port)
+		sed -i "s~^WebUI\LocalHostAuth=.*~WebUI\LocalHostAuth=true~g" "${qbittorrent_config}"
+
+		# forcibly set random incoming port to false
+		sed -i "s~^General\UseRandomPort=.*~General\UseRandomPort=false~g" "${qbittorrent_config}"
+
 		# run script to check ip is valid for tunnel device (will block until valid)
 		source /home/nobody/getvpnip.sh