use api, req priv, force options set

6 years ago · 391f1a2346
parent 7029c2fe2e
commit 391f1a2346
5 changed files with 53 additions and 79 deletions
--- a/README.md
+++ b/README.md
@ -17,7 +17,7 @@ Latest stable Privoxy release from Arch Linux repo.
 **Usage**
 ```
 docker run -d \
-    --cap-add=NET_ADMIN \
+    --privileged=true \
    -p 6881:6881 \
    -p 6881:6881/udp \
    -p 8080:8080 \
@ -59,7 +59,7 @@ Password:- adminadmin
 **PIA example**
 ```
 docker run -d \
-    --cap-add=NET_ADMIN \
+    --privileged=true \
    -p 6881:6881 \
    -p 6881:6881/udp \
    -p 8080:8080 \
@ -106,7 +106,7 @@ port_random = no
 **AirVPN example**
 ```
 docker run -d \
-    --cap-add=NET_ADMIN \
+    --privileged=true \
    -p 6881:6881 \
    -p 6881:6881/udp \
    -p 8080:8080 \
--- a/build/qbittorrent.conf
+++ b/build/qbittorrent.conf
@ -12,13 +12,6 @@ user = nobody
 command = /home/nobody/watchdog.sh
 umask = 000
 [program:qbittorrent-script]
 autorestart = false
 startsecs = 0
 user = nobody
 command = /home/nobody/qbittorrent.sh
 umask = 000
 [program:privoxy-script]
 autorestart = false
 startsecs = 0
--- a/config/nobody/qbittorrent/config/qbittorrent.conf
+++ b/config/nobody/qbittorrent/config/qbittorrent.conf
@ -2,14 +2,12 @@
 enabled=false
 program=
 [LegalNotice]
 Accepted=true
 [Preferences]
 Connection\UPnP=false
 Connection\PortRangeMin=6881
-Downloads\SavePath=/data/
+Connection\UPnP=false
-Downloads\ScanDirsV2=@Variant(\0\0\0\x1c\0\0\0\0)
+General\UseRandomPort=false
-Downloads\TempPath=/data/incomplete/
+WebUI\CSRFProtection=false
 WebUI\LocalHostAuth=true
 WebUI\UseUPnP=false
 WebUI\Address=*
 WebUI\ServerDomains=*
--- a/run/nobody/qbittorrent.sh
+++ b/run/nobody/qbittorrent.sh
@ -1,57 +1,26 @@
 #!/bin/bash
-# kill qbittorrent (required due to the fact qbittorrent cannot cope with dynamic changes to port)
+# change incoming port using the qbittorrent api - note this requires anonymous authentication via webui
 # option 'Bypass authentication for clients on localhost'
 if [[ "${qbittorrent_running}" == "true" ]]; then
-	# note its not currently possible to change port and/or ip address whilst running, thus the sigterm
+	if [[ "${VPN_PROV}" == "pia" && -n "${VPN_INCOMING_PORT}" ]]; then
 	echo "[info] Sending SIGTERM (-15) to 'qbittorrent-nox' (will terminate qbittorrent) due to port/ip change..."
 	# SIGTERM used here as SIGINT does not kill the process
 	pkill -SIGTERM "qbittorrent-nox"
 	# make sure 'qbittorrent-nox' process DOESNT exist before re-starting
 	while pgrep -x "qbittorrent-nox" &> /dev/null
 	do
 		sleep 0.5s
-	done
+		curl -i -X POST -d "json=%7B%22listen_port%22%3A${VPN_INCOMING_PORT}%7D" "http://localhost:${WEBUI_PORT}/command/setPreferences"
 	fi
 else
 	echo "[info] Removing session lock file (if it exists)..."
 	rm -f /config/qBittorrent/data/BT_backup/session.lock
 	echo "[info] Attempting to start qBittorrent..."
-if [[ "${VPN_ENABLED}" == "yes" ]]; then
+	# run qBittorrent (daemonized, non-blocking) - note qbittorrent requires docker privileged flag
 	if [[ "${VPN_PROV}" == "pia" && -n "${VPN_INCOMING_PORT}" ]]; then
 		# run qBittorrent (daemonized, non-blocking), specifying listening interface and port
 		/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume
 		# set qbittorrent port to current vpn port (used when checking for changes on next run)
 		qbittorrent_port="${VPN_INCOMING_PORT}"
 	else
 		# run qBittorrent (daemonized, non-blocking), specifying listening interface
 	/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume
-	fi
+	# make sure process qbittorrent-nox DOES exist
 	# set qbittorrent ip to current vpn ip (used when checking for changes on next run)
 	qbittorrent_ip="${vpn_ip}"
 else
 	# run tmux attached to qBittorrent (daemonized, non-blocking)
 	/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume
 fi
 # make sure process qbittorrent DOES exist
 	retry_count=30
 	while true; do
@ -88,4 +57,12 @@ while [[ $(netstat -lnt | awk "\$6 == \"LISTEN\" && \$4 ~ \".${WEBUI_PORT}\"") =
 		sleep 0.1
 	done
-echo "[info] qBittorrent process listening"
+	# change incoming port using the qbittorrent api - note this requires anonymous authentication via webui
 	# option 'Bypass authentication for clients on localhost'
 	if [[ "${VPN_PROV}" == "pia" && -n "${VPN_INCOMING_PORT}" ]]; then
 		curl -i -X POST -d "json=%7B%22listen_port%22%3A${VPN_INCOMING_PORT}%7D" "http://localhost:${WEBUI_PORT}/command/setPreferences"
 	fi
 fi
--- a/run/nobody/watchdog.sh
+++ b/run/nobody/watchdog.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # define destination file path for qbittorrent config file
-qbittorrent_config="/config/qBittorrent/config/qbittorrent.conf"
+qbittorrent_config="/config/qBittorrent/config/qBittorrent.conf"
 # if qbittorrent config file doesnt exist then copy default to host config volume
 if [[ ! -f "${qbittorrent_config}" ]]; then
@ -37,6 +37,12 @@ while true; do
 	if [[ "${VPN_ENABLED}" == "yes" ]]; then
 		# forcibly set allow anonymous access from localhost to api (used to change incoming port)
 		sed -i "s~^WebUI\LocalHostAuth=.*~WebUI\LocalHostAuth=true~g" "${qbittorrent_config}"
 		# forcibly set random incoming port to false
 		sed -i "s~^General\UseRandomPort=.*~General\UseRandomPort=false~g" "${qbittorrent_config}"
 		# run script to check ip is valid for tunnel device (will block until valid)
 		source /home/nobody/getvpnip.sh