allow user to define webui port via env

6 years ago · 46eb7b1161
parent d983c96355
commit 46eb7b1161
4 changed files with 34 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -10,7 +10,7 @@ qBittorrent is a bittorrent client programmed in C++ / Qt that uses libtorrent (

 **Build notes**

-Latest Github Release of qBittorrent.
+Latest stable qBittorrent release from Arch Linux repo.
 Latest stable OpenVPN release from Arch Linux repo.
 Latest stable Privoxy release from Arch Linux repo.

@ -34,7 +34,7 @@ docker run -d \
    -e LAN_NETWORK=<lan ipv4 network>/<cidr notation> \
    -e NAME_SERVERS=<name server ip(s)> \
    -e DEBUG=<true|false> \
-    -e PHP_TZ=<php timezone> \
+    -e WEBUI_PORT=<port for web interfance> \
    -e UMASK=<umask for created files> \
    -e PUID=<uid for user> \
    -e PGID=<gid for user> \
@ -73,7 +73,7 @@ docker run -d \
    -e LAN_NETWORK=192.168.1.0/24 \
    -e NAME_SERVERS=209.222.18.222,37.235.1.174,1.1.1.1,8.8.8.8,209.222.18.218,37.235.1.177,1.0.0.1,8.8.4.4 \
    -e DEBUG=false \
-    -e PHP_TZ=UTC \
+    -e WEBUI_PORT=8080 \
    -e UMASK=000 \
    -e PUID=0 \
    -e PGID=0 \
@ -115,7 +115,7 @@ docker run -d \
    -e LAN_NETWORK=192.168.1.0/24 \
    -e NAME_SERVERS=209.222.18.222,37.235.1.174,8.8.8.8,209.222.18.218,37.235.1.177,8.8.4.4 \
    -e DEBUG=false \
-    -e PHP_TZ=UTC \
+    -e WEBUI_PORT=8080 \
    -e UMASK=000 \
    -e PUID=0 \
    -e PGID=0 \
@ -137,6 +137,10 @@ If there are multiple ovpn files then please delete the ones you don't want to u
 User ID (PUID) and Group ID (PGID) can be found by issuing the following command for the user you want to run the container as:-

 `id <username>`
+
+Due to issues with CSRF and port mapping, should you require to alter the port for the webui you need to change both sides of the -p 8080 switch AND set the WEBUI_PORT variable to the new port.
+
+For example, to set the port to 8090 you need to set -p 8090:8090 and -e WEBUI_PORT=8090
 ___
 If you appreciate my work, then please consider buying me a beer  :D

--- a/build/root/install.sh
+++ b/build/root/install.sh
@ -300,6 +300,14 @@ elif [[ $VPN_ENABLED == "no" ]]; then
 	echo "[warn] !!IMPORTANT!! You have set the VPN to disabled, you will NOT be secure!" | ts '%Y-%m-%d %H:%M:%.S'
 fi

+export WEBUI_PORT=$(echo "${WEBUI_PORT}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')
+if [[ ! -z "${WEBUI_PORT}" ]]; then
+	echo "[info] WEBUI_PORT defined as '${WEBUI_PORT}'" | ts '%Y-%m-%d %H:%M:%.S'
+else
+	echo "[warn] WEBUI_PORT not defined (via -e WEBUI_PORT), defaulting to '8080'" | ts '%Y-%m-%d %H:%M:%.S'
+	export WEBUI_PORT="8080"
+fi
+
 EOF

 # replace env vars placeholder string with contents of file (here doc)
--- a/run/nobody/qbittorrent.sh
+++ b/run/nobody/qbittorrent.sh
@ -29,7 +29,7 @@ if [[ "${VPN_ENABLED}" == "yes" ]]; then
 	if [[ "${VPN_PROV}" == "pia" && -n "${VPN_INCOMING_PORT}" ]]; then

 		# run qBittorrent (daemonized, non-blocking), specifying listening interface and port
-		/usr/bin/qbittorrent-nox --daemon --webui-port=8080 --profile=/config --relative-fastresume
+		/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume

 		# set qbittorrent port to current vpn port (used when checking for changes on next run)
 		qbittorrent_port="${VPN_INCOMING_PORT}"
@ -37,7 +37,7 @@ if [[ "${VPN_ENABLED}" == "yes" ]]; then
 	else

 		# run qBittorrent (daemonized, non-blocking), specifying listening interface
-		/usr/bin/qbittorrent-nox --daemon --webui-port=8080 --profile=/config --relative-fastresume
+		/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume

 	fi

@ -47,7 +47,7 @@ if [[ "${VPN_ENABLED}" == "yes" ]]; then
 else

 	# run tmux attached to qBittorrent (daemonized, non-blocking)
-	/usr/bin/qbittorrent-nox --daemon --webui-port=8080 --profile=/config --relative-fastresume
+	/usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume

 fi

@ -82,9 +82,9 @@ while true; do

 done

-echo "[info] Waiting for qBittorrent process to start listening on port 8080..."
+echo "[info] Waiting for qBittorrent process to start listening on port ${WEBUI_PORT}..."

-while [[ $(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ".8080"') == "" ]]; do
+while [[ $(netstat -lnt | awk "\$6 == \"LISTEN\" && \$4 ~ \".${WEBUI_PORT}\"") == "" ]]; do
 	sleep 0.1
 done

--- a/run/root/iptable.sh
+++ b/run/root/iptable.sh
@ -42,8 +42,8 @@ if [[ $iptable_mangle_exit_code == 0 ]]; then

 	echo "[info] iptable_mangle support detected, adding fwmark for tables"

-	# setup route for qbittorrent http using set-mark to route traffic for port 8080 to eth0
-	echo "8080    qbittorrent_http" >> /etc/iproute2/rt_tables
+	# setup route for qbittorrent http using set-mark to route traffic for port WEBUI_PORT to eth0
+	echo "${WEBUI_PORT}    qbittorrent_http" >> /etc/iproute2/rt_tables
 	ip rule add fwmark 1 table qbittorrent_http
 	ip route add default via $DEFAULT_GATEWAY table qbittorrent_http

@ -89,9 +89,9 @@ iptables -A INPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j ACC
 # accept input to vpn gateway
 iptables -A INPUT -i eth0 -p $VPN_PROTOCOL --sport $VPN_PORT -j ACCEPT

-# accept input to qbittorrent port 8080
-iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
-iptables -A INPUT -i eth0 -p tcp --sport 8080 -j ACCEPT
+# accept input to qbittorrent port WEBUI_PORT
+iptables -A INPUT -i eth0 -p tcp --dport "${WEBUI_PORT}" -j ACCEPT
+iptables -A INPUT -i eth0 -p tcp --sport "${WEBUI_PORT}" -j ACCEPT

 # process lan networks in the list
 for lan_network_item in "${lan_network_list[@]}"; do
@ -100,7 +100,7 @@ for lan_network_item in "${lan_network_list[@]}"; do
 	lan_network_item=$(echo "${lan_network_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')

 	# accept input to qbittorrent api - used for lan access
-	iptables -A INPUT -i eth0 -s "${lan_network_item}" -p tcp --dport 8080 -j ACCEPT
+	iptables -A INPUT -i eth0 -s "${lan_network_item}" -p tcp --dport "${WEBUI_PORT}" -j ACCEPT

 	# accept input to privoxy if enabled
 	if [[ $ENABLE_PRIVOXY == "yes" ]]; then
@ -136,15 +136,15 @@ iptables -A OUTPUT -o eth0 -p $VPN_PROTOCOL --dport $VPN_PORT -j ACCEPT
 # if iptable mangle is available (kernel module) then use mark
 if [[ $iptable_mangle_exit_code == 0 ]]; then

-	# accept output from qbittorrent port 8080 - used for external access
-	iptables -t mangle -A OUTPUT -p tcp --dport 8080 -j MARK --set-mark 1
-	iptables -t mangle -A OUTPUT -p tcp --sport 8080 -j MARK --set-mark 1
+	# accept output from qbittorrent port WEBUI_PORT - used for external access
+	iptables -t mangle -A OUTPUT -p tcp --dport "${WEBUI_PORT}" -j MARK --set-mark 1
+	iptables -t mangle -A OUTPUT -p tcp --sport "${WEBUI_PORT}" -j MARK --set-mark 1

 fi

-# accept output from qbittorrent port 8080 - used for lan access
-iptables -A OUTPUT -o eth0 -p tcp --dport 8080 -j ACCEPT
-iptables -A OUTPUT -o eth0 -p tcp --sport 8080 -j ACCEPT
+# accept output from qbittorrent port WEBUI_PORT - used for lan access
+iptables -A OUTPUT -o eth0 -p tcp --dport "${WEBUI_PORT}" -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport "${WEBUI_PORT}" -j ACCEPT

 # process lan networks in the list
 for lan_network_item in "${lan_network_list[@]}"; do
@ -153,7 +153,7 @@ for lan_network_item in "${lan_network_list[@]}"; do
 	lan_network_item=$(echo "${lan_network_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')

 	# accept output to qbittorrent api - used for lan access
-	iptables -A OUTPUT -o eth0 -d "${lan_network_item}" -p tcp --sport 8080 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -d "${lan_network_item}" -p tcp --sport "${WEBUI_PORT}" -j ACCEPT

 	# accept output from privoxy if enabled - used for lan access
 	if [[ $ENABLE_PRIVOXY == "yes" ]]; then