From 46eb7b11613f228d92aec5815f193df8b1099afb Mon Sep 17 00:00:00 2001 From: binhex Date: Fri, 9 Nov 2018 11:43:28 +0000 Subject: [PATCH] allow user to define webui port via env --- README.md | 12 ++++++++---- build/root/install.sh | 8 ++++++++ run/nobody/qbittorrent.sh | 10 +++++----- run/root/iptable.sh | 26 +++++++++++++------------- 4 files changed, 34 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 7fba39e..1c6512c 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ qBittorrent is a bittorrent client programmed in C++ / Qt that uses libtorrent ( **Build notes** -Latest Github Release of qBittorrent. +Latest stable qBittorrent release from Arch Linux repo. Latest stable OpenVPN release from Arch Linux repo. Latest stable Privoxy release from Arch Linux repo. @@ -34,7 +34,7 @@ docker run -d \ -e LAN_NETWORK=/ \ -e NAME_SERVERS= \ -e DEBUG= \ - -e PHP_TZ= \ + -e WEBUI_PORT= \ -e UMASK= \ -e PUID= \ -e PGID= \ @@ -73,7 +73,7 @@ docker run -d \ -e LAN_NETWORK=192.168.1.0/24 \ -e NAME_SERVERS=209.222.18.222,37.235.1.174,1.1.1.1,8.8.8.8,209.222.18.218,37.235.1.177,1.0.0.1,8.8.4.4 \ -e DEBUG=false \ - -e PHP_TZ=UTC \ + -e WEBUI_PORT=8080 \ -e UMASK=000 \ -e PUID=0 \ -e PGID=0 \ @@ -115,7 +115,7 @@ docker run -d \ -e LAN_NETWORK=192.168.1.0/24 \ -e NAME_SERVERS=209.222.18.222,37.235.1.174,8.8.8.8,209.222.18.218,37.235.1.177,8.8.4.4 \ -e DEBUG=false \ - -e PHP_TZ=UTC \ + -e WEBUI_PORT=8080 \ -e UMASK=000 \ -e PUID=0 \ -e PGID=0 \ @@ -137,6 +137,10 @@ If there are multiple ovpn files then please delete the ones you don't want to u User ID (PUID) and Group ID (PGID) can be found by issuing the following command for the user you want to run the container as:- `id ` + +Due to issues with CSRF and port mapping, should you require to alter the port for the webui you need to change both sides of the -p 8080 switch AND set the WEBUI_PORT variable to the new port. + +For example, to set the port to 8090 you need to set -p 8090:8090 and -e WEBUI_PORT=8090 ___ If you appreciate my work, then please consider buying me a beer :D diff --git a/build/root/install.sh b/build/root/install.sh index d0ca8ca..25b3952 100644 --- a/build/root/install.sh +++ b/build/root/install.sh @@ -300,6 +300,14 @@ elif [[ $VPN_ENABLED == "no" ]]; then echo "[warn] !!IMPORTANT!! You have set the VPN to disabled, you will NOT be secure!" | ts '%Y-%m-%d %H:%M:%.S' fi +export WEBUI_PORT=$(echo "${WEBUI_PORT}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') +if [[ ! -z "${WEBUI_PORT}" ]]; then + echo "[info] WEBUI_PORT defined as '${WEBUI_PORT}'" | ts '%Y-%m-%d %H:%M:%.S' +else + echo "[warn] WEBUI_PORT not defined (via -e WEBUI_PORT), defaulting to '8080'" | ts '%Y-%m-%d %H:%M:%.S' + export WEBUI_PORT="8080" +fi + EOF # replace env vars placeholder string with contents of file (here doc) diff --git a/run/nobody/qbittorrent.sh b/run/nobody/qbittorrent.sh index d728b0f..1a2b26e 100644 --- a/run/nobody/qbittorrent.sh +++ b/run/nobody/qbittorrent.sh @@ -29,7 +29,7 @@ if [[ "${VPN_ENABLED}" == "yes" ]]; then if [[ "${VPN_PROV}" == "pia" && -n "${VPN_INCOMING_PORT}" ]]; then # run qBittorrent (daemonized, non-blocking), specifying listening interface and port - /usr/bin/qbittorrent-nox --daemon --webui-port=8080 --profile=/config --relative-fastresume + /usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume # set qbittorrent port to current vpn port (used when checking for changes on next run) qbittorrent_port="${VPN_INCOMING_PORT}" @@ -37,7 +37,7 @@ if [[ "${VPN_ENABLED}" == "yes" ]]; then else # run qBittorrent (daemonized, non-blocking), specifying listening interface - /usr/bin/qbittorrent-nox --daemon --webui-port=8080 --profile=/config --relative-fastresume + /usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume fi @@ -47,7 +47,7 @@ if [[ "${VPN_ENABLED}" == "yes" ]]; then else # run tmux attached to qBittorrent (daemonized, non-blocking) - /usr/bin/qbittorrent-nox --daemon --webui-port=8080 --profile=/config --relative-fastresume + /usr/bin/qbittorrent-nox --daemon --webui-port="${WEBUI_PORT}" --profile=/config --relative-fastresume fi @@ -82,9 +82,9 @@ while true; do done -echo "[info] Waiting for qBittorrent process to start listening on port 8080..." +echo "[info] Waiting for qBittorrent process to start listening on port ${WEBUI_PORT}..." -while [[ $(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ".8080"') == "" ]]; do +while [[ $(netstat -lnt | awk "\$6 == \"LISTEN\" && \$4 ~ \".${WEBUI_PORT}\"") == "" ]]; do sleep 0.1 done diff --git a/run/root/iptable.sh b/run/root/iptable.sh index 8992a16..4aa3c45 100644 --- a/run/root/iptable.sh +++ b/run/root/iptable.sh @@ -42,8 +42,8 @@ if [[ $iptable_mangle_exit_code == 0 ]]; then echo "[info] iptable_mangle support detected, adding fwmark for tables" - # setup route for qbittorrent http using set-mark to route traffic for port 8080 to eth0 - echo "8080 qbittorrent_http" >> /etc/iproute2/rt_tables + # setup route for qbittorrent http using set-mark to route traffic for port WEBUI_PORT to eth0 + echo "${WEBUI_PORT} qbittorrent_http" >> /etc/iproute2/rt_tables ip rule add fwmark 1 table qbittorrent_http ip route add default via $DEFAULT_GATEWAY table qbittorrent_http @@ -89,9 +89,9 @@ iptables -A INPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j ACC # accept input to vpn gateway iptables -A INPUT -i eth0 -p $VPN_PROTOCOL --sport $VPN_PORT -j ACCEPT -# accept input to qbittorrent port 8080 -iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT -iptables -A INPUT -i eth0 -p tcp --sport 8080 -j ACCEPT +# accept input to qbittorrent port WEBUI_PORT +iptables -A INPUT -i eth0 -p tcp --dport "${WEBUI_PORT}" -j ACCEPT +iptables -A INPUT -i eth0 -p tcp --sport "${WEBUI_PORT}" -j ACCEPT # process lan networks in the list for lan_network_item in "${lan_network_list[@]}"; do @@ -100,7 +100,7 @@ for lan_network_item in "${lan_network_list[@]}"; do lan_network_item=$(echo "${lan_network_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') # accept input to qbittorrent api - used for lan access - iptables -A INPUT -i eth0 -s "${lan_network_item}" -p tcp --dport 8080 -j ACCEPT + iptables -A INPUT -i eth0 -s "${lan_network_item}" -p tcp --dport "${WEBUI_PORT}" -j ACCEPT # accept input to privoxy if enabled if [[ $ENABLE_PRIVOXY == "yes" ]]; then @@ -136,15 +136,15 @@ iptables -A OUTPUT -o eth0 -p $VPN_PROTOCOL --dport $VPN_PORT -j ACCEPT # if iptable mangle is available (kernel module) then use mark if [[ $iptable_mangle_exit_code == 0 ]]; then - # accept output from qbittorrent port 8080 - used for external access - iptables -t mangle -A OUTPUT -p tcp --dport 8080 -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -p tcp --sport 8080 -j MARK --set-mark 1 + # accept output from qbittorrent port WEBUI_PORT - used for external access + iptables -t mangle -A OUTPUT -p tcp --dport "${WEBUI_PORT}" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -p tcp --sport "${WEBUI_PORT}" -j MARK --set-mark 1 fi -# accept output from qbittorrent port 8080 - used for lan access -iptables -A OUTPUT -o eth0 -p tcp --dport 8080 -j ACCEPT -iptables -A OUTPUT -o eth0 -p tcp --sport 8080 -j ACCEPT +# accept output from qbittorrent port WEBUI_PORT - used for lan access +iptables -A OUTPUT -o eth0 -p tcp --dport "${WEBUI_PORT}" -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --sport "${WEBUI_PORT}" -j ACCEPT # process lan networks in the list for lan_network_item in "${lan_network_list[@]}"; do @@ -153,7 +153,7 @@ for lan_network_item in "${lan_network_list[@]}"; do lan_network_item=$(echo "${lan_network_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') # accept output to qbittorrent api - used for lan access - iptables -A OUTPUT -o eth0 -d "${lan_network_item}" -p tcp --sport 8080 -j ACCEPT + iptables -A OUTPUT -o eth0 -d "${lan_network_item}" -p tcp --sport "${WEBUI_PORT}" -j ACCEPT # accept output from privoxy if enabled - used for lan access if [[ $ENABLE_PRIVOXY == "yes" ]]; then