Guide: How to install qbittorrent (or any app) with vpn on Truenas Electric Eel

I wanted to posted my guide on how to use any app including qbittorrent with a VPN in the new Electric Eel version.

  1. Install the dockge app from Truenas.
  2. Compose an image for the VPN, use this docker compose.yaml code and change as needed:
    This code comes from: https://hub.docker.com/r/qmcgaw/gluetun
version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8080:8080 #qbittorrent
      - 6881:6881 #qbittorrent
      - 6881:6881/udp #qbittorrent
    volumes:
      - /mnt/YOUR_TRUENAS_DATASET/DATASET_DIR:/gluetun
    environment:
      # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
      - VPN_TYPE=openvpn
      - VPN_SERVICE_PROVIDER=REPLACE_WITH_YOUR_VPN_NAME
      - OPENVPN_USER=YOUR_VPN_OpenVPN_IKEv2_USERNAME
      - OPENVPN_PASSWORD=YOUR_VPN_OpenVPN_IKEv2_PASSWORD
      - SERVER_COUNTRIES=THIS_IS_PROTON_VPN_SPECIFIC_SETTING
      - TZ=YOUR_TIMEZONE
      - UPDATER_PERIOD=
  1. Compose an image for any app you would like to run thru the VPN, In this example qbittorrent.
    Use this docker compose.yaml code and change as needed:
services:
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=YOUR_TRUENAS_USER_ID
      - PGID=YOUR_TRUENAS_GROUP_ID
      - TZ=YOUR_TIMEZONE/UTC
      - WEBUI_PORT=8080
      - TORRENTING_PORT=6881
    volumes:
      - /mnt/YOUR_TRUENAS_DATASET/QBITTORRENT_DIR:/config   #Directory you want to save your qbit config files
      - /mnt/YOUR_TRUENAS_DATASET/MEDIA_DIR:/media    #movies/series/music directory 
    restart: unless-stopped
    network_mode: container:gluetun #this is what makes the app to connect to the VPN.
    # Note that all ports were moved to the gluetun app.
  1. Troubleshooting

    • Make sure the app you want to connect have the network_mode: container:gluetun and that all the ports are moved to the gluetun app.
    • If app is not opening after applying the settings. Click the Stop & Inactive button (hidden under the stop button). Then try again.
    • Make sure apps are running.
    • Test qbittorrent is behind VPN by using the ipleak.net torrent tool
  2. To use Wireguard instead, substitute this code with the OpenVPN code on step 2:
    (Please note the devices setting is not included for wireguard)

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8080:8080 #qbittorrent
      - 6881:6881 #qbittorrent
      - 6881:6881/udp #qbittorrent
    volumes:
      - /mnt/YOUR_TRUENAS_DATASET/DATASET_DIR:/gluetun
    environment:
      - VPN_TYPE=wireguard
      - VPN_SERVICE_PROVIDER=REPLACE_WITH_YOUR_VPN_NAME
      - WIREGUARD_PRIVATE_KEY=REPLACE_WITH_YOUR_VPN_PRIVATE_KEY
      - WIREGUARD_ADDRESSES=REPLACE_WITH_YOUR_VPN_ADDRESS
      - WIREGUARD_PUBLIC_KEY=REPLACE_WITH_YOUR_VPN_PUBLIC_KEY
      - WIREGUARD_ENDPOINT_IP=REPLACE_WITH_YOUR_VPN_SERVER_ENDPOINT_IP
      - WIREGUARD_ENDPOINT_PORT=OPTIONAL_REPLACE_WITH_YOUR_VPN_SERVER_ENDPOINT_PORT_IF_NOT_51820 # do not include this line if port is 51820.
      - WIREGUARD_PRESHARED_KEY=OPTIONAL_REPLACE_WITH_YOUR_VPN_PRESHARED_KEY
4 Likes

Still struggling with this approach vs putting gluetun in every stack that needs VPN. From what I had seen - once central gluetun container fails - all other apps that rely on it become inaccessible and unresponsive, also you do not have ā€œat a glanceā€ view of what ports go to what apps, since they are all moved to gluetun stack. Would be interesting to see how much overhead individual VPNs (from separate stacks) will bring.

Thanks so much for the guide, I just upgraded to Electric Eel and Iā€™m experimenting with setting up all my apps through Dockge.

I got both of my images running successfully but for some reason when I try to access port 8080 to get to the qbittorrent webgui it just takes me back to the TrueNAS Scale login page/dashboard. Any ideas how to fix?

Have your tried?: Click the Stop & Inactive button (hidden under the stop button).
If that does not work try changing the port to something else and click the stop & inactive button.

Got it working after restarting the service and the NAS, thanks!

binhex docker images are also another option

Note to self donā€™t post when overly tired lol

1 Like

Just wanted to share my success using the compose files provided with Dockge. I followed this YT tutorial (https://www.youtube.com/watch?v=S0nTRvAHAP8) to setup jailmaker and Dockge. Dropped in these compose files, edited to my VPN and path settings, into Dockge and voila :pinched_fingers:

Version:
Dragonfish-24.04.2.2

Thanks!

2 Likes

If by any chance you need to have your port open/active to be able to connect to both active and inactive peers while torrenting or need to do some port forwarding. Add these changes to the gluetun (VPN) and app of choice (qbittorrent) compose.yaml configurations:

Before you start making the changes, make sure to use the Stop & Inactive button for both, qbittorrent and gluetun compose.yaml configurations.

Gluetun compose.yaml changes:

    environment:
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_PROVIDER=CHANGE_WITH_VPN_PROVIDER
      - VPN_PORT_FORWARDING_STATUS_FILE=/gluetun/qbittorrent/port.txt

Please note that not all VPN providers allow port forwarding, At this time, only private internet access or protonvpn have port forwarding. Check the list here: gluetun-wiki/setup/advanced/vpn-port-forwarding.md at main Ā· qdm12/gluetun-wiki Ā· GitHub

At this time, I have not find a way to automatically update the forwarded port in qbittorrent. If someone knows how to, please let us know.

You will have to copy the port either from the /gluetun/qbittorrent/port.txt file or from the gluetun log in Dockge.

gluetun  | 2024-10-20T21:51:10Z INFO [port forwarding] port forwarded is 496404

and paste it, either in the qbitorrent compose.yaml file or directly replacing the Listening Port (Port used for incoming connections) in qbittorrent > Settings/Options > Connection.

qbittorrent compose.yaml changes:

   environment:
      - TORRENTING_PORT=496404

Restart gluetun and qbittorrent.

To test the port is open, type the VPN IP and Port in here:

If having issues restarting qbittorrent make sure to use the Stop & Inactive button for both, qbittorrent and gluetun compose.yaml files.

I have tested this configuration found at the link below, but it did not worked for me:

    environment:
        - VPN_PORT_FORWARDING_LISTENING_PORT

I prefer the approach of having everything in 1 container. Thereā€™s binhex/arch-qbittorrentvpn that offers this solution with qbittorrent. You can use Wireguard or OpenVPN with it and it autobinds your network interface.

3 Likes

Can you provide yaml to install this ? Been trying few days now ā€¦

Mine works for a Wireguard conf with Airvpn. Iā€™m not sure if you use the exact same

Well got gluetun to work so dont need it anymore, thanks :slight_smile:

Can anyone report good upload speed with qbittorrent? I have this running as described, but my uploads are terrible. It will upload for a few seconds at an acceptable speed and then basically drop off to nothing.

Can anyone tell me why my qbittorrent shows errored when downloading files? i did docker logs qbittorrent but it doesnt show any errors. Thank you

propably download path errors, check out logs in qbittorrent

qbittorrent logs said that i had a file alert eror permission denied. My path on the nas is /mnt/Pool/Applications/qbittorrent/media. I entered my path in qbittorrent ā€œ/mediaā€. It still shows up as permission denied. any idea? thanks

For me I wanted to ensure that my downloading applications where secure behind a VPN but didnā€™t want to have a VPN connection for every single one of them. As the TrueNAS apps didnā€™t allow for a VPN connection I opted to go the gluetun route and add my downloading apps to the same container. I also then made the downloading apps dependent on the gluetun container. I did all this via a custom app yaml deployment in my TrueNAS system. My yaml file is noted below for anyone interested. This method does move away from the TrueNAS community apps so a method to monitor for updates is needed. Iā€™m using DIUN for that and there is a resource article on how to set that up.

services:
  gluetun:
    cap_add:
      - NET_ADMIN
    container_name: gluetun
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 4096M
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=openvpn
      - OPENVPN_CUSTOM_CONFIG=/gluetun/custom.conf
      - OPENVPN_USER=<vpn user>
      - OPENVPN_PASSWORD=<vpn user pass>
    image: qmcgaw/gluetun:latest
    labels:
      - diun.enable=true
    ports:
      - 8080:8080
      - 9091:9091
      - 58012:58012
      - 58012:58012/udp
    volumes:
      - >-
        <path to vpn config file>:/gluetun/custom.conf:ro
  sabnzbd:
    container_name: sabnzbd
    depends_on:
      - gluetun
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 4096M
    environment:
      - PUID=568
      - PGID=568
      - TZ=Etc/UTC
    image: lscr.io/linuxserver/sabnzbd:latest
    labels:
      - diun.enable=true
    network_mode: container:gluetun
    restart: unless-stopped
    volumes:
      - <path to sabnzbd config>:/config
      - <path to download folder>:/downloads
      - <path to watch folder>:/nzb
  transmission:
    container_name: transmission
    depends_on:
      - gluetun
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 4096M
    environment:
      - PUID=568
      - PGID=568
      - TZ=Etc/UTC
    image: lscr.io/linuxserver/transmission:latest
    labels:
      - diun.enable=true
    network_mode: container:gluetun
    restart: unless-stopped
    volumes:
      - <path to transmission config>:/config
      - <path to download folder>:/downloads
      - <path to watch folder>:/torrent
version: ā€œ2.0ā€
1 Like

Make sure your user has permissions to the directory. Also verify the user and group id matches with your user:

  • PUID=YOUR_TRUENAS_USER_ID
  • PGID=YOUR_TRUENAS_GROUP_ID

The user and group id will be listed in the credentials section.

Yes, i have made the puid and pgid 568 i have also made sure to make the permission on the folder to be 568:568