Cannot access web ui when enabling VPN behind traefik as reverse proxy #175
Comments
|
Small detail to add when I try to connect, I eventually get a |
|
I am encountering the same error, with a slightly different setup. version: "3.3"
services:
dyonr-qbittorrent-openvpn:
volumes:
- "/media/seagate/qbittorrent/downloads:/downloads"
- "/media/seagate/qbittorrent/config:/config"
- "/etc/localtime:/etc/localtime:ro"
environment:
- VPN_USERNAME=<removed>
- VPN_PASSWORD=<removed>
- VPN_TYPE=openvpn
- VPN_ENABLED=yes
- PUID=1000
- PGID=1000
- LAN_NETWORK=192.168.0.0/24
ports:
- "8080:8080"
image: dyonr/qbittorrentvpn:latest
restart: unless-stopped
devices:
- /dev/net/tun
cap_add:
- NET_ADMIN
sysctls:
- net.ipv6.conf.all.disable_ipv6=0Error: If anyone has seen this before, help would be appreciated! |
|
This is something I encountered myself in the past. If Traefik is in br0 mode, there is no way for it to access qBittorrent sadly. I do not know why exactly, but it's a Docker thing. However, if Traefik is using bridge as the network interface, then it can access qBittorrent via the Docker 172.xxx.xxx.xxx range. So, in the log that you posted your qBittorrent had the IP Also, your LAN_NETWORK for 172.19.0.0 is /24 on the end, should be /16 I think. Bottom line is, |
|
Based on my quick research, a term related to this may be |
|
Hiya, just wanted to let you know that I am still planning on finding a fix/workaround for this, just haven't had the time yet. But yeah, just haven't had the time to take a look at it for longer than 10 minutes yet, but no need to close the issue :) |
|
Any update on the write up? I just created this container and am running into the same issue. |
|
Okay so, I just did some more testing for my setup. Before I wanted to start on implementing it with a So even when not using traefik but just directly connecting to the host using its IP address and the qbt port, I am unable to get to the web interface, even when then LAN_NETWORK is set to either my docker network subnet, my own lan subnet or both. However, I must admit that this is out of the scope of my capabilities, and I was unable to fix this properly. When I attempted to add a second docker network that is a macvlan network, it also broke my other traefik services connecting properly. |
|
So, another update. For now I have moved away from using the VPN inside this container, and instead have setup a gluetun container through which I route all my services that I want to be using a VPN. I am not certain at this time how safe/secure this is in terms of potentially still leaking some information. But here's how I have set it up: gluetun:
image: ghcr.io/qdm12/gluetun
container_name: gluetun
# line above must be uncommented to allow external containers to connect. See https://github.com/qdm12/gluetun/wiki/Connect-a-container-to-gluetun#external-container-to-gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
networks:
- "traefik-net"
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 8080:8080 # qbt webui
- 8999:8999 # qbt
- 8999:8999/udp # qbt
volumes:
- ./gluetun:/gluetun
environment:
# See https://github.com/qdm12/gluetun/wiki
- VPN_SERVICE_PROVIDER=mullvad
- VPN_TYPE=wireguard
# Wireguard:
- WIREGUARD_PRIVATE_KEY=${MULLVAD_VPN_WIREGUARD_PRIVATEKEY}
- WIREGUARD_ADDRESSES=<addr>
- SERVER_CITIES=Amsterdam
# Timezone for accurate log times
- TZ=Europe/Amsterdam
# Server list updater. See https://github.com/qdm12/gluetun/wiki/Updating-Servers#periodic-update
- UPDATER_PERIOD=24h
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik-net"
- "traefik.http.services.qbittorrentvpn.loadbalancer.server.port=8080"
- "traefik.http.routers.qbittorrentvpn.rule=Host(`qbt.${DOMAIN}`)"
- "traefik.http.routers.qbittorrentvpn.entrypoints=websecure"
- "traefik.http.routers.qbittorrentvpn.service=qbittorrentvpn"
- "traefik.http.routers.qbittorrentvpn.tls.certresolver=letsencryptresolver"And then how I define qbtvpn qbittorrentvpn:
# qBittorrent container with wireguard and openvpn
image: dyonr/qbittorrentvpn
container_name: qbittorrentvpn
restart: unless-stopped
network_mode: "service:gluetun"
depends_on:
gluetun:
condition: service_healthy
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
volumes:
- ./qbtconfig:/config
- /media/Media-lv/PlexMedia:/PlexMedia
cap_add:
- NET_ADMIN
environment:
- VPN_ENABLED=no
- VPN_TYPE=wireguard
- RESTART_CONTAINER=yes
- PUID=998
- PGID=997
- UMASK=007 |
Hiya,
I have really tried everything here, but I am unable to access the webui when enabling
VPN_ENABLED=yes.I am running this setup using traefik as a reverse proxy, I would like to be able to access the qbt webui using this (it's also needed for sonarr and radarr).
The setup of my network is:
192.168.2.0/24, the machine that traefik & qbittorrentvpn are running on has IP192.168.2.201traefik-netto which the container attaches is defined with subnet172.19.0.0/16On my router port 80 and 443 are forwarded to the machine running traefik at IP
192.168.2.201, I am positive that this is working as I can access the qbittorrent web UI when not enabling the VPN, I also have other services running behind traefik.So, the issue is that I have tried all combinations of
LAN_NETWORK, but am never able to access the webui through the reverse proxy, and hence my radarr and sonarr client are also not able to talk to it.If you have any pointers that would be greatly appreciated!
Here is my docker-compose:
Here are the container logs:
The text was updated successfully, but these errors were encountered: