from archomrade@midwest.social to selfhosted@lemmy.world on 31 May 2024 14:37
https://midwest.social/post/12847103
edit: a working solution is proposed by @Lifebandit666@feddit.uk below:
So you’re trying to get 2 instances of qbt behind the same Gluetun vpn container?
I don’t use Qbt but I certainly have done in the past. Am I correct in remembering that in the gui you can change the port?
If so, maybe what you could do is set up your stack with 1 instance in, go into the GUI and change the port on the service to 8000 or 8081 or whatever.
Map that port in your Gluetun config and leave the default port open for QBT, and add a second instance to the stack with a different name and addresses for the config files.
Restart the stack and have 2 instances.
Has anyone run into issues with docker port collisions when trying to run images behind a bridge network (i think I got those terms right?)?
I’m trying to run the arr stack behind a VPN container (gluetun for those familiar), and I would really like to duplicate a container image within the stack (e.g. a separate download client for different types of downloads). As soon as I set the network_mode to ‘service’ or ‘container’, i lose the ability to set the public/internal port of the service, which means any image that doesn’t allow setting ports from an environment variable is stuck with whatever the default port is within the application.
Here’s an example .yml:
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=mullvad
- VPN_TYPE=[redacted]
- WIREGUARD_PRIVATE_KEY=[redacted]
- WIREGUARD_ADDRESSES=[redacted]
- SERVER_COUNTRIES=[redacted]
ports:
- "8080:8080" #qbittorrent
- "6881:6881"
- "6881:6881/udp"
- "9696:9696" # Prowlarr
- "7878:7878" # Radar
- "8686:8686" # Lidarr
- "8989:8989" # Sonarr
restart: always
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: "qbittorrent"
network_mode: "service:gluetun"
environment:
- PUID=1000
- PGID=1000
- TZ=CST/CDT
- WEBUI_PORT=8080
volumes:
- /docker/appdata/qbittorrent:/config
- /media/nas_share/data:/data)
Declaring ports in the qbittorrent service raises an error saying you cannot set ports when using the service network mode. Linuxserver.io has a WEBUI_PORT environment variable, but using it without also setting the service ports breaks it (their documentation says this is due to CSRF issues and port mapping, but then why even include it as a variable?)
The only workaround i can think of is doing a local build of the image that needs duplication to allow ports to be configured from the e variables, OR run duplicate gluetun containers for each client which seems dumb and not at all worthwhile.
Has anyone dealt with this before?
threaded - newest
I am also currently dealing with this same exact issue, I’m wanting to run multiple instances of Lidarr for MP3 / FLAC libraries with Gluetun. I don’t have an answer (I haven’t put in the time to try and solve it yet), so apologies if I got your hopes up. I’m just here to confirm that others have this issue too!
Edit: Regarding that documentation, it seems like it’s not saying that changing the port breaks it, it’s just that you have to set both sides of the mapping to be the same. The default is 8080, so instead of 8080:8080, change the mapping to 8081:8081. That’s how I’m reading it, anyways.
I should also mention that the closest that I got to fixing this was to boot up my 2nd Lidarr container separately, setting the port in the Lidarr WebUI console to something different (8687, for example), and then attach it to my Gluetun docker compose file. I did a docker compose pull to update my stack, then docker compose up -d for it. You might try this approach, and tinker around with it. I just haven’t had time to really play with this “solution”
Edit 2: Played more with the solution I mentioned, and that LifeBandit666 found. We both gave the same solution, and the solution seems to work. Just don’t be a dumbass, and remember to do application configuration to your container (unlike me, who, after putting the container into my Gluetun docker compose file, forgot that I didn’t do application configuration and just saw a bunch of errors with Lidarr).
nah, it seems like it’s a known problem, no worries. There’s an unresolved issue open on the gluetun github about it. I just figured someone would have had a workaround at this point since I see people recommend separate client instances to keep things organized all the time.
I think the people who do that just don’t use a VPN, but I have strong feelings against exposing my IP
edit: that’s interesting. I’ve tried a few variations, but maybe I didn’t try that one
Yeah, you and I have very similar use cases with this. Gluetun, VPN, download clients + *arr stack, I get it. I’ll be sure to update with a solution, if I spot one (when I get around to looking)!
yea, i just tried a couple things to no avail:
publish a new port in gluetun, e.g.
- 8082:8082then set webui port in the new instance:error on deployment
Then I tried spinning up the new container separately, declaring the pots eg:
and then manually switching the network to gluetun and turning off the port declaration, and it still ends up on the default port. Bummer.
I just set up vpns in my router and use macvlan network for my dockers so I can route their individual ip addresses to whichever interface I want…
Yeah I’m stumped.
Have you thought about using a different client or maintainer? Hotio images may not have the same problem, or I know Linuxserver also maintains Transmission.
I’m looking at hotio now.
their documentation isn’t as comprehensive as linuxserver.io, i’ll probably have to just try it out and see if it works. looks like they also have one that has wireguard bundled but it’s really unclear how that works
That’s really weird, I’m using the same image to run two instances of qbit behind gluetun without any issues whatsoever.
Can I ask what your compose file looks like? Or how you deployed?
Yeah i pretty much stole this from someone else, although it only used a single torrent client so i just added another that looked the same. i’m not very skilled in docker, so some things may not be best practice (or even correct)
qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent network_mode: service:gluetun environment: - PUID=${APPUSER_PUID} - PGID=${APPUSER_PGID} - TZ=${TIME_ZONE_VALUE} - WEBUI_PORT=8084 volumes: - ${PATH_TO_DATA}/qbit/config:/config - ${PATH_TO_COMPLETE}:/downloads restart: unless-stopped depends_on: - gluetun qbittorrentTL: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrentTL network_mode: service:gluetun environment: - PUID=${APPUSER_PUID} - PGID=${APPUSER_PGID} - TZ=${TIME_ZONE_VALUE} - WEBUI_PORT=8085 volumes: - ${PATH_TO_DATA}/qbitTL/config:/config - ${PATH_TO_COMPLETE}:/downloads restart: unless-stopped depends_on: - gluetun gluetun: image: qmcgaw/gluetun container_name: gluetun networks: pirate_net: cap_add: - NET_ADMIN - SYS_MODULE environment: - VPN_SERVICE_PROVIDER=protonvpn - OPENVPN_USER=[USER] - OPENVPN_PASSWORD=[PASSWORD] - SERVER_COUNTRIES=[COUNTRIES] - VPN_PORT_FORWARDING=on - UPDATER_PERIOD=6h ports: - 8084:8084 # Qbit - 8085:8085 # QbitTL - 6881:6881 - 6881:6881/udp - 8191:8191 # Flaresolverr - 9696:9696 # Prowlarr - 7878:7878 # Radarr - 8989:8989 # Sonarr volumes: - ${PATH_TO_DATA}/gluetun/config:/config networks: pirate_net: driver: bridgeI might need to try this… I wonder if it makes a difference that the gluetun service is listed last. I noticed that trying to start the containers in the wrong order results in port collision errors, maybe this is why it works for you?
IDK, it’s worth a try to rearrange the containers I would say.
I think this has nothing to do with who is listed first/last !
As you can see in this docker-compose, they are on 2 different web-ui ports, avoiding conflicts !
Yup, I was only pointing out that i was having trouble doing the same thing in my docker compose (using the webui_port env variable did not avoid port collisions at deployment)
I haven’t tried this particular compose outline though. It could also be the pirate_network they’re initiating or the depends_on variables they’re using, I just haven’t played around with it yet.
Question: how are you deploying your arr apps? do you do that in a separate compose file?
No they’re in the same compose file, I just left other parts out because it’s fairly long for a post.
So you’re trying to get 2 instances of qbt behind the same Gluetun vpn container?
I don’t use Qbt but I certainly have done in the past. Am I correct in remembering that in the gui you can change the port?
If so, maybe what you could do is set up your stack with 1 instance in, go into the GUI and change the port on the service to 8000 or 8081 or whatever.
Map that port in your Gluetun config and leave the default port open for QBT, and add a second instance to the stack with a different name and addresses for the config files.
Restart the stack and have 2 instances.
This worked!!
Shame that it’s a little bit of a runaround, but not only did this work, it also persists after restarts and updates.
I’ll be editing my post and offering it as a solution to the other places I have seen this question asked, thank you a ton!
Holy shit I totally thought I was talking out of my arse lol
lmao. I’m starting to really wonder what the WEBGUI_PORT variable does if not exactly what you’re changing in the GUI… someone else mentioned they got multiple instances to deploy from the same compose file by placing the gluetun service at the end of the file. I wonder if the order in which the containers are deployed is the thing that makes this work. i’ll test more when I have the time
Actually I’m also not using the default port for any of my qbit instances
AFAIK the thing that complicates this is trying to run it behind gluetun
docker makes it really easy to specify a unique port on deployment, but when you’re using a network bridge (as in the case of gluetun) the networking settings are controlled there instead, so you can’t use the normal port declarations. It’s apparently not impossible to do it with gluetun but it seems it’s not as straightforward.
It’s not a workaround.
In the old days, if you had 2 services that were hard coded to use the same network port, you would need virtualization or a different server and make sure the networking for those is correct.
Network ports allow multiple services to use the same network adapter as a port is like a “sub” address.
Docker being able to remap host network ports to containers ports is a huge feature.
If a container doesn’t need to be accessed outside of the docker network, you don’t need to expose the port.
The only way to have multiple services on the same port is to use either a load balancer (for multiple instances of the same service) or an application-aware reverse proxy (like nginx, haproxy, caddy etc for web things, I’m sure there are other application-aware reverse proxies).
I’ve run multiple copies of stacks with unique bridged networks. Then map the ports out to the host on different port numbers.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
3 acronyms in this thread; the most compressed thread commented on today has 17 acronyms.
[Thread #776 for this sub, first seen 1st Jun 2024, 09:05] [FAQ] [Full list] [Contact] [Source code]