I am trying to have a QBitTorrent Docker container that is accessible on my local network and connects to WireGuard. I know this is a basic question, and I’m sorry if I’m wasting your time.
Here is my docker compose file.
---
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- WEBUI_PORT=8080
- TORRENTING_PORT=6881
volumes:
- /home/torrent/torrent/:/config
- /home/torrent/download/:/downloads
network_mode: service:wireguard
depends_on:
- wireguard
restart: always
wireguard:
image: lscr.io/linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
ports:
- 51820:51820/udp
volumes:
- /home/torrent/wireguard/:/config
- /home/torrent/wireguard/london.conf/:/config/wg0.conf
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: always
You can’t access your instance because the only way to reach the container is through the VPN server (as it should be). You have to open a hole in the container’s firewall to access it through the local network.
In the
[Interface]section in your Wireguard configuration, add the following lines:PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECTPreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPTReplace the value of
HOMENETwith whichever network you’re accessing it from, mine’s set to the docker network because it’s behind an nginx reverse proxy.