Build your own captcha, there’s just no other way to be sure it’s human traffic with prebuilt solutions :(

I think it’s more just in general and not specifically because they need it.

Can’t you use a wildcard SSL cert for subdomains? (*.mydomain.com)

I had a problem similar to this and did not like the containers being binded to gluetun (problematic on docker daemon restarts, gluetun container being recreated, etc)

My solution was changing the gateway of each container to be routed through the tun. So first by having them both on the same internal network, then changing the entrypoint of the container I want tunneled to include the gateway change.

For example my entrypoint would be:

… && route del default && route add default gateway $GATEWAY_IP eth0

The container may be missing packages related to route so it may be necessary to modify the Dockerfile to install extra packages.

The reason the gateway must be set at the entrypoint is because docker overrides the gateway to correspond with the networking defined during container creation. And the entrypoint is the last thing executed before the container starts for realsies.

However gluetun also needs to work as a gateway which is done by modifying it’s iptables post-up rules file (at /iptables/post-rules.txt). I appended at the beginning of the file the following rules:

iptables -A FORWARD -i eth0 -o tun0 -s 172.84.0.0/24 -d 0.0.0.0/0 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

What this does is accept any traffic from the net I have my gluetun and other container in, then forwards outgoing traffic to eth0 from tun0, and vice versa for incoming.

Sorry for wall of text this is not very straight forward :(

Forgejo my beloved 🥰🥰

That may be true. So far I got the “Firewalled” icon (the little flame) if my port isn’t forwarded for reason x or y so idk

The qbittorrrent wiki isn’t very helpful so I don’t actually know what the green globe truly entails :/

I don’t know why everyone in the selfhosting community still even mentions Plex or uses it.

It’s closed source, not free; Jellyfin is a no brainer yet people still go to Plex??

See this issue on their github repo: here

Basically from what I understand there’s loads of unauthenticated api calls, so someone can very easily exploit that.

If they just supported mTLS in their clients it wouldn’t be an issue but oh well :(

Oof was looking to start selfhosting this but it has no client Linux support and has a subscription 😬😬

Made me learn about Archiveteam, thanks :D

You’re right actually it’s not native I don’t know what I’m on about 😅 Still it’s much easier to have a baked in terminal app than having to install proot on top of termux, hopefully it will have less of a performance impact than proot as well.

Just installed arch with chroot on my old rooted phone a week ago.

Seeing this is great because it means there’s no need for complicated workarounds or even root access! Plus the distro runs natively and not with difficulties like with chroot :D

Yes, if a port is set in the port forwarding section for the qbittorrent preferences in the webui (once one is set it stays until changed), the green globe means it’s working.

To enable port forwarding with gluetun see the port forwarding section in the gluetun wiki on their github page. It’s pretty clear what you need to do there.

For port forwarding with qbit, gluetun’s v3.40.0 release introduced an environment variable that allows the running of a script whenever the VPN changes port (see PR https://github.com/qdm12/gluetun/pull/2399). If you take a look at the PR some people shared commands to put under the env variable VPN_PORT_FORWARDING_UP_COMMAND.

So all you need to do is put that new environment variable in the environment section, take one of the example commands that uses the qbitorrent API to change the port when needed, and it should be all.

To test if port forwarding works qbittorrent will display a little green planet in the bottom bar, and if port forwarding is not working, a fire (to say it’s firewalled).