What I’m using#
After starting with my first containers and exploring a little bit more, I ended up with a nice setup and a few containers that I’m happy with.
- Traefik for the reverse proxy.
- Transmission w/ OpenVPN for a nice torrent client.
- Sonarr and Radarr to handle the movies and series I watch.
- Jackett to add torrent trackers to Radarr and Sonarr.
- Shaarli, a nice tool to bookmark links and other things.
- Docker-stats, a small tool I made to display docker stats in the browser.
All these containers are hosted on a Raspberry Pi 4 and consume almost no resource at all.
Originally, I decided to use nginx as my reverse proxy, since I found it really easy to use and configure. However there was a small hurdle: generating and automatically renewing Let’s Encrypt certificates. My original solution was to have a cron task to handle it, but I was having difficulties with certbot and the automatic renewal of the certificates.
Then I found out about traefik. After diving a bit into how it works, I tried it and found it really easy to configure, especially since it can handle Let’s Encrypt certificates renewals automatically. Also, it’s written in Go, a language that I really appreciated.
version: '3.3' services: traefik: image: traefik:v2.2 container_name: traefik command: - --providers.docker=true - --providers.docker.exposedbydefault=false - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --certificatesresolvers.myresolver.acme.dnschallenge=true - --certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh - --certificatesresolvers.myresolver.acme.email= - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json ports: - 80:80 - 443:443 networks: - servers depends_on: - sonarr - radarr - jackett - transmission - shaarli volumes: - /var/run/docker.sock:/var/run/docker.sock - ./letsencrypt:/letsencrypt networks: servers:
Transmission with OpenVPN#
This container contains both the Transmission torrent client and an OpenVPN client. All internet traffic from/to this container go through the VPN so that everything is secured. The torrent client is then accessible from a web page.
The configuration is really simple and the documentation available is complete: https://haugene.github.io/docker-transmission-openvpn/. Torrent files are directly downloaded on my NAS, as you can see in the docker-compose below (volumes linked to
/data/incomplete). However, I had to link the volume
/data/transmission-home to a local directory on my Raspberry Pi because there are lots of read/write operations made in this directory and I wanted to spare these operations from my HDDs.
version: '3.3' services: transmission: container_name: transmission image: haugene/transmission-openvpn:latest-armhf ports: - 9091:9091 cap_add: - NET_ADMIN devices: - /dev/net/tun volumes: - /etc/localtime:/etc/localtime:ro - ./config/transmission-home:/data/transmission-home - /path/to/nas/transmission/completed:/data/completed - /path/to/nas/transmission/incomplete:/data/incomplete env_file: - ./environment/transmission.env networks: - servers restart: unless-stopped labels: - traefik.enable=true - traefik.http.routers.transmission.rule=Host(`transmission.example.com`) - traefik.http.routers.transmission.entrypoints=websecure - traefik.http.routers.transmission.tls.certresolver=myresolver - traefik.http.services.transmission.loadbalancer.server.port=9091 networks: servers:
The configuration for transmission is read from environment variables passed to the container. The full list is available here.
Radarr, Sonarr and Jackett#
I also added the now famous containers Radarr and Sonarr, for movies and TV series. As they do not have access to every torrent tracker, I also added Jackett to help me with that. Since french ISPs can “block” websites in their DNS servers, I changed the default DNS server for these 3 containers.
The configuration for Radarr and Sonarr are almost the same since Radarr is a fork of Sonarr. Both of them integrate well with my Transmission client as they can directly add torrents to it.
version: '3.3' services: radarr: image: linuxserver/radarr:latest container_name: radarr ports: - 7878:7878 environment: - TZ=Europe/Paris - UMASK_SET=022 volumes: - /path/to/nas/radarr/config:/config - /path/to/nas/video/movies:/movies - /path/to/nas/transmission:/downloads - ./config/resolv.conf:/etc/resolv.conf networks: - servers restart: unless-stopped labels: - traefik.enable=true - traefik.http.routers.radarr.rule=Host(`radarr.example.com`) - traefik.http.routers.radarr.entrypoints=websecure - traefik.http.routers.radarr.tls.certresolver=myresolver - traefik.http.services.radarr.loadbalancer.server.port=7878 jackett: image: linuxserver/jackett:latest container_name: jackett ports: - 9117:9117 environment: - TZ=Europe/Paris volumes: - /path/to/nas/jackett/config:/config - /path/to/nas/jackett/downloads:/downloads - ./config/resolv.conf:/etc/resolv.conf networks: - servers restart: unless-stopped labels: - traefik.enable=true - traefik.http.routers.jackett.rule=Host(`jackett.local`) - traefik.http.routers.jackett.entrypoints=web networks: servers:
Docker-stats is a small server that I made to display the equivalent of the
docker stats command inside a web page. All the code is open source and available in Github. You can see the result at https://stats.vmonot.dev/.
The docker-compose configuration is below. Since it uses websockets to refresh every second, I added a few labels for the integration with Traefik.
version: '3.3' services: docker-stats: container_name: docker-stats image: agurato/docker-stats:latest volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - BASEURL=stats.vmonot.dev networks: - servers restart: unless-stopped labels: - traefik.enable=true - traefik.http.routers.stats_html.rule=Host(`stats.vmonot.dev`) - traefik.http.routers.stats_html.entrypoints=websecure - traefik.http.routers.stats_html.tls.certresolver=myresolver - traefik.http.routers.stats_ws.rule=Host(`stats.vmonot.dev`) && Path(`/ws`) - traefik.http.routers.stats_ws.entrypoints=websecure - traefik.http.routers.stats_ws.tls.certresolver=myresolver - traefik.http.services.stats.loadbalancer.server.port=11235 networks: servers: