The code on this repository is intended to be used to share media content with various networks such as Torrent and Usenet while protecting your privacy through a VPN. The main idea is to provide access where Internet censors and content restriction apply. I totally discourage using this code for any piracy reasons.
The stack can be run in any Linux box.
Besides Plex transcoding, all other apps and functions are super light and a basic Raspberry Pi is able to handle the load.
All the apps are pre-configured and integrated. Therefore, with a few clicks you can start adding Indexers to the configurations and tinkering to your liking.
IMPORTANT: I strongly recommend rotating all the API keys and changing all the passwords.
App | Version | Site |
---|---|---|
Docker | any | https://docs.docker.com/engine/install/ubuntu/ |
Docker-Compose | >2.4 | https://docs.docker.com/compose/install |
Linux Kernel | >5.6 | More info at: https://github.com/tprasadtp/protonvpn-docker#linux-kernel-requirements |
Makefile | >4.x | - |
App Name | Docker Image | Function | Default |
---|---|---|---|
Bazarr | https://hub.docker.com/r/linuxserver/bazarr | Subtitles Tracker/Manager | enabled |
Calibre | https://hub.docker.com/r/linuxserver/calibre | eBooks Library Manager | enabled |
Calibre-web | https://hub.docker.com/r/linuxserver/calibre-web | eBooks Library Manager | enabled |
Jackett | https://hub.docker.com/r/linuxserver/jackett | Query Proxy Server | enabled |
Flaresolverr | https://hub.docker.com/r/flaresolverr/flaresolverr | Bypass to Cloudflare and DDoS-GUARD | enabled |
LazyLibrarian | https://hub.docker.com/r/linuxserver/lazylibrarian | Books Tracker/Manager | enabled |
Lidarr | https://hub.docker.com/r/linuxserver/lidarr | Music Tracker/Manager | enabled |
Mylar | https://hub.docker.com/r/linuxserver/mylar3 | Comics Tracker/Manager | enabled |
Nginx | https://hub.docker.com/_/nginx | Reverse Proxy + Security Layer | enabled |
NordVPN | https://github.com/bubuntux/nordvpn | VPN Gateway | disabled |
NZBGet | https://hub.docker.com/r/linuxserver/nzbget | Usenet Downloader | enabled |
NZBHydra2 | https://hub.docker.com/r/linuxserver/nzbhydra2 | Meta Searcher for NZB indexers | enabled |
Plex | https://hub.docker.com/r/linuxserver/plex | Movie/TV Shows/Music Library Manager and Player | enabled |
ProtonVPN | https://github.com/tprasadtp/protonvpn-docker | VPN Gateway | enabled |
Prowlarr | https://hub.docker.com/r/linuxserver/prowlarr | Query Proxy Server | disabled |
qBittorrent | https://hub.docker.com/r/linuxserver/qbittorrent | Torrent Downloader | enabled |
Radarr | https://hub.docker.com/r/linuxserver/radarr | Movies Tracker/Manager | enabled |
Readarr | https://hub.docker.com/r/linuxserver/readarr | eBooks Tracker/Manager | enabled |
Sonarr | https://hub.docker.com/r/linuxserver/sonarr | TV Shows Tracker/Manager | enabled |
- Torrent, Usenet, NZB, VPN (ProtonVPN) box by Docker Compose containers
- Requisites
- Apps Included
- Table of Contents
- Usage
- Folders
- App Links
- Indexers
- Downloaders
- Library Managers
- Bandwith Control
- License
- Contribute / Donate
It is necessary to set a few parameters to match your environment. Check your user id and gid. To get this info, go to your shell and run:
id
The result should be something like;
uid=1000(my_user) gid=1000(my_user) groups=1000(my_user)
After that, check your timezone. For that, run:
cat /etc/timezone
The result should be something like;
America/Toronto
Save these values for later reference.
Copy from the example and generate a new .env file.
cp .env.example .env
Edit the newly created .env file and change the UID, GID, and TIMEZONE
parameters to the values you gathered from steps 1 and 2.
In addition, set the DOMAIN
variable for the certificate generation and the reverse proxy configuration.
Lastly, configure the VPN_PROVIDER
, choose from protonvpn
or nordvpn
and fill the variables accordingly.
It will look something like this;
# System Parameters
UID=1000
GID=1000
TIMEZONE=America/Toronto
UMASK=022
DOMAIN=localhost
# VPN Configurations
VPN_PROVIDER=protonvpn
PROTONVPN_COUNTRY_AND_SERVER=nl-free-127.protonvpn.net
PROTONVPN_KEY=KLjfIMiuxPskM4+DaSUDmL2uSIYKJ9Wap+CHvs0Lfkw=
You will need to log in to ProtonVPN portal to download your key, follow these steps;
- Log in to ProtonVPN and go to Downloads → WireGuard configuration.
- Enter a name for the key, and select features to enable like NetShield and VPN Accelerator & click create.
- Generated config might look something like below;
# Key for <name>
# VPN Accelerator = on
PrivateKey = KLjfIMiuxPskM4+DaSUDmL2uSIYKJ9Wap+CHvs0Lfkw=
Address = 10.2.0.2/32
DNS = 10.2.0.1
[Peer]
# NL-FREE#128
PublicKey = jbTC1lYeHxiz1LNSJHQMKDTq6sHgcWxkBwXvt7GWo1E=
AllowedIPs = 0.0.0.0/0
Endpoint = 91.229.23.180:51820
- Only thing needed from the above config is PrivateKey.
- See https://protonvpn.com/support/wireguard-configurations/ for more info.
With the values from the page, change the PROTONVPN_KEY
and PROTONVPN_COUNTRY_AND_SERVER
.
IMPORTANT: To use a server that is best for you, please check the details in the ProtonVPN Docker page; https://github.com/tprasadtp/protonvpn-docker#protonvpn_server
Please visit https://support.nordvpn.com/Connectivity/Linux/1905092252/How-to-log-in-to-NordVPN-on-Linux-with-a-token.htm for more instructions on how to get your token. And https://github.com/bubuntux/nordvpn for more configuration parameters for the NordVPN container.
NordVPN by default will pick the best server for you, otherwise, please add the value in the NORDVPN_COUNTRY_AND_OR_SERVER
variable. There is a comprehensive list at https://nordvpn.com/servers/ .
At this moment the stack only supports self-signed certificates.
Go back to the .env
file and look for the section about the certificate if you want to change any parameter.
An example is like;
# Certificate details
CERT_COUNTRY=CS
CERT_STATE=Classified
CERT_CITY=Classified
CERT_ORGANIZATION=Classified
CERT_OU=Classified
CERT_FQDN=${DOMAIN} # it will use the previously declared DOMAIN variable
After you have configured the parameters in the .env
file, you can generate a certificate by running the command;
make generate_certificate
This will create the server.key
, server.crt
, and server.pfx
in the /certs/
folder.
If you have your own certificate, just copy them to the /certs
folder using the exact names.
Remember, the server.key
, server.crt
, and server.pfx
have to match the uid
and gid
, and the permissions have to be 644
for the .crt
and 600
for the .key
and .pfx
.
In the same .env
file, edit the Docker container profile to enabled/disabled for the apps in the stack.
The only REQUIRED app is the VPN_PROVIDER
as the stack is tightly coupled to it.
It will look like this;
# Default Apps' Profiles (enabled/disabled)
BAZARR_PROFILE=disabled
CALIBRE_PROFILE=disabled
CALIBREWEB_PROFILE=disabled
FLARESOLVERR_PROFILE=enabled
JACKETT_PROFILE=disabled
LAZYLIBRARIAN_PROFILE=disabled
LIDARR_PROFILE=disabled
MYLAR_PROFILE=disabled
NGINX_PROFILE=enabled
NZBGET_PROFILE=enabled
NZBHYDRA2_PROFILE=enabled
PLEX_PROFILE=enabled
PROTONVPN_PROFILE=enabled
QBITTORRENT_PROFILE=enabled
RADARR_PROFILE=enabled
READARR_PROFILE=disabled
SONARR_PROFILE=enabled
# NOT Default Apps' Profiles (enabled/disabled)
NORDVPN_PROFILE=disabled
PROWLARR_PROFILE=disabled
Now that everything is set, please run the containers by using the command below;
docker-compose --profile enabled up --detach
OR
make start
All the services are pre-configured, therefore they already have API keys set.
It is strongly recommended rotating all of them for the sake of security.
Now that everything is working, if you need to bring it down to change parameters and make adjustments, please run the command below;
docker-compose --profile enabled stop
OR
make stop
Now that everything is fully working. Make sure you create a backup of your configurations and changes, in order to perform the backup operation, please run;
make backup
This command will generate a backup of all the config folders.
The media type will be stored into the folders below;
Media | Folder |
---|---|
AudioBooks | media/AudioBooks |
Comics | media/Comics |
eBooks | media/eBooks |
Movies | media/Movies |
Music | media/Music |
Series | media/Series |
These tables list the apps, protocols (HTTP or HTTPS), ports, and credentials.
Some apps are available on both, HTTP and HTTPS, whereas some are only available in one protocol.
Not all apps are fully working through the reverse proxy (Nginx). I am still working on it.
App | Link | User | Password |
---|---|---|---|
Bazarr | http://localhost:6767/ | bazarr | bazarr |
Calibre | http://localhost:8080/ | calibre | bazarr |
FlareSolverr | http://localhost:8191/ | - | - |
Jackett | http://localhost:9117/ | - | jackett |
Lidarr | http://localhost:8686/ | lidarr | lidarr |
Nginx | http://localhost:80/ | - | - |
Nzbget | http://localhost:6789/ | nzbget | nzbget |
Plex | http://localhost:32400/ | - | - |
Prowlarr | http://localhost:9696/ | prowlarr | prowlarr |
Radarr | http://localhost:7878/ | radarr | radarr |
Readarr | http://localhost:8787/ | readarr | readarr |
Sonarr | http://localhost:8989/ | sonarr | sonarr |
App | Link | User | Password |
---|---|---|---|
Calibre | https://localhost:8181/ | calibre | calibre |
Calibre-Web | https://localhost:8084/ | calibre | calibre |
LazyLibrarian | https://localhost:5299/lazylibrarian | lazylibrarian | lazylibrarian |
Lidarr | https://localhost:6868/ | lidarr | lidarr |
Nginx | https://localhost:443/ | - | - |
Mylar | https://localhost:8091/mylar/ | mylar | mylar |
Nzbget | https://localhost:6791/ | nzbget | nzbget |
NzbHydra2 | https://localhost:5077/nzbhydra2/ | nzbhydra2 | nzbhydra2 |
Prowlarr | https://localhost:6969/ | prowlarr | prowlarr |
qBitTorrent | https://localhost:8085/ | qbittorrent | qbittorrent |
Radarr | https://localhost:7879/ | radarr | radarr |
Readarr | https://localhost:8788/ | readarr | readarr |
App | Link | User | Password |
---|---|---|---|
Bazarr | https://localhost/bazarr/ | bazarr | bazarr |
Calibre | https://localhost/calibre/ | calibre | calibre |
Calibre-Web | https://localhost/calibre_web/ | calibre | calibre |
FlareSolverr | http://localhost/flaresolverr/ | - | - |
Jackett | http://localhost/jackett/ | - | jackett |
Lazylibrarian | https://localhost/lazylibrarian/ | lazylibrarian | lazylibrarian |
Lidarr | https://localhost/lidarr/ | lidarr | lidarr |
Mylar | https://localhost/mylar/ | mylar | mylar |
Nzbget | https://localhost/nzbget/ | nzbget | nzbget |
NzbHydra2 | https://localhost/nzbhydra2/ | nzbhydra2 | nzbhydra2 |
Prowlarr | https://localhost/prowlarr/ | prowlarr | prowlarr |
qBitTorrent | https://localhost/qbittorrent/ | qbittorrent | qbittorrent |
Radarr | https://localhost/radarr/ | radarr | radarr |
Readarr | https://localhost/readarr/ | readarr | readarr |
LazyLibrarian ---> NzbHydra2 ---> Jackett ---> Flaresolverr
Lidarr ---> NzbHydra2 ---> Jackett ---> Flaresolverr
Mylar ---> NzbHydra2 ---> Jackett ---> Flaresolverr
Radarr ---> NzbHydra2 ---> Jackett ---> Flaresolverr
Readarr ---> NzbHydra2 ---> Jackett ---> Flaresolverr
Sonarr ---> NzbHydra2 ---> Jackett ---> Flaresolverr
LazyLibrarian ---> NzbHydra2
Lidarr ---> NzbHydra2
Mylar ---> NzbHydra2
Radarr ---> NzbHydra2
Readarr ---> NzbHydra2
Sonarr ---> NzbHydra2
LazyLibrarian ---> qBitTorrent
Lidarr ---> qBitTorrent
Mylar ---> qBitTorrent
Radarr ---> qBitTorrent
Readarr ---> qBitTorrent
Sonarr ---> qBitTorrent
LazyLibrarian ---> NzbGet
Lidarr ---> NzbGet
Mylar ---> NzbGet
Radarr ---> NzbGet
Readarr ---> NzbGet
Sonarr ---> NzbGet
Lidarr ---> Plex Media Server
Radarr ---> Plex Media Server
Sonarr ---> Plex Media Server
LazyLibrarian ---> Calibre
Mylar ---> Calibre
Readarr ---> Calibre
Bazarr ---> Sonarr
Bazarr ---> Radarr
By default, both downloaders, qBitTorrent and NzbGet, are configured to limit from 8AM to 11:59PM to;
- Download Rate - 1 Gbps
- Upload Rate - 30 Mbps (only applicable to qBitTorrent)
Outside of these hours, no speed control applied.
If desired, it is possible to change or disable the settings in these app's configs.
If you need to revert to the original code and configs, simply run;
make clean
- Lidarr is not pre-configured for the indexers because it didn't allow to add for a category issue
- Sonarr is not configured yet on HTTPS, it requires more tweaking
- Mylar doesn't work with qBittorrent and Nzbget using a self-signed certificate
- Lazylibarian doesn't work with qBittorrent using a self-signed certificate.
If you can help working on any of these issues and require more information, please feel free to open a issue and reach out.
IMPORTANT: This will ERASE every file on your media folder!
make clean_all
See LICENSE for full details.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
If you are using the code, entirelly or partially, forking the project, or getting inspired by it, consider becoming a sponsor, buying me a coffee, or maybe a beer, I would really appreciate it 😃