feat(extras/scripts): update qBittorrent peer port with optional authentication#2700
feat(extras/scripts): update qBittorrent peer port with optional authentication#2700astappiev wants to merge 14 commits intoqdm12:masterfrom
Conversation
|
I'm currently working on something similar, but I guess this would be a better solution. 👍 |
|
The only downside of these scripts is that they don't cover a scenario when a client is started after gluetun. |
|
@astappiev Looks good to me. The only thing I would appreciate is if we could add an option for Nmap to check whether the port is actually open. I'm on a couple of private trackers, and if my TCP port is filtered, I could get heat—or in the worst case—have my account banned. I tried integrating it into my script and controlling the VPN via the control server, but Gluetun doesn't have an API for WireGuard yet. |
|
I think it should be implemented as another script (as it is not client dependent), or even in the gluetun core. |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
qdm12
changed the title
qdm12
added
Status: 🗯️ Waiting for feedback
Status: 🔒 After next release
This comment was marked as off-topic.
This comment was marked as off-topic.
|
@AndaPlays for this nmap command to succeed, I suppose you do need a program listening on the forwarded port right? What I'm thinking is to, when setting up port forwarding:
I'm going to mark our comments as off topic, would you please open an issue for this? Thanks!! |
|
Hey guys, I know it's not a native solution but this use case is exactly why I made qSticky. Been working very well and it doesn't matter what order things come up as it's a middleman between the two applications. |
There was a problem hiding this comment.
Pull request overview
This PR adds a shell script for updating qBittorrent's peer port configuration via its WebUI API, inspired by PR #2611 which added a similar script for Transmission. The script is designed to work with Gluetun's VPN port forwarding commands and supports optional authentication.
Changes:
- Added a new shell script
qbittorrent-port-update.shwith authentication support and flexible configuration options - Modified the Dockerfile to copy the script into the Docker image at
/scripts/qbittorrent-port-update.sh
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 12 comments.
| File | Description |
|---|---|
| extras/scripts/qbittorrent-port-update.sh | New script to update qBittorrent peer port, network interface, and address with optional authentication support |
| Dockerfile | Added COPY instruction to include the script in the Docker image |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
qdm12
force-pushed
the
master
branch
3 times, most recently
from
27f74e4 to
fe3d4a9
Compare
qdm12
force-pushed
the
master
branch
2 times, most recently
from
d0247a1 to
0eeee5c
Compare
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
… with script changes
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 8 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # second call to set the actual port, interface and address | ||
| wget ${WGET_OPTS} -qO- --post-data="json={\"listen_port\":$VPN_PORT,\"current_network_interface\":\"$VPN_INTERFACE\",\"current_interface_address\":\"$VPN_ADDRESS\"}" "$WEBUI_URL/v2/app/setPreferences" | ||
| if [ $? -ne 0 ]; then |
There was a problem hiding this comment.
The JSON payload is constructed via string interpolation without escaping VPN_INTERFACE / VPN_ADDRESS. If either contains a quote/backslash (or other unexpected characters), the request JSON will be invalid and could potentially change the intended preferences. Consider either JSON-escaping these values before building the payload, or strictly validating them against an allowlist pattern (interface name / IP literal / empty) before sending.
| --server-response 2>&1 | \ | ||
| grep -i "set-cookie:" | \ | ||
| sed 's/.*set-cookie: //I;s/;.*//') | ||
|
|
||
| if [ -z "${cookie}" ]; then | ||
| echo "ERROR: Failed to authenticate with qBittorrent. Check username/password or verify WebUI is accessible" | ||
| exit 1 | ||
| fi | ||
|
|
||
| # set cookie for future requests | ||
| WGET_OPTS="${WGET_OPTS} --header=Cookie:$cookie" |
There was a problem hiding this comment.
cookie is derived from potentially multiple Set-Cookie headers; if multiple lines are returned, the variable may contain newlines and later be appended into WGET_OPTS, producing an invalid --header argument. Consider constraining this to the specific cookie qBittorrent requires (e.g., first match for the session cookie) and/or stripping newlines before adding it to request headers.
There was a problem hiding this comment.
Is this still a problem now that is uses a cookie jar?
| if [ $# -lt 2 ] || [ -z "$2" ]; then | ||
| echo "Error: --iface requires a non-empty argument." | ||
| usage | ||
| exit 1 | ||
| fi | ||
| VPN_INTERFACE="$2" |
There was a problem hiding this comment.
The --iface option block rejects an explicitly empty value (--iface ""), but the usage text lists "" (any interface) as a valid example. Consider allowing an empty string by only erroring when the argument is missing (i.e., $# -lt 2), not when $2 is empty, and ensure downstream JSON generation handles the empty value correctly.
| if [ $# -lt 2 ] || [ -z "$2" ]; then | ||
| echo "Error: --addr requires a non-empty argument." | ||
| usage | ||
| exit 1 | ||
| fi | ||
| VPN_ADDRESS="$2" |
There was a problem hiding this comment.
The --addr option block rejects an explicitly empty value (--addr ""), but the usage text lists "" (all addresses) as a valid example. Consider allowing an empty string by only erroring when the argument is missing (i.e., $# -lt 2), not when $2 is empty, and ensure the JSON payload remains valid when the address is empty.
| --webui-port) | ||
| if [ $# -lt 2 ] || [ -z "$2" ]; then | ||
| echo "Error: --webui-port requires a non-empty argument." | ||
| usage | ||
| exit 1 | ||
| fi | ||
| WEBUI_PORT="$2" | ||
| WEBUI_URL=$(build_default_url "$WEBUI_PORT") | ||
| shift 2 | ||
| ;; | ||
| --url) | ||
| if [ $# -lt 2 ] || [ -z "$2" ]; then | ||
| echo "Error: --url requires a non-empty argument." | ||
| usage | ||
| exit 1 | ||
| fi | ||
| WEBUI_URL="$2" | ||
| shift 2 |
There was a problem hiding this comment.
The help text says --webui-port is not compatible with --url (and vice-versa), but the parser currently allows both and whichever appears last silently wins. Please add an explicit validation after argument parsing to fail fast when both are provided, or otherwise define and document precedence.
qdm12
added
Status: 📌 Before next release
|
Look at hotio plex container and see how they have done for plex. Their plex container works with port forwarding. This setup works for me. Whatever what’s going on under the hood I have no clue about. plex:
container_name: plex
image: ghcr.io/hotio/plex
hostname: plex
restart: unless-stopped
cap_add:
- NET_ADMIN
environment:
- PUID=${PUID}
- PGID=${PGID}
- UMASK=${UMASK}
- TZ=${TZ}
- PLEX_CLAIM_TOKEN=${PLEX_CLAIM_TOKEN}
- PLEX_BETA_INSTALL=false
- PLEX_PURGE_CODECS=false
- VPN_ENABLED=true
- VPN_CONF=wg0
- VPN_PROVIDER=${HOTIO_VPN}
- VPN_DNS=${VPN_DNS}
- VPN_LAN_NETWORK=${VPN_LAN_NETWORK}
- VPN_AUTO_PORT_FORWARD=true
- VPN_PORT_REDIRECTS=32400/tcp
volumes:
- ${DOCKER_APP}/plex:/config
- ${TV}:/tv
- ${MOVIES}:/movies
- ${RAM}:/transcode
devices:
- /dev/dri:/dev/dri
networks:
- media |
qdm12
force-pushed
the
master
branch
2 times, most recently
from
2c06921 to
9a5995f
Compare
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Inspired by #2611 and talks in #1555 created a script to update peer-port of qBittorrent.
Upd: added option to authenticate.