Proxy_set_header X-Forwarded-Host $http_host Proxy_set_header X-Forwarded-Proto $scheme # The `8888` port here has to match the one in the `WEBUI_PORT` in docker-compose.yml Http2_push_preload on # Enable http2 push # Some might also be fine with exposing qBitTorrent's login page directly. I whitelist my home IP, but you can choose to use something like HTTP auth if you want. # add_header Content-Security-Policy "default-src https: moz-extension: 'self' 'unsafe-inline' style-src 'unsafe-inline' img-src https:" # Commented by default, because it generally causes more headaches than it helps. # Might wanna tweak it to your own liking if you don't use it. # CSP that whitelists a userstyle I use in my browser, for the qBitTorrent web UI: Ssl_session_cache builtin:1000 shared:SSL:10m Īdd_header X-XSS-Protection "1 mode=block" Īdd_header X-Content-Type-Options "nosniff" Īdd_header Strict-Transport-Security "max-age=63072000 includeSubDomains preload" # So normally I'd just put `include ssl_nf` and call it a day. # These files are included as part of my NGINX bootstrapping script: Ssl_certificate_key /srv/ssl/qbittorrent/key.pem ![]() Ssl_certificate /srv/ssl/qbittorrent/fullchain.pem # Someone's reddit comment while I was researching, I wish I could find it again. # My personal NGINX bootstrapping script: NGINX configuration file # This is loosely based on the following: # Hard drives with more storage space, for download directories. # For persisting qBitTorrent configuration files Image: ghcr.io/linuxserver/qbittorrent:14.3.9 # I recommend using this for the time being, because 4.4.x seems to be having various issues, including performance and memory leak issues. # `:14.3.9` locks the qBitTorrent version to v4.3.9. # This means that the host's port "8080" will now forward to port "8888" on the qBitTorrent container. # The secondary `8888` matches the `WEBUI_PORT` on the qBitTorrent container. # I run NGINX on the host server for a reverse proxy. # based on the filename of `nf` in `/etc/wireguard/nf` # Keep in mind that the "Network interface" within qBitTorrent (second screenshot on wiki) is named # The last part after `:` isn't important, besides the fact it needs to be within `/etc/wireguard`. If you use `nf` instead, the line should look similar to: # Alternatively: change the line below to match your local filename. # and put it in the same folder as `docker-compose.yml` I also recommend forcing qBitTorrent to use the Mullvad network interface (Advanced -> Network interface), though I'm not sure if it matters much Port forwardingįor port forwarding to work via Mullvad, you have to set the "Listening port" (Settings -> Connection -> Listening port) in qBitTorrent to the correct forwarded port from Mullvad. You will also restrict the amount of peers you can upload (seed) to. ![]() Keep in mind that without port forwarding, you'll usually end up with less peers and thus downloads make take longer. Port forwarding will only work if the VPN provider supports port forwarding, but torrenting might still work regardless. Note: In theory this should work with other VPN providers, but I have only tested it with Mullvad specifically. Sample Docker Compose configuration for running qBitTorrent as a container routed through another Mullvad container.
0 Comments
Leave a Reply. |