commit f3af899de20193daa4dfaff550412e2d1f250ed8 Author: Kelvin Chen Date: Fri Nov 6 18:54:20 2015 -0500 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..710df2d --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.DS_Store + +/config diff --git a/Dockerfiles/base/Dockerfile b/Dockerfiles/base/Dockerfile new file mode 100644 index 0000000..d8ee938 --- /dev/null +++ b/Dockerfiles/base/Dockerfile @@ -0,0 +1,20 @@ +FROM debian:jessie +MAINTAINER Kelvin Chen + +# Install all dependencies that are used in multiple images +# to avoid wasting space. +RUN echo "deb http://httpredir.debian.org/debian jessie non-free" >> /etc/apt/sources.list && \ + apt-get update && \ + apt-get install --no-install-recommends -y \ + vim \ + ca-certificates \ + python \ + python-dev \ + curl \ + git \ + nginx \ + unzip \ + unrar \ + supervisor && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/Dockerfiles/frontend/Dockerfile b/Dockerfiles/frontend/Dockerfile new file mode 100644 index 0000000..a9fed09 --- /dev/null +++ b/Dockerfiles/frontend/Dockerfile @@ -0,0 +1,21 @@ +FROM kelvinchen/seedbox:base +MAINTAINER Kelvin Chen + +RUN apt-get update && \ + apt-get install --no-install-recommends -y apache2-utils && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +COPY nginx.conf common_default.conf ssl.conf /etc/nginx/ +COPY start / +COPY ssl-gen /usr/local/bin + +VOLUME /config + +EXPOSE 80 443 + +ENV USERNAME=user \ + PASSWORD=hunter2 \ + USE_SSL=false + +CMD ["/start"] diff --git a/Dockerfiles/frontend/common_default.conf b/Dockerfiles/frontend/common_default.conf new file mode 100644 index 0000000..f35ea47 --- /dev/null +++ b/Dockerfiles/frontend/common_default.conf @@ -0,0 +1,11 @@ +# vim: ft=nginx + +listen 80; +listen [::]:80; + +include proxy_params; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $http_connection; +proxy_redirect off; +proxy_buffering off; +proxy_http_version 1.1; diff --git a/Dockerfiles/frontend/nginx.conf b/Dockerfiles/frontend/nginx.conf new file mode 100644 index 0000000..6acd66a --- /dev/null +++ b/Dockerfiles/frontend/nginx.conf @@ -0,0 +1,90 @@ +worker_processes auto; + +user root root; +pid /run/nginx.pid; + +events { + worker_connections 4096; + use epoll; + multi_accept on; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include mime.types; + default_type application/octet-stream; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA'; + + access_log off; + error_log off; + + gzip on; + gzip_disable "msie6"; + + client_max_body_size 8M; + + auth_basic "Restricted"; + auth_basic_user_file .htpasswd; + + upstream rtorrent { + server seedbox_rtorrent_1; + } + + upstream syncthing { + server seedbox_syncthing_1:8384; + } + + upstream plex { + server seedbox_plex_1:32400; + } + + upstream sickrage { + server seedbox_sickrage_1:8081; + } + + server { + include common.conf; + server_name ~^(rtorrent)(\.\w+)+$; + + location / { + proxy_pass http://rtorrent; + } + } + + server { + include common.conf; + server_name ~^(sickrage)(\.\w+)+$; + + location / { + proxy_pass http://sickrage; + } + } + + server { + include common.conf; + server_name ~^(syncthing)(\.\w+)+$; + + location / { + proxy_pass http://syncthing; + } + } + + server { + include common.conf; + server_name ~^(plex)(\.\w+)+$; + + location / { + proxy_pass http://plex; + } + } +} + +# vim: ft=nginx diff --git a/Dockerfiles/frontend/ssl-gen b/Dockerfiles/frontend/ssl-gen new file mode 100755 index 0000000..a13d81d --- /dev/null +++ b/Dockerfiles/frontend/ssl-gen @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +# Short helper script to generate self signed SSL certificates. + +mkdir -p /config/frontend + +openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ + -subj "/C=SB/ST=Seedbox/L=Seedbox/O=Seedbox/CN=*" \ + -keyout /config/frontend/ssl.key -out /config/frontend/ssl.crt diff --git a/Dockerfiles/frontend/ssl.conf b/Dockerfiles/frontend/ssl.conf new file mode 100644 index 0000000..2c29b8f --- /dev/null +++ b/Dockerfiles/frontend/ssl.conf @@ -0,0 +1,11 @@ +# vim: ft=nginx + +listen 443 ssl; +listen [::]:443 ssl; + +ssl_certificate /config/frontend/ssl.crt; +ssl_certificate_key /config/frontend/ssl.key; + +if ($ssl_protocol = "") { + rewrite ^ https://$host$request_uri? permanent; +} diff --git a/Dockerfiles/frontend/start b/Dockerfiles/frontend/start new file mode 100755 index 0000000..2f43c2c --- /dev/null +++ b/Dockerfiles/frontend/start @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +# Make placeholder config directory +mkdir -p /config/frontend + +# Set basic auth credentials +htpasswd -cb /etc/nginx/.htpasswd $USERNAME $PASSWORD + +# Replace common.conf with default +cp -f /etc/nginx/common_default.conf /etc/nginx/common.conf + +${USE_SSL:=false} +if $USE_SSL ; then + echo "include ssl.conf;" >> /etc/nginx/common.conf +fi + +nginx -g "daemon off;" diff --git a/Dockerfiles/plex/Dockerfile b/Dockerfiles/plex/Dockerfile new file mode 100644 index 0000000..728b9e8 --- /dev/null +++ b/Dockerfiles/plex/Dockerfile @@ -0,0 +1,17 @@ +FROM kelvinchen/seedbox:base +MAINTAINER Kelvin Chen + +ARG PLEX_VER=0.9.12.18.1520-6833552 +ARG PLEX_DL="https://downloads.plex.tv/plex-media-server/$PLEX_VER/plexmediaserver_${PLEX_VER}_amd64.deb" + +RUN curl -sL "$PLEX_DL" > /tmp/plex.deb && \ + dpkg -i /tmp/plex.deb && \ + apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +COPY plexmediaserver /etc/default/plexmediaserver +COPY start Preferences.xml / + +VOLUME /config +EXPOSE 32400 + +CMD ["/start"] diff --git a/Dockerfiles/plex/Preferences.xml b/Dockerfiles/plex/Preferences.xml new file mode 100644 index 0000000..55732ee --- /dev/null +++ b/Dockerfiles/plex/Preferences.xml @@ -0,0 +1,4 @@ + + diff --git a/Dockerfiles/plex/plexmediaserver b/Dockerfiles/plex/plexmediaserver new file mode 100644 index 0000000..013762d --- /dev/null +++ b/Dockerfiles/plex/plexmediaserver @@ -0,0 +1,18 @@ +# Default script for Plex Media Server + +# The number of plugins that can run at the same time +PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS=10 + +# ulimit -s $PLEX_MEDIA_SERVER_MAX_STACK_SIZE +PLEX_MEDIA_SERVER_MAX_STACK_SIZE=3000 + +# Where the mediaserver should store the transcodes +PLEX_MEDIA_SERVER_TMPDIR=/tmp + +PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR="/config" + +# The user that PMS should run as, defaults to 'plex' +# note that if you change this you might need to move +# the Application Support directory to not lose your +# media library +PLEX_MEDIA_SERVER_USER=root diff --git a/Dockerfiles/plex/start b/Dockerfiles/plex/start new file mode 100755 index 0000000..9862096 --- /dev/null +++ b/Dockerfiles/plex/start @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +mkdir -p "/config/Plex Media Server/" +cp -n /Preferences.xml "/config/Plex Media Server/" + +start_pms > /dev/null 2>&1 diff --git a/Dockerfiles/rtorrent/Dockerfile b/Dockerfiles/rtorrent/Dockerfile new file mode 100644 index 0000000..7c98ed5 --- /dev/null +++ b/Dockerfiles/rtorrent/Dockerfile @@ -0,0 +1,22 @@ +FROM kelvinchen/seedbox:base +MAINTAINER Kelvin Chen + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + rtorrent \ + php5-fpm \ + php5-cli \ + php5-geoip \ + mediainfo && \ + ln -s /config/rtorrent/rtorrent.rc ~/.rtorrent.rc && \ + git clone --depth=1 https://github.com/Novik/ruTorrent.git /opt/rutorrent && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +VOLUME /config /torrents +COPY start rtorrent.rc supervisord.conf / +COPY nginx.conf /etc/nginx/nginx.conf +COPY rutorrent_config.php /opt/rutorrent/conf/config.php +EXPOSE 80 49161 49161/udp 6881/udp + +CMD ["/start"] diff --git a/Dockerfiles/rtorrent/nginx.conf b/Dockerfiles/rtorrent/nginx.conf new file mode 100644 index 0000000..4544d51 --- /dev/null +++ b/Dockerfiles/rtorrent/nginx.conf @@ -0,0 +1,55 @@ +# vim: ft=nginx + +user root root; + +worker_processes auto; +pid /run/nginx.pid; + +events { + worker_connections 4096; + use epoll; + multi_accept on; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log off; + error_log off; + + gzip on; + gzip_disable "msie6"; + + client_max_body_size 8M; + + server { + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + + server_name rtorrent; + root /opt/rutorrent; + + location /RPC2 { + include scgi_params; + scgi_pass unix:/var/run/rtorrent.sock; + } + + location / { + try_files $uri $uri/ =404; + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi.conf; + } + } + } +} diff --git a/Dockerfiles/rtorrent/rtorrent.rc b/Dockerfiles/rtorrent/rtorrent.rc new file mode 100644 index 0000000..b32f306 --- /dev/null +++ b/Dockerfiles/rtorrent/rtorrent.rc @@ -0,0 +1,43 @@ +# vim: ft=dosini + +scgi_local = /var/run/rtorrent.sock + +directory = /torrents +session = /config/rtorrent + +# Maximum and minimum number of peers to connect to per torrent. +min_peers = 30 +max_peers = 150 + +# Same as above but for seeding completed torrents (-1 = same as downloading) +min_peers_seed = -1 +max_peers_seed = -1 + +# Maximum number of simultaneous uploads per torrent. +max_uploads = 15 + +# Global upload and download rate in KiB. "0" for unlimited. +download_rate = 0 +upload_rate = 0 + +# Close torrents when diskspace is low. +schedule = low_diskspace,5,60,close_low_diskspace=100M + +port_range = 49161-49161 + +port_random = yes + +check_hash = yes + +use_udp_trackers = yes + +# Encryption options, set to none (default) or any combination of the following: +# allow_incoming, try_outgoing, require, require_RC4, enable_retry, prefer_plaintext +encryption = allow_incoming,try_outgoing,enable_retry + +dht = auto + +# UDP port to use for DHT. +dht_port = 6881 + +peer_exchange = yes diff --git a/Dockerfiles/rtorrent/rutorrent_config.php b/Dockerfiles/rtorrent/rutorrent_config.php new file mode 100644 index 0000000..4a6d3c0 --- /dev/null +++ b/Dockerfiles/rtorrent/rutorrent_config.php @@ -0,0 +1,53 @@ + '', + "curl" => '/usr/bin/curl', + "gzip" => '', + "id" => '', + "stat" => '', +); + +$localhosts = array( // list of local interfaces + "127.0.0.1", + "localhost", +); + +$profilePath = '/config/rutorrent'; // Path to user profiles +$profileMask = 0770; // Mask for files and directory creation in user profiles. + // Both Webserver and rtorrent users must have read-write access to it. + // For example, if Webserver and rtorrent users are in the same group then the value may be 0770. + +$tempDirectory = null; // Temp directory. Absolute path with trail slash. If null, then autodetect will be used. + +$canUseXSendFile = true; // Use X-Sendfile feature if it exist + +$locale = "UTF8"; diff --git a/Dockerfiles/rtorrent/start b/Dockerfiles/rtorrent/start new file mode 100755 index 0000000..a5d9ba5 --- /dev/null +++ b/Dockerfiles/rtorrent/start @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +# Make rtorrent session directory +mkdir -p /config/rtorrent + +# Add default config if it does not exist +cp -n /rtorrent.rc /config/rtorrent/rtorrent.rc + +# Remove rtorrent lock file if it exists so rtorrent can start +rm /config/rtorrent/rtorrent.lock + +# Make folders for storing rutorrent data +mkdir -p /config/rutorrent/settings /config/rutorrent/torrents \ + /config/rutorrent/users /config/rutorrent/plugins + +# Symlink all plugins in /config/rutorrent/plugins to the rutorrent directory +ln -fs $(ls -d1 /config/rutorrent/plugins/**) /opt/rutorrent/plugins/ + +# Make php-fpm run as root +# Everything is inside a docker container so this shouldn't +# be a security problem +sed -i "s/www-data/root/g" /etc/php5/fpm/pool.d/www.conf + +supervisord -c /supervisord.conf diff --git a/Dockerfiles/rtorrent/supervisord.conf b/Dockerfiles/rtorrent/supervisord.conf new file mode 100644 index 0000000..840cc1d --- /dev/null +++ b/Dockerfiles/rtorrent/supervisord.conf @@ -0,0 +1,20 @@ +; vim: ft=dosini + +[supervisord] +nodaemon = true + +[program:rtorrent] +priority = 1 +environment = TERM=xterm +command = rtorrent +autorestart = true + +[program:php] +priority = 2 +command = php5-fpm -F -R +autorestart = true + +[program:nginx] +priority = 3 +command = nginx -g "daemon off;" +autorestart = true diff --git a/Dockerfiles/sickrage/Dockerfile b/Dockerfiles/sickrage/Dockerfile new file mode 100644 index 0000000..85921ca --- /dev/null +++ b/Dockerfiles/sickrage/Dockerfile @@ -0,0 +1,15 @@ +FROM kelvinchen/seedbox:base +MAINTAINER Kelvin Chen + +RUN apt-get update && \ + apt-get install --no-install-recommends -y \ + python-cheetah && \ + git clone --depth=1 https://github.com/SiCKRAGETV/SickRage.git /opt/sickrage && \ + apt-get clean && rm -rf /var/lib/apt/lists/* + +VOLUME /config + +EXPOSE 8081 + +CMD python /opt/sickrage/SickBeard.py --nolaunch --datadir \ + /config/sickrage >> /dev/null 2>&1 diff --git a/Dockerfiles/syncthing/Dockerfile b/Dockerfiles/syncthing/Dockerfile new file mode 100644 index 0000000..bce964d --- /dev/null +++ b/Dockerfiles/syncthing/Dockerfile @@ -0,0 +1,17 @@ +FROM kelvinchen/seedbox:base +MAINTAINER Kelvin Chen + +RUN curl -sL https://syncthing.net/release-key.txt | apt-key add - && \ + echo "deb http://apt.syncthing.net/ syncthing release" >> /etc/apt/sources.list.d/syncthing.list && \ + apt-get update && \ + apt-get install syncthing && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +VOLUME /config + +EXPOSE 8384 22000 21027/udp + +COPY start config.xml / + +CMD ["/start"] diff --git a/Dockerfiles/syncthing/config.xml b/Dockerfiles/syncthing/config.xml new file mode 100644 index 0000000..2b83bf8 --- /dev/null +++ b/Dockerfiles/syncthing/config.xml @@ -0,0 +1,10 @@ + + +
0.0.0.0:8384
+ + + 0.0.0.0:22000 + false + false + + diff --git a/Dockerfiles/syncthing/start b/Dockerfiles/syncthing/start new file mode 100755 index 0000000..f19e08a --- /dev/null +++ b/Dockerfiles/syncthing/start @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +mkdir -p /config/syncthing + +cp -n /config.xml /config/syncthing + +syncthing -home /config/syncthing -no-browser >> /dev/null 2>&1 diff --git a/README.md b/README.md new file mode 100644 index 0000000..9ffbac7 --- /dev/null +++ b/README.md @@ -0,0 +1,49 @@ +# Seedbox +A collection of Dockerfiles and docker-compose configuration to set up a +seedbox. + +## Accessing the available WebUIs +Go to `X.domain` where `X` is the item you want to access. +Included items are: +- rtorrent +- sickrage +- syncthing +- plex + +The front-end reverse proxy routes based on the lowest level subdomain (e.g. +`rtorrent.example.com` would route to rtorrent). Since this is how the router +works, it is recommended for you to get a top level domain. If you do not have +one, you can edit your domains locally by changing your hosts file or use a +browser plugin that changes the host header. + +Note: Plex is also available directly through the `32400` port without going +through the reverse proxy. You will have to sign in with your plex.tv account +if you do this. + +## Running +```sh +$ docker-compose pull +$ docker-compose --x-networking up -d +``` +Make sure you install the dependencies and finish configuration before doing +this. + +You may optionally build the images yourself instead of pulling by running +`./build-all.sh`. + +## Dependencies +- [Docker](https://github.com/docker/docker) +- [Docker Compose](https://github.com/docker/compose) + +## Configuration +Copy the `config.default` file to `config` and change the variables as desired. +The variables are all self-explanatory. + +If you want to enable SSL, you would need to have your certificate and key be +at `/config/frontend/ssl.crt` and `/config/frontend/ssl.key` respectively. The +frontend image includes a command `ssl-gen` to automatically create self signed +certificates for you. + +## Where is my data? +All data are saved in the docker volumes `seedbox_config` or +`seedbox_torrents`. diff --git a/build-all.sh b/build-all.sh new file mode 100755 index 0000000..fffed14 --- /dev/null +++ b/build-all.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +# This script builds all the containers locally as an alternative to pulling +# from the docker registry. + +cd ${0%/*} + +docker build -t kelvinchen/seedbox:base Dockerfiles/base +docker build -t kelvinchen/seedbox:frontend Dockerfiles/frontend +docker build -t kelvinchen/seedbox:plex Dockerfiles/plex +docker build -t kelvinchen/seedbox:rtorrent Dockerfiles/rtorrent +docker build -t kelvinchen/seedbox:sickrage Dockerfiles/sickrage +docker build -t kelvinchen/seedbox:syncthing Dockerfiles/syncthing diff --git a/config.default b/config.default new file mode 100644 index 0000000..dbadf99 --- /dev/null +++ b/config.default @@ -0,0 +1,3 @@ +USERNAME=username +PASSWORD=hunter2 +USE_SSL=false diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..b7c2699 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,52 @@ +frontend: + image: kelvinchen/seedbox:frontend + restart: always + net: seedbox + ports: + - "80:80" + - "443:443" + volumes: + - seedbox_config:/config + env_file: + - config + +rtorrent: + image: kelvinchen/seedbox:rtorrent + restart: always + net: seedbox + ports: + - "49161:49161" + - "49161:49161/udp" + - "6881:6881/udp" + volumes: + - seedbox_config:/config + - seedbox_torrents:/torrents + +plex: + image: kelvinchen/seedbox:plex + restart: always + net: seedbox + ports: + - "32400:32400" + volumes: + - seedbox_config:/config + - seedbox_torrents:/torrents + +sickrage: + image: kelvinchen/seedbox:sickrage + restart: always + net: seedbox + volumes: + - seedbox_config:/config + - seedbox_torrents:/torrents + +syncthing: + image: kelvinchen/seedbox:syncthing + restart: always + net: seedbox + ports: + - "22000:22000" + - "21027:21027/udp" + volumes: + - seedbox_config:/config + - seedbox_torrents:/torrents