Been having a frustrating but rewarding time setting up my first server with some advice from you all. Learned a lot and feel like I’m almost there with a lot of it. One thing I’ve really been struggling with is public indexers on Prowlarr. In the UK I can only access them behind a VPN but Prowlarr can’t access the rest of the suite if it goes behind Gluetun.
I feel like I’ve tried everything, it seems that I likely want to use the indexer proxy built into Prowlarr but I must be doing something wrong as it’s always refused or never resolves. I did read something about privoxy which I did try and look into but no success. Considered just leaving the whole thing for usenet but I’d just love to get some public trackers working successfully in the UK. Does anyone have any advice to someone still learning please?
Thanks all!
Edit: Thanks all for your input! I got it workihg by adding httpproxy=on to Gluetun then adding the http proxy deets into the Prowlarr http proxy page.
Containers sharing the same network (e.g. gluetun) should be able to see each other’s by their hostnames, yet the VPN blocks that by its very nature, so… Check out https://github.com/qdm12/gluetun-wiki/blob/main/setup/inter-containers-networking.md
The trash guides say to avoid putting the arrs through VPN so I only put the torrent client through. Is that what you do?
I am in the UK TOO, I use docker on a nas and I only have gluetun and qbittorrent using vpn, all my other containers (sonarr, radarr, bazarr, prowlarr) are kt behind vpn. What do you mean prowlarr cannot access the indexers? If you use the setting for the indexer you should be able to try different URLs for it, check if any of them works.
Sorry don’t quite follow. Are the arrs behind VPN on your setup? If I use Gluetun for Prowlarr then I can connect fine to the public trackers, but the information doesn’t pass to Sonarr etc. Which makes sense to me, but I don’t know how to work around it.
Edit: I’ve tried all of the alt URLs and still nada also unless it’s behind VPN.
In my setup, only qbittorrent container is using the gluetun network, all other “arrs” are using bridge non-VPN connection (my ISP uses CGNAT and I have no need to access them from outside anyway). It may be my ISP does not block those indexers alternative URL’s, my previous one didn’t either though.
Gluetun is great, but it does not work with docker swarm. I’m using a container running wireguard and Dante as a SOCKS5 proxy, everything that needs a VPN is on an internal overlay network and routes through the proxy container. Only the proxy container is part of the public network and all external traffic goes through the VPN. I use Traefik as a reverse proxy which is part of both the private and public networks. Meaning I can access the private containers (qbitorrent, prowlarr and sonarr) externally through Traefik but they cannot access anything outside the internal private network unless they route though the proxy container.
It’s not perfect but it works xD
FWIW, all of my *arr, and VPN containers use the same network bridge. Prowlarr and torrent use the VPN service, though having Prowlarr on there is maybe overkill. They’re all able to access one another using the bridge gateway + port as the host, e.g.: 172.20.0.1:5050
I mostly used this guide, where he suggests:
I have split out Prowlarr as you may want this running on a VPN connection if your ISP blocks certain indexers. If not copy this section into your compose as well. See my Gluetun guides for more information on adding to a VPN.
One thing I had to make sure of was that the ports for Prowlarr were included in the VPN container setup, rather than the Prowlarr section (b/c it’s just connecting to the VPN service):
ports: - 8888:8888/tcp # HTTP proxy - 8388:8388/tcp # Shadowsocks - 8388:8388/udp # Shadowsocks - 8090:8090 # port for qbittorrent - 9696:9696 # For Prowlarr
I wonder if I need to use a proper compose instead of the Portainer stacks function, so they’re all on the same network withing docker.
deleted by creator
I have VPN, BitTorrent and prowlarr in one “stack” (a project in Synology Container Manager). Everything else is bundled into a separate project. Not sure how portainer would make this work differently. I don’t have much experience with that.
Yeah that makes sense. That’s helpful thank you. I finally got it working pretty simply last night. Thanks for the help!
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CF CloudFlare CGNAT Carrier-Grade NAT DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web NAT Network Address Translation VPN Virtual Private Network
5 acronyms in this thread; the most compressed thread commented on today has 13 acronyms.
[Thread #252 for this sub, first seen 30th Oct 2023, 15:50] [FAQ] [Full list] [Contact] [Source code]
If it’s anything like Australia, it’s just a matter of not using the ISP’s DNS servers. eg. Use Quad9, CF, NextDNS, etc.
I did try a custom DNS in the Prowlarr compose stack in Portainer but it didn’t help unfortunately. Do you do it a different way?
Omg I was doing DNS wrong in the compose. Totally works now, thank you!
Edit oh no, I thought I’d cracked it but still unable to connect.
I set the computers DNS, not the container … so everything on the computer will use Quad9, etc.
Thanks, I tried this but same sitch
There have been a few cases where ports are blocked. For example on many residential port 25 is blocked. If you pay and get a static ip this often gets unblocked. Same with port 10443 on a few residential services. There’s probably more but these are issues I’ve seen.
If you think about how trivial these are to bypass, but also that often aligns to fixing the problem for why they’re blocked. Iirc port 10443 was abused by malicious actors when home routers accepted Nat- pnp from say an unpatched qnap. Automatically forwarding inbound traffic on 10443 to the nas which has terrible security flaws and was part of a wide spread botnet. If you changed the Web port, you probably also are maintaining the qnap maybe. Also port 25 can be bypassed by using start-tls authenticated mail on 587 or 465 and therefore aren’t relaying outbound mail spam from infected local computers.
Overall fair enough.
It’s been a while since I set mine up but I know that most public indexes using a proxy will get blocked by cloudflare at one time or another. Away around that is to use flaresolverr. Not totally sure if that is your problem but it might be a good place to look.
Thank you, I’ll have a look. I think I should be able to use the http proxy with my mullvad but I’m just struggling to find information I can follow. I’ll check flaresolver in the meantime.
I tried flaresolver but still no connecty unfortunately.