Browse Source

Merge pull request #16987 from Chocobo1/hardening

Improve docker script
adaptive-webui-19844
Chocobo1 3 years ago committed by GitHub
parent
commit
c90f1511dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 10
      dist/docker/Dockerfile
  2. 9
      dist/docker/Readme.md
  3. 15
      dist/docker/entrypoint.sh

10
dist/docker/Dockerfile vendored

@ -40,9 +40,17 @@ FROM alpine:latest
RUN \ RUN \
apk --no-cache add \ apk --no-cache add \
doas \
libtorrent-rasterbar \ libtorrent-rasterbar \
qt6-qtbase \ qt6-qtbase \
tini tini && \
adduser \
-D \
-H \
-s /sbin/nologin \
-u 1000 \
qbtUser && \
echo "permit nopass :root" >> "/etc/doas.d/doas.conf"
COPY --from=builder /usr/local/bin/qbittorrent-nox /usr/bin/qbittorrent-nox COPY --from=builder /usr/local/bin/qbittorrent-nox /usr/bin/qbittorrent-nox

9
dist/docker/Readme.md vendored

@ -35,6 +35,7 @@ docker build \
QBT_WEBUI_PORT=8080 QBT_WEBUI_PORT=8080
docker run \ docker run \
-it \ -it \
--read-only \
--rm \ --rm \
--name qbittorrent-nox \ --name qbittorrent-nox \
-e QBT_EULA \ -e QBT_EULA \
@ -42,8 +43,8 @@ docker build \
-p "$QBT_WEBUI_PORT":"$QBT_WEBUI_PORT" \ -p "$QBT_WEBUI_PORT":"$QBT_WEBUI_PORT" \
-p 6881:6881/tcp \ -p 6881:6881/tcp \
-p 6881:6881/udp \ -p 6881:6881/udp \
-v /your_path/config:/config \ -v <your_path>/config:/config \
-v /your_path/downloads:/downloads \ -v <your_path>/downloads:/downloads \
qbittorrent-nox:"$QBT_VERSION" qbittorrent-nox:"$QBT_VERSION"
``` ```
Then you can login at: `http://127.0.0.1:8080` Then you can login at: `http://127.0.0.1:8080`
@ -67,5 +68,5 @@ docker build \
### Volumes ### Volumes
There are some paths involved: There are some paths involved:
* `/your_path/config` on your host machine will contain qBittorrent configurations * `<your_path>/config` on your host machine will contain qBittorrent configurations
* `/your_path/downloads` on your host machine will contain the files downloaded by qBittorrent * `<your_path>/downloads` on your host machine will contain the files downloaded by qBittorrent

15
dist/docker/entrypoint.sh vendored

@ -1,5 +1,6 @@
#!/bin/sh #!/bin/sh
downloadsPath="/downloads"
profilePath="/config" profilePath="/config"
qbtConfigFile="$profilePath/qBittorrent/config/qBittorrent.conf" qbtConfigFile="$profilePath/qBittorrent/config/qBittorrent.conf"
@ -22,7 +23,13 @@ EOF
fi fi
fi fi
qbittorrent-nox \ # those are owned by root by default
--profile="$profilePath" \ # don't change existing files owner in `$downloadsPath`
--webui-port="$QBT_WEBUI_PORT" \ chown qbtUser:qbtUser "$downloadsPath"
"$@" chown qbtUser:qbtUser -R "$profilePath"
doas -u qbtUser \
qbittorrent-nox \
--profile="$profilePath" \
--webui-port="$QBT_WEBUI_PORT" \
"$@"

Loading…
Cancel
Save