Can no access qbit webui

[Sparklingx]

everythign is working and healthy but cant access webui! checked log . no error

ports:
 - 6881:6881
 - 6881:6881/udp
 - 8085:8085
 
 8085 is webui port

compose file

version: '2.1'
services:
  vpn:
    image: thrnz/docker-wireguard-pia
    privileged: true 
    ports:
     - 6881:6881
     - 6881:6881/udp
     - 8085:8085
    volumes:
      # Auth token is stored here
     - pia-dat:/pia
    cap_add:
     - NET_ADMIN
            # SYS_MODULE might not be needed with a 5.6+ kernel?
            #- SYS_MODULE
        # Mounting the tun device may be necessary for userspace implementations
        #devices:
        #  - /dev/net/tun:/dev/net/tun
    environment:
     - FIREWALL=0
     - LOC=sg
     - USER=xxxxx
     - PASS=xxxxxx
     - KEEPALIVE=25 
     - PORT_FORWARDING=1   
    sysctls:
            # wg-quick fails to set this without --privileged, so set it here instead if needed
           
      - net.ipv4.conf.all.src_valid_mark=1
            # May as well disable ipv6. Should be blocked anyway.
      - net.ipv6.conf.default.disable_ipv6=1
      - net.ipv6.conf.all.disable_ipv6=1
      - net.ipv6.conf.lo.disable_ipv6=1
        # The container has no recovery logic. Use a healthcheck to catch disconnects.
    healthcheck:
      test: ping -c 1 www.google.com || exit 1
      interval: 30s
      timeout: 10s
      retries: 3

    # Example of another service sharing the VPN
    # If this service needs LAN access then LOCAL_NETWORK must be set appropriatley on the vpn container
    # Forwared ports should also be set on the vpn container if needed rather than this one in
    # order to access from the LAN
    # It may be preferable to use a reverse proxy connected via the docker bridge network instead
    # to keep the vpn isolated from the LAN
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent
    container_name: qbitvpn
    network_mode: "service:vpn"
    environment:
      - PUID=1002
      - PGID=1002
      - TZ=Europe/London
      - WEBUI_PORT=8085
    volumes:
      - /home/gggg/docker/qbitvpn1:/config
      - /home/gggg/Downloads/qbitvpn:/downloads
    depends_on:
      - vpn
    restart: always
volumes:
    pia-dat:    

[thrnz]

If you're trying to access it from the local LAN, you'll need to set the LOCAL_NETWORK env var. By default wg-quick routes everything through the vpn tunnel, so an exception has to be made if local network access is needed.

Also privileged: true shouldn't be needed, and port 6881 probably doesn't need exposing, unless you're wanting to allow torrent traffic on the local network as well.

[Sparklingx]

I am not trying to access it from local LAN. It is installed in a remote server. I want to accesss it using using its wan ip:webui port

[thrnz]

Accessing it directly via wan might be a bit more fiddly. As the vpn container can still communicate with other containers attached to the same Docker network, a reverse proxy might be the way to go.

Something like this should work, though bear in mind the port is being exposed to the internet without any kind of encryption. Note that the port is exposed on the reverse-proxy instead of the vpn container.

services:
  vpn:
    image: thrnz/docker-wireguard-pia
    volumes:
     - pia-dat:/pia
    cap_add:
     - NET_ADMIN
    environment:
     - LOC=sg
     - USER=xxxxx
     - PASS=xxxxxx
     - KEEPALIVE=25 
     - PORT_FORWARDING=1
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.default.disable_ipv6=1
      - net.ipv6.conf.all.disable_ipv6=1
      - net.ipv6.conf.lo.disable_ipv6=1
    networks:
      - vpn

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent
    container_name: qbitvpn
    network_mode: "service:vpn"
    environment:
      - PUID=1002
      - PGID=1002
      - TZ=Europe/London
      - WEBUI_PORT=8085
    volumes:
      - /home/gggg/docker/qbitvpn1:/config
      - /home/gggg/Downloads/qbitvpn:/downloads
    depends_on:
      - vpn
    restart: always

  # Expose the webui port using socat
  reverse-proxy:
    image: alpine/socat
    depends_on:
      - vpn
    command: "TCP-LISTEN:8085,fork,reuseaddr TCP:vpn:8085"
    ports:
      - 8085:8085
    networks:
      - vpn
      
networks:
  vpn:

volumes:
  pia-dat:

Something like Traefik or nginx-proxy-manager might be a better option, though would need more setting up.

[Sparklingx]

Thanks a lot for your time. your final compose worked flawlessly. I can now access the webui. I want to know one more thing, Port used for incoming connections: 6881 , Ideally we want this port to be open so other peers can connect with me. Thats why I exposed that port without knowing how all these things work. But now Im using your final docker-compose file and I used some sites to check if the port is open but showing its not.

[Sparklingx]

ok so looks like port forwarding is working I had to check the log which port is forwarded and had to change qbittorrent listen port to that port

[thrnz]

I think 6881 is the default port used by Bittorrent, so if you're sticking with the defaults and using it on a normal connection, then port 6881 would need forwarding to the container via docker. When using it through a vpn though, everything goes through the tunnel instead, so forwarding ports using docker isn't needed.

6881 wouldn't work with PIA anyway, as you don't get any choice of which port number gets used for forwarding. It looks like you've got things working now though.

If you're reading the port manually from the log and entering it into qbittorrent, it might be worth setting PORT_PERSIST=1 on the container. That way the port number should stay the same across container restarts, and would only need manually updating every 2 months or so - it should say in the log when it's due to expire.

[Sparklingx]

Issue Solved
For future reference anybody seeing this, this is my complete docker-compose.yml 1: webui open in the internet 2: auto port change to the exposed wireguard vpn port

services:
  vpn:
    image: thrnz/docker-wireguard-pia
    container_name: qbitwire
    volumes:
     - /home/gggg/docker/pia/pia:/pia
     - /home/gggg/docker/pia/pia-shared:/pia-shared
     - /home/gggg/docker/pia/script.sh:/script.sh
    cap_add:
     - NET_ADMIN
    environment:
     - LOC=swiss
     - USER=xxxxxxx
     - PASS=xxxxxxxx
     - KEEPALIVE=25
     - PORT_FORWARDING=1
     - PORT_SCRIPT=/script.sh

    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.default.disable_ipv6=1
      - net.ipv6.conf.all.disable_ipv6=1
      - net.ipv6.conf.lo.disable_ipv6=1
    networks:
      - vpn

  qbittorrent:
    image: qbittorrentofficial/qbittorrent-nox:latest
    container_name: qbitvpn
    network_mode: "service:vpn"
    environment:
      - PUID=1002
      - PGID=1002
      - TZ=Europe/London
      - QBT_WEBUI_PORT=8085
    volumes:
      - /home/ggg/docker/qbitvpn:/config
      - /home/ggg/Downloads/qbitvpn:/downloads
    depends_on:
      - vpn
    restart: always

  # Expose the webui port using socat
  reverse-proxy:
    image: alpine/socat
    container_name: qbitProxy
    depends_on:
      - vpn
    command: "TCP-LISTEN:8085,fork,reuseaddr TCP:vpn:8085"
    ports:
      - 8085:8085
    networks:
      - vpn
networks:
  vpn:

[mrchrisster]

Thanks for sharing!

[ScottESanDiego]

@Sparklingx What's in your script.sh that presumably changes the configured port in qbit?