Docker Stack: Media

1. Contents

This docker stack is composed of the following docker images:

List of Docker images:
Surfshark

SurfShark VPN client.

qBittorrent

qBittorrent bittorrent client.

Jellyfin

Jellyfin Server is a media server that allows the contents of a media library to be streamed to Jellyfin clients.

Radarr

Radarr allows for automatic downloading of Movies by controlling a bittorrent client.

Sonarr

Sonarr allow for automatic downloading of TV Shows by controlling a bittorrent client.

Lidarr

Lidarr is a Music collection manager.

Prowlarr

Prowlarr is a proxy for Torrent and Usenet indexers. It will be used as an indexer for Sonarr, Radarr, and Lidarr.

Plex

Plex

Possible future addition - Jellyfin should suffice for now…​

2. Prerequisites

  1. First install the cifs-utils package (your system may already have this installed):

    sudo dnf install cifs-utils

  2. Create a docker-media-stack directory. The rest of the document will reference this directory.

    • All data for these docker services will be stored here so be mindful of space constraints.

      This directory can be created in your home directory or any other directory that can grow to a few GBs in size.

  3. Create various directories for the docker containers:

    1. Change directory to the root of where you want to store the docker data files.

      cd /home/mattosd

    2. Make folder for docker data.

      mkdir docker-media-stack

      In this example the docker project directory will be /home/<user name>/docker-media-stack

  4. Get the Surfshark username and password credentials.

    These are different and not the same as the username and password for your login account.

    1. Open this page in order to generate the OpenVPN credentials.

    2. If the values are empty, click the Generate new credentials link.

    3. These values will need to be plugged into the docker-compose.yml file referenced in the next section.

3. Start Containers

Use a docker-compose file to start all services.

  1. Within the docker-media-stack folder, create a docker-compose.yml file with the following contents

    Expand for docker-compose.yml contents 
    version: "3.5"

services:

  # Define SurfShark VPN service
  surfshark:
    image: ilteoood/docker-surfshark
    container_name: My-Surfshark-VPN
    environment:
      - SURFSHARK_USER=${SURFSHARK_USER}
      - SURFSHARK_PASSWORD=${SURFSHARK_PASSWORD}
      - SURFSHARK_COUNTRY=us
      - SURFSHARK_CITY=nyc
      - CONNECTION_TYPE=udp
      - LAN_NETWORK=
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    # This container will be the access point for other containers that use the VPN service.
    # Ports for the other containers need to be accounted for here
    ports:
      - 8080:8080     # Add the port for qBittorrent
      - 6881:6881     # another qBittorrent port
      - 6881:6881/udp # another qBittorrent port
    restart: unless-stopped
    dns:
      - 1.1.1.1

#----------------------------------------------------------------------

  # Define qBittorrent service
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: My-qBittorrent
    network_mode: service:surfshark   # Use the VPN
    depends_on:
      - surfshark
    environment:
      #- PUID=1000
      #- PGID=1000
      - PUID=0
      - PGID=0
      - TZ=America/New_York
      - WEBUI_PORT=8080
    volumes:
      - ./qBittorrent/config:/config
      - norco-torrents:/downloads
    restart: unless-stopped

#----------------------------------------------------------------------

  # Define Prowlerr service for indexer access
  # https://docs.linuxserver.io/images/docker-prowlarr
  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    container_name: My-Prowlarr
    environment:
      - PUID=0
      - PGID=0
      - TZ=America/New_York
    ports:
      - 9696:9696
    volumes:
      - ./Prowlarr/config:/config

#----------------------------------------------------------------------

  # Define Radarr service for Movies
  radarr:
    image: linuxserver/radarr:latest
    container_name: My-Radarr
    environment:
      - PUID=0
      - PGID=0
      - TZ=America/New_York
    ports:
      - 7878:7878
    volumes:
      - ./Radarr/config:/config
      - ./Radarr/media:/media # Media can be stored here but should use a larger Windows Shared drive instead
      - norco-plex2:/plex2 # Windows Shared drive for media.
      - norco-torrents:/downloads # Radarr needs to be able to see files downloaded via qBittorrent
    restart: unless-stopped

  # Define Sonarr service for TV Shows
  sonarr:
    image: lscr.io/linuxserver/sonarr:latest
    container_name: My-Sonarr
    environment:
      - PUID=0
      - PGID=0
      - TZ=America/New_York
    ports:
      - 8989:8989
    volumes:
      - ./Sonarr/config:/config
      - ./Sonarr/media:/media # Media can be stored here but should use a larger Windows Shared drive instead
      - norco-plex2:/plex2 # Windows Shared drive for media.
      - norco-torrents:/downloads # Sonarr needs to be able to see files downloaded via qBittorrent
    restart: unless-stopped

  # Define Lidarr service for Music
  lidarr:
    image: lscr.io/linuxserver/lidarr:latest
    container_name: My-Lidarr
    environment:
      - PUID=0
      - PGID=0
      - TZ=America/New_York
    ports:
      - 8686:8686
    volumes:
      - ./Lidarr/config:/config
      - ./Lidarr/media:/media # Media can be stored here but should use a larger Windows Shared drive instead
      - norco-music:/data/Musics # Windows Shared drive for media.
      - norco-torrents:/downloads # Lidarr needs to be able to see files downloaded via qBittorrent
    restart: unless-stopped

  # Define Readarr service for Books
  readarr:
    image: lscr.io/linuxserver/readarr:develop
    container_name: My-Readarr
    environment:
      - PUID=0
      - PGID=0
      - TZ=America/New_York
    ports:
      - 8787:8787
    volumes:
      - ./Readarr/config:/config
      - ./Readarr/media:/media # Books can be stored here but should use a larger Windows Shared drive instead
      - norco-books:/data/books # Windows Shared drive for books.
      - norco-torrents:/downloads # Readarr needs to be able to see files downloaded via qBittorrent
    restart: unless-stopped

#----------------------------------------------------------------------

  # Define Jellyfin service
  jellyfin:
    image: jellyfin/jellyfin:latest
    container_name: My-Jellyfin
    ports:
      - 8096:8096
    #user: 1000:1000
    network_mode: "bridge"
    volumes:
      - ./Jellyfin/cache:/cache
      - ./Jellyfin/config:/config
      - ./Sonarr/media:/sonar-media # This is where Sonar can store media on a local dir
      - norco-plex2:/plex2 # Ideally, all media will be here on this Windows Shared drive
    restart: "unless-stopped"

#----------------------------------------------------------------------
#----------------------------------------------------------------------

volumes:

  # Windows Shared drive for torrent downloads
  norco-torrents:
    driver_opts:
      type: cifs
      device: "//norco.dhante.local/Torrents"
      o: "user=${NORCO_USER},password=${NORCO_PASSWORD},addr=norco.dhante.local"

  # Windows Shared drive for TV/Movie media
  norco-plex2:
    driver_opts:
      type: cifs
      device: "//norco.dhante.local/Plex2"
      o: "user=${NORCO_USER},password=${NORCO_PASSWORD},addr=norco.dhante.local"

  # Windows Shared drive for Music
  norco-music:
    driver_opts:
      type: cifs
      device: "//norco.dhante.local/Media/Music/Lidarr"
      o: "user=${NORCO_USER},password=${NORCO_PASSWORD},addr=norco.dhante.local"

  # Windows Shared drive for Books
  norco-books:
    driver_opts:
      type: cifs
      device: "//norco.dhante.local/Library/Readarr"
      o: "user=${NORCO_USER},password=${NORCO_PASSWORD},addr=norco.dhante.local"

  2. Within the docker-media-stack folder, create a .env file with the following variables and values:

    SURFSHARK_USER=<surfshark user>         (1)
SURFSHARK_PASSWORD=<surfshark password> (2)
NORCO_USER=<user>                       (3)
NORCO_PASSWORD=<password>               (4)
    1 This is the Surfshark user credential value discovered in the previous step.
    2 This is the Surfshark password credential value discovered in the previous step.
    3 Provide the user name with read/write access to the network share.
    4 Provide the user’s password.

  3. Start the container:

    cd docker-media-stack
sudo docker-compose up -d
    Wait a few moments while all services are started.

4. Confirm VPN is running.

It is important that the torrent client uses the VPN for all of its traffic.

  1. Get the WAN IP of the docker host server

    Command
    curl icanhazip.com
    Sample results
    $ curl icanhazip.com
100.37.103.77

  2. Get the WAN IP for the My-qBittorrent container:

    Example Command
    sudo docker exec -t <container_name> curl icanhazip.com
    Sample results
    sudo docker exec -t My-qBittorrent curl icanhazip.com
91.246.58.171   (1)
    1 This should not be your ISP’s WAN address.

  3. Confirm that the IP address is not your WAN address.

  4. If the VPN is reporting your ISP’s WAN address then restart the docker-media-stack and then go back to the previous step to confirm the VPN is working:

    Change directory
    cd docker-media-stack
    Stop all containers
    sudo docker-compose down
    Start all containers
    sudo docker-compose up -d
You’ve now confirmed the VPN is running.

5. Access Web Pages

  1. On the docker server open FW ports for each app

    1. qBittorrent: 8080

    2. Jellyfin: 8096

    3. Radarr: 7878

    4. Sonarr: 8989

    5. Lidarr: 8686

    6. Prowlarr: 9696

  2. On the docker server open a browser and navigate to each of the container’s web pages :

    1. qBittorrent

      http://localhost:8080

username=admin
password=adminadmin

    2. Radarr

      http://localhost:7878

    3. Sonarr

      http://localhost:8989

    4. Lidarr

      http://localhost:8686

    5. Prowlarr

      http://localhost:9696

  3. Jellyfin is the exception and is not configured to use the VPN. Navigate to it normally via the address of the docker host server.

    http://localhost:8096

6. Configure Apps

6.1. Configure Jellyfin

Refer to the Jellyfin Guide.

6.2. Configure qBittorrent

Refer to the qBittorrent Guide.

6.3. Configure Sonarr

Refer to the Sonarr Guide.

6.4. Configure Radarr

Radarr and Sonarr are basically the same app. Use the Sonarr instructions for configuration.

6.5. Configure Prowlarr

Refer to the Prowlarr Guide.