Update fileConfig.yml

replace deprecated IpWhiteList middleware

examples/arr-suite/README.md

@@ -7,7 +7,7 @@
 - https://docs.linuxserver.io/images/docker-readarr/
 - https://github.com/FlareSolverr/FlareSolverr
 - https://docs.linuxserver.io/images/docker-qbittorrent/
-  - https://github.com/MarkusMcNugen/docker-qBittorrentvpn 
+- https://hub.docker.com/r/qmcgaw/gluetun
 - https://docs.linuxserver.io/images/docker-emby/
 - https://docs.linuxserver.io/images/docker-jellyfin (alternative option to emby)
 
@@ -18,6 +18,9 @@
 >
 >  Use this docker stack responsibly!
 
+> [!CAUTION]
+> This setup makes use of gluetun to obtain a vpn killswitch network. This requires a vpn provider like mullvad or others.
+
 Docker stack consisting of various arr-services like:
 
 - Prowlarr
@@ -34,11 +37,11 @@ Docker stack consisting of various arr-services like:
   - Used to bypass Cloudflare for prowlarr
   - You must add it at prowlarr as indexer with the tag `flaresolverr`
 - Qbittorrent
-  - Used as download client, preferably behind VPN (e.g. socks5)
+  - Used as download client; run behind gluetun vpn killswitch container
   - A temporary password for the `admin` user will be printed to the container log on startup. Change it immediately to a static one that does not change again.
-- [optional] Qbittorrent with OpenVPN killswitch
-  - Spawns an OpenVPN connection with iptables killswitch to hide your IP to safely download ISOs.
-  - Default user will be `admin` with the password `adminadmin`. Change it immediately to a static one that does not change again.
+- Gluetun
+  - Used for establishing an openvpn/wireguard killswitch vpn connection for qbittorrent
+  - Requires an active subscription for a vpn provider (e.g. Mullvad)
 - Emby / Jellyfin
   - Used to manage your media libraries and stream it from various devices
  
@@ -48,8 +51,6 @@ The following bind mount volumes are defined:
   - holds the config files of an arr container
 - `/arr-suite/media/`
   - will hold your media files such as movies, music, books, tv-shows, qbittorrent downloads etc.
- 
-Note: You can replace the normal qbittorrent container with the commented one supporting OpenVPN kill switch. If so, you have to put your OpenVPN config, certificate and creds into the `/arr-suite/configs/qbittorrentvpn/openvpn/` directory. More information can be found [here](https://github.com/MarkusMcNugen/docker-qBittorrentvpn?tab=readme-ov-file#how-to-use-openvpn). Afterwards add the new qbittorrent as downloading client to your arr containers by using your Docker server's host IP address.
 
 ## Setup
 
@@ -57,7 +58,7 @@ You can follow this Youtube tutorial on how to setup most of the arr application
 
 https://www.youtube.com/watch?v=LD8-Qr3B2-o
 
-**Note**:  As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. Use Docker networks!
+**Note**:  As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. Use Docker networks! The only exception is qbittorrent, which uses the vpn killswitch network of the gluetun container. Here, the gluetun container will expose qbittorrent's web ui on TCP/8080 and the IP address of your docker host server. Setup qbittorrent in all arr-applications using your server's local IP address, on which port 8080 is mapped to.
 
 > [!WARNING]
 > We configured qbittorrent to use the non-default path `/media/downloads` for downloads.

examples/arr-suite/docker-compose.yml

@@ -4,7 +4,7 @@ services:
 
   # image used to index torrent links from the internet
   prowlarr:
-    image: lscr.io/linuxserver/prowlarr:latest
+    image: linuxserver/prowlarr:latest
     container_name: arr-suite-prowlarr
     environment:
       - PUID=1000
@@ -29,7 +29,7 @@ services:
 
   # image used to scan for tv shows
   sonarr:
-    image: lscr.io/linuxserver/sonarr:latest
+    image: linuxserver/sonarr:latest
     container_name: arr-suite-sonarr
     environment:
       - PUID=1000
@@ -55,7 +55,7 @@ services:
 
   # image used to scan for movies
   radarr:
-    image: lscr.io/linuxserver/radarr:latest
+    image: linuxserver/radarr:latest
     container_name: arr-suite-radarr
     environment:
       - PUID=1000
@@ -81,7 +81,7 @@ services:
 
   # image used to scan for music
   lidarr:
-    image: lscr.io/linuxserver/lidarr:latest
+    image: linuxserver/lidarr:latest
     container_name: arr-suite-lidarr
     environment:
       - PUID=1000
@@ -107,7 +107,7 @@ services:
 
   # image used to scan for books
   readarr:
-    image: lscr.io/linuxserver/readarr:develop
+    image: linuxserver/readarr:develop
     container_name: arr-suite-readarr
     environment:
       - PUID=1000
@@ -146,27 +146,23 @@ services:
     #networks:
     #  - proxy    
 
-  # image used to download stuff
-  qbittorrent:
-    image: lscr.io/linuxserver/qbittorrent:latest
-    container_name: arr-suite-qbittorrent
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/Berlin
-      - WEBUI_PORT=8080
-      - TORRENTING_PORT=6881
-    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrent:/config # contains all relevant configuration files
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads # location of downloads on disk
-    expose:
-      - 8080/tcp # web ui
-      - 6881/tcp # tcp connection port
-      - 6881/udp # udp connection port
+  # image used for vpn killswitch network
+  gluetun:
+    image: qmcgaw/gluetun:latest
+    container_name: arr-suite-gluetun
+    cap_add:
+      - NET_ADMIN
     ports:
-      - 8080:8080/tcp # web ui
-      - 6881:6881/tcp # tcp connection port
-      - 6881:6881/udp # udp connection port
+      - 8080:8080 # qbittorrent http web ui
+    environment:
+      # see https://github.com/qdm12/gluetun-wiki for more details
+      # example envs based on https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md
+      - VPN_SERVICE_PROVIDER=mullvad # define the vpn provider
+      - VPN_TYPE=wireguard # define the vpn protocol to use
+      - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # define your wireguard private key here
+      - WIREGUARD_ADDRESSES=10.64.222.21/32 # define the ipv4 vpn network subnet here
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/gluetun:/gluetun
     restart: unless-stopped
     #networks:
     #  - proxy
@@ -178,46 +174,26 @@ services:
     #  # Optional part for traefik middlewares
     #  - traefik.http.routers.qbittorrent.middlewares=local-ipwhitelist@file
 
-  # image used to download stuff over openvpn (e.g. mullvad)
-  #qbittorrentvpn:
-  #  image: markusmcnugen/qbittorrentvpn
-  #  container_name: arr-suite-qbittorrentvpn
-  #  privileged: true
-  #  sysctls:
-  #    - net.ipv6.conf.all.disable_ipv6=0
-  #  volumes:
-  #    - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrentvpn:/config # contains all relevant configuration files; put your vpn config into the openvpn dir
-  #    - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads # location of downloads on disk
-  #    - /etc/localtime:/etc/localtime:ro
-  #  environment:
-  #    - VPN_ENABLED=yes
-  #    - LAN_NETWORK=192.168.1.0/24
-  #    - NAME_SERVERS=8.8.8.8,8.8.4.4
-  #    - WEBUI_PORT_ENV=8080
-  #    - UMASK=002
-  #    - PUID=1000
-  #    - PGID=1000
-  #    - INCOMING_PORT_ENV=8999
-  #  expose:
-  #    - 8080/tcp
-  #    - 8999/tcp
-  #    - 8999/udp
-  #  ports:
-  #    - 8080:8080/tcp # map web ui for prowlarr and co.
-  #  restart: unless-stopped
-  #  networks:
-  #    - proxy
-  #  labels:
-  #    - traefik.enable=true
-  #    - traefik.docker.network=proxy
-  #    - traefik.http.routers.qbittorrentvpn.rule=Host(`qbittorrentvpn.example.com`)
-  #    - traefik.http.services.qbittorrentvpn.loadbalancer.server.port=8080
-  #    # Optional part for traefik middlewares
-  #    - traefik.http.routers.qbittorrentvpn.middlewares=local-ipwhitelist@file
+  # image used to download stuff; run over gluetun network (vpn killswitch)
+  qbittorrent:
+    image: linuxserver/qbittorrent:latest
+    container_name: arr-suite-qbittorrent
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - WEBUI_PORT=8080
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrent:/config
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads
+    depends_on:
+      - gluetun
+    network_mode: container:arr-suite-gluetun # use the gluetun container network (vpn killswitch)
+    restart: unless-stopped
 
   # image used to manage media and stream it
   emby:
-    image: lscr.io/linuxserver/emby:latest
+    image: linuxserver/emby:latest
     container_name: arr-suite-emby
     environment:
       - PUID=1000
@@ -251,7 +227,7 @@ services:
 
   # image used to manage media and stream it
   #jellyfin:
-  #  image: lscr.io/linuxserver/jellyfin:latest
+  #  image: linuxserver/jellyfin:latest
   #  container_name: arr-suite-jellyfin
   #  environment:
   #    - PUID=1000

examples/authelia/config/configuration.yml

@@ -4,16 +4,17 @@
 ###############################################################
 
 server:
-  host: 0.0.0.0
-  port: 9091
+  address: 'tcp://:9091/'
+  
 log:
   level: debug
 
 theme: dark
 
-# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
-jwt_secret: a_very_important_secret
-default_redirection_url: https://auth.example.com # replace with your domain name
+identity_validation:
+  reset_password:
+    jwt_secret: unsecure_jwt_secret
+
 totp:
   issuer: authelia.com
 
@@ -59,10 +60,13 @@ session:
   name: authelia_session
   # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
   secret: unsecure_session_secret
-  expiration: 3600  # 1 hour
-  inactivity: 300  # 5 minutes
-  domain: example.com  # Should match whatever your root protected domain is
-
+  expiration: 1h  # 1 hour
+  inactivity: 5m  # 5 minutes
+  cookies:
+    - domain: lrvt.de
+      authelia_url: 'https://example.com'
+      default_redirection_url: 'https://www.example.com'  # must be diffent to authelia_url
+      
   redis:
     host: authelia-redis
     port: 6379
@@ -92,9 +96,9 @@ notifier:
   #   username: test
   #   # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
   #   password: password
-  #   host: mail.example.com
-  #   port: 25
-  #   sender: admin@example.com
+  #   host: smtp.gmail.com
+  #   port: 465
+  #   sender: "MySender <admin@example.com>"
   filesystem:
     filename: /config/notifications.txt
 ...

examples/nginx-php/docker-compose.yml

@@ -12,6 +12,8 @@ services:
     restart: unless-stopped
     ports:
       - 8080:80
+    #networks:
+    #   - proxy
     #labels:
     #  - traefik.enable=true
     #  - traefik.http.routers.nginx.rule=Host(`nginx.example.com`)
@@ -31,3 +33,9 @@ services:
     working_dir: /var/www
     expose:
       - 9000
+    #networks:
+    #   - proxy
+
+#networks:
+#  proxy:
+#    external: true

examples/traefik/fileConfig.yml

@@ -43,12 +43,14 @@ http:
   middlewares:
     # Only Allow Local networks
     local-ipwhitelist:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - 127.0.0.1/32 # localhost
           - 10.0.0.0/8 # private class A
           - 172.16.0.0/12 # private class B
           - 192.168.0.0/16 # private class C
+        #ipstrategy: # enable this when cloudflare proxy in use
+        #  depth: 1 # enable this when cloudflare proxy in use
 
     # Security headers
     security-headers:
@@ -79,15 +81,15 @@ http:
         #contentSecurityPolicy: "default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content" # Content-Security-Policy (CSP)
 
     # Authelia guard
-    authelia:
-      forwardauth:
-        address: http://authelia:9091/api/verify?rd=https://auth.example.com/  # replace example.com with your domain name
-        trustForwardHeader: true
-        authResponseHeaders:
-          - Remote-User
-          - Remote-Groups
-          - Remote-Name
-          - Remote-Email
+    #authelia:
+    #  forwardauth:
+    #    address: http://authelia:9091/api/authz/forward-auth # replace example.com with your domain name
+    #    trustForwardHeader: true
+    #    authResponseHeaders:
+    #      - Remote-User
+    #      - Remote-Groups
+    #      - Remote-Name
+    #      - Remote-Email
 
     # rate limiting
     rate-limit: