Initial commit

.gitignore

@@ -0,0 +1,3 @@
+.DS_Store
+
+/config

Dockerfiles/base/Dockerfile

@@ -0,0 +1,20 @@
+FROM debian:jessie
+MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
+
+# Install all dependencies that are used in multiple images
+# to avoid wasting space.
+RUN echo "deb http://httpredir.debian.org/debian jessie non-free" >> /etc/apt/sources.list && \
+    apt-get update && \
+    apt-get install --no-install-recommends -y \
+        vim \
+        ca-certificates \
+        python \
+        python-dev \
+        curl \
+        git \
+        nginx \
+        unzip \
+        unrar \
+        supervisor && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

Dockerfiles/frontend/Dockerfile

@@ -0,0 +1,21 @@
+FROM kelvinchen/seedbox:base
+MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y apache2-utils && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+COPY nginx.conf common_default.conf ssl.conf /etc/nginx/
+COPY start /
+COPY ssl-gen /usr/local/bin
+
+VOLUME /config
+
+EXPOSE 80 443
+
+ENV USERNAME=user \
+    PASSWORD=hunter2 \
+    USE_SSL=false
+
+CMD ["/start"]

Dockerfiles/frontend/common_default.conf

@@ -0,0 +1,11 @@
+# vim: ft=nginx
+
+listen 80;
+listen [::]:80;
+
+include            proxy_params;
+proxy_set_header   Upgrade    $http_upgrade;
+proxy_set_header   Connection $http_connection;
+proxy_redirect     off;
+proxy_buffering    off;
+proxy_http_version 1.1;

Dockerfiles/frontend/nginx.conf

@@ -0,0 +1,90 @@
+worker_processes auto;
+
+user root root;
+pid /run/nginx.pid;
+
+events {
+    worker_connections 4096;
+    use                epoll;
+    multi_accept       on;
+}
+
+http {
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include      mime.types;
+    default_type application/octet-stream;
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA';
+
+    access_log off;
+    error_log  off;
+
+    gzip         on;
+    gzip_disable "msie6";
+
+    client_max_body_size 8M;
+
+    auth_basic           "Restricted";
+    auth_basic_user_file .htpasswd;
+
+    upstream rtorrent {
+        server seedbox_rtorrent_1;
+    }
+
+    upstream syncthing {
+        server seedbox_syncthing_1:8384;
+    }
+
+    upstream plex {
+        server seedbox_plex_1:32400;
+    }
+
+    upstream sickrage {
+        server seedbox_sickrage_1:8081;
+    }
+
+    server {
+        include common.conf;
+        server_name ~^(rtorrent)(\.\w+)+$;
+
+        location / {
+            proxy_pass http://rtorrent;
+        }
+    }
+
+    server {
+        include common.conf;
+        server_name ~^(sickrage)(\.\w+)+$;
+
+        location / {
+            proxy_pass http://sickrage;
+        }
+    }
+
+    server {
+        include common.conf;
+        server_name ~^(syncthing)(\.\w+)+$;
+
+        location / {
+            proxy_pass http://syncthing;
+        }
+    }
+
+    server {
+        include common.conf;
+        server_name ~^(plex)(\.\w+)+$;
+
+        location / {
+            proxy_pass http://plex;
+        }
+    }
+}
+
+# vim: ft=nginx

Dockerfiles/frontend/ssl-gen

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+# Short helper script to generate self signed SSL certificates.
+
+mkdir -p /config/frontend
+
+openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
+    -subj "/C=SB/ST=Seedbox/L=Seedbox/O=Seedbox/CN=*" \
+    -keyout /config/frontend/ssl.key  -out /config/frontend/ssl.crt

Dockerfiles/frontend/ssl.conf

@@ -0,0 +1,11 @@
+# vim: ft=nginx
+
+listen 443      ssl;
+listen [::]:443 ssl;
+
+ssl_certificate     /config/frontend/ssl.crt;
+ssl_certificate_key /config/frontend/ssl.key;
+
+if ($ssl_protocol = "") {
+    rewrite ^   https://$host$request_uri? permanent;
+}

Dockerfiles/frontend/start

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+# Make placeholder config directory
+mkdir -p /config/frontend
+
+# Set basic auth credentials
+htpasswd -cb /etc/nginx/.htpasswd $USERNAME $PASSWORD
+
+# Replace common.conf with default
+cp -f /etc/nginx/common_default.conf /etc/nginx/common.conf
+
+${USE_SSL:=false}
+if $USE_SSL ; then
+    echo "include ssl.conf;" >> /etc/nginx/common.conf
+fi
+
+nginx -g "daemon off;"

Dockerfiles/plex/Dockerfile

@@ -0,0 +1,17 @@
+FROM kelvinchen/seedbox:base
+MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
+
+ARG PLEX_VER=0.9.12.18.1520-6833552
+ARG PLEX_DL="https://downloads.plex.tv/plex-media-server/$PLEX_VER/plexmediaserver_${PLEX_VER}_amd64.deb"
+
+RUN curl -sL "$PLEX_DL" > /tmp/plex.deb && \
+    dpkg -i /tmp/plex.deb && \
+    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+COPY plexmediaserver /etc/default/plexmediaserver
+COPY start Preferences.xml /
+
+VOLUME /config
+EXPOSE 32400
+
+CMD ["/start"]

Dockerfiles/plex/Preferences.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Preferences disableRemoteSecurity="0" ManualPortMappingMode="1"
+    AcceptedEULA="1" PublishServerOnPlexOnlineKey="1" DlnaEnabled="0"
+    ButlerTaskCheckForUpdates="0" allowMediaDeletion="1" />

Dockerfiles/plex/plexmediaserver

@@ -0,0 +1,18 @@
+# Default script for Plex Media Server
+
+# The number of plugins that can run at the same time
+PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS=10
+
+# ulimit -s $PLEX_MEDIA_SERVER_MAX_STACK_SIZE
+PLEX_MEDIA_SERVER_MAX_STACK_SIZE=3000
+
+# Where the mediaserver should store the transcodes
+PLEX_MEDIA_SERVER_TMPDIR=/tmp
+
+PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR="/config"
+
+# The user that PMS should run as, defaults to 'plex'
+# note that if you change this you might need to move
+# the Application Support directory to not lose your
+# media library
+PLEX_MEDIA_SERVER_USER=root

Dockerfiles/plex/start

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+mkdir -p "/config/Plex Media Server/"
+cp -n /Preferences.xml "/config/Plex Media Server/"
+
+start_pms > /dev/null 2>&1

Dockerfiles/rtorrent/Dockerfile

@@ -0,0 +1,22 @@
+FROM kelvinchen/seedbox:base
+MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        rtorrent \
+        php5-fpm \
+        php5-cli \
+        php5-geoip \
+        mediainfo && \
+    ln -s /config/rtorrent/rtorrent.rc ~/.rtorrent.rc && \
+    git clone --depth=1 https://github.com/Novik/ruTorrent.git /opt/rutorrent && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+VOLUME /config /torrents
+COPY start rtorrent.rc supervisord.conf /
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY rutorrent_config.php /opt/rutorrent/conf/config.php
+EXPOSE 80 49161 49161/udp 6881/udp
+
+CMD ["/start"]

Dockerfiles/rtorrent/nginx.conf

@@ -0,0 +1,55 @@
+# vim: ft=nginx
+
+user root root;
+
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+    worker_connections 4096;
+    use                epoll;
+    multi_accept       on;
+}
+
+http {
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include      /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    access_log off;
+    error_log  off;
+
+    gzip         on;
+    gzip_disable "msie6";
+
+    client_max_body_size 8M;
+
+    server {
+        listen 80 default_server;
+        listen [::]:80 default_server ipv6only=on;
+
+        server_name rtorrent;
+        root /opt/rutorrent;
+
+        location /RPC2 {
+            include scgi_params;
+            scgi_pass unix:/var/run/rtorrent.sock;
+        }
+
+        location / {
+            try_files            $uri $uri/ =404;
+
+            location ~ \.php$ {
+                fastcgi_split_path_info ^(.+\.php)(/.+)$;
+                fastcgi_pass            unix:/var/run/php5-fpm.sock;
+                fastcgi_index           index.php;
+                include                 fastcgi.conf;
+            }
+        }
+    }
+}

Dockerfiles/rtorrent/rtorrent.rc

@@ -0,0 +1,43 @@
+# vim: ft=dosini
+
+scgi_local = /var/run/rtorrent.sock
+
+directory = /torrents
+session   = /config/rtorrent
+
+# Maximum and minimum number of peers to connect to per torrent.
+min_peers = 30
+max_peers = 150
+
+# Same as above but for seeding completed torrents (-1 = same as downloading)
+min_peers_seed = -1
+max_peers_seed = -1
+
+# Maximum number of simultaneous uploads per torrent.
+max_uploads = 15
+
+# Global upload and download rate in KiB. "0" for unlimited.
+download_rate = 0
+upload_rate   = 0
+
+# Close torrents when diskspace is low.
+schedule = low_diskspace,5,60,close_low_diskspace=100M
+
+port_range = 49161-49161
+
+port_random = yes
+
+check_hash = yes
+
+use_udp_trackers = yes
+
+# Encryption options, set to none (default) or any combination of the following:
+# allow_incoming, try_outgoing, require, require_RC4, enable_retry, prefer_plaintext
+encryption = allow_incoming,try_outgoing,enable_retry
+
+dht = auto
+
+# UDP port to use for DHT.
+dht_port = 6881
+
+peer_exchange = yes

Dockerfiles/rtorrent/rutorrent_config.php

@@ -0,0 +1,53 @@
+<?php
+@define('HTTP_USER_AGENT', 'Mozilla/5.0 (Windows NT 6.0; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0', true);
+@define('HTTP_TIME_OUT', 30, true); // in seconds
+@define('HTTP_USE_GZIP', true, true);
+$httpIP = null; // IP string. Or null for any.
+
+@define('RPC_TIME_OUT', 5, true); // in seconds
+
+@define('LOG_RPC_CALLS', false, true);
+@define('LOG_RPC_FAULTS', true, true);
+
+@define('PHP_USE_GZIP', false, true);
+@define('PHP_GZIP_LEVEL', 2, true);
+
+$schedule_rand = 10; // rand for schedulers start, +0..X seconds
+
+$do_diagnostic = true;
+$log_file = '/tmp/errors.log'; // path to log file (comment or leave blank to disable logging)
+
+$saveUploadedTorrents = false; // Save uploaded torrents to profile/torrents directory or not
+$overwriteUploadedTorrents = false; // Overwrite existing uploaded torrents in profile/torrents directory or make unique name
+
+$topDirectory = '/'; // Upper available directory. Absolute path with trail slash.
+$forbidUserSettings = false;
+
+$scgi_host = "unix:///var/run/rtorrent.sock";
+$scgi_port = 0;
+
+$XMLRPCMountPoint = "/RPC2";
+
+$pathToExternals = array(
+    "php" 	=> '',
+    "curl"	=> '/usr/bin/curl',
+    "gzip"	=> '',
+    "id"	=> '',
+    "stat"	=> '',
+);
+
+$localhosts = array( // list of local interfaces
+    "127.0.0.1",
+    "localhost",
+);
+
+$profilePath = '/config/rutorrent';  // Path to user profiles
+$profileMask = 0770;                 // Mask for files and directory creation in user profiles.
+                                     // Both Webserver and rtorrent users must have read-write access to it.
+                                     // For example, if Webserver and rtorrent users are in the same group then the value may be 0770.
+
+$tempDirectory = null; // Temp directory. Absolute path with trail slash. If null, then autodetect will be used.
+
+$canUseXSendFile = true; // Use X-Sendfile feature if it exist
+
+$locale = "UTF8";

Dockerfiles/rtorrent/start

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# Make rtorrent session directory
+mkdir -p /config/rtorrent
+
+# Add default config if it does not exist
+cp -n /rtorrent.rc /config/rtorrent/rtorrent.rc
+
+# Remove rtorrent lock file if it exists so rtorrent can start
+rm /config/rtorrent/rtorrent.lock
+
+# Make folders for storing rutorrent data
+mkdir -p /config/rutorrent/settings /config/rutorrent/torrents \
+    /config/rutorrent/users /config/rutorrent/plugins
+
+# Symlink all plugins in /config/rutorrent/plugins to the rutorrent directory
+ln -fs $(ls -d1 /config/rutorrent/plugins/**) /opt/rutorrent/plugins/
+
+# Make php-fpm run as root
+# Everything is inside a docker container so this shouldn't
+# be a security problem
+sed -i "s/www-data/root/g" /etc/php5/fpm/pool.d/www.conf
+
+supervisord -c /supervisord.conf

Dockerfiles/rtorrent/supervisord.conf

@@ -0,0 +1,20 @@
+; vim: ft=dosini
+
+[supervisord]
+nodaemon = true
+
+[program:rtorrent]
+priority = 1
+environment = TERM=xterm
+command = rtorrent
+autorestart = true
+
+[program:php]
+priority = 2
+command = php5-fpm -F -R
+autorestart = true
+
+[program:nginx]
+priority = 3
+command = nginx -g "daemon off;"
+autorestart = true

Dockerfiles/sickrage/Dockerfile

@@ -0,0 +1,15 @@
+FROM kelvinchen/seedbox:base
+MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y \
+        python-cheetah && \
+    git clone --depth=1 https://github.com/SiCKRAGETV/SickRage.git /opt/sickrage && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+VOLUME /config
+
+EXPOSE 8081
+
+CMD python /opt/sickrage/SickBeard.py --nolaunch --datadir \
+    /config/sickrage >> /dev/null 2>&1

Dockerfiles/syncthing/Dockerfile

@@ -0,0 +1,17 @@
+FROM kelvinchen/seedbox:base
+MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
+
+RUN curl -sL https://syncthing.net/release-key.txt | apt-key add - && \
+    echo "deb http://apt.syncthing.net/ syncthing release" >> /etc/apt/sources.list.d/syncthing.list &&  \
+    apt-get update && \
+    apt-get install syncthing && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+VOLUME /config
+
+EXPOSE 8384 22000 21027/udp
+
+COPY start config.xml /
+
+CMD ["/start"]

Dockerfiles/syncthing/config.xml

@@ -0,0 +1,10 @@
+<configuration version="11">
+    <gui enabled="true" tls="false">
+        <address>0.0.0.0:8384</address>
+    </gui>
+    <options>
+        <listenAddress>0.0.0.0:22000</listenAddress>
+        <startBrowser>false</startBrowser>
+        <upnpEnabled>false</upnpEnabled>
+    </options>
+</configuration>

Dockerfiles/syncthing/start

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+mkdir -p /config/syncthing
+
+cp -n /config.xml /config/syncthing
+
+syncthing -home /config/syncthing -no-browser >> /dev/null 2>&1

README.md

@@ -0,0 +1,49 @@
+# Seedbox
+A collection of Dockerfiles and docker-compose configuration to set up a
+seedbox.
+
+## Accessing the available WebUIs
+Go to `X.domain` where `X` is the item you want to access.
+Included items are:
+- rtorrent
+- sickrage
+- syncthing
+- plex
+
+The front-end reverse proxy routes based on the lowest level subdomain (e.g.
+`rtorrent.example.com` would route to rtorrent). Since this is how the router
+works, it is recommended for you to get a top level domain. If you do not have
+one, you can edit your domains locally by changing your hosts file or use a
+browser plugin that changes the host header.
+
+Note: Plex is also available directly through the `32400` port without going
+through the reverse proxy. You will have to sign in with your plex.tv account
+if you do this.
+
+## Running
+```sh
+$ docker-compose pull
+$ docker-compose --x-networking up -d
+```
+Make sure you install the dependencies and finish configuration before doing
+this.
+
+You may optionally build the images yourself instead of pulling by running
+`./build-all.sh`.
+
+## Dependencies
+- [Docker](https://github.com/docker/docker)
+- [Docker Compose](https://github.com/docker/compose)
+
+## Configuration
+Copy the `config.default` file to `config` and change the variables as desired.
+The variables are all self-explanatory.
+
+If you want to enable SSL, you would need to have your certificate and key be
+at `/config/frontend/ssl.crt` and `/config/frontend/ssl.key` respectively.  The
+frontend image includes a command `ssl-gen` to automatically create self signed
+certificates for you.
+
+## Where is my data?
+All data are saved in the docker volumes `seedbox_config` or
+`seedbox_torrents`.

build-all.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+# This script builds all the containers locally as an alternative to pulling
+# from the docker registry.
+
+cd ${0%/*}
+
+docker build -t kelvinchen/seedbox:base      Dockerfiles/base
+docker build -t kelvinchen/seedbox:frontend  Dockerfiles/frontend
+docker build -t kelvinchen/seedbox:plex      Dockerfiles/plex
+docker build -t kelvinchen/seedbox:rtorrent  Dockerfiles/rtorrent
+docker build -t kelvinchen/seedbox:sickrage  Dockerfiles/sickrage
+docker build -t kelvinchen/seedbox:syncthing Dockerfiles/syncthing

config.default

@@ -0,0 +1,3 @@
+USERNAME=username
+PASSWORD=hunter2
+USE_SSL=false

docker-compose.yml

@@ -0,0 +1,52 @@
+frontend:
+    image: kelvinchen/seedbox:frontend
+    restart: always
+    net: seedbox
+    ports:
+        - "80:80"
+        - "443:443"
+    volumes:
+        - seedbox_config:/config
+    env_file:
+        - config
+
+rtorrent:
+    image: kelvinchen/seedbox:rtorrent
+    restart: always
+    net: seedbox
+    ports:
+        - "49161:49161"
+        - "49161:49161/udp"
+        - "6881:6881/udp"
+    volumes:
+        - seedbox_config:/config
+        - seedbox_torrents:/torrents
+
+plex:
+    image: kelvinchen/seedbox:plex
+    restart: always
+    net: seedbox
+    ports:
+        - "32400:32400"
+    volumes:
+        - seedbox_config:/config
+        - seedbox_torrents:/torrents
+
+sickrage:
+    image: kelvinchen/seedbox:sickrage
+    restart: always
+    net: seedbox
+    volumes:
+        - seedbox_config:/config
+        - seedbox_torrents:/torrents
+
+syncthing:
+    image: kelvinchen/seedbox:syncthing
+    restart: always
+    net: seedbox
+    ports:
+        - "22000:22000"
+        - "21027:21027/udp"
+    volumes:
+        - seedbox_config:/config
+        - seedbox_torrents:/torrents