hoborg/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c842b4a398205b1af3c908c230bdaf098304f9bf
homelab/config/docker/qbittorrent/docker-compose.yml
Arpad Krejczinger ea1c71f0f0 Pin Docker image versions and fix config drift 
- Pin all :latest tags to specific versions for reproducibility:
  jellyfin→10.11.6, gitea→1.24, portainer→2.39.0, qbittorrent→5.1.4
- Fix nextcloud config drift: repo had :29, live was running :32
- Fix qbittorrent: remove user: directive (breaks s6-overlay init)
- Fix portainer: remove healthcheck (distroless image has no shell)
2026-02-28 00:28:17 +01:00

71 lines
2.1 KiB
YAML
Raw Blame History

# DEPLOYMENT LOCATION: /opt/docker/qbittorrent/docker-compose.yml
# Deploy with: sudo mkdir -p /opt/docker/qbittorrent && sudo cp config/docker/qbittorrent/docker-compose.yml /opt/docker/qbittorrent/
# Start with: cd /opt/docker/qbittorrent && sudo docker-compose up -d
# HARDENED CONFIGURATION - Updated for security
# - Torrent ports bound to localhost (VPN/reverse tunnel recommended for external access)
# - Non-root user (1000:1000)
# - Security options added
# - Resource limits maintained
# - Read-only config volume where possible
services:
qbittorrent:
image: linuxserver/qbittorrent:5.1.4
container_name: qbittorrent
restart: unless-stopped
# User and group IDs to match host user (hoborg)
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Prague
- WEBUI_PORT=8080
# Security hardening
# NOTE: No user: directive — linuxserver uses s6-overlay (starts as root, drops to PUID/PGID)
read_only: false # qBittorrent needs write access for downloads
tmpfs:
- /tmp:noexec,nosuid,size=100m
cap_drop:
- ALL
cap_add:
- CHOWN
- SETUID
- SETGID
- NET_BIND_SERVICE # For port binding
security_opt:
- no-new-privileges:true
# Network - bind to localhost for security
# NOTE: For external torrent access, use VPN or port forwarding
ports:
- "127.0.0.1:8080:8080" # Web UI (reverse proxy only)
- "127.0.0.1:6881:6881" # BitTorrent TCP (localhost only)
- "127.0.0.1:6881:6881/udp" # BitTorrent UDP (localhost only)
# Volume mounts
volumes:
# qBittorrent configuration
- /opt/docker/qbittorrent/config:/config
# Torrent storage on NAS
- /mnt/nas/torrent:/downloads
# Enhanced resource limits
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.25'
memory: 256M
# Health check
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
Reference in New Issue View Git Blame Copy Permalink