Damien/infra-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(seedbox): bind WebUI to localhost and expose via tailscale serve

Browse Source 
- Change port binding from Tailscale IP to 127.0.0.1:9091
- Add tailscale serve to expose WebUI via HTTPS on tailnet
- Update MOTD and final message to reflect new access method
This commit is contained in:
Damien Arnodo
2025-12-31 19:42:23 +00:00
parent dc00c6d021
commit 5a47a8aafc
1 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
seedbox/install.sh
View File

@@ -113,9 +113,6 @@ main() {
log_info "Creating Transmission stack..." log_info "Creating Transmission stack..."
mkdir -p "$TRANSMISSION_DIR" mkdir -p "$TRANSMISSION_DIR"
# Get Tailscale subnet for whitelist
TS_IP=$(tailscale ip -4)
cat > "$TRANSMISSION_DIR/docker-compose.yml" << EOF cat > "$TRANSMISSION_DIR/docker-compose.yml" << EOF
services: services:
transmission: transmission:
@@ -126,8 +123,8 @@ services:
# Peer port - public for seeding # Peer port - public for seeding
- "${PEER_PORT}:${PEER_PORT}" - "${PEER_PORT}:${PEER_PORT}"
- "${PEER_PORT}:${PEER_PORT}/udp" - "${PEER_PORT}:${PEER_PORT}/udp"
# WebUI - bound to Tailscale IP only # WebUI - bound to localhost only (exposed via tailscale serve)
- "${TS_IP}:9091:9091" - "127.0.0.1:9091:9091"
volumes: volumes:
- ./config:/config - ./config:/config
# Downloads: incomplete and complete torrents # Downloads: incomplete and complete torrents
@@ -148,6 +145,12 @@ EOF
# Use sg to run docker compose with the new docker group membership # Use sg to run docker compose with the new docker group membership
sg docker -c "docker compose up -d" sg docker -c "docker compose up -d"
log_info "Exposing Transmission WebUI via Tailscale..."
sudo tailscale serve --bg http://localhost:9091
# Get Tailscale hostname for final message
TS_HOSTNAME=$(tailscale status --json | grep -o '"DNSName":"[^"]*' | head -1 | cut -d'"' -f4 | sed 's/\.$//')
log_info "Configuring UFW firewall..." log_info "Configuring UFW firewall..."
sudo ufw --force reset > /dev/null sudo ufw --force reset > /dev/null
sudo ufw default deny incoming > /dev/null sudo ufw default deny incoming > /dev/null
@@ -176,15 +179,15 @@ EOF
#!/bin/bash #!/bin/bash
echo "" echo ""
echo " ____ _____ _____ ____ ____ _____ __" echo " ____ _____ _____ ____ ____ _____ __"
echo "/ ___|| ____| ____| _ \| __ ) / _ \ \\\/ /" echo "/ ___|| ____| ____| _ \| __ ) / _ \ \\/ /"
echo "\___ \| _| | _| | | | | _ \| | | \ /" echo "\___ \| _| | _| | | | | _ \| | | \ /"
echo " ___) | |___| |___| |_| | |_) | |_| / \\\\" echo " ___) | |___| |___| |_| | |_) | |_| / \\"
echo "|____/|_____|_____|____/|____/ \___/_/\_\\\\" echo "|____/|_____|_____|____/|____/ \___/_/\_\\"
echo "" echo ""
echo "ISO Seedbox Server - Transmission" echo "ISO Seedbox Server - Transmission"
echo "─────────────────────────────────────────" echo "─────────────────────────────────────────"
echo "Access:" echo "Access:"
echo " • WebUI : http://\$(tailscale ip -4):9091" echo " • WebUI : https://\$(tailscale status --json | grep -o '\"DNSName\":\"[^\"]*' | head -1 | cut -d'\"' -f4 | sed 's/\.\$//')"
echo " • SSH : Tailscale only" echo " • SSH : Tailscale only"
echo " • Seeding : Public port ${PEER_PORT}" echo " • Seeding : Public port ${PEER_PORT}"
echo "" echo ""
@@ -206,7 +209,7 @@ MOTD
log_info "==========================================" log_info "=========================================="
echo "" echo ""
echo "Transmission WebUI:" echo "Transmission WebUI:"
echo " URL : http://${TS_IP}:9091" echo " URL : https://${TS_HOSTNAME}"
echo " Username : ${TRANSMISSION_USER}" echo " Username : ${TRANSMISSION_USER}"
echo " Password : ${TRANSMISSION_PASS}" echo " Password : ${TRANSMISSION_PASS}"
echo "" echo ""