docs(seedbox): update README for tailscale serve and password handling
- Add warning about setting TRANSMISSION_PASS explicitly - Update Quick Start example with password - Add password recovery section - Update network access table for tailscale serve - Add WebUI access section explaining HTTPS via tailnet - Add troubleshooting section
This commit is contained in:
@@ -5,14 +5,17 @@ Deploys a seedbox with Transmission for maintaining Linux ISO mirrors and OS ima
|
||||
## Quick Start
|
||||
|
||||
```bash
|
||||
NFS_SERVER=nas curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/seedbox/install.sh | bash
|
||||
NFS_SERVER=nas TRANSMISSION_PASS=MySecureP@ss123 \
|
||||
curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/seedbox/install.sh | bash
|
||||
```
|
||||
|
||||
> **⚠️ Important:** Always set `TRANSMISSION_PASS` explicitly. If omitted, a random password is generated and displayed only once at the end of the installation. It cannot be recovered afterward without resetting the config.
|
||||
|
||||
## Components
|
||||
|
||||
- **Transmission**: BitTorrent client with WebUI
|
||||
- **NFS**: Dual mount to NAS for downloads and media storage
|
||||
- **Tailscale**: Private access to WebUI
|
||||
- **Tailscale**: Private access to WebUI via `tailscale serve`
|
||||
- **Docker**: Container runtime
|
||||
- **UFW**: Firewall (only peer port exposed publicly)
|
||||
- **fail2ban** + **unattended-upgrades**: Basic hardening
|
||||
@@ -29,7 +32,7 @@ NFS_SERVER=nas curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branc
|
||||
| `SEEDBOX_HOSTNAME` | `seedbox` | Server hostname |
|
||||
| `PEER_PORT` | `51413` | BitTorrent peer port |
|
||||
| `TRANSMISSION_USER` | `admin` | WebUI username |
|
||||
| `TRANSMISSION_PASS` | *auto-generated* | WebUI password |
|
||||
| `TRANSMISSION_PASS` | *auto-generated* | WebUI password (⚠️ set explicitly!) |
|
||||
| `TZ` | `Europe/Paris` | Timezone |
|
||||
|
||||
Example with custom settings:
|
||||
@@ -39,18 +42,43 @@ NFS_SERVER=nas \
|
||||
NFS_SHARE_DOWNLOAD=/volume1/torrents \
|
||||
NFS_SHARE_MEDIA=/volume1/iso \
|
||||
TRANSMISSION_USER=damien \
|
||||
TRANSMISSION_PASS=MySecurePassword \
|
||||
curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/seedbox/install.sh | bash
|
||||
```
|
||||
|
||||
### Password Recovery
|
||||
|
||||
If you forgot to set `TRANSMISSION_PASS` and lost the auto-generated password:
|
||||
|
||||
```bash
|
||||
# Option 1: Check the docker-compose.yml (password in clear text)
|
||||
grep PASS ~/transmission/docker-compose.yml
|
||||
|
||||
# Option 2: Reset by editing docker-compose.yml
|
||||
cd ~/transmission
|
||||
sed -i 's/PASS=.*/PASS=NewPassword/' docker-compose.yml
|
||||
docker compose down && docker compose up -d
|
||||
```
|
||||
|
||||
## Network Access
|
||||
|
||||
| Service | Public | Tailscale |
|
||||
|---------|--------|-----------|
|
||||
| BitTorrent peers | ✅ Port 51413 | ✅ |
|
||||
| Transmission WebUI | ❌ | ✅ Port 9091 |
|
||||
| Transmission WebUI | ❌ | ✅ HTTPS via `tailscale serve` |
|
||||
| SSH | ❌ | ✅ Tailscale SSH |
|
||||
| NFS (to NAS) | ❌ | ✅ |
|
||||
|
||||
### WebUI Access
|
||||
|
||||
The WebUI is exposed via Tailscale Serve with automatic HTTPS:
|
||||
|
||||
```
|
||||
https://seedbox.<your-tailnet>.ts.net
|
||||
```
|
||||
|
||||
The WebUI binds to `localhost:9091` and is proxied through `tailscale serve`, ensuring it's never accessible from the public internet.
|
||||
|
||||
## Storage Architecture
|
||||
|
||||
```
|
||||
@@ -86,8 +114,9 @@ NAS (via Tailscale) Seedbox LXC (70GB)
|
||||
4. Installs Docker
|
||||
5. Configures dual NFS mounts to NAS (same as Proxmox)
|
||||
6. Deploys Transmission container with both mounts
|
||||
7. Configures UFW (peer port public, WebUI via Tailscale only)
|
||||
8. Temporarily opens SSH port 22 for 5 minutes (safety net)
|
||||
7. Exposes WebUI via `tailscale serve` (HTTPS on tailnet)
|
||||
8. Configures UFW (peer port public, WebUI via Tailscale only)
|
||||
9. Temporarily opens SSH port 22 for 5 minutes (safety net)
|
||||
|
||||
## SSH Safety Net
|
||||
|
||||
@@ -149,6 +178,37 @@ cd ~/transmission && docker compose logs -f
|
||||
# Restart Transmission
|
||||
cd ~/transmission && docker compose restart
|
||||
|
||||
# Check tailscale serve status
|
||||
tailscale serve status
|
||||
|
||||
# Move completed ISO to final location
|
||||
mv /mnt/download/debian-12.iso /mnt/media/iso/debian/
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### WebUI not accessible
|
||||
|
||||
```bash
|
||||
# Check tailscale serve is running
|
||||
tailscale serve status
|
||||
|
||||
# Restart if needed
|
||||
sudo tailscale serve --bg http://localhost:9091
|
||||
|
||||
# Check container is running
|
||||
docker ps | grep transmission
|
||||
|
||||
# Check container logs
|
||||
cd ~/transmission && docker compose logs
|
||||
```
|
||||
|
||||
### Reset Transmission credentials
|
||||
|
||||
```bash
|
||||
cd ~/transmission
|
||||
docker compose down
|
||||
# Edit docker-compose.yml to change USER and PASS
|
||||
vim docker-compose.yml
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user