if you use the Netflix application chances are they’ll detect the virtual network on your system and if it’s in use, most people don’t seem to realize that applications have direct access to your hardware unless it’s containerized, virtualized or explicitly restricted by some policy.
EDIT: We get it, you like torrenting. Let’s keep comments on topic folks.
To be fair, you posted in the self-hosted community discussing an Issue for proprietary software.
To answer your question, which others have already done, yes your VPN tunnel will share the same IP as your household so long as it’s setup properly.
Should put a note on your blog that Lidarr’s Metadata database is being rebuilt, currently the Lidarr APi spits a bunch of 5xx errors when searching for artists/albums/etc.
https://github.com/Lidarr/Lidarr/issues/5498
If you currently have a library on the stable build the Lidarr team could use some help building the cache, they made this tool:
https://github.com/DeviantEng/lidarr-cache-warmer
It’ll search every artist in your Lidarr library so that the new database has a cache to quickly call upon.
Pretty sure GoAccess covers all types of logging as far as I know, I mainly use it for access logs from my reverse proxy.
deleted by creator
Something else must be wrong then because I just copied and pasted that onto my raspberry pi and was able to start the container without issue, are you sure you’re using the tag properly?
user@raspberrypi:~/test $ sudo docker compose up
[+] Running 10/10
✔ lidarr Pulled 22.0s
✔ 995f2a46b147 Pull complete 2.7s
✔ e1cde46db0e1 Pull complete 3.1s
✔ acaee427f4c7 Pull complete 3.5s
✔ 255c3937324a Pull complete 4.1s
✔ edec534df16f Pull complete 4.6s
✔ b163a490af0b Pull complete 6.3s
✔ bd4af268fa91 Pull complete 6.8s
✔ ff4dab968553 Pull complete 14.9s
✔ 004112d930a4 Pull complete 15.3s
[+] Running 2/2
✔ Network test_default Created 0.2s
✔ Container lidarr Created 4.0s
Attaching to lidarr
lidarr | [migrations] started
lidarr | [migrations] no migrations found
lidarr | ───────────────────────────────────────
lidarr |
lidarr | ██╗ ███████╗██╗ ██████╗
lidarr | ██║ ██╔════╝██║██╔═══██╗
lidarr | ██║ ███████╗██║██║ ██║
lidarr | ██║ ╚════██║██║██║ ██║
lidarr | ███████╗███████║██║╚██████╔╝
lidarr | ╚══════╝╚══════╝╚═╝ ╚═════╝
lidarr |
lidarr | Brought to you by linuxserver.io
lidarr | ───────────────────────────────────────
lidarr |
lidarr | To support the app dev(s) visit:
lidarr | Lidarr: https://opencollective.com/lidarr
lidarr |
lidarr | To support LSIO projects visit:
lidarr | https://www.linuxserver.io/donate/
lidarr |
lidarr | ───────────────────────────────────────
lidarr | GID/UID
lidarr | ───────────────────────────────────────
lidarr |
lidarr | User UID: 1000
lidarr | User GID: 1000
lidarr | ───────────────────────────────────────
lidarr | Linuxserver.io version: 2.12.4.4658-ls50
lidarr | Build-date: 2025-08-20T02:50:40+00:00
lidarr | ───────────────────────────────────────
lidarr |
lidarr | [custom-init] No custom files found, skipping...
lidarr | [Info] Bootstrap: Starting Lidarr - /app/lidarr/bin/Lidarr - Version 2.12.4.4658
lidarr | [Info] AppFolderInfo: Data directory is being overridden to [/config]
lidarr | [Debug] Bootstrap: Console selected
lidarr | [Info] AppFolderInfo: Data directory is being overridden to [/config]
lidarr | [Info] AppFolderInfo: Data directory is being overridden to [/config]
lidarr | [Warn] Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager: No XML encryptor configured. Key {bff9bf8a-f5db-4092-9ada-c55e886ac294}
Make a docker-compose.yml file and paste this into it:
services:
lidarr:
container_name: lidarr
hostname: lidarr
### Use custom docker network
#networks:
# - CustomNetworkName
ports:
- 8686:8686
image: lscr.io/linuxserver/lidarr:arm64v8-latest
restart: unless-stopped
volumes:
- /path/to/lidarr/config:/config
- /path/to/music:/music #optional
- /path/to/downloads:/downloads #optional
environment:
- PGID=1000
- PUID=1000
healthcheck:
test: curl --fail localhost:8686 || exit 1
interval: 60s
retries: 5
start_period: 300s
timeout: 2s
This should work for you, just change the volume mounts so that they associate with your setup and run sudo docker compose up -d to start the container, sudo docker compose down to bring it down.
LSIO documentation describes the arm64v8-latest tag for their image.
I opted to remove Jellyfins default login form and require Keycloak for SSO, my Jellyfin instance is technically facing the internet but my reverse proxy has Fail2Ban in front of it blocking non-whitelisted IP’s, makes it easier to share with other people this way compared to having to explain VPN’s to non-tech savvy people,
This is absolutely possible as I do it myself however, executed entirely differently, my ASUS WRT Router with Merlin firmware handles the VPN server and it routes the IP range through my VPN provider (Proton), on the clients end their device see a Proton IP.
Didn’t have to mess with config files or anything, install the custom firmware and created a rule for the routing in the VPN Director.
Jellyfin thankfully lets you download content offline alternatively they just text me the IP and I whitelist it then blacklist it a week later, granted if I remember.
This really isn’t viable as WireGuard clients are just that, single device per client connection, what if someone started watching/listening content on their phone then all of sudden wanted to switch over to their TV or streaming device without having to go through a lot of hoops?
I opted to reverse proxy Jellyfin with Traefik however have fail2ban setup blocking every IP and only whitelisting the known users, added bonus of hiding Jellyfin’s default login form and required Keycloak for SSO.
Thank you for this! I never used Nginx directly and only thought of it as a reverse proxy but I had no idea it was capable of actually hosting html/php.
I went back to the drawing board so to say and was able to get GoAccess running, granted non-containerized on bare metal, and was able to reverse proxy the Nginx instance via Traefik.
Okay so going at it again, i think i now understand the reason for the Docker label now, here is my current docker-compose.yml i made some tweaks to the one from your github but i can’t seem to get a log file to generate.
I suspected it was a permissions issue on the volume mount so i ran chmod 777 on the ./config/csp directory but still wont get a log file.
user@debian:~/compose$ ls config/ | grep csp; ls config/csp/; ls config/csp/logs/
drwxrwxrwx 3 user user 4096 Aug 9 09:11 csp
total 12
drwxrwxrwx 3 user user 4096 Aug 9 09:11 .
drwxr-xr-x 44 user user 4096 Aug 8 16:41 ..
drwxrwxrwx 2 user user 4096 Aug 9 09:04 logs
total 8
drwxrwxrwx 2 user user 4096 Aug 9 09:04 .
drwxrwxrwx 3 user user 4096 Aug 9 09:11 ..
csp-report:
image: mhzawadi/csp-report
networks:
main:
ipv4_address: 172.18.0.38
#ports:
# - "8432:8080"
ports:
- target: 8080
published: 8432
mode: host
container_name: csp-report
environment:
- TZ=America/Vancouver
labels:
- "csp_report.url=192.168.1.199:3000"
volumes:
- ./config/csp/logs:/var/www/html/logs
user@debian:~/compose$ sudo docker compose up -d csp-report --force-recreate; sudo docker logs csp-report -f
WARN[0000] The "POSTGRES_DB" variable is not set. Defaulting to a blank string.
[+] Running 1/1
✔ Container csp-report Started 0.5s
/config/start.sh: Launching Unit daemon to perform initial configuration...
2025/08/09 16:21:18 [info] 12#12 unit 1.34.1 started
2025/08/09 16:21:18 [info] 14#14 discovery started
BusyBox v1.37.0 (2025-08-05 16:42:11 UTC) multi-call binary.
Usage: seq [-w] [-s SEP] [FIRST [INC]] LAST
Print numbers from FIRST to LAST, in steps of INC.
FIRST, INC default to 1.
-w Pad with leading zeros
-s SEP String separator
2025/08/09 16:21:18 [notice] 14#14 module: php 8.4.2 "/usr/lib/unit/modules/php84.unit.so"
2025/08/09 16:21:18 [info] 13#13 controller started
2025/08/09 16:21:18 [notice] 13#13 process 14 exited with code 0
2025/08/09 16:21:18 [info] 18#18 router started
2025/08/09 16:21:18 [info] 18#18 OpenSSL 3.3.4 1 Jul 2025, 30300040
{
"certificates": {},
"config": {
"listeners": {},
"routes": [],
"applications": {}
},
"status": {
"modules": {
"php": {
"version": "8.4.2",
"lib": "/usr/lib/unit/modules/php84.unit.so"
}
},
"connections": {
"accepted": 0,
"active": 0,
"idle": 0,
"closed": 0
},
"requests": {
"total": 0
},
"applications": {}
}
}
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
2025/08/09 16:21:18 [info] 20#20 "csp_report" prototype started
2025/08/09 16:21:18 [info] 21#21 "csp_report" application started
{
"success": "Reconfiguration done."
}
100 413 100 43 100 370 2808 24162 --:--:-- --:--:-- --:--:-- 27533
/config/start.sh: Stopping Unit daemon after initial configuration...
2025/08/09 16:21:18 [notice] 13#13 process 17 exited with code 0
2025/08/09 16:21:18 [notice] 20#20 app process 21 exited with code 0
2025/08/09 16:21:18 [alert] 20#20 sendmsg(13, -1, -1, 2) failed (32: Broken pipe)
2025/08/09 16:21:18 [notice] 13#13 process 18 exited with code 0
2025/08/09 16:21:18 [notice] 13#13 process 20 exited with code 0
BusyBox v1.37.0 (2025-08-05 16:42:11 UTC) multi-call binary.
Usage: seq [-w] [-s SEP] [FIRST [INC]] LAST
Print numbers from FIRST to LAST, in steps of INC.
FIRST, INC default to 1.
/config/start.sh: Unit initial configuration complete; ready for start up...
-w Pad with leading zeros
-s SEP String separator
2025/08/09 16:21:18 [info] 1#1 unit 1.34.1 started
2025/08/09 16:21:18 [info] 31#31 discovery started
2025/08/09 16:21:18 [notice] 31#31 module: php 8.4.2 "/usr/lib/unit/modules/php84.unit.so"
2025/08/09 16:21:18 [info] 1#1 controller started
2025/08/09 16:21:18 [notice] 1#1 process 31 exited with code 0
2025/08/09 16:21:18 [info] 33#33 router started
2025/08/09 16:21:18 [info] 33#33 OpenSSL 3.3.4 1 Jul 2025, 30300040
2025/08/09 16:21:18 [info] 34#34 "csp_report" prototype started
2025/08/09 16:21:18 [info] 35#35 "csp_report" application started
127.0.0.1 - - [09/Aug/2025:16:21:23 +0000] "POST / HTTP/1.1" 200 7 "-" "curl/8.12.1"
Hey there! Following up on this, i got your application started however, it seems that this is more for folks who actually know PHP an HTML and less for folks like myself who just find Docker applications (Invidious, Homepage, RedLib) spin them up and rig them to work with one another so i don’t think this will work for me personally at the moment in time regardless seems like a great tool nonetheless!
Thanks again!
Is there any special configuration needed for it? Env variables, network interface, volumes & config files, etc?
I plan to set this up in a docker-compose file later this afternoon once I get some free time.
Ah bless!
I’ve been using Firefox extensions to make up my CSP’s and so far it’s been an absolute nightmare! Thank you for this tool!
Debian - I’ve put Debian with KDE on the mini PC server.
Save your resources on the mini pc by getting rid of KDE, desktops can take quite a lot of resources to run!
If you aren’t familiar with the BASH shell it’s essentially the heart of every Linux/GNU based operating systems, no need for a clunky GUi on a server.
Key commands:
cd == Change Directory
sudo == Root privileges
mkdir == Make directory
rm -f == Remove file/directory with force
touch == Make a new file
nano == Text/File editor
cat == Read file contents and print to shell
Commands don’t need to be complicated! For example nano /home/SomeUser/Downloads/SomeRandom.txt will open the text editor to SomeRandom.txt in the /Downloads directory of SomeUser
Hope this helps:
(It’s an Asus RT-AX86U Pro - so fairly chunky in terms of spec)
I have your exact router make and model! I self host my own server with a domain on my home network and make use of the built in DDNS feature.
My domain registrar is Cloudflare so I have to use a custom script for DDNS, if you’re in the same boat I can provide the script.
I would suggest looking into Asus WRT Merlin Firmware, the custom firmware enables more functionality to your router.
Docker containers for
- Ghost
- Nginx Proxy Manager
When hosting a reverse proxy like Nginx, Traefik, SWAG, Pangolin, etc keep in mind you 80:80 and 443:443 ports need to be exposed to the host machine then you will forward those ports on your router. This will allow your reverse proxy to communicate with Lets Encrypt generating and verifying your SSL certificates.
As the end use my biggest gripe with Matrix is with voice communications, it’s almost as if you sneeze wrong you’ll lose connection to the voice group, screen sharing is horrible, no audio and the window is not adjustable, cant even make it full screen.
Now they’re reducing people’s usage by putting in a subscription and locking certain features, at least on the home server.
While I am disappointed they did at least take my advice and prevent Windows Recall from capturing people’s messages.