Seedbox – Runbook
Services on LXC 110 (dlbox)
| Instance | URL | Port mapping |
|---|---|---|
| Seedbox qBittorrent | seedbox.eva-00.network |
oauth2-proxy:8584 → LXC 110:8080 |
| Normal qBittorrent | normal.eva-00.network |
oauth2-proxy:8585 → LXC 110:8081 |
Both URLs require PocketID authentication via oauth2-proxy on LXC 119 (infra-apps). qBittorrent's internal auth is bypassed for the oauth2-proxy and tools LXCs (AuthSubnetWhitelist=192.168.1.118/32, 192.168.1.119/32, LocalHostAuth=false).
Routine Tasks
Restart qBittorrent
ssh [email protected] "docker restart qbittorrent"
ssh [email protected] "docker restart qbittorrent-normal"
Check disk usage
ssh [email protected] "df -h /data"
Verify traffic goes through VPN
# Check Gluetun seedbox tunnel status
curl http://192.168.1.110:8000/v1/vpn/status
# Check Gluetun normal tunnel status
curl http://192.168.1.110:8001/v1/vpn/status
# Get current public IP (should be ProtonVPN, not home IP)
curl http://192.168.1.110:8000/v1/publicip/ip
VPN Architecture
Both qBittorrent instances use network_mode: "service:gluetun" / "service:gluetun-normal", which forces all traffic through the VPN tunnel at the Docker network level. No proxy configuration needed — if the VPN is down, the container has no internet.
This is a stronger guarantee than the old proxy+killswitch approach on LXC 111 (now destroyed).
Samba Share
/data is shared over SMB as seedbox (guest, LAN only).
# Verify smbd is running
ssh [email protected] "systemctl status smbd"
# Restart if needed
ssh [email protected] "systemctl restart smbd"
Connect from macOS: smb://192.168.1.110 → select seedbox share → Guest.
Logs
| Log | Contents | Loki query |
|---|---|---|
| Seedbox qBittorrent | Torrent events, peers | {job="dlbox", container="qbittorrent"} |
| Normal qBittorrent | Torrent events, peers | {job="dlbox", container="qbittorrent-normal"} |
| Gluetun (seedbox) | VPN tunnel status | {job="dlbox", container="gluetun"} |
| Gluetun (normal) | VPN tunnel status | {job="dlbox", container="gluetun-normal"} |
| OAuth2 Proxy (seedbox) | Auth events | {job="infra-apps", container="oauth2-proxy-seedbox"} |
| OAuth2 Proxy (normal) | Auth events | {job="infra-apps", container="oauth2-proxy-normal"} |
SSH fallback: ssh [email protected] "docker logs qbittorrent"
Troubleshooting
No peers connecting / torrents stuck
- Check Gluetun VPN status:
curl http://192.168.1.110:8000/v1/vpn/status - If VPN is down — fix Gluetun first (see Gluetun runbook)
- Restart qBittorrent after confirming Gluetun is up
Web UI not accessible
- Check container is running:
ssh [email protected] "docker logs qbittorrent" - Check oauth2-proxy:
ssh [email protected] "docker logs oauth2-proxy-seedbox"
Samba share not appearing
ssh [email protected] "systemctl restart smbd && systemctl status smbd"