https://github.com/binhex/arch-sabnzbdvpn

Docker build script for Arch Linux base with SABnzbd, Privoxy and OpenVPN
https://github.com/binhex/arch-sabnzbdvpn

docker-image downloader openvpn privoxy sabnzbd usenet vpn

Last synced: about 2 months ago
JSON representation

Docker build script for Arch Linux base with SABnzbd, Privoxy and OpenVPN

• Host: GitHub
• URL: https://github.com/binhex/arch-sabnzbdvpn
• Owner: binhex
• License: gpl-3.0
• Created: 2015-05-05T12:29:30.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2026-03-11T19:01:22.000Z (3 months ago)
• Last Synced: 2026-03-12T00:33:44.998Z (3 months ago)
• Topics: docker-image, downloader, openvpn, privoxy, sabnzbd, usenet, vpn
• Language: Shell
• Homepage:
• Size: 199 KB
• Stars: 63
• Watchers: 4
• Forks: 11
• Open Issues: 15
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Application

[SABnzbd](http://sabnzbd.org/)

[Privoxy](http://www.privoxy.org/)

[microsocks](https://github.com/rofl0r/microsocks)

[OpenVPN](https://openvpn.net/)

[WireGuard](https://www.wireguard.com/)

## Description

SABnzbd is an Open Source Binary Newsreader written in Python. It's totally

free, incredibly easy to use, and works practically everywhere. SABnzbd makes

Usenet as simple and streamlined as possible by automating everything we can.

All you have to do is add an .nzb.

This Docker includes OpenVPN and WireGuard to ensure a secure and private

connection to the Internet, including use of iptables to prevent IP leakage when

the tunnel is down. It also includes Privoxy to allow unfiltered access to index

sites, to use Privoxy please point your application at `http://:8118`.

## Build notes

Latest stable SABnzbd release from Arch Linux AUR.

Latest stable Privoxy release from Arch Linux repo.

Latest stable microsocks release from GitHub.

Latest stable OpenVPN release from Arch Linux repo.

Latest stable WireGuard release from Arch Linux repo.

## Usage

```text

docker run -d \

    --cap-add=NET_ADMIN \

    -p 8080:8080 \

    -p 8090:8090 \

    -p 8118:8118 \

    -p 9118:9118 \

    -p 58946:58946 \

    -p 58946:58946/udp \

    --name= \

    -v :/data \

    -v :/config \

    -v /etc/localtime:/etc/localtime:ro \

    -e VPN_ENABLED= \

    -e VPN_USER= \

    -e VPN_PASS= \

    -e VPN_PROV= \

    -e VPN_CLIENT= \

    -e VPN_OPTIONS= \

    -e ENABLE_STARTUP_SCRIPTS= \

    -e ENABLE_PRIVOXY= \

    -e STRICT_PORT_FORWARD= \

    -e USERSPACE_WIREGUARD= \

    -e ENABLE_SOCKS= \

    -e SOCKS_USER= \

    -e SOCKS_PASS= \

    -e LAN_NETWORK=/ \

    -e NAME_SERVERS= \

    -e VPN_INPUT_PORTS= \

    -e VPN_OUTPUT_PORTS= \

    -e DEBUG= \

    -e HEALTHCHECK_COMMAND= \

    -e HEALTHCHECK_ACTION= \

    -e HEALTHCHECK_HOSTNAME= \

    -e UMASK= \

    -e PUID= \

    -e PGID= \

    binhex/arch-sabnzbdvpn

```

Please replace all user variables in the above command defined by <> with the

correct values.

## Access application

`http://:8080`

## Access Privoxy

`http://:8118`

## Access microsocks

`:9118`

default credentials: admin/socks

## PIA example

```bash

docker run -d \

    --cap-add=NET_ADMIN \

    -p 8080:8080 \

    -p 8090:8090 \

    -p 8118:8118 \

    -p 9118:9118 \

    -p 58946:58946 \

    -p 58946:58946/udp \

    --name=sabnzbdvpn \

    -v /root/docker/data:/data \

    -v /root/docker/config:/config \

    -v /etc/localtime:/etc/localtime:ro \

    -e VPN_ENABLED=yes \

    -e VPN_USER=myusername \

    -e VPN_PASS=mypassword \

    -e VPN_PROV=pia \

    -e VPN_CLIENT=openvpn \

    -e ENABLE_STARTUP_SCRIPTS=no \

    -e ENABLE_PRIVOXY=yes \

    -e STRICT_PORT_FORWARD=yes \

    -e USERSPACE_WIREGUARD=no \

    -e ENABLE_SOCKS=yes \

    -e SOCKS_USER=admin \

    -e SOCKS_PASS=socks \

    -e LAN_NETWORK=192.168.1.0/24 \

    -e NAME_SERVERS=1.1.1.1,1.0.0.1 \

    -e VPN_INPUT_PORTS=1234 \

    -e VPN_OUTPUT_PORTS=5678 \

    -e DEBUG=false \

    -e UMASK=000 \

    -e PUID=0 \

    -e PGID=0 \

    binhex/arch-sabnzbdvpn

```

## OpenVPN

Please note this Docker image does not include the required OpenVPN

configuration file and certificates. These will typically be downloaded from

your VPN providers website (look for OpenVPN configuration files), and generally

are zipped.

PIA users - The URL to download the OpenVPN configuration files and certs is:-

[PIA OpenVPN configuration](https://www.privateinternetaccess.com/openvpn/openvpn.zip)

Once you have downloaded the zip (normally a zip as they contain multiple ovpn

files) then extract it to /config/openvpn/ folder (if that folder doesn't exist

then start and stop the docker container to force the creation of the folder).

If there are multiple ovpn files then please delete the ones you don't want to

use (normally filename follows location of the endpoint) leaving just a single

ovpn file and the certificates referenced in the ovpn file (certificates will

normally have a crt and/or pem extension).

## WireGuard

If you wish to use WireGuard (defined via 'VPN_CLIENT' env var value ) then due

to the enhanced security and kernel integration WireGuard will require the

container to be defined with privileged permissions and sysctl support, so

please ensure you change the following docker options:-

from

``` bash

    --cap-add=NET_ADMIN \

```

to

``` bash

    --sysctl="net.ipv4.conf.all.src_valid_mark=1" \

    --privileged=true \

```

**PIA users** - The WireGuard configuration file will be auto generated and will

be stored in ```/config/wireguard/wg0.conf``` AFTER the first run, if you wish

to change the endpoint you are connecting to then change the ```Endpoint``` line

in the config file (default is Netherlands).

**Other users** - Please download your WireGuard configuration file from your

VPN provider, start and stop the container to generate the folder

```/config/wireguard/``` and then place your WireGuard configuration file in

there.

## Notes

Due to Google and OpenDNS supporting EDNS Client Subnet it is recommended NOT to

use either of these NS providers.

The list of default NS providers in the above example(s) is as follows:-

1.x.x.x = Cloudflare

---

### IMPORTANT

Please note `VPN_INPUT_PORTS` is **NOT** to define the incoming port for the

VPN, this environment variable is used to define port(s) you want to allow in to

the VPN network when network binding multiple containers together, configuring

this incorrectly with the VPN provider assigned incoming port COULD result in IP

leakage, you have been warned!.

---

User ID (PUID) and Group ID (PGID) can be found by issuing the following command

for the user you want to run the container as:-

`id `

---

If you appreciate my work, then please consider buying me a beer  :D

[![PayPal donation](https://www.paypal.com/en_US/i/btn/btn_donate_SM.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MM5E27UX6AUU4)

[Documentation](https://github.com/binhex/documentation) | [Support forum](http://forums.unraid.net/index.php?topic=45822.0)