Local network KO after 1.20 update

[Mikiya83]

Hi
Thanks for the security update.
Unfortunately, after this update, i cannot access port 9091 in local network.
I use the same conf file as 1.19 (ran without problems), with "-e LOCAL_NETWORK=192.168.1.0/24" and "-p 9091:9091" but now with browser or RemoteTransmission, i cannot reach it in 1.20 version.
Do you have any ideas ?
Thanks !

PS : in logs i can't see any relevant errors, i will post it later if needed.

[haugene]

I have an idea: #395
There's a new config variable TRANSMISSION_RPC_HOST_WHITELIST that I assume is the culprit. Haven't tried it myself so I don't know the correct value to set it to. You can disable the whole thing with TRANSMISSION_RPC_HOST_WHITELIST_ENABLED but I guess that removes the security fix.

[Mikiya83]

Ok so i will play with TRANSMISSION_RPC_HOST_WHITELIST variable until it works, thanks ;)

[Mikiya83]

I can't succeed to connect even if i set "TRANSMISSION_RPC_HOST_WHITELIST=* " :(
But i found this, maybe it's related : transmission/transmission#476

[dcrdev]

I already had TRANSMISSION_RPC_HOST_WHITELIST_ENABLED set to false and the update last night broke things for me also.

[haugene]

The issue linked above mentions a bug in the ubuntu package. Not sure what to do until the ppa source is updated with 2.93 version in that case, ref #392. Just downgrade in the meantime? Could do that and tag it 1.21 so that people could run the patched version on 1.20 if they want. Or enable the ppa source on the dev tag and wait to release 1.21 until transmission 2.93 is out?

[clowrym]

I've switched back to the previous commit as well.

[jfmcbrayer]

When people are saying they've switched back to the previous commit; is it sufficient to add the version tag on the docker pull call in your startup script (e.g., from systemd)? Or is it necessary to clone the repository from the particular tag and rebuild it?

[haugene]

Adding the tag :1.19 should be sufficient. But since so many people are having trouble with this, I think I'll revert the change for the latest tag as well. The change will come back with version 2.93 of Transmission, but a setup example should be provided in the README at that time

[haugene]

Software sources are reverted and builds are triggered for latest, dev and the new 1.21 tag (https://hub.docker.com/r/haugene/transmission-openvpn/builds/)

This should resolve the issue for now. Those who still want to run the patched version can use tag 1.20

[im-mortal]

Seems like those tags were built with errors.

[haugene]

The docker build servers are slow today, spending a lot of time queueing. The dev tag built ok, and it's the same source. So I suspect it's not the code that fails on the other tags. I'll trigger more builds until they're all ok.

[clowrym]

still no go for me on the :latest & :dev tag's.
Also tried setting whitelist to false as noted above.

STARTING TRANSMISSION CONFIGURING PORT FORWARDING Transmission startup script complete. Wed Feb 7 15:37:57 2018 Initialization Sequence Completed Generating new client id for PIA Got new port 37626 from PIA transmission auth required [2018-02-07 15:37:58.171] transmission-remote: (http://localhost:9091/transmission/rpc/) Couldn't connect to server [2018-02-07 15:37:58.191] transmission-remote: (http://localhost:9091/transmission/rpc/) Couldn't connect to server Checking port... [2018-02-07 15:38:08.215] transmission-remote: (http://localhost:9091/transmission/rpc/) Couldn't connect to server

[im-mortal]

DockerHub's having a bad day. Transmission-openvpn latest tag still hasn't been properly updated. Try building the image yourself in the meantime.

[haugene]

Looking better now, rebuilt all tags. Missed dev-alpine tag, building now. But the rest are hopefully ok.

[dcrdev]

I tried pulling the latest tag again and am still facing the same problem.

I've gone back to 1.19 again, again.

[dcrdev]

Not sure if my config has some incompatibilities with the latest version or not...

docker run \
--name transmission-openvpn \
--privileged \
-v /storage/Downloads/:/data \
-v /srv/transmission-openvpn/home/:/home:Z \
-v /srv/transmission-openvpn/config/:/etc/transmission/config:Z \
-p 9091:9091 \
--env-file /srv/transmission-openvpn/DockerEnv \
--dns *.*.*.* \
--dns *.*.*.* \
haugene/transmission-openvpn

$ cat /srv/transmission-openvpn/DockerEnv
PUID=988
PGID=1001
OPENVPN_PROVIDER=NORDVPN
OPENVPN_CONFIG=
OPENVPN_USERNAME=
OPENVPN_PASSWORD=
OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
LOCAL_NETWORK=192.168.1.0/24
TRANSMISSION_ALT_SPEED_DOWN=200
TRANSMISSION_ALT_SPEED_ENABLED=false 
TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 
TRANSMISSION_ALT_SPEED_TIME_DAY=62 
TRANSMISSION_ALT_SPEED_TIME_ENABLED=true 
TRANSMISSION_ALT_SPEED_TIME_END=1020 
TRANSMISSION_ALT_SPEED_UP=50 
TRANSMISSION_BLOCKLIST_ENABLED=true
TRANSMISSION_BLOCKLIST_URL=
TRANSMISSION_CACHE_SIZE_MB=4 
TRANSMISSION_DHT_ENABLED=true 
TRANSMISSION_DOWNLOAD_DIR=/data 
TRANSMISSION_DOWNLOAD_QUEUE_ENABLED=true 
TRANSMISSION_DOWNLOAD_QUEUE_SIZE=5 
TRANSMISSION_ENCRYPTION=2 
TRANSMISSION_IDLE_SEEDING_LIMIT=30 
TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=false 
TRANSMISSION_INCOMPLETE_DIR=/data/Incomplete 
TRANSMISSION_INCOMPLETE_DIR_ENABLED=true 
TRANSMISSION_LPD_ENABLED=false 
TRANSMISSION_MESSAGE_LEVEL=1
TRANSMISSION_PEER_CONGESTION_ALGORITHM= 
TRANSMISSION_PEER_ID_TTL_HOURS=6 
TRANSMISSION_PEER_LIMIT_GLOBAL=400 
TRANSMISSION_PEER_LIMIT_PER_TORRENT=50 
TRANSMISSION_PEER_PORT_RANDOM_HIGH=65535 
TRANSMISSION_PEER_PORT_RANDOM_LOW=49152 
TRANSMISSION_PEER_PORT_RANDOM_ON_START=false
TRANSMISSION_PEER_SOCKET_TOS=default 
TRANSMISSION_PEX_ENABLED=true 
TRANSMISSION_PORT_FORWARDING_ENABLED=false 
TRANSMISSION_PREALLOCATION=1 
TRANSMISSION_PREFETCH_ENABLED=true 
TRANSMISSION_QUEUE_STALLED_ENABLED=true 
TRANSMISSION_QUEUE_STALLED_MINUTES=30 
TRANSMISSION_RATIO_LIMIT=2 
TRANSMISSION_RATIO_LIMIT_ENABLED=false 
TRANSMISSION_RENAME_PARTIAL_FILES=true 
TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true
#TRANSMISSION_RPC_BIND_ADDRESS=0.0.0.0
TRANSMISSION_RPC_ENABLED=true 
TRANSMISSION_RPC_PASSWORD=
TRANSMISSION_RPC_PORT=9091
TRANSMISSION_RPC_URL=/transmission/ 
TRANSMISSION_RPC_USERNAME=
TRANSMISSION_RPC_WHITELIST=*.*.*.*
TRANSMISSION_RPC_WHITELIST_ENABLED=false
TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=true 
TRANSMISSION_SCRIPT_TORRENT_DONE_ENABLED=true
TRANSMISSION_SCRIPT_TORRENT_DONE_FILENAME=/etc/transmission/config/tran_clear.sh
TRANSMISSION_SEED_QUEUE_ENABLED=false 
TRANSMISSION_SEED_QUEUE_SIZE=10 
TRANSMISSION_SPEED_LIMIT_DOWN=100 
TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED=false 
TRANSMISSION_SPEED_LIMIT_UP=100 
TRANSMISSION_SPEED_LIMIT_UP_ENABLED=false 
TRANSMISSION_START_ADDED_TORRENTS=true 
TRANSMISSION_TRASH_ORIGINAL_TORRENT_FILES=true 
TRANSMISSION_UMASK=18
TRANSMISSION_UPLOAD_SLOTS_PER_TORRENT=14 
TRANSMISSION_UTP_ENABLED=true 
TRANSMISSION_WATCH_DIR=/data/Watch 
TRANSMISSION_WATCH_DIR_ENABLED=true 
TRANSMISSION_HOME=/home/transmission

[ghost]

+1, webUI is no longer working with the latest Docker hub. I'm unable to downgrade currently, but I will try later today

[heckface]

I was having the same issues. I've edited part of the /etc/transmission/start.sh script to:

echo "STARTING TRANSMISSION"
#exec su --preserve-environment ${RUN_AS} -c "/usr/bin/transmission-daemon -g ${TRANSMISSION_HOME} --logfile ${TRANSMISSION_HOME}/transmission.log" &
exec sudo -E -u ${RUN_AS} /usr/bin/transmission-daemon -g ${TRANSMISSION_HOME} --logfile ${TRANSMISSION_HOME}/transmission.log &

I'm unsure why that was changed or what exactly is causing it when using su but seems to work fine with that.

Edit: I believe the issue above is due to the abc user having it's shell set to /bin/false. I tested with:

exec su --preserve-environment ${RUN_AS} -s /bin/bash -c "/usr/bin/transmission-daemon -g ${TRANSMISSION_HOME} --logfile ${TRANSMISSION_HOME}/transmission.log" &

in /etc/transmission/start.sh and it works as well.

[ghost]

@heckface's solution worked for me!

[im-mortal]

Can confirm that @heckface's fix helped getting webui to work.

[haugene]

Merged his PR now, the dev tag should be updated shortly following a build. Question is if we then should introduce the patched version of Transmission again. As it didn't seem to be the issue after all.

[heckface]

Thanks @haugene . I used the 1.20 tag with the changes to the start.sh script and things seem to work fine in my very limited testing. I also enabled the host whitelist and had no issues but for my use cases I didn't expect it to cause issues. I only access by private IP.

From what I understand though anybody that does use a hostname/domain to access transmission remotely they just need to add it it to the whitelist, disable the host whitelist or enable authentication. I would think anybody would want those protections so I don't see a reason not to use the patched version unless there are some wanted features not in 2.84-3ubuntu3.1.

[haugene]

The fix is now merged to master and the latest tag should be ok. There are still some having issues with the new host whitelist(#432), but locally I can run with default values. We'll see if the default value should be to disable it depending on what seems to be the norm. Maybe add a note to the readme.

If you're having issues with the whitelist, take it up in the other issue.