A lightweight Docker image for a complete seedbox solution based on Alpine Linux, featuring:
- jesec's rtorrent - Modern fork of rtorrent with improvements
- Flood UI - Beautiful modern web interface for rtorrent
- WireGuard VPN - Fast, secure VPN with killswitch protection
- 🪶 Lightweight: Built on Alpine Linux (~200MB image size)
- 🔒 Secure: WireGuard VPN with killswitch to prevent IP leaks
- 🎨 Modern UI: Clean, responsive Flood interface
- 📦 All-in-one: Complete seedbox solution in a single container
- 🔄 Auto-restart: Supervisord manages all services with automatic recovery
- 🏥 Health checks: Built-in monitoring for all services
Pull from a registry:
# GitHub Container Registry
docker pull ghcr.io/xninety9/greenhouse:latest
# Docker Hub
docker pull xninety9/greenhouse:latestOr build locally:
docker-compose buildCreate your WireGuard configuration file at ./config/wireguard/wg0.conf:
[Interface]
PrivateKey = YOUR_PRIVATE_KEY
Address = 10.x.x.x/32
DNS = 1.1.1.1
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = vpn.example.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25Note: Replace with your actual VPN provider's configuration.
docker-compose up -dOr manually:
docker run -d \
--name greenhouse \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
-p 5000:5000 \
-p 6881:6881 \
-p 6881:6881/udp \
-v $(pwd)/config:/config \
-v $(pwd)/downloads:/downloads \
-v $(pwd)/watch:/watch \
-v /lib/modules:/lib/modules:ro \
greenhouse:latestOpen your browser and navigate to: http://localhost:5000
greenhouse/
├── Dockerfile
├── docker-compose.yml
├── config/
│ ├── rtorrent.rc # rtorrent configuration
│ └── supervisord.conf # Service management
├── scripts/
│ ├── entrypoint.sh # Container startup script
│ └── healthcheck.sh # Health monitoring
└── README.md
After first run, your data will be organized as:
./config/
├── rtorrent/
│ ├── rtorrent.rc # rtorrent configuration
│ └── log/ # rtorrent logs
├── flood/ # Flood data directory
└── wireguard/
└── wg0.conf # Your WireGuard config (you create this)
./downloads/ # Downloaded torrents
./watch/ # Drop .torrent files here for auto-loading
./session/ # rtorrent session data
- Obtain a WireGuard configuration from your VPN provider
- Save it as
./config/wireguard/wg0.conf - Restart the container
The container includes a killswitch that will block all non-VPN traffic, preventing IP leaks.
Edit ./config/rtorrent/rtorrent.rc to customize rtorrent settings:
- Download limits
- Upload limits
- Port configuration
- DHT settings
- And more
Default ports:
- 6881: Incoming connections (already configured)
Flood runs with authentication disabled by default for local use. To enable authentication, modify the supervisord.conf file:
command=/usr/bin/flood --host=0.0.0.0 --port=5000 --rundir=/config/flood --auth=default --rtsocket=/var/run/rtorrent/rpc.sockThen restart the container.
Method 1: Via Flood UI
- Open http://localhost:5000
- Click the "+" button
- Add torrent URL or upload .torrent file
Method 2: Via Watch Directory
- Copy .torrent files to
./watch/directory - rtorrent will automatically load and start them
Check container logs:
docker-compose logs -fCheck VPN connection:
docker exec greenhouse wg showCheck your IP address (should show VPN IP):
docker exec greenhouse curl -s ifconfig.me- Verify your
wg0.confis properly formatted - Check container logs:
docker-compose logs greenhouse - Ensure your VPN provider's endpoint is reachable
- Try testing the config outside Docker first
- Check if container is running:
docker ps - Check port mapping:
docker port greenhouse - Check container health:
docker inspect greenhouse | grep Health - Check Flood logs:
docker exec greenhouse cat /var/log/supervisor/flood.log
- Check rtorrent logs:
docker exec greenhouse cat /var/log/supervisor/rtorrent.log - Verify configuration:
docker exec greenhouse rtorrent -n -o import=/config/rtorrent/rtorrent.rc - Check permissions on directories
If you need to disable the killswitch temporarily for debugging:
docker exec greenhouse iptables -F
docker exec greenhouse iptables -P INPUT ACCEPT
docker exec greenhouse iptables -P FORWARD ACCEPT
docker exec greenhouse iptables -P OUTPUT ACCEPTWarning: This disables leak protection!
Edit docker-compose.yml:
dns:
- 1.1.1.1
- 9.9.9.9If your VPN provider supports port forwarding, add the forwarded port to your configuration:
-
Update
rtorrent.rc:network.port_range.set = YOUR_FORWARDED_PORT-YOUR_FORWARDED_PORT -
Expose the port in docker-compose.yml:
ports: - "YOUR_FORWARDED_PORT:YOUR_FORWARDED_PORT" - "YOUR_FORWARDED_PORT:YOUR_FORWARDED_PORT/udp"
Add to docker-compose.yml:
deploy:
resources:
limits:
cpus: '2'
memory: 2G
reservations:
memory: 512M- Always use a VPN when torrenting to protect your privacy
- The killswitch prevents accidental IP leaks if VPN disconnects
- Flood UI has no authentication by default - only expose on trusted networks
- Keep your WireGuard config secure (it contains your private key)
- Regularly update the container for security patches
- Docker 20.10+
- Docker Compose 1.29+
- Kernel with WireGuard support (Linux 5.6+)
NET_ADMINcapability for VPN
| Port | Protocol | Purpose |
|---|---|---|
| 5000 | TCP | Flood Web UI |
| 6881 | TCP/UDP | rtorrent incoming connections |
| 9091 | TCP | rtorrent XML-RPC (internal only) |
- SSD Storage: Use SSD for session directory for better performance
- Memory: Allocate at least 1GB RAM for smooth operation
- Network: Use gigabit connection for best speeds
- rtorrent tuning: Adjust
pieces.memory.maxin rtorrent.rc based on available RAM
For issues:
- Check logs:
docker-compose logs -f - Verify VPN connection:
docker exec greenhouse wg show - Test without VPN first to isolate issues
- Check rtorrent configuration syntax
This Docker configuration is provided as-is for personal use. Please respect copyright laws and your VPN provider's terms of service.
- rtorrent: https://github.com/jesec/rtorrent
- Flood: https://github.com/jesec/flood
- WireGuard: https://www.wireguard.com/
- Alpine Linux: https://alpinelinux.org/
