Sonarr not connecting to other services (Prowlarr, NZBget, qbittorrent etc) using reverse proxy and SSL on Synology DSM containers

Help & Support
#1

Sonarr version (exact version): 3.0.10.1567
Mono version (if Sonarr is not running on Windows):
OS: Synology DSM 7.2-64570 Update 1
Debug logs:
Description of issue:

Preface
My set up is all based on a Synology NAS. I have the Container Manager (docker) package running with a few active projects. Lidarr, Radarr, Bazarr, Sonarr, Overseerr, and Prowlarr are all separate containers and all share a project, local network, and yaml config file. NZBget is running in it’s own container on a separate local network. I also have qbittorrent running as a container in a project with gluetun as it’s network interface. Reverse proxy is managed by the Synology settings (built in).

Sonarr to qbittorrent
Reverse proxy is not accepted (Unable to connect to qBittorrent). Only the local IP can be used without SSL. Radarr and Lidarr connect correctly using the reverse proxy and SSL.

Sonarr to Prowlarr
Adding Sonarr’s reverse proxy works, but adding Prowlarr’s reverse proxy “the way Sonarr sees it” fails (Prowlarr URL is invalid, Sonarr cannot connect to Prowlarr). Prowlarr’s local IP must be used to connect. Radarr and Lidarr connect correctly using the reverse proxy and SSL.

Sonarr to NZBget
Neither the reverse proxy nor the local IP can be used. Both result in an authentication error. Radarr and Lidarr are not affected by this, and connect to NZBget correctly using the reverse proxy.

Sonarr to Bazarr
Sonarr connects currently to Bazarr using reverse proxy and SSL

Sonarr to Overseerr
Both Radarr and Sonarr connect properly to Overseerr via reverse proxy and SSL

Other services
Lidarr and Radarr connect to all other services correctly using reverse proxy and SSL

What’s Expected:

When connecting to qbittorrent
Add download client with reverse proxy (qbit.domain.com:443) and test successfully

When connecting with Prowlarr
Input Prowlarr’s reverse proxy “the way Sonarr sees it”, and test successfully

When connecting to NZBget
Add download client with reverse proxy (qbit.domain.com:443) and test successfully

Process to Recreate:

Sonarr to qbittorrent

  1. Add Download client in Sonarr
  2. Select qbitorrent
  3. Fill in information
  4. Click Test

Sonarr to Prowlarr

  1. Add App in Prowlarr
  2. Select Sonarr
  3. Fill in information
  4. Click Test

Sonarr to NZBget

  1. Add Download client in Sonarr
  2. Select qbitorrent
  3. Fill in information
  4. Click Test

nzbget project

services:
  nzbget:
    image: lscr.io/linuxserver/nzbget:latest
    container_name: nzbget
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Canada/Mountain
      - NZBGET_USER=123 #optional
      - NZBGET_PASS=123 #optional
    volumes:
      - /volume1/docker/nzbget:/config
      - /volume1/Plex/downloads/usenet:/downloads #optional
    ports:
      - 6789:6789
    restart: unless-stopped

vpn-project

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8080:8080 # port for qbittorrent
      - 6881:6881 # qbit Shadowsocks
      - 6881:6881/udp # qbit Shadowsocks
    volumes:
      - /volume1/docker/gluetun:/gluetun
    environment:
      - PUID=1026
      - PGID=100
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=openvpn
      - OPENVPN_USER=123
      - OPENVPN_PASSWORD=123
      - VPN_PORT_FORWARDING=on
      - TZ=Canada/Mountain
      - HTTPPROXY=off #change to on if you wish to enable
      - SHADOWSOCKS=off #change to on if you wish to enable
      - FIREWALL_OUTBOUND_SUBNETS=172.17.0.0/16,192.168.0.0/24 #change this in line with your subnet see note on guide.
      - FIREWALL_VPN_INPUT_PORTS=8080,58846 #uncomment this line and change the port as per the note on the guide
    network_mode: bridge
    labels:
      - com.centurylinklabs.watchtower.enable=false
    security_opt:
      - no-new-privileges:true
    restart: always

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Canada/Mountain
      - WEBUI_PORT=8080
    volumes:
      - /volume1/docker/qbittorrent/config:/config
      - /volume1/Plex/downloads:/data
      - /volume1/Plex/downloads/complete:/data/complete
      - /volume1/Plex/downloads/incomplete:/data/incomplete
      - /volume1/Plex/downloads/torrents:/data/torrents
    network_mode: service:gluetun # run on the vpn network
    depends_on:
      gluetun:
        condition: service_healthy
    restart: unless-stopped

arr_services

services:

  bazarr:
    image: lscr.io/linuxserver/bazarr:latest
    container_name: bazarr
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Canada/Mountain
    volumes:
      - /volume1/docker/projects/arr_services/bazarr/config:/config
      - /volume1/Plex/Movies:/data/movies #optional
      - /volume1/Plex/TV:/data/tv #optional
    ports:
      - 6767:6767
    network_mode: bridge
    restart: unless-stopped

  radarr:
    image: lscr.io/linuxserver/radarr:latest
    container_name: radarr
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Canada/Mountain
    volumes:
      - /volume1/docker/projects/arr_services/radarr/config:/config
      - /volume1/Plex/Movies:/data/movies #optional
      - /volume1/Plex/downloads/complete:/data/complete #optional
    ports:
      - 7878:7878
    network_mode: bridge
    restart: unless-stopped

  sonarr:
    image: lscr.io/linuxserver/sonarr:latest
    container_name: sonarr
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Canada/Mountain
    volumes:
      - /volume1/docker/projects/arr_services/sonarr/config:/config
      - /volume1/Plex/TV:/data/tv #optional
      - /volume1/Plex/downloads/complete:/data/complete #optional
    ports:
      - 8989:8989
    network_mode: bridge
    restart: unless-stopped

  lidarr:
    image: lscr.io/linuxserver/lidarr:latest
    container_name: lidarr
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Canada/Mountain
    volumes:
      - /volume1/docker/projects/arr_services/lidarr/config:/config
      - /volume1/Plex/Music:/data/music #optional
      - /volume1/Plex/downloads/complete:/data/complete #optional
    ports:
      - 8686:8686
    network_mode: bridge
    restart: unless-stopped

  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    container_name: prowlarr
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Canada/Mountain
    volumes:
      - /volume1/docker/projects/arr_services/prowlarr/config:/config
    ports:
      - 9696:9696
    network_mode: bridge
    restart: unless-stopped

  overseerr:
    image: sctx/overseerr:latest
    container_name: overseerr
    environment:
      - LOG_LEVEL=debug
      - TZ=Canada/Mountain
#      - PORT=5055 #optional
    ports:
      - 5055:5055
    network_mode: bridge
    volumes:
      - /volume1/docker/projects/arr_services/overseerr/config:/app/config
    restart: unless-stopped

Logs and screenshots in comments

#2

20231109 - Sonar Trace Logs (nzbget)
20231109 - Prowlarr Trace Logs
20231109 - Sonarr Trace Logs

#3

Sonarr adding qbit
Sonarr adding qbit671×536 32 KB

Sonarr adding nzbget
Sonarr adding nzbget674×751 58.9 KB

Radarr connected to nzbget
Radarr connected to nzbget679×874 62.2 KB

Radarr connected to qbit
Radarr connected to qbit706×881 69.1 KB

Lidarr connected to nzbget
Lidarr connected to nzbget698×875 61.7 KB

Lidarr connected to qbit
Lidarr connected to qbit690×867 66.7 KB

Prowlarr connected to Lidarr
Prowlarr connected to Lidarr709×857 93.2 KB

Prowlarr connected to Radarr
Prowlarr connected to Radarr701×855 93.9 KB

Prowlarr not connected to Sonarr
Prowlarr not connected to Sonarr712×884 101 KB

Overseerr connected to Sonarr and Lidarr
Overseerr connected to Sonarr and Lidarr394×618 54.8 KB

#4

Bazarr connected to Sonarr
Bazarr connected to Sonarr1307×623 23.6 KB

Bazarr connected to Radarr
Bazarr connected to Radarr1312×622 23.5 KB

Reverse Proxy
Radarr reverse proxy
Radarr reverse proxy601×562 34 KB

Sonarr reverse proxy
Sonarr reverse proxy601×564 33.6 KB

Container Manager Projects
Container Manager Projects1204×578 45.4 KB

#5

If it’s all on the same box, connect the various apps using local addresses rather than the reverse proxy. Using ssl locally is also a ton of trouble.

#6

Also, you probably want to fix your mounts. On the one hand NZBget uses /downloads, on the other hand *arr apps use /data. Now you have to muck around with remote path mappings for no reason.

#7

I tried this, but every time the containers restart, their internal IPs change, so I have to go through and update everything each time. Using RPs saves some of that time in exchange for a little extra processing time.

I’m always open to suggestions though!

#8

Yep, managed to fix that after making the post. Everything is based on the /data/ filesystem and locally in the same folder as well.

Still stuck on how Sonarr isn’t wanting to play nice…

#9

I am running Docker on Ubuntu and have all services running on the same server. In my case, I interconnect everything through the stack for the server rather than through the docker internal network without using SSL or reverse proxy since I am inside my home network and don’t need the extra layer of security.

So if you look at my download client configuration in Sonarr, my qBittorentt Host is 192.168.1.50 and the port is 6767 while my SabNZBD Host is 192.168.1.50 and the port is 8080. I don’t have any of the internal Docker network IPs configured in the applications and instead, send everything through the stack for the NIC since these are all low transaction rate API requests between the applications.

#10

I’d certainly love the simplicity of that, especially if everything is running in one place. I gave it a shot on a few of the services, but they keep timing out on the local IP.

My server is at 192.168.0.137, so I added that to Sonarr when added a Download client (NZBget) with a port of 6789. The trace logs came back with the following

[v3.0.10.1567] NzbDrone.Core.Download.Clients.DownloadClientUnavailableException: Unable to connect to NzbGet. The operation has timed out.: 'http://192.168.0.137:6789/jsonrpc' ---> System.Net.WebException: The operation has timed out.: 'http://192.168.0.137:6789/jsonrpc' ---> System.Net.WebException: The operation has timed out.

The operation just keeps timing out. I’m not sure if I’m missing a configuration in my local network, but that doesn’t seem to be a solution for my specific problem. It’s a good thought though, and I’d like to eventually get to that point.

#11

Does Synology have specific firewall rules that could be in play blocking access?

Here are the relevant sections of my docker-compose.yml

  sonarr:
    image: "linuxserver/sonarr:latest"
    container_name: "sonarr"
    volumes:
      - /home/bergang:/home/bergang
      - /mnt/ssd/:/mnt/ssd
      - "/etc/localtime:/etc/localtime:ro"
    network_mode: bridge
    ports:
        - "8989:8989"
    restart: always
    labels:
      - io.portainer.accesscontrol.public
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
  sabnzbd:
    image: "linuxserver/sabnzbd:latest"
    container_name: "sabnzbd"
    volumes:
      - /home/bergang/.sabnzbd:/config
      - /home/bergang:/home/bergang
      - /lib/x86_64-linux-gnu/libprocps.so.8:/lib/x86_64-linux-gnu/libprocps.so.8
    network_mode: bridge
    ports:
        - "8080:8080"
        - "9090:9090"
    restart: always
    labels:
      - io.portainer.accesscontrol.public
    environment:
      - SABNZBD_UID=1000
      - SABNZBD_GID=1000
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - CONFIG=/config/sabnzbd.ini
  radarr:
    image: "linuxserver/radarr:latest"
    container_name: "radarr"
    volumes:
      - ${USERDIR}/.config/Radarr:/config
      - ${USERDIR}/Downloads/completed:/downloads
      - /home/bergang:/home/bergang
      - /mnt/ssd/:/mnt/ssd
      - "/etc/localtime:/etc/localtime:ro"
    network_mode: bridge
    ports:
      - "7878:7878"
    restart: always
    labels:
      - io.portainer.accesscontrol.public
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
  jackett:
    image: linuxserver/jackett
    container_name: jackett
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - AUTO_UPDATE=false
    volumes:
      - ${USERDIR}/.jackett:/config
    ports:
      - "9117:9117"
    labels:
      - io.portainer.accesscontrol.public
    restart: unless-stopped
  qbittorrent:
    image: "linuxserver/qbittorrent:14.2.5.99202004250119-7015-2c65b79ubuntu18.04.1-ls93"
    container_name: "qbittorrent"
    labels:
      - io.portainer.accesscontrol.public
      - com.centurylinklabs.watchtower.monitor-only="true"
    volumes:
      - /home/bergang/.config/qBittorrent:/config
      - /home/bergang:/home/bergang
      - /mnt/ssd/qbittorrent_downloads:/downloads
      - /mnt/ssd/:/mnt/ssd
      - "/etc/localtime:/etc/localtime:ro"
    restart: always
    network_mode: service:vpn
    depends_on:
      - vpn
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TZ}
      - UMASK_SET=002
      - WEBUI_PORT=6767
  vpn:
    image: ghcr.io/bubuntux/nordlynx:latest
    container_name: "nordlynx"
    network_mode: bridge
    labels: 
      - io.portainer.accesscontrol.public
      - com.centurylinklabs.watchtower.monitor-only="true"
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.conf.all.rp_filter=2
    devices:
      - /dev/net/tun
    environment:
      - USER=XXXX
      - PASS=XXXX
      - CONNECT=XXXX
      - TZ=${TZ}
      - TECHNOLOGY=NordLynx
      - NETWORK=192.168.1.0/24
      - PRIVATE_KEY=XXXX
    ports:
      - 6767:6767
#12

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.