The main reference used is Havetheknowhow.com, specifically for the deluge headless setup, Havetheknowhow.com - How to install Deluge Headless. The Deluge support page is also a root source of knowledge Deluge systemd. Whatbox Deluge also has some interesting dialog.
If installing on a virtual machine (VM) it is important to also have set up the NFS to allow access to the main storage. Also, consider aligning the appropriate file system user and groups between the VM server and VM guests. (Check the local deluge directory actually exists for the user as otherwise the deluge and deluge web daemons will crash and not load. (For the Ubuntu Network Filing System, NFS, see Havetheknowhow.com - How to configure NFS Version 4, that contains configuration information for both the VM server and clients.
Unfortunately, Havetheknowhow.com does not seem to cover the alignment of user and groups between the main OS and VMs. I create a basic template machine and manual update the group and user id numbers to align, a use the basic information given in Linux: Changing UIDs and GIDs for a user. The process is tedious and takes a bit of care to complete, but once setup properly allows better operation between the server and virtual machines.
I use a dedicated VM guest for Deluge with a VPN set up on this VM. I have been using the VPN BTGuard for a few years now without any significant problems, save for BTGuard changing the IP address of their servers on occasion without informing end users, this affects the firewall software as noted below.
The following setup for the VPN with BTGuard. (The BTGuard Setup does not align well with the headless server and Deluge setup.)
Create the /etc/openvpn/login.conf file and add only the BTGuard User name on the first line and associated password on the second line. Consideration should be given to protecting this information by limiting access to this file, e.g. changing file to root access only. (As these files a configuration files only they are not to be made executable.)
The BTguard VPN protection can be started with the command "sudo openvpn /etc/openvpn/btguard.conf", however it should have been automatically setup during installation using a systemd boot script.
BTGuard seems to change their VPN IP addresses from time to time! The iptables configuration needs to be changed to match to ensure operation. BTGuard seems to show there current IP addresses at their Knowledgebase How can I test if BTGuard VPN is working?. Sadly BTGuard do not seem to pro-actively inform their users of these changes, perhaps they do not want to keep a mailing list to protect client security.
remote vpn.btguard.com 1194
Obviously, Username and password are end user specific.
A problem with this protection is should the OpenVPN system fail then the VPN protection will fail. To diminish this risk, I have set up the Deluge VM with an IPtables based firewall to effectively stop external internet connection upon any failure of the VPN. (The reference for the iptables filter script was AirVPN - Prevent leaks with Linux & iptables )
iptables -t nat -F
iptables -t mangle -F
# Flush V6
ip6tables -t nat -F
ip6tables -t mangle -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Local V6
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT
# Make sure you can communicate with any DHCP server
iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
iptables -A INPUT -s 255.255.255.255 -j ACCEPT
# Make sure that you can communicate within your own network if Private Network option is enabled
iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT
iptables -A OUTPUT -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT
# Allow incoming pings if Ping option is enabled
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# Allow established sessions to receive traffic:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow TUN
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
# make sure that eth and tun can communicate
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
# specifically allow IP addresses of VPN only for outgoing packet on eth0
iptables -A OUTPUT -o eth0 -d 220.127.116.11/24 -j ACCEPT
iptables -A OUTPUT -o eth0 -d 18.104.22.168/16 -j ACCEPT
iptables -A OUTPUT -o eth0 -d 22.214.171.124/24 -j ACCEPT
iptables -A OUTPUT -o eth0 -d 126.96.36.199 -j ACCEPT
#iptables -A OUTPUT -o eth0 -d 188.8.131.52 -j ACCEPT
iptables -A OUTPUT -o eth0 -d 184.108.40.206/24 -j ACCEPT
iptables -A OUTPUT -o eth0 -d 220.127.116.11/24 -j ACCEPT
iptables -A OUTPUT -o eth0 -d 18.104.22.168/24 -j ACCEPT
# IP address and subnet masks from BTGuard
# 22.214.171.124 seems to be the BTGuard Singapore address since circa Oct 2016 & removed May 2017
# 126.96.36.199/24 seems to be the BTGuard Singapore? address since circa May 2017
# 188.8.131.52/24 seems to be the BTGuard Singapore? address since circa May 2017
# Block All else, so that nothing leaks if VPN disconnects
iptables -A OUTPUT -j DROP
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
# Block All V6
ip6tables -A OUTPUT -j DROP
ip6tables -A INPUT -j DROP
ip6tables -A FORWARD -j DROP
I have been using WD Media players around the house the past 8 years or so. Originally with individual 2.5"HD and then connecting to my home server. These units are very simple to use and setup and have played media files well. Circa 2016 I notice that some media files will not play anymore. Upon investigating the WD (Western Digital) web site I notice that these units look to be no longer sold and support is limited, perhaps already end of life. Earlier investigation of these unit indicate the internal hardware is quite limited, particularly by current stndards, but as already stated good enough as a general media player.
I notice a few years ago the the web site Have the know how recommended the Kodi Overview, in fact even states, "Kodi: The holy grail of media streamer front-ends". I will not go over the benefits and history of Kodi, just look at the Kodi home page and Have the Know How web pages.
Kodi can be loaded on to many different types of hardware and operating systems, it even has a Linux based OS design for it, OpenELEC. Specifically it does run on MS Windows and most flavours of Linux.
I have been using MariaDB instead of MySQL, as MariaDB is true opensource software and MySQL belongs to a large corporation. MariaDB has a few "quircks" to setup comparied to MySQL which is more commonly described.
Make sure that MySQL is NOT installed, if so uninstall it.
MariaDB can be installed by "sudo apt install mariadb-server". The latest version can be downloaded from instructions from MariaDB Foundation Downloads Setting up MariaDB Repositories.
To setup secure root access:
Check status of mariadb "sudo systemctl status mysql"
Next move MySQL Data Directory
Check current location of MySQL data directory: "mysql -u root -p" and then at mysql> "select @@datadir;". It should be "/var/lib/mysql". Exit mysql prompt with "\q".
Stop MySQL : "sudo systemctl stop mysql"
My the mysql data directory to your preferred location: "sudo mv /var/lib/mysql /mnt/shared/kodi"
Next create a symlink pointing to the new location: "sudo ln -s /mnt/shared/kodi/mysql /var/lib/mysql". Another option instead of using a symlink is to adjust the mysql.cnf file datadir parameter, i.e. change "datadir=/var/lib/mysql" to "datadir=/mnt/shared/kodi/mysql". Again most the documentation on mysql.cnf is for mysql not mariadb, which has its own quircks. See the notes on adjusting bind-address below to clarify.
The current version of mariadb does not use apparmor, so no need to adjust for this!
The mysql network access needs to be configured to all full LAN access, default access is localhost only. The mysql.cnf configuration file needs to be updated. Mariadb handles this differently than MySQL. The main configuration file "/etc/mysql/mariadb.cnf" points to other directories with configuration files. Checking these directories shows the mariadb server parameters are located in "/etc/mysql/mariadb.conf.d/50-server.cnf", to edit: "sudo vim /etc/mysql/mariadb.conf.d/50-server.cnf". Find the parameter "bind-address = 127.0.0.1" and change to the server IP address "bind-address = 192.168.1.19".
Restart mysql: "sudo systemctl restart mysql", check all is running well: "sudo systemctl restart mysql", and then check listening address on mysql port: "sudo lsof -i -P | grep :3306"
Next setup the mysql kodi database access:
Work in Progress. I have not been able to get this working yet. I get the webui operational with the default kodi-headless settings. When I adjust the advanced kodi setting the webui is not available. I am also concern that this setup will not update the media library as these is no drive link in the design.
The following command is used to set up Docker Kodi Headless Media Center, from LinuxServer.IO docker-kodi-headless:
docker create --name=kodi-headless \ -v <path to data>:/config/.kodi \ -e PGID=<gid> -e PUID=<uid> \ -e TZ=<timezone> \ -p 8080:8080 -p 9777:9777/udp \ linuxserver/kodi-headless
The container is assigned the name kodi-headless. This has the benefit over the default random assigned name to provide a consistent container name, also helping preventing multiple kodi-headless containers from being started, as running container names must be unique. Docker reference: Container identification Name (-name)
-v <path to data>:/config/.kodi \
<path to data> is the path on the local machine drive volume where the kodi configuration files are loaded. It is mapped to /config/.kodi with in the container. These files are persistent outside of the Kodi Docker container. Docker documentation link: Use volumes
-e PGID=<gid> -e PUID=<uid> \
-e TZ=<timezone> \
An other environment variable to be set, my area is Australia/Perth
-p 8080:8080 -p 9777:9777/udp \
-p IP:host_port:container_port. The Kodi ports are described below, with source references. Unless the host machine is already using these ports there is no need to remap them. I found the IP in IP:host was necessary to enforce IPv4 mapping, without mapping sometimes was IPv6 (strange)
Kodi has an EventServer mapped to port 9777/udp, see Kodi documentation EventServer
docker create --name=kodi-headless \ -v /mnt/shared/kodi/config:/config/.kodi \ -e PGID=1001 -e PUID=1000 \ -e TZ=Australia/Perth \ -p 192.168.1.19:8080:8080 -p 192.168.1.19:9777:9777/udp \ linuxserver/kodi-headless
The docker create command creates the container, but does not start it. To create and start use the docker run command.
To check running docker containers "docker ps", to check all docker containers, running and stopped "docker ps -a".
To start a container "docker <name>", or "docker kodi-headless", to stop a container "docker stop <name>", where the <name> is the relevant container listed in "docker ps -a"
After starting access to the web interface should be possible from the LAN, at the host IP address and host assigned port, e.g. "192.168.1.19:8080".
Shell access whilst the container is running: "docker exec -it kodi-headless /bin/bash", type "exit" to exit.
It would seem that starting the container populates the "/config/.kodi" directory. These files are stored permanently outside the emphemeral container and can be edited from the permanent stored location <path to data>, in my case "/mnt/shared/kodi/config"
Docker seems to be a reasonably recent variation based upon quite old concepts with modern aspects thrown in. The documenation seems a bit sparse. I found it difficult to find a good balanced reference. This was further complicated by the specific requirements related to getting a headless Kodi setup working. A good reference is of course the Docker Website itself: Get Started, Part 1: Orientation and setup. A good reference (pdf) was from Anthony Blair of Universit´e de Rennes, Docker Tutorial. Many of the Docker tutorials seem to focus on features that I am not interest at this time, such as Dcker swarms and not enough on basic usage.
Some handy docker commands and related:
Start container at boot:
It is assumed that the container has been previously created/run and is available to be started at boot.
"sudo vim /etc/systemd/system/docker-kodi-headless.service"
[Unit] Description=kodi-headless container Requires=docker.service After=docker.service [Service] Restart=always ExecStart=/usr/bin/docker start -a kodi-headless ExecStop=/usr/bin/docker stop -t 2 kodi-headless [Install] WantedBy=default.target