Cannot add HDHomerun - Docker - using gluetun network container

[Daniel8192 3]

Hey, I'm back again, was trying out Emby in August and ran out of time.  I am now been running Emby since October 6 and having good success with on disk TV shows, Movies, and Live TV via m3u and XMLTvlisting and will buy a lifetime pass shortly, but am having trouble introducing a HDHomeRun - figured that was easier than using TVHeadend and my USB tuners.

Environ: Raspberry 4B/8. Debian 64 bit. All up to date,  Docker/docker-compose.

I tried adding a working HDHomerun with a reserved IP to Emby.  The auto-detect didn't work, but I wasn't surprised as Emby is not on the lan subnet, but behind docker and gluetun.  But when I tried providing the IP address it just errored on trying to add.

I figure it is the gluetun network stack.  Gluetun knows what is local to the LAN and what should go out the VPN, but needs to be told of ports being used by dependant containers.  I listed 8096 and 8920 for Emby, and that works fine..  Occasionally a Firestick Emby app gets confused and can't see the server after a Firestick restart, but a retry fixes that.

I think I read that Emby is using udp to communicate with HDHomeRuns.  I believe I would need to list the UDP port numbers in gluetun's  configuration and rely on gluetun to deliver incoming dup back to the Emby container.

I tried adding 

 

ports:

      - 65001:65001/udp

to gluetun, but still no joy.

Who can help a guy out?

Docker Compose environ. Running Emby using gluetun's network providing me with a VPN tunnel through Nord.

docker-compose.yml

version: '2.0'
services:

// other containers snipped
  // qbittorrent, radarr, sonarr, jackett, apcupsd

  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=nordvpn
      - VPN_TYPE=openvpn # or wireguard
      - OPENVPN_USER=<<secret>>
      - OPENVPN_PASSWORD=<<secret>>
      - SERVER_COUNTRIES=Canada
    ports:
      - 8096:8096
      - 8920:8920

  emby:
    #image: emby/embyserver:beta
    image: emby/embyserver_arm64v8
    container_name: emby
    #network_mode: host
    network_mode: "service:gluetun"
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Toronto
    volumes:
      - /mnt/emby:/config
      - /mnt/television:/data/tvshows
      - /mnt/movies:/data/movies
    #  - /opt/vc/lib:/opt/vc/lib
    #ports:
    #  - 8096:8096
    #  - 8920:8920
    restart: unless-stopped

 

Edited October 20, 2023 by Daniel8192

[Daniel8192 3]

Update to this - I tried running the Emby container as host network, scanned for and found the HDHomerun, added it, and my 42 OTA channels and was able to watch.

Then set the Emby container back to gluetun network, added ports 8096TCP, 8920TCP and 65001UDP to gluetun, but sadly, no.  Could not watch any live channels, Emby reporting that it can't reach the channel.

I was hoping that with the config written with the IP address of the HDHomerun that Emby would just work. but no, somewhere in the distance a sad tuba played.

---

Update #2

Tried adding all HDHomeRun ports I could find:

Still nada.

    ports:

      - 8096:8096

      - 8920:8920

      - 65001:65001/udp

      - 5000:5000/udp

      - 5002:5002/udp

      - 5004:5004/udp

 

Edited October 20, 2023 by Daniel8192

[Daniel8192 3]

Amy there there was the Homerun may be sending back on the same port numbers to Emby for UDP, maybe Gluetun needed that do surface the listening container?  But in any event, that didn't work. 

When not using the gluetun stack, Emby connects to the Homerun on tcp port 5004 using some random high number port, but that should absolutely work regard of port directives to Docker, as those are for reserve listening ports form the host machine stack.

Makes no sense.  This should just work.

Now I did find that Emby was listening on UDP port 1900 and 7359, and also two others that were rurally just changing.  So added the 1900 and 7359 to Gutun and tried.  No.

I guess I'll have to add a sniffer into the equation to figure out what is happening.

 

[Daniel8192 3]

Okay, I think I have success.. I gave gluetun host mode, which is really the "I have no idea what ports I need to open, or they are changing randomly, so give gluetun free reign of the stack" Mode.

From the embryo container the VPN is still working,

My public IP at the moment is 69.X.X.X

and if I open a shell on the embryo container and run wget -qO- http://ipecho.net/plain | xargs echo, I am getting back a 86.x.x.x

So.. Solved, just not the way I'd like, but really fine.

  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    network_mode: host
    environment:
      - VPN_SERVICE_PROVIDER=nordvpn
      - VPN_TYPE=openvpn # or wireguard
      - OPENVPN_USER=<<secret>>
      - OPENVPN_PASSWORD=<<secret>>
      - SERVER_COUNTRIES=Canada
    #ports:
    #  - 8096:8096
    #  - 8920:8920
    #  - 65001:65001/udp
    #  - 65001:65001/tcp
    #  - 5000:5000/udp
    #  - 5002:5002/udp
    #  - 5004:5004/udp
    #  - 1900:1900/udp
    #  - 7359:7359/udp

 

[Luke 37261]

Sounds like a very complex setup. Glad to hear you got it working.

[vdrover 43]

@Daniel8192Are you using a reverse proxy in this setup? Would love a peak at your full compose file. 
 

Any issues accessing Emby outside your local network?

[Daniel8192 3]

Give me a few minutes and I'll see what I can put together for you.

For outside, I have strict rules on my network for outside access, and they would not allow direct port forwarding to Emby, but that should work fine, instead I have another RPI that runs WireGuard VPN.  If I wish to connect to Emby from my cell when out and about, I connect to my VPN first.

If you wanted direct access, then you would wish to harden this installation, and likely put on its own VLAN. But I know many people just go ahead and open that up.

 

[Daniel8192 3]

Here, my kimono is open!

I am sharing this full compose file with the hopes that it helps others, and that others can point out where I am misguided. It was a bit painful getting this all working, but I benefitted greatly from others.

Some details on the host file struct is below as well.

version: '2.0'
# Yes, version is obsolete now.  But.. 

services:

  # Full config here, no files
  # runs as root
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    network_mode: host
    environment:
      - VPN_SERVICE_PROVIDER=nordvpn
      - VPN_TYPE=openvpn # or wireguard
      - OPENVPN_USER=USER_REDACTED
      - OPENVPN_PASSWORD=PASSWORD_REDACTED
      - SERVER_COUNTRIES=Canada
    restart: unless-stopped

  # I have a APC UPS connected via USB
  # this machine monitors it and can shutdown
  # all of my RPIs and then this one on 
  # critical battery
  # This is a custom image as I had some trouble with the vendor supplied one.
  # 
  # runs as root, reads configs and scripts, does not write.
  apcupsd:
    image: 1000-apcupsd-wth-wget-ssh
    devices:
      - /dev/usb/hiddev0
    network_mode: "host"
    environment:
      - UPSNAME=NAME_REDACTED
      - UPSCABLE=usb
      - UPSTYPE=usb
      - DEVICE=/dev/usb/hiddev0
      - TZ=America/Toronto
    volumes:
      - /mnt/apcupsd/etc:/etc/apcupsd
      - /mnt/apcupsd/ssh:/root/.ssh
    restart: unless-stopped


  # qbittorrent uses socks5 proxy server connection
  # to NordVPN.   Tried also using the gluetun but
  # the sun went down on my efforts - trouble with
  # tracker files
  # runs as first RPI user, not root 
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - WEBUI_PORT=8080
    volumes:
      - /mnt/torrent/config:/config
      - /mnt/torrent/downloads:/downloads
    network_mode: host
    restart: unless-stopped

  # Yes, all this stuff runs as root network rather
  # than opening the ports on a docker buit network
  # too much fiddle fucking, not enough time/
  # but will address sometime.
  # runs as first RPI user, not root
  radarr:
    image: lscr.io/linuxserver/radarr:latest
    container_name: radarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /mnt/radarr/config:/config
      - /mnt/radarr/movies:/movies
      - /mnt/torrent/downloads:/downloads
    network_mode: host
    restart: unless-stopped

  # Running out of comments to make
  # runs as first RPI user, not root
  sonarr:
    image: lscr.io/linuxserver/sonarr:latest
    container_name: sonarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /mnt/sonarr/config:/config
      - /mnt/sonarr/television:/tv
      - /mnt/torrent/downloads:/downloads
    network_mode: host
    restart: unless-stopped

  # the fall lines are looking groovy
  # runs as first RPI user, not root
  jackett:
    image: lscr.io/linuxserver/jackett:latest
    container_name: jackett
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - AUTO_UPDATE=true
      - RUN_OPTS= #
    volumes: 
      - /mnt/jackett/config:/config
      - /mnt/jackett/blackhole:/downloads
    network_mode: host
    restart: unless-stopped

  # Yeah, here we go, Emby using gluetun
  # runs as first RPI user, not root
  emby:
    #image: emby/embyserver:beta
    image: emby/embyserver_arm64v8
    container_name: emby
    network_mode: "service:gluetun"
    environment:
      - UID=1000
      - GID=1000
      - TZ=America/Toronto
    volumes:
      - /mnt/emby:/config
      - /mnt/media/television:/data/tvshows
      - /mnt/media/movies:/data/movies
    restart: unless-stopped

 

Host file struct:

The docker-compose.yml sits in user 1000's home directory.

As does a "build" file with instructions of how to build the machine, which has very little customization other than installing docker/ docker-compose.

User 1000 has been added to the docker group

All container data is in /mnt

The backup of this machine is performed by user 1000 and it makes copies of its home folder (2 files and .ssh folder) and the /mnt folder.

 

I just realized that my local Emby recordings (I don't do a lot) are being placed in /mnt/emby/data/livetv/. I should make a data folder in my /mnt/media tree for livetv and make a softlink from the embryo folder into it.

Maybe tomorrow

yes, mnt is owned by root
sudo mkdir /mnt/other dirs
sudo chown 1000:1000 /mnt/other dirs

drwxr-xr-x  16 0 0  4096 Apr 23 12:35 mnt

drwxr-xr-x  4 1000 1000 4096 Apr 24 15:36 apcupsd
	drwxr-xr-x 2 1000 1000 4096 May  6 06:53 etc
	drwxr-xr-x 2 1000 1000 4096 Apr 25 09:29 ssh

drwxr-xr-x 11 1000 1000 4096 Apr 22 13:07 emby
	drwxr-xr-x 14 1000 1000  4096 Apr 22 10:49 cache
	drwxr-xr-x  3 1000 1000  4096 Oct  6  2023 config
	drwxr-xr-x  4 1000 1000  4096 Apr 26 09:35 data
	drwxr-xr-x  2 1000 1000 40960 May  9 04:13 logs
	drwxr-xr-x  9 1000 1000  4096 Oct  9  2023 metadata
	drwxr-xr-x  3 1000 1000  4096 Apr 22 11:06 plugins
	drwxr-xr-x  3 1000 1000  4096 Oct  6  2023 root
	drwxr-xr-x  3 1000 1000  4096 Apr 22 11:50 sync
	drwxr-xr-x 14 1000 1000  4096 May  9 04:13 transcoding-temp

drwxr-xr-x  4 1000 1000 4096 Sep 12  2023 jackett
	drwxrwxrwx 2 1000 1000 4096 Jul 30  2023 blackhole
	drwxrwxrwx 3 1000 1000 4096 Jul 30  2023 config

drwxr-xr-x  5 1000 1000 4096 Apr 23 12:46 media
	drwxrwxrwx  85 1000 1000 12288 Apr 23 13:06 downloads
	drwxr-xr-x 123 1000 1000 12288 Apr 23 10:32 movies
	drwxr-xr-x  11 1000 1000  4096 Apr 22 09:54 television

drwxr-xr-x  3 1000 1000 4096 Apr 23 12:35 radarr
	drwxrwxrwx 6 1000 1000 4096 May  9 08:28 config
	lrwxrwxrwx 1 1000 1000   15 Apr 23 12:35 movies -> ../media/movies

drwxr-xr-x  3 1000 1000 4096 Apr 23 12:36 sonarr
	drwxr-xr-x 8 1000 1000 4096 May  9 08:40 config
	lrwxrwxrwx 1 1000 1000   19 Apr 23 12:36 television -> ../media/television

drwxr-xr-x  3 1000 1000 4096 Apr 23 12:46 torrent
	drwxrwxrwx 4 1000 1000 4096 Jul 29  2023 config
	lrwxrwxrwx 1 1000 1000   20 Apr 23 12:46 downloads -> /mnt/media/downloads

 

 

[Daniel8192 3]

@vdroverdoes that info help you?