binhex-sabnzbdvpn

binhex-sabnzbdvpn

Docker app from Binhex's Repository

Overview

SABnzbd is an Open Source Binary Newsreader written in Python. It's totally free, incredibly easy to use, and works practically everywhere. SABnzbd makes Usenet as simple and streamlined as possible by automating everything we can. All you have to do is add an .nzb. This Docker includes OpenVPN and WireGuard to ensure a secure and private connection to the Internet, including use of iptables to prevent IP leakage when the tunnel is down. It also includes Privoxy to allow unfiltered access to index sites, to use Privoxy please point your application at "http://host ip:8118".

Application

SABnzbd

Privoxy

microsocks

OpenVPN

WireGuard

Description

SABnzbd is an Open Source Binary Newsreader written in Python. It's totally free, incredibly easy to use, and works practically everywhere. SABnzbd makes Usenet as simple and streamlined as possible by automating everything we can. All you have to do is add an .nzb.

This Docker includes OpenVPN and WireGuard to ensure a secure and private connection to the Internet, including use of iptables to prevent IP leakage when the tunnel is down. It also includes Privoxy to allow unfiltered access to index sites, to use Privoxy please point your application at http://<host ip>:8118.

Build notes

Latest stable SABnzbd release from Arch Linux AUR.

Latest stable Privoxy release from Arch Linux repo.

Latest stable microsocks release from GitHub.

Latest stable OpenVPN release from Arch Linux repo.

Latest stable WireGuard release from Arch Linux repo.

Usage

docker run -d \

    --cap-add=NET_ADMIN \
    -p 8080:8080 \
    -p 8090:8090 \
    -p 8118:8118 \
    -p 9118:9118 \
    -p 58946:58946 \
    -p 58946:58946/udp \
    --name=<container name> \
    -v <path for data files>:/data \
    -v <path for config files>:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=<yes|no> \
    -e VPN_USER=<vpn username> \
    -e VPN_PASS=<vpn password> \
    -e VPN_PROV=<pia|airvpn|protonvpn|custom> \
    -e VPN_CLIENT=<openvpn|wireguard> \
    -e VPN_OPTIONS=<additional openvpn cli options> \
    -e ENABLE_STARTUP_SCRIPTS=<yes|no> \
    -e ENABLE_PRIVOXY=<yes|no> \
    -e STRICT_PORT_FORWARD=<yes|no> \
    -e USERSPACE_WIREGUARD=<yes|no> \
    -e ENABLE_SOCKS=<yes|no> \
    -e SOCKS_USER=<socks username> \
    -e SOCKS_PASS=<socks password> \
    -e LAN_NETWORK=<lan ipv4 network>/<cidr notation> \
    -e NAME_SERVERS=<name server ip(s)> \
    -e VPN_INPUT_PORTS=<port number(s)> \
    -e VPN_OUTPUT_PORTS=<port number(s)> \
    -e DEBUG=<true|false> \
    -e HEALTHCHECK_COMMAND=<command> \
    -e HEALTHCHECK_ACTION=<action> \
    -e HEALTHCHECK_HOSTNAME=<hostname> \
    -e UMASK=<umask for created files> \
    -e PUID=<uid for user> \
    -e PGID=<gid for user> \

    binhex/arch-sabnzbdvpn

Please replace all user variables in the above command defined by <> with the correct values.

Access application

http://<host ip>:8080

Access Privoxy

http://<host ip>:8118

Access microsocks

<host ip>:9118

default credentials: admin/socks

PIA example

docker run -d \
    --cap-add=NET_ADMIN \
    -p 8080:8080 \
    -p 8090:8090 \
    -p 8118:8118 \
    -p 9118:9118 \
    -p 58946:58946 \
    -p 58946:58946/udp \
    --name=sabnzbdvpn \
    -v /root/docker/data:/data \
    -v /root/docker/config:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=yes \
    -e VPN_USER=myusername \
    -e VPN_PASS=mypassword \
    -e VPN_PROV=pia \
    -e VPN_CLIENT=openvpn \
    -e ENABLE_STARTUP_SCRIPTS=no \
    -e ENABLE_PRIVOXY=yes \
    -e STRICT_PORT_FORWARD=yes \
    -e USERSPACE_WIREGUARD=no \
    -e ENABLE_SOCKS=yes \
    -e SOCKS_USER=admin \
    -e SOCKS_PASS=socks \
    -e LAN_NETWORK=192.168.1.0/24 \
    -e NAME_SERVERS=1.1.1.1,1.0.0.1 \
    -e VPN_INPUT_PORTS=1234 \
    -e VPN_OUTPUT_PORTS=5678 \
    -e DEBUG=false \
    -e UMASK=000 \
    -e PUID=0 \
    -e PGID=0 \
    binhex/arch-sabnzbdvpn

OpenVPN

Please note this Docker image does not include the required OpenVPN configuration file and certificates. These will typically be downloaded from your VPN providers website (look for OpenVPN configuration files), and generally are zipped.

PIA users - The URL to download the OpenVPN configuration files and certs is:-

PIA OpenVPN configuration

Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation of the folder).

If there are multiple ovpn files then please delete the ones you don't want to use (normally filename follows location of the endpoint) leaving just a single ovpn file and the certificates referenced in the ovpn file (certificates will normally have a crt and/or pem extension).

WireGuard

If you wish to use WireGuard (defined via 'VPN_CLIENT' env var value ) then due to the enhanced security and kernel integration WireGuard will require the container to be defined with privileged permissions and sysctl support, so please ensure you change the following docker options:-

from


    --cap-add=NET_ADMIN \

to


    --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
    --privileged=true \

PIA users - The WireGuard configuration file will be auto generated and will be stored in /config/wireguard/wg0.conf AFTER the first run, if you wish to change the endpoint you are connecting to then change the Endpoint line in the config file (default is Netherlands).

Other users - Please download your WireGuard configuration file from your VPN provider, start and stop the container to generate the folder /config/wireguard/ and then place your WireGuard configuration file in there.

Notes

Due to Google and OpenDNS supporting EDNS Client Subnet it is recommended NOT to use either of these NS providers. The list of default NS providers in the above example(s) is as follows:-

1.x.x.x = Cloudflare


IMPORTANT

Please note VPN_INPUT_PORTS is NOT to define the incoming port for the VPN, this environment variable is used to define port(s) you want to allow in to the VPN network when network binding multiple containers together, configuring this incorrectly with the VPN provider assigned incoming port COULD result in IP leakage, you have been warned!.


User ID (PUID) and Group ID (PGID) can be found by issuing the following command for the user you want to run the container as:-

id <username>


If you appreciate my work, then please consider buying me a beer :D

PayPal donation

Documentation | Support forum

Install binhex-sabnzbdvpn on Unraid in a few clicks.

Find binhex-sabnzbdvpn in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.

Open the Apps tab on your Unraid server Search Community Apps for binhex-sabnzbdvpn Review the template variables and paths Click Install

Categories

Download Statistics

14,835,091
Total Downloads
28,157
This Month
21,548
Avg / Month

Total Downloads Over Time

Loading chart...

Related apps

Explore more like this

Explore all

Details

Repository
ghcr.io/binhex/arch-sabnzbdvpn
Last Updated2026-06-11

Runtime arguments

Web UI
http://[IP]:[PORT:8080]
Network
bridge
Shell
bash
Privileged
true
Extra Params
--sysctl="net.ipv4.conf.all.src_valid_mark=1"

Template configuration

Port: Web InterfacePorttcp

This is the port for the Web UI for the application.

Target
8080
Default
8080
Port: PrivoxyPorttcp

This is the port for Privoxy application - HTTPS proxy server.

Target
8118
Default
8118
Port: microsocksPorttcp

This is the port for microsocks application - Socks5 proxy server.

Target
9118
Default
9118
Port: Incoming port TCPPorttcp

This is the TCP incoming port when VPN_ENABLED is set to 'no'.

Target
58946
Default
58946
Port: Incoming port UDPPortudp

This is the UDP incoming port when VPN_ENABLED is set to 'no'.

Target
58946
Default
58946
Path: /configPathrw

This is the container path to your configuration files, e.g. databases, configuration files, logs etc.

Target
/config
Default
/mnt/user/appdata/sabnzbdvpn
Path: /dataPathrw

This is the container path to your downloaded files or user created content.

Target
/data
Variable: VPN_ENABLEDVariable

Specify whether to enable the VPN.

Target
VPN_ENABLED
Default
yes|no
Variable: VPN_USERVariable

Specify your VPN providers username.

Target
VPN_USER
Variable: VPN_PASSVariable

Specify your VPN providers password.

Target
VPN_PASS
Variable: VPN_PROVVariable

Specify your VPN providers password.

Target
VPN_PROV
Default
pia|airvpn|protonvpn|custom
Variable: VPN_CLIENTVariable

Specify either Wireguard or OpenVPN.

Target
VPN_CLIENT
Default
openvpn|wireguard
Variable: VPN_OPTIONSVariable

Advanced OpenVPN options, do not specify unless you know what you are doing.

Target
VPN_OPTIONS
Variable: STRICT_PORT_FORWARDVariable

Specify whether to only permit connection to port forward enable endpoints - only takes effect for VPN providers PIA and ProtonVPN.

Target
STRICT_PORT_FORWARD
Default
no|yes
Variable: ENABLE_PRIVOXYVariable

Specify whether to run Privoxy - HTTPS proxy server.

Target
ENABLE_PRIVOXY
Default
no|yes
Variable: ENABLE_STARTUP_SCRIPTSVariable

Advanced option, used to enable the running of an arbitary script before the VPN tunnel is established.

Target
ENABLE_STARTUP_SCRIPTS
Default
no|yes
Variable: USERSPACE_WIREGUARDVariable

Specify whether to use slower userspace Wireguard implementation.

Target
USERSPACE_WIREGUARD
Default
no|yes
Variable: ENABLE_SOCKSVariable

Specify whether to run microsocks - Socks5 proxy server.

Target
ENABLE_SOCKS
Default
no|yes
Variable: SOCKS_USERVariable

Specify the socks (microsocks) username.

Target
SOCKS_USER
Default
admin
Variable: SOCKS_PASSVariable

Specify the socks (microsocks) password.

Target
SOCKS_PASS
Default
socks
Variable: LAN_NETWORKVariable

Specify your internal network in CIDR format.

Target
LAN_NETWORK
Default
192.168.1.0/24
Variable: NAME_SERVERSVariable

Specify the Name Servers used to perform lookups inside the container.

Target
NAME_SERVERS
Default
1.1.1.1,1.0.0.1
Variable: VPN_INPUT_PORTSVariable

Specify any inbound ports for the VPN network.

Target
VPN_INPUT_PORTS
Variable: VPN_OUTPUT_PORTSVariable

SSpecify any outbound ports for the VPN network.

Target
VPN_OUTPUT_PORTS
Variable: DEBUGVariable

Specify whether you want to enable debug logging, useful when diagnosing startup issues.

Target
DEBUG
Default
false|true
Variable: ENABLE_HEALTHCHECKVariable

Enable or disable healthchecks.

Target
ENABLE_HEALTHCHECK
Default
yes|no
Variable: HEALTHCHECK_COMMANDVariable

The command or script to execute, if not specified then the script healthcheck.sh will be used (process, dns and https checking).

Target
HEALTHCHECK_COMMAND
Variable: HEALTHCHECK_ACTIONVariable

The action to execute if the healthcheck command returns a non zero exit code, if not specified the action will be 'exit 1', if you want the container to exit on failure then set the action to 'kill 1'.

Target
HEALTHCHECK_ACTION
Variable: HEALTHCHECK_HOSTNAMEVariable

The hostname used when performing HTTPS and DNS healthchecking.

Target
HEALTHCHECK_HOSTNAME
Default
google.com
Variable: PUIDVariable

User ID for the running container.

Target
PUID
Default
99
Variable: PGIDVariable

Group ID for the running container.

Target
PGID
Default
100
Variable: UMASKVariable

UMASK for the running container.

Target
UMASK
Default
000