Share your favorite content remotely without spoiling your home network.
StealthBox is a Docker image, so you can install it on any linux server without polluting
It embeds several applications that are configured together to automate file sharing in the cloud and download content
to your home:
- Deluge, a BitTorrent client.
- SickRage, an automatic shows downloader.
- CouchPotato, an automatic movies downloader.
- HeadPhones, an automated music downloader.
- FlexGet, a multipurpose automation tool
- Pydio, a web application to view, edit and download files.
docker run -d \ -p 8443:443 -p 8022:22 -p 6881:6881 \ --name stealthbox \ --restart always \ toilal/stealthbox
Username & Password
All services are installed with a
box username and a randomly generated password. This password is displayed when
container is starting.
To retrieve the generated password, you can use
docker logs stealthbox | grep Password:
To set your own password when running the container, add
-e PASSWORD= followed with the password of your choice to
docker run command. Alternatively, you can run the container with
-it flag, and it will ask the password on startup
in the console.
If the container is already running, password can be changed with
boxpasswd command from shell. (using SSH access,
by opening bash with
docker exec -it stealthbox bash)
If you both need to keep
-it flag and generate the password, you can add
-e NONINTERACTIVE=1 to
Password is checked with
cracklib-check, it must be long and strong enough to be accepted.
<stealthbox> with IP address of your server and
<8022> with ports used in
docker run command.
Pydio (formerly AjaXplorer) is a mature open source software solution for file sharing and
synchronization. With intuitive user interfaces (web / mobile / desktop), Pydio provides enterprise-grade features
to gain back control and privacy of your data: user directory connectors, legacy filesystems drivers, comprehensive
admin interface, and much more.
Deluge is a lightweight, Free Software, cross-platform BitTorrent client.
- Full Encryption
- Plugin System
- Much more ...
web: https://<stealthbox>:<8443>/deluge configuration: ~/.config/deluge service: deluge
SickRage is a Video File Manager for TV Shows, It watches for new episodes of your favorite
shows and when they are posted it does its magic.
CouchPotato Download movies automatically, easily and in the best quality as soon as they are
available. Awesome PVR for usenet and torrents. Just fill in what you want to see and CouchPotato will add it to your
"want to watch"-list.
HeadPhones is an automated music downloader for NZB and Torrent, written in
Python. It supports SABnzbd, NZBget, Transmission, µTorrent and Blackhole.
FlexGet is a multipurpose automation tool for content like torrents, nzbs, podcasts, comics,
series, movies, etc. It can use different kinds of sources like RSS-feeds, html pages, csv files, search engines and
there are even plugins for sites that do not provide any kind of useful feeds.
configuration: ~/flexget service: flexget
Access StealthBox through SSH/SCP/SFTP to bring content back to home and manage the environment.
ssh: ssh -p <8022> box@<stealthbox> service: sshd
nginx [engine x] is an HTTP and reverse proxy server.
configuration: /etc/nginx service: nginx
Flexget is installed in Daemon mode.
Configuration file is
/home/box/flexget/config.yml, and will be automatically reloaded in Daemon when changed.
Use your own SSL certificate
Self-signed SSL certificate is generated when running the container for the first time. But self-signed certificates
generates warning in browser when trying to connect.
To avoid this warning, you can use a certificate from trusted authority, and load them in StealthBox.
StartSSL can provide free trusted certificate.
- Replacing certificate in container
Your can use your own SSL certificate by replacing
Pydio or SSH. This will reload web server automatically.
- Using certificate from host
Instead of replacing certificate files in container, you can also load volumes pointing to certificate on the host.
docker run -d \ -v /home/docker/ssl/stealthbox.key:/etc/stealthbox/ssl/stealthbox.key:ro \ -v /home/docker/ssl/stealthbox.crt:/etc/stealthbox/ssl/stealthbox.crt:ro \ -p 8443:443 -p 8022:22 -p 6881:6881 \ --restart always \ --name stealthbox \ toilal/stealthbox
Make sure correct access rights are defined.
chown 1000:1000 \ /home/docker/ssl/stealthbox.key \ /home/docker/ssl/stealthbox.crt chmod 400 /home/docker/ssl/stealthbox.key
You may have good reasons to do this, but nginx also listen on
tcp/80 for raw connections. So you can map this port
docker run -d \ -p 8080:80 -p 8022:22 -p 6881:6881 \ --name stealthbox \ --restart always \ toilal/stealthbox
Web server will then be available at
tcp/6881 is the port use by Torrent protocol in deluge. Your have to map this port on the same host port.
tcp/6881 is not available on host, or if you really need to change this port, you have to configure deluge for
port to match, in web UI, or in
It will be possible to automate this feature after docker/docker#3778 issue is implemented.
in the latest version the boxpasswd command don't change the passwords for couchpotato, sickrage and headphones but works for pydio and deluge