### Install Houndarr with Helm Source: https://av1155.github.io/houndarr/docs/getting-started/helm Install the Houndarr Helm chart directly from the OCI registry. Ensure Helm 3.8+ is installed and a Kubernetes cluster is available. ```bash helm install houndarr \ oci://ghcr.io/av1155/charts/houndarr \ --version 1.4.0 \ --namespace houndarr \ --create-namespace ``` -------------------------------- ### Start Houndarr with Docker Compose Source: https://av1155.github.io/houndarr/docs/getting-started/quick-start After creating the `docker-compose.yml` file, run this command to start Houndarr in detached mode. ```bash docker compose up -d ``` -------------------------------- ### Build and Run Houndarr from Source Source: https://av1155.github.io/houndarr/docs/getting-started/installation Steps to clone the repository, set up a virtual environment, install dependencies, and run the development server. ```bash # Clone the repository git clone https://github.com/av1155/houndarr.git cd houndarr # Create a virtual environment python3 -m venv .venv .venv/bin/pip install --upgrade pip .venv/bin/pip install -r requirements-dev.txt .venv/bin/pip install -e . # Run in development mode .venv/bin/python -m houndarr --data-dir ./data-dev --dev ``` -------------------------------- ### Install Houndarr with Ingress and TLS using Helm Source: https://av1155.github.io/houndarr/docs/getting-started/helm Install Houndarr with Helm, enabling Ingress and TLS. Replace placeholder values with your Ingress controller's details and desired host/TLS secret. ```bash helm install houndarr oci://ghcr.io/av1155/charts/houndarr \ --version 1.4.0 \ --namespace houndarr \ --set ingress.enabled=true \ --set ingress.host=houndarr.example.com \ --set ingress.tls.enabled=true \ --set ingress.tls.secretName=houndarr-tls \ --set env.secureCookies=true \ --set "env.trustedProxies=10.244.0.0/16" ``` -------------------------------- ### Configure Nginx with Generic IdP Source: https://av1155.github.io/houndarr/docs/configuration/reverse-proxy Uses the X-Forwarded-User header for generic Nginx auth_request setups. ```yaml services: houndarr: image: ghcr.io/av1155/houndarr:latest environment: - HOUNDARR_AUTH_MODE=proxy - HOUNDARR_AUTH_PROXY_HEADER=X-Forwarded-User - HOUNDARR_TRUSTED_PROXIES=172.18.0.0/16 - HOUNDARR_SECURE_COOKIES=true ``` -------------------------------- ### Prepare Data Directory for Non-Root User Source: https://av1155.github.io/houndarr/docs/getting-started/quick-start Before starting Houndarr in non-root mode, ensure the data directory exists and is owned by the specified UID/GID. ```bash mkdir -p ./data && chown 1000:1000 ./data ``` -------------------------------- ### Run Houndarr with `docker run` Source: https://av1155.github.io/houndarr/docs/getting-started/quick-start An alternative to Docker Compose, this command starts Houndarr using `docker run`. Replace `/path/to/data` with your desired host path for data storage. ```bash docker run -d \ --name houndarr \ --restart unless-stopped \ -p 8877:8877 \ -v /path/to/data:/data \ -e TZ=America/New_York \ -e PUID=1000 \ -e PGID=1000 \ ghcr.io/av1155/houndarr:latest ``` -------------------------------- ### Install Houndarr in Non-root Mode with Helm Source: https://av1155.github.io/houndarr/docs/getting-started/helm Install Houndarr using Helm with the `securityMode` set to `nonroot`. This is suitable for clusters with Pod Security Standards. ```bash helm install houndarr oci://ghcr.io/av1155/charts/houndarr \ --version 1.4.0 \ --namespace houndarr \ --set securityMode=nonroot ``` -------------------------------- ### Docker Compose Configuration for Houndarr Source: https://av1155.github.io/houndarr/docs/getting-started/quick-start Use this Docker Compose configuration to set up and run Houndarr. Ensure Docker and Docker Compose are installed. This configuration maps port 8877 and sets up a data volume. ```yaml services: houndarr: image: ghcr.io/av1155/houndarr:latest container_name: houndarr restart: unless-stopped ports: - "8877:8877" volumes: - ./data:/data environment: - TZ=America/New_York - PUID=1000 - PGID=1000 ``` -------------------------------- ### Verify Deployment Source: https://av1155.github.io/houndarr/docs/getting-started/kubernetes Commands to check pod status, view logs, and test the health endpoint. ```bash # Check the pod is running kubectl get pods -n houndarr # View logs kubectl logs -n houndarr houndarr-0 # Test the health endpoint kubectl exec -n houndarr houndarr-0 -- wget -qO- http://localhost:8877/api/health # Should return: {"status":"ok"} ``` -------------------------------- ### Connect to *arr Instance on Host Machine Source: https://av1155.github.io/houndarr/docs/concepts/troubleshooting If the *arr instance runs directly on the container host, use runtime-provided aliases for the host. This uses the published port on the host side. ```bash http://host.docker.internal: ``` ```bash http://host.containers.internal: ``` -------------------------------- ### Configure Caddy as a Reverse Proxy Source: https://av1155.github.io/houndarr/docs/configuration/reverse-proxy Minimal Caddy configuration for automatic HTTPS and reverse proxying to the Houndarr service. ```caddy houndarr.example.com { reverse_proxy houndarr:8877 } ``` -------------------------------- ### Connect to *arr Instance in Docker Compose Source: https://av1155.github.io/houndarr/docs/concepts/troubleshooting When your *arr instance is in the same Docker Compose stack, use the container service name as the hostname. Ensure you use the internal listen port, not the published host port. ```bash http://sonarr:8989 ``` ```bash http://radarr_hd:7878 ``` -------------------------------- ### Create Houndarr Namespace Source: https://av1155.github.io/houndarr/docs/getting-started/kubernetes Optional but recommended for organizing Kubernetes resources. Apply this manifest using `kubectl apply -f .yaml`. ```yaml apiVersion: v1 kind: Namespace metadata: name: houndarr ``` -------------------------------- ### Configure Traefik via Docker Labels Source: https://av1155.github.io/houndarr/docs/configuration/reverse-proxy Docker Compose service definition using Traefik labels for routing and environment variables for proxy trust and security. ```yaml services: houndarr: image: ghcr.io/av1155/houndarr:latest labels: - "traefik.enable=true" - "traefik.http.routers.houndarr.rule=Host(`houndarr.example.com`)" - "traefik.http.routers.houndarr.entrypoints=websecure" - "traefik.http.routers.houndarr.tls.certresolver=letsencrypt" - "traefik.http.services.houndarr.loadbalancer.server.port=8877" environment: - HOUNDARR_SECURE_COOKIES=true - HOUNDARR_TRUSTED_PROXIES=172.18.0.0/16 ``` -------------------------------- ### Fix PVC Permissions Source: https://av1155.github.io/houndarr/docs/getting-started/kubernetes Runs a one-time pod to update ownership of existing PVC data when migrating from PUID/PGID to securityContext. ```bash kubectl run fix-perms -n houndarr --rm -it --image=busybox \ --overrides='{"spec":{"containers":[{"name":"fix","image":"busybox","command":["chown","-R","1000:1000","/data"],"volumeMounts":[{"name":"data","mountPath":"/data"}]}],"volumes":[{"name":"data","persistentVolumeClaim":{"claimName":"data-houndarr-0"}}]}}' ``` -------------------------------- ### Upgrade Houndarr with Helm Source: https://av1155.github.io/houndarr/docs/getting-started/helm Upgrade an existing Houndarr Helm deployment to a new version. It is crucial to back up the `/data` PVC before upgrading to prevent data loss. ```bash helm upgrade houndarr oci://ghcr.io/av1155/charts/houndarr \ --version \ --namespace houndarr \ --reuse-values ``` -------------------------------- ### Test *arr Instance Connection Source: https://av1155.github.io/houndarr/docs/concepts/troubleshooting Use curl to test if your *arr instance URL is reachable from the Houndarr container. Adjust the API path for Lidarr and Readarr. ```bash curl /api/v3/system/status?apikey= ``` ```bash curl /api/v1/system/status?apikey= ``` -------------------------------- ### Configure Authelia with Traefik Source: https://av1155.github.io/houndarr/docs/configuration/reverse-proxy Uses the default Remote-User header provided by Authelia for authentication. ```yaml services: houndarr: image: ghcr.io/av1155/houndarr:latest labels: traefik.enable: "true" traefik.http.routers.houndarr.rule: Host(`houndarr.example.com`) traefik.http.routers.houndarr.middlewares: authelia@docker traefik.http.services.houndarr.loadbalancer.server.port: 8877 environment: - HOUNDARR_AUTH_MODE=proxy - HOUNDARR_AUTH_PROXY_HEADER=Remote-User - HOUNDARR_TRUSTED_PROXIES=172.18.0.0/16 - HOUNDARR_SECURE_COOKIES=true ``` -------------------------------- ### Define Kubernetes Services Source: https://av1155.github.io/houndarr/docs/getting-started/kubernetes Creates a headless service for pod DNS and a ClusterIP service for external access. ```yaml # Headless Service (required by StatefulSet) apiVersion: v1 kind: Service metadata: name: houndarr namespace: houndarr spec: clusterIP: None selector: app: houndarr ports: - port: 8877 targetPort: http --- # ClusterIP Service (for Ingress or port-forwarding) apiVersion: v1 kind: Service metadata: name: houndarr-web namespace: houndarr spec: selector: app: houndarr ports: - port: 8877 targetPort: http ``` -------------------------------- ### StatefulSet Configuration with SecurityContext Source: https://av1155.github.io/houndarr/docs/getting-started/kubernetes Defines a StatefulSet for Houndarr using securityContext for non-root execution. Do not combine this with PUID/PGID environment variables. ```yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: houndarr namespace: houndarr spec: serviceName: "houndarr" replicas: 1 # SQLite; do not increase selector: matchLabels: app: houndarr template: metadata: labels: app: houndarr spec: securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true containers: - name: houndarr image: ghcr.io/av1155/houndarr:latest securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] ports: - containerPort: 8877 name: http env: - name: TZ value: "America/New_York" # No PUID/PGID; securityContext handles user identity # Uncomment when using an Ingress with TLS: # - name: HOUNDARR_SECURE_COOKIES # value: "true" # - name: HOUNDARR_TRUSTED_PROXIES # value: "10.244.0.0/16" volumeMounts: - name: data mountPath: /data livenessProbe: httpGet: path: /api/health port: http initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /api/health port: http initialDelaySeconds: 5 periodSeconds: 10 resources: requests: memory: "64Mi" cpu: "100m" limits: memory: "256Mi" cpu: "500m" volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 1Gi ``` -------------------------------- ### Houndarr StatefulSet Configuration Source: https://av1155.github.io/houndarr/docs/getting-started/kubernetes Deploys Houndarr as a StatefulSet with a single replica due to its SQLite database. Ensure the `TZ`, `PUID`, and `PGID` environment variables are set appropriately for your environment. The `/data` volume mounts persistent storage for the database and encryption keys. ```yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: houndarr namespace: houndarr spec: serviceName: "houndarr" replicas: 1 # SQLite; do not increase selector: matchLabels: app: houndarr template: metadata: labels: app: houndarr spec: containers: - name: houndarr image: ghcr.io/av1155/houndarr:latest ports: - containerPort: 8877 name: http env: - name: TZ value: "America/New_York" - name: PUID value: "1000" - name: PGID value: "1000" # Uncomment when using an Ingress with TLS: # - name: HOUNDARR_SECURE_COOKIES # value: "true" # - name: HOUNDARR_TRUSTED_PROXIES # value: "10.244.0.0/16" # your ingress controller pod CIDR volumeMounts: - name: data mountPath: /data livenessProbe: httpGet: path: /api/health port: http initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /api/health port: http initialDelaySeconds: 5 periodSeconds: 10 resources: requests: memory: "64Mi" cpu: "100m" limits: memory: "256Mi" cpu: "500m" volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 1Gi ``` -------------------------------- ### Configure Authelia for SSO Proxy Authentication Source: https://av1155.github.io/houndarr/docs/configuration/reverse-proxy Docker Compose configuration for enabling proxy-based authentication using Authelia's Remote-User header. ```yaml services: houndarr: image: ghcr.io/av1155/houndarr:latest environment: - HOUNDARR_AUTH_MODE=proxy - HOUNDARR_AUTH_PROXY_HEADER=Remote-User - HOUNDARR_TRUSTED_PROXIES=172.18.0.0/16 - HOUNDARR_SECURE_COOKIES=true ``` -------------------------------- ### Port-forwarding for Access Source: https://av1155.github.io/houndarr/docs/getting-started/kubernetes Exposes the Houndarr service locally for quick access. ```bash kubectl port-forward -n houndarr svc/houndarr-web 8877:8877 ``` -------------------------------- ### Configure Authentik with Traefik Forward Auth Source: https://av1155.github.io/houndarr/docs/configuration/reverse-proxy Uses a dedicated Authentik proxy container to handle OIDC flows and injects user headers for Houndarr. ```yaml services: authentik-proxy: image: ghcr.io/goauthentik/proxy environment: AUTHENTIK_HOST: https://authentik.example.com AUTHENTIK_TOKEN: labels: traefik.enable: "true" traefik.port: 9000 traefik.http.routers.authentik.rule: >- Host(`houndarr.example.com`) && PathPrefix(`/outpost.goauthentik.io/`) traefik.http.middlewares.authentik.forwardauth.address: >- http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: "true" traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: >- X-authentik-username,X-authentik-groups,X-authentik-email restart: unless-stopped houndarr: image: ghcr.io/av1155/houndarr:latest labels: traefik.enable: "true" traefik.http.routers.houndarr.rule: Host(`houndarr.example.com`) traefik.http.routers.houndarr.entrypoints: websecure traefik.http.routers.houndarr.tls.certresolver: letsencrypt traefik.http.routers.houndarr.middlewares: authentik@docker traefik.http.services.houndarr.loadbalancer.server.port: 8877 environment: - HOUNDARR_AUTH_MODE=proxy - HOUNDARR_AUTH_PROXY_HEADER=X-authentik-username - HOUNDARR_TRUSTED_PROXIES=172.18.0.0/16 - HOUNDARR_SECURE_COOKIES=true ``` -------------------------------- ### Ingress Configuration Source: https://av1155.github.io/houndarr/docs/getting-started/kubernetes Configures an Ingress resource for external traffic routing with TLS support. ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: houndarr namespace: houndarr spec: rules: - host: houndarr.example.com http: paths: - path: / pathType: Prefix backend: service: name: houndarr-web port: number: 8877 tls: - hosts: - houndarr.example.com secretName: houndarr-tls ``` -------------------------------- ### Generate Fernet Master Key Source: https://av1155.github.io/houndarr/docs/security/trust-and-security The application generates a master key using os.urandom(32) for secure encryption of API keys. ```python Fernet.generate_key() ``` -------------------------------- ### Flux HelmRelease Configuration for Houndarr (OCI) Source: https://av1155.github.io/houndarr/docs/getting-started/helm Configure Flux to manage the Houndarr Helm chart using an OCIRepository source and a HelmRelease. This ensures declarative management of the deployment. ```yaml apiVersion: source.toolkit.fluxcd.io/v1 kind: OCIRepository metadata: name: houndarr namespace: flux-system spec: interval: 12h url: oci://ghcr.io/av1155/charts/houndarr ref: semver: ">=1.4.0 <2.0.0" --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: houndarr namespace: houndarr spec: interval: 1h chartRef: kind: OCIRepository name: houndarr namespace: flux-system values: timezone: America/New_York env: secureCookies: true trustedProxies: "10.244.0.0/16" ingress: enabled: true className: nginx host: houndarr.example.com tls: enabled: true secretName: houndarr-tls ``` -------------------------------- ### Configure Nginx as a Reverse Proxy Source: https://av1155.github.io/houndarr/docs/configuration/reverse-proxy Standard Nginx server block for proxying traffic to Houndarr with SSL termination and necessary header forwarding. ```nginx server { listen 443 ssl; server_name houndarr.example.com; ssl_certificate /etc/nginx/ssl/cert.pem; ssl_certificate_key /etc/nginx/ssl/key.pem; location / { proxy_pass http://houndarr:8877; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } ``` -------------------------------- ### Configure oauth2-proxy Source: https://av1155.github.io/houndarr/docs/configuration/reverse-proxy Configures Houndarr to accept the X-Auth-Request-User header from oauth2-proxy. ```yaml services: houndarr: image: ghcr.io/av1155/houndarr:latest environment: - HOUNDARR_AUTH_MODE=proxy - HOUNDARR_AUTH_PROXY_HEADER=X-Auth-Request-User - HOUNDARR_TRUSTED_PROXIES=172.18.0.0/16 - HOUNDARR_SECURE_COOKIES=true ``` -------------------------------- ### Pull Houndarr Docker Image Source: https://av1155.github.io/houndarr/docs/getting-started/installation Commands to pull the latest or a specific version of the Houndarr Docker image from GHCR. ```bash docker pull ghcr.io/av1155/houndarr:latest ``` ```bash docker pull ghcr.io/av1155/houndarr:v1.0.8 ``` -------------------------------- ### Non-Root Docker Compose Configuration for Houndarr Source: https://av1155.github.io/houndarr/docs/getting-started/quick-start This Docker Compose configuration runs Houndarr as a non-root user, dropping all capabilities. It requires manual ownership of the data directory. ```yaml services: houndarr: image: ghcr.io/av1155/houndarr:latest container_name: houndarr restart: unless-stopped user: "1000:1000" cap_drop: - ALL ports: - "8877:8877" volumes: - ./data:/data environment: - TZ=America/New_York ``` -------------------------------- ### Run Security Smoke Test Source: https://av1155.github.io/houndarr/docs/security/trust-and-security Execute the security smoke test script against a running Houndarr instance to verify its immunity to common vulnerabilities. Ensure Houndarr is accessible at the specified URL. ```bash scripts/security_smoke_test.sh http://localhost:8877 ``` -------------------------------- ### Health Check API Response Source: https://av1155.github.io/houndarr/docs/security/trust-and-security The health endpoint returns a minimal JSON response to verify server status without exposing sensitive information. ```json {"status": "ok"} ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.