• Unraid OS version 6.10.0-rc1 available


    limetech

    6.10.0 Summary of New Features

     

    As always, prior to updating, create a backup of your USB flash device:  "Main/Flash/Flash Device Settings" - click "Flash Backup".

     

    UPC and My Servers Plugin

    The most visible new feature is located in the upper right of the webGUI header.  We call this the User Profile Component, or UPC.  The UPC allows a user to associate their server(s) and license key(s) with their Unraid Community forum account.

     

    Starting with this release, it will be necessary for a new user to either sign-in with existing forum credentials or sign-up, creating a new account via the UPC in order to download a Trial key.  All key purchases and upgrades are also handled exclusively via the UPC.

     

    Signing-in provides these benefits:

    1. No more reliance on email and having to copy/paste key file URLs in order to install a license key - keys are delivered and installed automatically to your server.
    2. Notification of critical security-related updates.  In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers.
    3. Ability to install the My Servers plugin (see below).
    4. Posting privilege in a new set of My Servers forum boards.

     

    Once a license key has been provisioned, it is not necessary to remain signed-in, though there is no particular reason to sign-out.  Exception: if you have installed the My Servers plugin, signed-in servers will maintain a websocket connection to a Lime Technology cloud server for the purpose of transmitting real-time status.

     

    My Servers Plugin

    My Servers is what we call our set of cloud-based or cloud-enabled services and features that integrate with your Unraid server(s).  Once installed here are some of the features of My Servers:

    • My Servers Dashboard - when logged into the forum a new My Servers menu item appears. Clicking this brings up a Dashboard which displays a set of tiles representing each signed-in server.  Here you can see real-time status such as whether the server is online or offline, storage utilization and other information.  In addition, links are created to bring up a server webGUI, either locally on the LAN or remotely over the Internet (if Remote Access has been enabled).
    • flash backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords).  Thereafter, configuration changes are automatically committed.  Through the My Servers webApp it's possible to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device.
    • License key download - Again, through the My Servers webApp you can download your license key directly.

     

    My Servers is an optional add-on, installed through Community Apps or via direct plugin URL.  Detailed instructions can be found here.

     

    Security Changes

    • It is now mandatory to define a root password.  We also created a division in the Users page to distinguish root from other user names.  The root UserEdit page includes a text box for pasting SSH authorized keys.
    • For new configurations, the flash share default export setting is No.
    • For all new user shares, the default export setting is No.
    • For new configurations, SMBv1 is disabled by default.
    • For new configurations, telnet, ssh, and ftp are disabled by default.
    • We removed certain strings from Diagnostics such as passwords found in the 'go' file.

     

    Virtualization

    Both libvirt and qemu have been updated.  In addition qemu has been compiled with OpenGL support.

     

    The built-in FireFox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image.  This saves approximately 60MB of RAM.

     

    The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin.  If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved.

     

    Simplified installation of the Community Apps plugin.  The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button.  No need to hunt for the plugin link.

     

    Let's Encrypt SSL provisioning change.  In previous releases code that provisions (allocates and downloads) a LE SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate.  Since there are other uses for a LE certificate we changed the code so that provision would always proceed.  Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page.  Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced.  This is a subtle change but permits certain My Servers features such as Remote Access.

     

    Linux Kernel

    Upgrade to Linux 5.13.8 kernel which includes so-called Sequoia vulnerability mitigation.

     

    In-tree GPU drivers are now loaded by default if corresponding hardware is detected:

    • amdgpu
    • ast
    • i915
    • radeon

     

    These drivers are required mostly for motherboard on-board graphics used in GUI boot mode.  Loading of a driver can be prohibited by creating the appropriate file named after the driver:

    echo "blacklist i915" > /boot/config/modprobe.d/i915.conf

    Alternately, the device can be isolated from Linux entirely via the System Devices page.  Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file.  After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is.  This change was made to greatly improve the Desktop GUI experience for new users.

     

    Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin.

     

    Added support for gnif/vendor-reset.  This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly.

     

    Base Packages

    Virtually the entire base package set has been updated.

     

    Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible:

     

     

    Event driven model to obtain server information and update the webGUI in real-time

    • The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact
    • In addition stale browser sessions won't create any CSRF errors anymore
    • People who keep their browser open 24/7 will find the webGUI stays responsive at all times

     

    Docker labels

    • Docker labels are added to allow people using Docker compose to make use of icons and GUI access
    • Look at a Docker 'run' command output to see exactly what labels are used

     

    Docker custom networks

    • A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10
    • The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off.

     

    Docker bridge network (docker0)

    • docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world
    • Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration)
    • In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6

     

    Plugins page

    • The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed

     

    Dashboard graphs

    • The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection)
    • The CPU graph may be hidden as well in case it is not desired
    • Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history.
    • Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances

     

    Other Changes

    • We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core.
    • Fixed issue where you couldn't create a docker image on a share name that contains a space.
    • Fixed issue where 'mover' would not move to a pool name that contains a space.
    • Fixed issue in User Share file system where permissions were not being honored.
    • We increased the font size in Terminal.
    • Many other small bug fixes and improvements.

     

    Credits

    Special thanks to all our beta testers and especially:

    @bonienl for his continued refinement and updating of the Dynamix webGUI.

    @Squid for continued refinement of Community Apps and associated feed.

    @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood.

    @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins.

    @SimonF for refinements to System Devices page and other webGUI improvements.  We intend to merge your mover progress changes during this RC series.

     


     

    Version 6.10.0-rc1 2021-08-07

     

    Base distro:

    • aaa_base: version 15.0
    • aaa_glibc-solibs: version 2.33
    • aaa_libraries: version 15.0
    • acl: version 2.3.1
    • acpid: version 2.0.32
    • adwaita-icon-theme: version 40.1.1
    • apcupsd: version 3.14.14
    • appres: version 1.0.5
    • at: version 3.2.2
    • at-spi2-atk: version 2.38.0
    • at-spi2-core: version 2.40.3
    • atk: version 2.36.0
    • attr: version 2.5.1
    • avahi: version 0.8
    • bash: version 5.1.008
    • beep: version 1.3
    • bin: version 11.1
    • bind: version 9.16.19
    • bluez-firmware: version 1.2
    • bridge-utils: version 1.7.1
    • brotli: version 1.0.9
    • btrfs-progs: version 5.13.1
    • bzip2: version 1.0.8
    • ca-certificates: version 20210526
    • cairo: version 1.16.0
    • celt051: version 0.5.1.3
    • cifs-utils: version 6.13
    • coreutils: version 8.32
    • cpio: version 2.13
    • cpufrequtils: version 008
    • cracklib: version 2.9.7
    • cryptsetup: version 2.3.6
    • curl: version 7.78.0
    • cyrus-sasl: version 2.1.27
    • db48: version 4.8.30
    • dbus: version 1.12.20
    • dbus-glib: version 0.112
    • dcron: version 4.5
    • dejavu-fonts-ttf: version 2.37
    • devs: version 2.3.1
    • dhcpcd: version 8.1.9
    • diffutils: version 3.8
    • dmidecode: version 3.3
    • dnsmasq: version 2.85
    • docker: version 20.10.6
    • dosfstools: version 4.2
    • e2fsprogs: version 1.46.3
    • ebtables: version 2.0.11
    • editres: version 1.0.7
    • eject: version 2.1.5
    • elogind: version 246.10
    • elvis: version 2.2_0
    • encodings: version 1.0.5
    • etc: version 15.0
    • ethtool: version 5.13
    • eudev: version 3.2.10
    • file: version 5.40
    • findutils: version 4.8.0
    • flex: version 2.6.4
    • floppy: version 5.5
    • fluxbox: version 1.3.7
    • fontconfig: version 2.13.92
    • freeglut: version 3.2.1
    • freetype: version 2.11.0
    • fribidi: version 1.0.10
    • fuse3: version 3.10.4
    • gawk: version 5.1.0
    • gd: version 2.3.2
    • gdbm: version 1.20
    • gdk-pixbuf2: version 2.42.6
    • genpower: version 1.0.5
    • getty-ps: version 2.1.0b
    • git: version 2.32.0
    • glew: version 2.2.0
    • glib2: version 2.68.3
    • glibc: version 2.33
    • glibc-zoneinfo: version 2021a
    • glu: version 9.0.2
    • gmp: version 6.2.1
    • gnutls: version 3.6.16
    • gptfdisk: version 1.0.8
    • graphite2: version 1.3.14
    • grep: version 3.6
    • gtk+3: version 3.24.30
    • gzip: version 1.10
    • harfbuzz: version 2.8.2
    • haveged: version 1.9.14
    • hdparm: version 9.62
    • hicolor-icon-theme: version 0.17
    • hostname: version 3.23
    • htop: version 3.0.5
    • hwloc: version 2.2.0
    • icu4c: version 69.1
    • imlib2: version 1.7.1
    • inetd: version 1.79s
    • infozip: version 6.0
    • inih: version 53
    • inotify-tools: version 3.20.11.0
    • iproute2: version 5.13.0
    • iptables: version 1.8.7
    • iputils: version 20210722
    • irqbalance: version 1.7.0
    • jansson: version 2.13.1
    • jemalloc: version 5.2.1
    • jq: version 1.6
    • json-c: version 0.15_20200726
    • keyutils: version 1.6.3
    • kmod: version 29
    • krb5: version 1.19.2
    • lbzip2: version 2.5
    • less: version 590
    • libICE: version 1.0.10
    • libSM: version 1.2.3
    • libX11: version 1.7.2
    • libXau: version 1.0.9
    • libXaw: version 1.0.14
    • libXcomposite: version 0.4.5
    • libXcursor: version 1.2.0
    • libXdamage: version 1.1.5
    • libXdmcp: version 1.1.3
    • libXevie: version 1.0.3
    • libXext: version 1.3.4
    • libXfixes: version 6.0.0
    • libXfont: version 1.5.2
    • libXfont2: version 2.0.5
    • libXfontcache: version 1.0.5
    • libXft: version 2.3.4
    • libXi: version 1.7.10
    • libXinerama: version 1.1.4
    • libXmu: version 1.1.3
    • libXpm: version 3.5.13
    • libXrandr: version 1.5.2
    • libXrender: version 0.9.10
    • libXres: version 1.2.1
    • libXt: version 1.2.1
    • libXtst: version 1.2.3
    • libXxf86dga: version 1.1.5
    • libXxf86misc: version 1.0.4
    • libXxf86vm: version 1.1.4
    • libaio: version 0.3.112
    • libarchive: version 3.5.1
    • libcap-ng: version 0.8.2
    • libcgroup: version 0.41
    • libdaemon: version 0.14
    • libdmx: version 1.1.4
    • libdrm: version 2.4.107
    • libedit: version 20210714_3.1
    • libepoxy: version 1.5.8
    • libestr: version 0.1.9
    • libevdev: version 1.11.0
    • libevent: version 2.1.12
    • libfastjson: version 0.99.9
    • libffi: version 3.3
    • libfontenc: version 1.1.4
    • libgcrypt: version 1.9.3
    • libglvnd: version 1.3.3
    • libgpg-error: version 1.42
    • libgudev: version 236
    • libidn: version 1.38
    • libjpeg-turbo: version 2.1.0
    • liblogging: version 1.0.6
    • libmnl: version 1.0.4
    • libnetfilter_conntrack: version 1.0.8
    • libnfnetlink: version 1.0.1
    • libnftnl: version 1.2.0
    • libnl3: version 3.5.0
    • libpcap: version 1.10.1
    • libpciaccess: version 0.16
    • libpng: version 1.6.37
    • libpsl: version 0.21.1
    • libpthread-stubs: version 0.4
    • libseccomp: version 2.5.1
    • libssh: version 0.9.5
    • libssh2: version 1.9.0
    • libtasn1: version 4.17.0
    • libtiff: version 4.3.0
    • libtiff: version 4.3.0
    • libtirpc: version 1.3.2
    • libunistring: version 0.9.10
    • libunwind: version 1.5.0
    • libusb: version 1.0.24
    • libusb-compat: version 0.1.7
    • libuv: version 1.41.0
    • libvirt: version 7.3.0
    • libvirt-php: version 0.5.5
    • libwebp: version 1.2.0
    • libwebsockets: version 4.2.0
    • libx86: version 1.1
    • libxcb: version 1.14
    • libxkbcommon: version 1.3.0
    • libxkbfile: version 1.1.0
    • libxml2: version 2.9.12
    • libxshmfence: version 1.3
    • libxslt: version 1.1.34
    • libzip: version 1.8.0
    • listres: version 1.0.4
    • lm_sensors: version 3.6.0
    • lmdb: version 0.9.29
    • logrotate: version 3.18.1
    • lshw: version B.02.19.2
    • lsof: version 4.94.0
    • lsscsi: version 0.32
    • lvm2: version 2.03.12
    • lz4: version 1.9.3
    • lzip: version 1.22
    • lzo: version 2.10
    • mc: version 4.8.26
    • miniupnpc: version 2.1
    • mkfontscale: version 1.2.1
    • mpfr: version 4.1.0
    • mtdev: version 1.1.6
    • nano: version 5.8
    • ncompress: version 5.0
    • ncurses: version 6.2_20201219
    • net-tools: version 20181103_0eebece
    • nettle: version 3.7.3
    • network-scripts: version 15.0
    • nfs-utils: version 2.5.4
    • nghttp2: version 1.44.0
    • nginx: version 1.19.9
    • nss-mdns: version 0.14.1
    • ntfs-3g: version 2017.3.23
    • ntp: version 4.2.8p15
    • numactl: version 2.0.13
    • oniguruma: version 6.9.7
    • openssh: version 8.6p1
    • openssl: version 1.1.1k
    • openssl-solibs: version 1.1.1k
    • p11-kit: version 0.24.0
    • pam: version 1.5.1
    • pango: version 1.48.7
    • patch: version 2.7.6
    • pciutils: version 3.7.0
    • pcre: version 8.45
    • pcre2: version 10.37
    • php: version 7.4.18
    • pixman: version 0.40.0
    • pkgtools: version 15.0
    • procps-ng: version 3.3.17
    • pv: version 1.6.6
    • qemu: version 6.0.0
    • qrencode: version 4.1.1
    • reiserfsprogs: version 3.6.27
    • rpcbind: version 1.2.5
    • rsync: version 3.2.3
    • rsyslog: version 8.2102.0
    • sakura: version 3.5.0
    • samba: version 4.12.15
    • sdparm: version 1.12
    • sed: version 4.8
    • sessreg: version 1.1.2
    • setxkbmap: version 1.3.2
    • sg3_utils: version 1.46
    • shadow: version 4.8.1
    • shared-mime-info: version 2.1
    • slim: version 1.3.6
    • smartmontools: version 7.2
    • spice: version 0.15.0
    • sqlite: version 3.36.0
    • ssmtp: version 2.64
    • startup-notification: version 0.12
    • sudo: version 1.9.7p2
    • sysfsutils: version 2.1.0
    • sysvinit: version 2.99
    • sysvinit-scripts: version 15.0
    • talloc: version 2.3.2
    • tar: version 1.34
    • tcp_wrappers: version 7.6
    • tdb: version 1.4.5
    • telnet: version 0.17
    • tevent: version 0.11.0
    • traceroute: version 2.1.0
    • transset: version 1.0.2
    • tree: version 1.8.0
    • ttyd: version 20210507
    • usbredir: version 0.8.0
    • usbutils: version 013
    • utempter: version 1.2.0
    • util-linux: version 2.37.1
    • vbetool: version 1.2.2
    • vsftpd: version 3.0.5
    • vte3: version 0.50.2
    • wayland: version 1.19.0
    • wget: version 1.21.1
    • which: version 2.21
    • wireguard-tools: version 1.0.20210424
    • wsdd2: version 1.8.3.2
    • xauth: version 1.1
    • xcb-util: version 0.4.0
    • xclock: version 1.0.9
    • xdpyinfo: version 1.3.2
    • xdriinfo: version 1.0.6
    • xev: version 1.2.4
    • xf86-input-evdev: version 2.10.6
    • xf86-input-keyboard: version 1.9.0
    • xf86-input-mouse: version 1.9.3
    • xf86-input-synaptics: version 1.9.1
    • xf86-video-ast: version 1.1.5
    • xf86-video-mga: version 2.0.0
    • xf86-video-vesa: version 2.5.0
    • xfsprogs: version 5.12.0
    • xhost: version 1.0.8
    • xinit: version 1.4.1
    • xkbcomp: version 1.4.5
    • xkbevd: version 1.1.4
    • xkbutils: version 1.0.4
    • xkeyboard-config: version 2.33
    • xkill: version 1.0.5
    • xload: version 1.1.3
    • xlsatoms: version 1.1.3
    • xlsclients: version 1.1.4
    • xmessage: version 1.0.5
    • xmodmap: version 1.0.10
    • xorg-server: version 1.20.13
    • xprop: version 1.2.5
    • xrandr: version 1.5.1
    • xrdb: version 1.2.0
    • xrefresh: version 1.0.6
    • xset: version 1.2.4
    • xsetroot: version 1.1.2
    • xsm: version 1.0.4
    • xterm: version 368
    • xtrans: version 1.4.0
    • xwd: version 1.0.8
    • xwininfo: version 1.1.5
    • xwud: version 1.0.5
    • xxHash: version 0.8.0
    • xz: version 5.2.5
    • yajl: version 2.1.0
    • zlib: version 1.2.11
    • zstd: version 1.5.0

    Linux kernel:

    • version 5.13.8 (CVE-2021-33909 CVE-2021-33910)
    • CONFIG_USB4: Unified support for USB4 and Thunderbolt
    • CONFIG_USB4_NET: Networking over USB4 and Thunderbolt cables
    • CONFIG_DRM_I915_GVT: Enable Intel GVT-g graphics virtualization host support
    • CONFIG_DRM_I915_GVT_KVMGT: Enable KVM/VFIO support for Intel GVT-g
    • CONFIG_VFIO_MDEV: Mediated device driver framework
    • CONFIG_VFIO_MDEV_DEVICE: VFIO driver for Mediated devices
    • CONFIG_FTRACE: Tracers
    • CONFIG_FUNCTION_TRACER: Kernel Function Tracer
    • CONFIG_KPROBES: Kprobes
    • CONFIG_DEBUG_KERNEL: Kernel debugging
    • CONFIG_KALLSYMS_ALL: Include all symbols in kallsyms
    • CONFIG_X86_X32: removed
    • md_unraid: version 2.9.18

    Management:

    • emhttp new defaults:
      - root password required
      - newly created shares not exported by default
      - predefined 'flash' share not exported by default
      - ftp, ssh, telnet: disabled by default
      - NetBIOS disabled by default
      - WSD enabled (and using newer 'wsdd2' package)
      - Enhanced macOS interoperability enabled
    • mover: fix bug not moving shares with embedded spaces
    • shfs: fix bug where permissions being ingored ('default_permissions' was missing in mount command)
    • webgui: support simultanious LAN SSL with self-signed cert and DNS-based SSL with Lets Encrypt cert
    • webgui: Suppress non-relevant IPv6 routes in routing table
    • webgui: Fixed smart temperature settings sometimes not possible
    • webgui: Add internal container reference
    • webgui: Diagnostics: Remove lines from go containing passwords etc
    • webgui: Better translation of docker container variables
    • webgui: Fix monitor false positives
    • webgui: Allow ruleset for local rules in rsyslog.conf
    • webgui: Include links in email and Discord agent notifications
    • webgui: Allow all notification agents to send links
    • webgui: Validate WebGUI ports before applying
    • webgui: Add vmxnet3 and e1000 into available NICs for VMs
    • webgui: Error checking etc on ports for syslog server
    • webgui: Check for flash offline / quick check on if it is corrupted
    • webgui: Only allow png files to be uploaded as user image
    • webgui: Diagnostics: Revamp anonymization
    • webgui: Add WireGuard GUI
    • webgui: Update DashStats.page
    • webgui: Bug fix in DashStats
    • webgui: Fix corruption check after a New Config is issued
    • webgui: Update alert text
    • webgui: Translation support (Unraid.net)
    • webgui: WireGuard: preset peer DNS server with "Remote tunneled access"
    • webgui: Plugins page loading improvements
    • webgui: Docker page loading improvements
    • webgui: Make WireGuard trademark visible on "full" page
    • webgui: Replace polling scripts with event driven Nchan interface
    • webgui: Improved format of stale and error plugin pages
    • webgui: Docker: Add crypto as a category
    • webgui: Dashboard: add CPU and NETWORK chart
    • webgui: Docker: compress too long author names
    • webgui: Convert notify polling to Nchan
    • webgui: Docker: process bash ANSI colors in web log display
    • webgui: dockerMan: remove HTML from descriptions
    • webgui: SSH authorized keys UI
    • webgui: Device_list replace .png icon with font icon
    • webgui: Compress too long share names in dropdown menus
    • webgui: Show management access and shares access groups for users
    • webgui: Added "User 'root'" reference on Management Access page
    • webgui: Show warning when javascript is disabled
    • webgui: Force creation of root password
    • webgui: Edit/Add Container: Fix browser console error
    • webgui: WireGuard: warn when directly connected with public IP
    • webgui: Fix network bonding display
    • webgui: Add tracking after system shutdown
    • webgui: Added notify when plugin fails to install
    • webgui: Add Apps link to install CA
    • webgui: Diagnostics: Add share summary
    • webgui: Suppress IPv6 anycast addresses in routing table
    • webgui: Diagnostics: Add share summary
    • webgui: Diagnostics: Include current plugin versions
    • webgui: Diagnostics: add DHCP log
    • webgui: Diagnostics fix plugin deprecated max version error
    • webgui: Docker: Support CA tag
    • webgui: Delete DockerRepositories.page
    • webgui: dockerMan Security: Remove HTML tags from Config elements
    • webgui: When viewing source, identify which .page file is responsible
    • webgui: System devices additions
    • webgui: Create syslog entry when user logs out
    • webgui: privatize host in diagnostics
    • webgui: Create favicon.ico
    • webgui: Update Credits.page
    • Like 22



    User Feedback

    Recommended Comments



    Has anyone gotten Rocket Lake S iGPU encoding/decoding to work? I had it working on 6.9.2 stable using i915.force_probe=4c8a into syslinux.conf, however I can't get it working with 6.10RC1. I removed i915.force_probe=4c8a from syslinux.conf since it seems Rocket Lake is now supported; lspci -v now shows RocketLake-S:

     

    6.9.2 lspci -v:

    image.thumb.png.91afd33dac884236902c6f770189c40d.png

     

    6.10 RC1 lspci-v:

    image.thumb.png.6c041c30d804447e4b112741239263c1.png

     

    I can navigate to /dev/dri and the expected files show up

    image.png.26410dd2147d0d24d50f6d2e97f1f09d.png

     

    and my go file still contains:

    image.png.bc2712be4bcc457798d56530536eeecb.png

     

     So as far as I can tell, everything should be working, but the iGPU still isn't working in Plex or Jellyfin. Unsure if this is related to a 6.10 RC1 issue or if something is wrong with my configuration.

    Link to comment
    8 hours ago, thecode said:

    That works, I have also tried yesterday to add the following to `go` file:
     

    
    
    /usr/bin/sed -i -e 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/g' /etc/elogind/logind.conf
    /etc/rc.d/rc.elogind restart
    


    This will not work during boot since the laptop already sleeps until go file is executed, if I wake up the laptop manually after it sleeps during boot it will not get back to sleep. Is there a way to make the change before `elogind` runs?

     

    Sure we can make that change for rc2

    • Like 1
    • Thanks 2
    Link to comment
    7 hours ago, jj666 said:

    Hello there,

     

    Like mentioned in the recent unraid podcast, I am wondering if the SMB Multichannel is enabled in this release candidate.

    If so, second question, I have two servers both with bonded network connections (802.3ad), is it recommended to keep bonded to use multichannel, or remove?

     

    Cheers,

     

    -jj-

     

    Ready for these uber-complicated instructions?  Just kidding!  It's easy!

     

    First you'll need to stop the array, then navigate to the Settings > SMB Settings page.  From here, modify the SMB Extras section and add the following:

    server multi channel support = yes
    aio read size = 1
    aio write size = 1

    Save the changes and then start the array.

     

    WARNING:  THIS IS STILL CONSIDERED EXPERIMENTAL!  We haven't done sufficient testing with this yet, so feel free to use it, but do so at your own risk.

     

    Something else worth mentioning is that according to the Samba project, as recently as a few days ago Samba 4.15-rc2 was released and there was this interesting note in there about multi-channel:  https://wiki.samba.org/index.php/Samba_4.15_Features_added/changed#.22server_multi_channel_support.22_no_longer_experimental

    • Like 1
    Link to comment
    30 minutes ago, jonp said:

    First you'll need to stop the array, then navigate to the Settings > SMB Settings page.  From here, modify the SMB Extras section and add the following:

     

    This reminded me of something.  At the end of the smb.conf file is this section of code:
     

    # hook for user-defined samba config
     include = /boot/config/smb-extra.conf
    
     # auto-configured shares
     include = /etc/samba/smb-shares.conf

     

    Please move the 'hook' for smb-extra.conf to the end of the smb.conf file.  The Unraid user/administrator should have the last say in how Samba is configured! 

    Link to comment
    10 minutes ago, Frank1940 said:

    This reminded me of something.

    Thought it was addressed, but apparently it felt through the cracks.

    Something for rc2 ...

    • Thanks 1
    Link to comment

    I like to highlight other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible.

     

    - Event driven model to obtain server information and update the GUI in real-time

    • The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the GUI without much impact
    • In addition stale browser sessions won't create any CSRF errors anymore
    • People who keep their browser open 24/7 will find the GUI stays responsive at all times

    - Docker labels

    • Docker labels are added to allow people using Docker compose to make use of icons and GUI access
    • Look at a Docker 'run' command output to see exactly what labels are used

    - Docker custom networks

    • A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10
    • The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off.

    - Docker bridge network (docker0)

    • docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world
    • Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration)
    • In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6

    - Plugins page

    • The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed

    - Dashboard graphs

    • The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection)
    • The CPU graph may be hidden as well in case it is not desired
    • Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history.
    • Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances

     

     

    • Like 12
    • Thanks 2
    Link to comment
    15 hours ago, TheJulianJES said:

    Might be an Unassigned Devices thing, but I can no longer connect to an NFS share on a Windows machine from UNRAID (yes, NFS and not SMB because of Duplicati bugs).

    Logs:

    
    Aug 10 04:54:28 Prime unassigned.devices: Mount NFS command: /sbin/mount -t nfs -o rw,noacl,hard,timeo=600,retrans=10 '192.168.1.12:/duplicati_backups_nfs' '/mnt/remotes/winserver_duplicati_backups_nfs'
    Aug 10 04:54:28 Prime rpc.statd[10816]: Version 2.5.4 starting
    Aug 10 04:54:28 Prime rpc.statd[10816]: Flags: TI-RPC 
    Aug 10 04:54:28 Prime rpc.statd[10816]: Failed to register (statd, 1, udp): svc_reg() err: RPC: Remote system error - Connection refused
    Aug 10 04:54:28 Prime rpc.statd[10816]: Failed to register (statd, 1, tcp): svc_reg() err: RPC: Remote system error - Connection refused
    Aug 10 04:54:28 Prime rpc.statd[10816]: Failed to register (statd, 1, udp6): svc_reg() err: RPC: Remote system error - Connection refused
    Aug 10 04:54:28 Prime rpc.statd[10816]: Failed to register (statd, 1, tcp6): svc_reg() err: RPC: Remote system error - Connection refused
    Aug 10 04:54:28 Prime rpc.statd[10816]: failed to create RPC listeners, exiting
    Aug 10 04:54:38 Prime unassigned.devices: Error: shell_exec(/sbin/mount -t nfs -o rw,noacl,hard,timeo=600,retrans=10 '192.168.1.12:/duplicati_backups_nfs' '/mnt/remotes/winserver_duplicati_backups_nfs' 2>&1) took longer than 10s!
    Aug 10 04:54:38 Prime unassigned.devices: NFS mount failed: 'command timed out'.
    Aug 10 04:54:38 Prime unassigned.devices: Mount of '192.168.1.12:/duplicati_backups_nfs' failed: 'command timed out'.

     

    Edit: I get this error when trying to mount the NFS share via CLI:

     

    
    mount.nfs: rpc.statd is not running but is required for remote locking.
    mount.nfs: Either use '-o nolock' to keep locks local, or start statd.

     

    I "fixed it" by starting the port remapper: 

    
    /etc/rc.d/rc.rpc start

     

     

    NFS support is disabled by default. You can enable it on the Settings -> NFS page.

    • Like 1
    Link to comment

    Super helpful overview, @bonienl! I was curious about a few of these items you highlighted.

     

    25 minutes ago, bonienl said:

    Docker custom networks

    • A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10
    • The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off.

     

    The crash you refer to is when enabling the host access to custom networks option, yes? If I have already moved off any containers that required their own IP address, is there any benefit (or drawback) from switching to ipvlan? Any help to the cause just in general testing in normal usage?

    Link to comment
    15 minutes ago, kaiguy said:

    The crash you refer to is when enabling the host access to custom networks option, yes?

    There are mixed reports. Host access seems to be one of the possible causes, but not the only cause.

    Some people -including myself - never experience crashes, this makes it hard to troubleshoot.

     

    18 minutes ago, kaiguy said:

    is there any benefit (or drawback) from switching to ipvlan?

    macvlan and ipvlan achieve the same purpose: a dedicated network with isolation

    According to the Docker documentation ipvlan is a more lightweight implementation, which may benefit performance.

    There are some minimum linux version and docker version requirements to use ipvlan, but obviously these are met in Unraid.

     

    21 minutes ago, kaiguy said:

    Any help to the cause just in general testing in normal usage?

    It will help me (us) tremendously if people test and confirm that switching from macvlan mode to ipvlan mode solved their crashing issue.

     

    Link to comment

    I have checked the posts, and it was mentioned in one, but not quite why mine is not working.
    So I have been importing my own LE cert to /boot/config/ssl/certs/servername_unraid_bundle.pem, but as of 6.10 it is not working anymore. 
    I can see that everytime I restart nginx, it automatically re-creates a self-signed. 

     

    I am not interested in using the "Auto" mode and using the hash.unraid.net. I just want to access the server on my own DNS with my own certificate. How can I make this work again?

     

    /etc/rc.d/rc.nginx restart         
    Checking configuration for correct syntax and
    then trying to open files referenced in configuration...
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    Shutdown Nginx gracefully...
    Regenerating private key and certificate...
    Starting Nginx server daemon...
    

     

    I also tried to import it as: /boot/config/ssl/certs/certificate_bundle.pem

    And I can see it under Management access, but Unraid still uses the self signed cert. 

    Link to comment

    luckily im one of them who has no issues with macvlan, i tested ipvlan as alternative.

     

    my experience is with my router (fritz) i ran into a issue as ipvlan assigns 1 mac (the same) to all, so my router was jumping in mapping the ip with the mac address. so first it looked ok but then i ran into timiouts, specially when access "externally" like laptop browser to a service like tvheadend, plex, emby, ... or it took a while until the service could be reached, so i reverted back for now, just as note if some may run into "issues" with ipvlan.

    Link to comment
    16 minutes ago, ZataH said:

    I have checked the posts, and it was mentioned in one, but not quite why mine is not working.
    So I have been importing my own LE cert to /boot/config/ssl/certs/servername_unraid_bundle.pem, but as of 6.10 it is not working anymore. 
    I can see that everytime I restart nginx, it automatically re-creates a self-signed. 

     

    I am not interested in using the "Auto" mode and using the hash.unraid.net. I just want to access the server on my own DNS with my own certificate. How can I make this work again?

     

    
    /etc/rc.d/rc.nginx restart         
    Checking configuration for correct syntax and
    then trying to open files referenced in configuration...
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    Shutdown Nginx gracefully...
    Regenerating private key and certificate...
    Starting Nginx server daemon...
    

     

    I also tried to import it as: /boot/config/ssl/certs/certificate_bundle.pem

    And I can see it under Management access, but Unraid still uses the self signed cert. 

     

    Please start a new bug report here:

      https://forums.unraid.net/bug-reports/prereleases/

    Include your diagnostics (from Tools -> Diagnostics) and please let us know what the SUBJECT is from the certificate

     

    Link to comment
    3 hours ago, Frank1940 said:

     

    This reminded me of something.  At the end of the smb.conf file is this section of code:
     

    
    # hook for user-defined samba config
     include = /boot/config/smb-extra.conf
    
     # auto-configured shares
     include = /etc/samba/smb-shares.conf

     

    Please move the 'hook' for smb-extra.conf to the end of the smb.conf file.  The Unraid user/administrator should have the last say in how Samba is configured! 

     

    If you move it past that include of smb-shares.conf then any settings will apply to the last share defined in smb-shares.conf not globally.

    Link to comment
    2 hours ago, bonienl said:

    I like to highlight other improvements available in 6.10,

     

    Thank you @bonienl I updated the OP with this text.

    • Like 1
    Link to comment
    1 hour ago, ZataH said:

    I am not interested in using the "Auto" mode and using the hash.unraid.net.

     

    Use "Auto" setting.  This setting is slightly different in 6.10 than in previous releases.  "Auto" means use the certificate defined in the file:

    /boot/config/ss/certs/certificate_bundle.pem

     

    The "Provision" button will download a LE cert to that file, but instead of doing that you can upload your own cert there.  The code will then check that DNS Rebinding protection is not active on your LAN and that the Subject of the certificate resolves via your DNS server.  If both those checks pass then you can select "Auto".  Once selected, now the webGUI will only answer up to this URL prefix:

    https://<subject>/

    Link to comment
    18 minutes ago, limetech said:

     

    If you move it past that include of smb-shares.conf then any settings will apply to the last share defined in smb-shares.conf not globally.

     

    It has been ages since I last had to write/modify SMB code but I thought one could force things to be assigned Globally by with the [Global] tag at any point in the samba setup files as shown below:

    [global]
          case sensitive = true
    
          # server min protocol = NT1
          # server min protocol = SMB2

     

    I realize that you have defined everything in smb.conf file as being    [global]    until you get to included smb-shares.conf. 

     

    I can see your point but perhaps you should modify smb.conf with a couple of comment lines that indicate that the smb-extra.conf parameters will be treated as global parameters.   IF you move inclusion of smb-extra.conf if after the smb-shares.conf, there should probably be comment lines indicating that if a parameter is to be declared globally, the user is responsible to do it.

     

    My primary concern is that, with the increased emphasis on security, you may be (in the future) adding something into the smb-shares.conf that some knowledgeable user may have to modify so that things work in his configuration...

    Link to comment
    19 minutes ago, limetech said:

     

    Use "Auto" setting.  This setting is slightly different in 6.10 than in previous releases.  "Auto" means use the certificate defined in the file:

    /boot/config/ss/certs/certificate_bundle.pem

     

    The "Provision" button will download a LE cert to that file, but instead of doing that you can upload your own cert there.  The code will then check that DNS Rebinding protection is not active on your LAN and that the Subject of the certificate resolves via your DNS server.  If both those checks pass then you can select "Auto".  Once selected, now the webGUI will only answer up to this URL prefix:

    https://<subject>/

    What if is a wildcard cert? ex. *.mydomain.net

    Link to comment
    1 minute ago, agh1701 said:

    What if is a wildcard cert? ex. *.mydomain.net

     

    That should work.  If this is a custom self-signed cert we have made a change in rc2 to recognize that.

    Link to comment
    8 minutes ago, limetech said:

     

    That should work.  If this is a custom self-signed cert we have made a change in rc2 to recognize that.

    Its a let's encrypt certificate

    So I am curentlly using SSL:YES and the file /boot/config/ssl/certs/servername_unraid_bundle.pem

    Do I need to switch to SSL:Auto and file /boot/config/ss/certs/certificate_bundle.pem ?

    Link to comment

    Just upgraded and server isn't accessible now and will not get a DHCP IP address and comes back with a 169 address instead of the 192.168.1.x. I have no GUI access but can enter the shell via IPMI.

     

    I get a lot of errors now stating Cannot find device "bond0" and timeouts from USB Device 4-6

     

    Is there anyway to roll this back to 6.9.2 without losing my setup as nothing has changed with the server other than the upgrade and nothing is working now :( 

    Link to comment
    41 minutes ago, msryhajw said:

    Just upgraded and server isn't accessible now and will not get a DHCP IP address and comes back with a 169 address instead of the 192.168.1.x. I have no GUI access but can enter the shell via IPMI.

     

    I get a lot of errors now stating Cannot find device "bond0" and timeouts from USB Device 4-6

     

    Is there anyway to roll this back to 6.9.2 without losing my setup as nothing has changed with the server other than the upgrade and nothing is working now :( 

     

    Since you can access the system via IPMI, type "diagnostics" and make note of the zip file it generates. Then type "powerdown" to shut the server down.

     

    Put the flash drive in another computer and attach the diagnostics zip file here so we can get some clues as to what the problem is.

     

    To revert back to 6.9.2, copy all of the files from the "previous" directory on the flash drive into the root of the flash drive. Then you can boot the server from the flash again.

    Link to comment
    1 hour ago, agh1701 said:

    Its a let's encrypt certificate

    So I am curentlly using SSL:YES and the file /boot/config/ssl/certs/servername_unraid_bundle.pem

    Do I need to switch to SSL:Auto and file /boot/config/ss/certs/certificate_bundle.pem ?

     

    With SSL:Yes it will generate and use a self-signed cert and respond on URL:

    https://<server-name>.<local-tld>/

     

    If a certificate_bundle.pem file is present it will use that cert and also respond on URL:

    https://<subject>/

    where <subject> is the Common Name in the certificate.

     

    In other words it will respond on two different URL's using two different certs.

     

    If you set SSL:Auto then it will only respond on URL:

    https://<subject>/

    and these URL's all 302-redirect to https://<subject>/

    http://<ip-address>/

    https://<ip-address>/

    http://<server-name>

    https://<server-name>/

    https://<server-name>.<local-tld>/

     

    Of course, if non-standard http and/or https ports are defined, those ports are included in those URL's.

     

    Note that with SSL:Auto if your DNS server cannot resolve <subject> then you can be locked out of the webGUI.

    • Like 1
    Link to comment
    51 minutes ago, limetech said:

    Note that with SSL:Auto if your DNS server cannot resolve <subject> then you can be locked out of the webGUI.

    Setting the appropriate entry in your local hosts file should take care of that.

    Link to comment
    5 minutes ago, jonathanm said:

    Setting the appropriate entry in your local hosts file should take care of that.

     

    Modern browsers these days ignore the OS hosts file, at least on Windows.

    Link to comment



    Guest
    This is now closed for further comments

  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.