Leaderboard

Hello Unraid Community! It has come to our attention that in recent days, we've seen a significant uptick in the amount of Unraid server's being compromised due to poor security practices. The purpose of this post is to help our community verify their server's are secure and provide helpful best-practices recommendations to ensuring your system doesn't become another statistic. Please review the below recommendations on your server(s) to ensure they are safe. Set a strong root password Similar to many routers, Unraid systems do not have a password set by default. This is to ensure you can quickly and easily access the management console immediately after initial installation. However, this doesn't mean you shouldn't set one. Doing this is simple. Just navigate to the Users tab and click on root. Now set a password. From then on, you will be required to authenticate anytime you attempt to login to the webGui. In addition, there is a plugin available in Community Apps called Dynamix Password Validator. This plugin will provide guidance on how strong of a password you're creating based on complexity rules (how many capital vs. lowercase letters, numbers, symbols, and overall password length are used to judge this). Consider installing this for extra guidance on password strength. Review port mappings on your router Forwarding ports to your server is required for specific services that you want to be Internet-accessible such as Plex, FTP servers, game servers, VoIP servers, etc. But forwarding the wrong ports can expose your server to significant security risk. Here are just a few ports you should be extra careful with when forwarding: Port 80: Used to access the webGui without SSL (unless you've rebound access to another port on the Management Access settings page). DO NOT forward port 80. Forwarding this port by default will allow you to access the webGui remotely, but without SSL securing the connection, devices in between your browser and the server could "sniff" the packets to see what you're doing. If you want to make the webGui remotely accessible, install the Unraid.net plugin to enable My Servers on your system, which can provide a secure remote access solution that utilizes SSL to ensure your connection is fully encrypted. Port 443: Used to access the webGui with SSL. This is only better than port 80 if you have a root password set. If no root password is set and you forward this port, unauthorized users can connect to your webGui and have full access to your server. In addition, if you forward this port without using the Unraid.net plugin and My Servers, attempts to connect to the webGui through a browser will present a security warning due to the lack of an SSL certificate. Consider making life easier for yourself and utilize Unraid.net with My Servers to enable simple, safe, and secure remote access to your Unraid systems. NOTE: When setting up Remote Access in My Servers, we highly recommend you choose a random port over 1000 rather than using the default of 443. Port 445: Used for SMB (shares). If you forward this port to your server, any public shares can be connected to by any user over the internet. Generally speaking, it is never advisable to expose SMB shares directly over the internet. If you need the ability to access your shares remotely, we suggest utilizing a Wireguard VPN to create a secure tunnel between your device and the server. In addition, if the flash device itself is exported using SMB and this port is forwarded, its contents can easily be deleted and your paid key could easily be stolen. Just don't do this. Port 111/2049: Used for NFS (shares). While NFS is disabled by default, if you are making use of this protocol, just make sure you aren't forwarding these ports through your router. Similar to SMB, just utilize Wireguard to create a secure tunnel from any remote devices that need to connect to the server over NFS. Port 22/23: Used by Telnet and SSH for console access. Especially dangerous for users that don't have a root password set. Similar to SMB, we don't recommend forwarding these ports at all, but rather, suggest users leverage a Wireguard VPN connection for the purposes of connecting using either of these protocols. Ports in the 57xx range: These ports are generally used by VMs for VNC access. While you can forward these ports to enable VNC access remotely for your VMs, the better and easier way to do this is through installing the Unraid.net plugin and enabling My Servers. This ensures that those connections are secure via SSL and does not require individual ports to be forwarded for each VM. Generally speaking, you really shouldn't need to forward many ports to your server. If you see a forwarding rule you don't understand, consider removing it, see if anyone complains, and if so, you can always put it back. Never ever ever put your server in the DMZ No matter how locked down you think you have your server, it is never advisable to place it in the DMZ on your network. By doing so, you are essentially forwarding every port on your public IP address to your server directly, allowing all locally accessible services to be remotely accessible as well. Regardless of how "locked down" you think you actually have the server, placing it in the DMZ exposes it to unnecessary risks. Never ever do this. Consider setting shares to private with users and passwords The convenience of password-less share access is pretty great. We know that and its why we don't require you to set passwords for your shares. However, there is a security risk posed to your data when you do this, even if you don't forward any ports to your server and have a strong root password. If another device on your network such as a PC, Mac, phone, tablet, IoT device, etc. were to have its security breached, it could be used to make a local connection to your server's shares. By default, shares are set to be publicly readable/writeable, which means those rogue devices can be used to steal, delete, or encrypt the data within them. In addition, malicious users could also use this method to put data on your server that you don't want. It is for these reasons that if you are going to create public shares, we highly recommend setting access to read-only. Only authorized users with a strong password should be able to write data to your shares. Don't expose the Flash share, and if you do, make it private The flash device itself can be exposed over SMB. This is convenient if you need to make advanced changes to your system such as modifying the go file in the config directory. However, the flash device itself contains the files needed to boot Unraid as well as your configuration data (disk assignments, shares, etc). Exposing this share publicly can be extremely dangerous, so we advise against doing so unless you absolutely have to, and when you do, it is advised to do so privately, requiring a username and password to see and modify the contents. Keep your server up-to-date Regardless of what other measures you take, keeping your server current with the latest release(s) is vital to ensuring security. There are constant security notices (CVEs) published for the various components used in Unraid OS. We here at Lime Technology do our best to ensure all vulnerabilities are addressed in a timely manner with software updates. However, these updates are useless to you if you don't apply them in a timely manner as well. Keeping your OS up-to-date is easy. Just navigate to Tools > Update OS to check for and apply any updates. You can configure notifications to prompt you when a new update is available from the Settings > Notifications page. More Best Practices Recommendations Set up and use WireGuard, OpenVPN or nginxProxyManager for secure remote access to your Shares. For WireGuard set up, see this handy getting started guide. Set up 2FA on your Unraid Forum Account. Set up a Remote Syslog Server. Install the Fix Common Problems plugin. Installing this plugin will alert you to multiple failed login attempts and much, much more. Change your modem password to something other than the default. Consider installing ClamAV. In addition to all of the above recommendations, we've asked SpaceInvaderOne to work up a video with even more detailed best-practices related to Unraid security. We'll post a link as soon as the video is up to check out what other things you can do to improve your system security. It is of vital importance that all users review these recommendations on their systems as soon as possible to ensure that you are doing all that is necessary to protect your data. We at Lime Technology are committed to keeping Unraid a safe and secure platform for all of your personal digital content, but we can only go so far in this effort. It is ultimately up to you the user to ensure your network and the devices on it are adhering to security best-practices.

Could be a malicious individual decided to start doing this just this week. So far, nobody who has posted with this problem had ever posted to the forum before, and nobody that has been using Unraid for a while and are running these new versions has been hacked.

Nice tips, I just wish it would be easier to setup KeysFile authentication and disable password authentication for the SSH. Just placing your pupkey in the UI and setting a checkbox to disable password auth would be nice. I currently have it setup like ken-ji describes here. Then i edited PasswordAuthentication to "no". Also think about a secure by default approach with future updates. Why not force the user to set a secure password on first load? Why even make shares public by default? Why allow "guest" to access SMB shares by default? Why create a share for the flash in the first place? I get that some of those things make it more convenient, but imo convenience should not compromise security.

For the 1., it's all in the GUI help :

This Bitwarden site is useful https://bitwarden.com/password-strength/

Ohne dir zu nahe treten zu wollen. Aber je mehr Posts ich von dir lese umso mehr denke ich du solltest bei Mac und Synology bleiben. Kopieren geht entweder über die Konsole oder aber per z.B. Docker Container (Krusader z.B.) Und je nachdem wie die HDDs formatiert sind, benötigst du zusätzlich auch noch das Unassigned Devices PLUS Plugin

Das was man schon mehrfach geschrieben hat. Tausch das Kabel oder wechsel mal den Festplattenplatz. Das ist schon in anderen Beiträgen aufgefallen, dass du nie irgendwelchen Ratschlägen befolgst und immer weiter die gleichen Sachen postest. Also: Kabel oder Platz tauschen und die Sache beobachten.

Well, that is interesting. You see no /dev/dri with these contents? and even though you have no /dev/dri, it is referenced in the Plex container in either Extra Parameters or as a configured Device (either will work)? If you are seeing (hw) in the Plex dashboard/Tautulli then it is obviously using the iGPU for hardware transcoding. Personally, I have never seen Plex or HandBrake use the iGPU without the presence of /dev/dri as seen above. but who knows, maybe something has changed with the way it is being called in 6.9.1 with the way drivers are being loaded? I still see the /dev/dri folder and am curious how it could work without it. For the record, I now use the touch /boot/config/modprobe.d/i915.conf method, but it was also working fine under the old 'go' file method.

Some points that may help you understand unRAID better: unRAID is an OS, but it is not a full Linux distribution. It is a stripped-down version of Slackware Linux which only includes the pieces necessary to run your chosen hardware as a NAS appliance. It is not a separate Linux distro. In addition to being a NAS OS, unRAID supports plugins, Docker containers and virtual machines to expand functionality and fully utilize the server hardware. unRAID boots from a USB flash drive, but the OS is not "installed" on this flash drive. The archive files for the OS are on the flash drive but the OS is unpacked into RAM when the server is booted. unRAID runs in RAM and not from a hard drive, SSD or flash drive. The USB flash drive stores configuration information and the unRAID license and is portable to other hardware. unRAID provides protection against disk drive failure much like RAID does but without the limitations of RAID. RAID requires disks of the same sizes and stripes data and parity across all drives. If more drives fail than you have protected via parity EVERYTHING in the entire RAID is lost. UnRAID does not stripe data and has separate disks for parity and data. The disadvantage of unRAID is disk access speed vs. RAID as you are limited to the speed of a single disk due to no striping. Disks of any size can be added to the array to increase storage (Parity disk(s) must always be larger or at least as large as the largest data disk). unRAID does not recognize disks attached to a RAID controller unless they are all defined as separate RAID0 disks or the controller has a JBOD mode. RAID controllers that can have IT firmware installed for individual disk pass through work very well with unRAID. Many LSI models support this which is why they are popular with unRAID users. Cache drives/pools (SSDs recommended) can be created to limit hard disk spinup by storing Docker and VM files. Cache drives/pools can also be used to cache initial writes to the array making them much faster. Later, during periods of little or no use on the array, the Mover moves cached files to array hard drives and Parity is written then.

Ussually mover is run by schedule but some times we run mover manually. When we run it manually it would be nice to know how long will take mover to copy all the files. I feel safe not working with files while mover is running. (sure is paranoia but I feel safe) Would it be possible to add some kind of % bar showing information about the mover process? At least I will know how long will it take. Thankyou Gus

i have a Qnap nas and i want somthing like this in unraid i its dansih within xx min and xx failed attempts then ban for xx number of times or lifetime and opportunity to limeted to ex "Danmark" ip's so no from other country can Access my server TheBeast

Information: Je crée ce tuto en français basé sous UNRAID, j'ai essayé de faire le plus simple et le plus explicite pour les novices! Créer un WORDPRESS avec une base de données MySQL Je n'aborderais que la partie installation de WORDPRESS, ce tuto n'est pas destiné à la configuration de WORDPRESS ni de son utilisation. Pré-requis: Je pars du principe que vous avez installé: - le plugin "COMMUNITY APPLICATIONS" - que vous avez activé DOCKER. - que vous connaissez l'ip du NAS - si vous avez déjà installé le conteneur MariaDB, passé directement à l'étape pour créer un utilisateur dans MariaDB Installation: 1) Installation de MariaDB a) Téléchargement de l'image MariaDB Recherché dans l'onglet "APPS" le conteneur "MariaDB - linuxserver's Repository": b) Paramétrage du conteneur host port 1 = port utilisé pour mariadb MYSQL_ROOT_USER = nom de l'utilisateur avec accès "root" key 3 = mot de passe du l'utilisateur "root_user" MYSQL_USER = nom de l'utilisateur avec accès simple utilisateur MYSQL_PASSWORD = mot de passe utilisateur MYSQL_DATABASE = nom de la base de données AppData_config_path = chemin du conteneur c) Création d'une base de données et d'un utilisateur dans MariaDB Ouvrir la console de commande pour MariadDB: Il va falloir entrer quelques commandes (adapter nom et mot de passe) D'abord, ont ce connecte en utilisateur "root" (avec les identifiants crées au-dessus lors de l'installation du conteneur MariaDB) mysql -uroot -p Le password demandé est celui crée lors de l'installation: key 3 = mot de passe du l'utilisateur "root_user" Créer un utilisateur et un mot de passe (il faut garder les ' qui encadre le nom et mot de passe) CREATE USER 'nom_utilisateur' IDENTIFIED BY 'mdp'; Création d'une base de données pour WORDPRESS: CREATE DATABASE IF NOT EXISTS nom_de_base; Autorisé l'utilisateur à accéder à la base de données: (il faut garder les ' qui encadre le nom et mot de passe) GRANT ALL PRIVILEGES ON nom_de_base.* TO 'nom_utilisateur' IDENTIFIED BY 'mdp'; Puis ont quitte proprement: quit !!! ATTENTION!!! DE BIEN NOTER LES IDENTIFIANTS ET LE NOM DE BASE DE DONNEES QUELQUE PART Si tout ce passe bien vous devez obtenir ceci: 2) Installation de WORDPRESS a) Téléchargement de l'image Recherché dans l'onglet "APPS" le conteneur "WORDPRESS" Kru-X's Repository: b) Paramétrage du conteneur WORDPRESS Conteneur Port = Port utilisé par WORDPRESS www = Chemin du conteneur WORDPRESS WORDPRESS_DB_HOST = IP_DU_NAS + port du conteneur MariaDB WORDPRESS_DB_USER = utilisateur crée dans le conteneur MariaDB WORDPRESS_DB_PASSWORD = mot de passe crée dans le conteneur MariaDB c) Ajout d'une variable au conteneur WORDPRESS on ajoute la variable WORDPRESS_DB_NAME avec le nom de la base de données créé dans le conteneur MariaDB d) Accès Interface WORDPRESS Pour accéder à l'interface WORDPRESS, utiliser: http://IP_DU_NAS:8080 le port choisi lors de l'installation du conteneur ci-dessus (dans mon cas 8080) Si tout ce passe bien vous devez obtenir ceci sur la page du navigateur: FIN

That restriction only applies when copying files within the main array or cache pools. It does not apply to drives (e.g. those handled by Unasdigned Devices) that do not participate in User Shares.

Getting late here, but I will absolutely try again tomorrow.

Just noting possible cause and effects -- why some may be opening up ports or putting servers into DMZ. It was asked "Why now and not before", well there's an answer. Never said anything was wrong with the implementation of "My Servers".

The issues have been around ports being forwarded or systems put in the DMZ while having no root password. There is nothing that connects the recent hacks with the new My Servers Remote Access functionality, just unfortunate timing. Having said that, our Remote Access solution does use the root password to control access. So it is important to have a good strong password and a good idea to use a non-standard port. Note that we do require a non-null password in order to enable Remote Access, but once one has been set we can't review the password to say whether it is good or bad.

You might want to test to be sure but I think it’s very unlikely that any changes to SMB settings could effect Plex, Sonarr, etc. They are not accessing the shares via SMB.

J'ai renommé le nom du sujet avec [Résolu].

I just reviewed the whole thread and what little sense I can make of it is FUD

Appears I got ghosted on this initially. Re-sent a ticket in: "We have sent your message to the support team. A technician will contact you by email within 48 hours." Will follow up.

Natürlich Durchschnitt

Not related. Read that post though.

@jonp

I see. Thanks.

That is a very old thread which was originally for a script developed for much older versions of Unraid, but there might be some useful information in it about how the plugin works. You should probably start with the official support thread for the current plugin instead though. Do you have Community Applications installed? If so, just go to the Apps page and search for Cache Dirs. You can also go to the support thread for any plugin by clicking its Support link (?) in the listing for the plugin on the Apps page, or from the Support link for the plugin on the Plugins page after installing it. Unfortunately, that official support thread is also the thread for a lot of other plugins by that same author so there is a bit to wade through there. After you install the plugin see if you can figure it out from its description and settings.

Thanks!

Next and hopefully last episodes : 1) Reboot I've rebooted the server, and no issue after reboot, the daemon restarts properly and immediately gets good values from the UPS 2) Full power outage simulation - I set "Battery level to initiate shutdown (%)" to 85% to avoid discharging the UPS battery too much - I've unplugged the UPS to simulate a power outage. - Unraid server orderly shutdown was initiated @ 85% - 3 minutes later (default UPS grace period of 180 seconds), the UPS turned off as expected - when plugging the UPS back to mains, it started properly - the Unraid server booted properly, without parity check - UPS values read by apcupsd are correct - "Battery level to initiate shutdown (%)" set back to 60% in my case for normal operation - the UPS battery is slowly recharging (94% after 2 hours) So, everything is working as expected now, Modbus over serial connection with the so-called "smart" serial cable (ref AP940-0625A) was definitely the way to go rather than the USB-A to USB-A supplied cable in my particular case. Don't forget to activate the Modbus protocol on the UPS from the UPS LCD panel in configuration mode (see manual). According to the manual, Modbus should be enabled by default, this was not the case for my UPS. You must have CP.1 displayed, not CP.0, under configuration mode. The only limit of this solution is you must have a DB9 serial port on your motherboard. This is generally the case on server MBs, but a serial port is rarely present on modern workstations or desktop MBs. I've read on the apcupsd support list that this solution should work with a USB to serial adapter, but you may have to try various adpaters, avoiding cheap chinese crap. And the name of the tty device in the daemon setup should be something like ttyUSB0 or ttyACM0, depending on the chip in the adapter. I haven't digged further as I have an unused native serial port on my MB. If others want to experiment, I'll pass the torch to them now !

All overclocks (XMP included) introduce instability into any system and should be avoided.

Shares bzw Freigaben können ohne Probleme umbenannt werden. Nur wenn dort VMs oder Docker Daten drauf liegen musst du ggf in der VM bzw Docker Konfiguration den Pfad entsprechend anpassen.

Both. Deconz via VNC and Phoscon via WebGUI

Probier mal das BIOS zurückzusetzen aber behalt im hinterkopf das bei so server geschichten die einstellungen meist ein wenig komplexer sind. Kann auch sein das bei deinem board irgend ein LACP oder irgend so etwas in die richtung eingestellt ist. Wenn er keine IP hat wird das schwierig, einfach mal versuchen. Localhost sollte funktionieren.

Yes, I've looked into this but this is not doable very easily and I've given up on this. I think the easiest way would be to create a second Container with another Name and another path to the GameFiles and leave all the other sattings as they are. So you can switch between them, but keep in mind if you do it like that only one container can run at a time because the ports are the same. Or you can create a second Container with the above modifications and modify the port too so that you can both servers side by side but that involves a little bit more to be done also in terms of port forwarding. You have to replace localhost with the IP from your server.

I wrote a User Script to do this at the start of my array. The sed command will replace "public" with whatever you put in the 2nd portion of the command and then overwrite the existing file. Then 2nd line restarts the service. #!/bin/bash sed -i 's/public/other-string/' /etc/snmp/snmpd.conf bash /etc/rc.d/rc.snmpd restart

The intel top plug in just replaces the mod in the go file i was lead to believe. @Hoopster I most definitely have the dev/dri setup with in the plex as an extra parameter as well i know for a fact that material is being transcoded as well.

Yeah, I was quoting @coblck who said he had hardware transcoding going without seeing /dev/dri

So this is interesting, apparently my Traktarr Docker is basically a super computer and is using >9EB of RAM: I don't even remember installing that much RAM and it seems to be holding the entirety of the internet in memory...

Hi @ShadeZeRO, I was able to replicate and figure out why. This would be due to the way the container installs itself on startup. The container includes the installer grabbed directly from splunk.com during image build, and on first run it untars the installer. This causes your unRAID docker.img to grow every time you rebuild the image (i.e. "force upgrade", or real upgrade). If you have your indexed data stored in the container rather than on an external volume this will accentuate your docker.img disk usage. The same occurs for other containers that have an installer process (or use their internal volumes extensively). For example most of the SteamCMD game server containers that download big files on startup, something that can generate a lot of data like Nessus or Minecraft; or even if you configure a downloader (sab/deluge/etc) to download inside the container rather than to a volume you will also see your docker.img size increasing a lot on upgrade/rebuild. You can view the space used by running 'docker system df'. Here's mine, as you can see I've been working hard to ignore this issue by having 98% reclaimable space in my local volumes. Running the following will reclaim all this space. BE CAREFUL RUNNING IT, THIS COMMAND WILL DELETE ALL STOPPED CONTAINERS AND ALL THEIR DATA. Read docs etc, there are probably safer flags to use. docker system prune --volumes -f Results speak for themselves lol https://docs.docker.com/engine/reference/commandline/system_df/ https://docs.docker.com/engine/reference/commandline/system_prune/

I confirm I didn't configure the serial port for baud rate, stop bit, parity, ... For reference, current (default) serial port setup : stty -F /dev/ttyS0 -a speed 9600 baud; rows 0; columns 0; line = 16; intr = <undef>; quit = <undef>; erase = <undef>; kill = <undef>; eof = <undef>; eol = <undef>; eol2 = ); swtch = M-0; start = M-s; stop = f; susp = <undef>; rprnt = <undef>; werase = <undef>; lnext = M-h; discard = <undef>; min = 0; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread clocal -crtscts -ignbrk -brkint ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl -ixon -ixoff -iuclc -ixany -imaxbel -iutf8 -opost -olcuc -ocrnl -onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 -isig -icanon -iexten -echo -echoe -echok -echonl -noflsh -xcase -tostop -echoprt -echoctl -echoke -flusho -extproc So far, no data corruption here, as I monitor UPS data with telegraf/grafana, and any corrupted data would be clearly visible on graphs.

Hi, da die erste Testphase gestern abgelaufen ist - gestern um 15 Tage verlängert - und ich nun endlich mal ein paar Tage Urlaub habe, möchte ich mich nun an den Kauf der Komponenten machen. Dazu noch ein paar abschließende Fragen: 1. Mellanox-Karte + Kabel: Würde auch diese Kombination gehen? https://www.ebay.de/itm/313461963712 Wäre schon das Kabel mit dabei und beim Kauf von 2 Stück gibt es 20% Rabatt. Außerdem Versand aus Niederlande und als "Neu" deklariert? 2. USB-Stick für UnRAID Aktuell habe ich es auf einem SanDisk Cruzer Mikro USB 3.0 Stick mit 128GB laufen, was natürlich übertrieben ist. Ich hätte u.a. einen SanDIsk Cruzer Blade 8GB USB2.0 herum liegen. Reicht das dauerhaft "dicke", oder sollte man eher auf 16GB Kapazität gehen? Dann würde ich evtl. eines dieser 3er-Sets (16GB/32GB) expliziz für UnRAID kaufen: https://geizhals.de/?cmp=1980377&cmp=2120056 3. SSD-Cache mit M.2 SSDs Empfohlen wurde oder wird ja eine SSD mit MLC/TLC sowie DRAM-Cache. Spielt die Schreib-/Lesegeschwindigkeit solcher M.2 SSDs eine Rolle? Gibt ja SSDs mit Schreib-/Lesegeschwindigkeiten < 3.000, > 3.000 bzw. bei PCIe 4.0 x4 sogar >= 5.000. 4. Kompakter Client-PC mit 10G? Hat sich dazu schon mal jemand Gedanken gemacht? Gibt die Mellanox Karte ja auch als Low Profile. Kennt da jemand ein passendes und möglichst kompaktes Gehäuse, mit dem man trotzdem einen durchaus leistungsfähigen Client-PC bauen kann? Hylli

I have a suggestion that would help those of us who like to use reverse proxies (traefik as an example), MFA systems (Authelia), and their own domains. Add an optional field with the unraid-api plugin to enter a custom URL that would be used to access the local unraid server. The field could be setup to only ask for the url and its assumed the url will start with https. Then the unraid website could just use that link whenever the owner wanted to access the server remotely. Doing this would allow us to setup the reverse proxy and any MFA that we choose. This wouldn't be a end all method either. Limetech can still implement their own MFA, but I like the option of using my own. I know that we can not enable remote access through the plugin which is fine, but having the ability to click on my server from the server's section of the web page is seamless and more convenient.

So, Sonarr v3 is FINALLY here, its out of beta and is now the latest release, if you want to switch from Sonarr v2 to v3 then simply pull down the 'latest' tagged image. However, if you want to stick on Sonarr v2 then please do the following:- Go to unRAID Web UI/Docker/left click Sonarr/Edit and change the value for 'Repository' to:- binhex/arch-sonarr:2.0.0.5344-1-04 Click apply to pull down v2 image. Note:- There will be NO further development on v2 going forward. If you are using the tag name of 'v3' then please do the following to switch back to 'latest' (now v3):- Go to unRAID Web UI/Docker/left click Sonarr/Edit and change the value for 'Repository' to:- binhex/arch-sonarr:latest Note:- the 'v3' tag is now deprecated and will NOT be updated.

It’s there now-

I have submitted a pull request for consideration. Initially this will only update after each share being transferred and just shows a percentage complete. Status will also update for scheduled moves. The transfers to and from are sequential so you will not see both at the same time. From would say 0% complete until To had finished or will show nothing to transfer if that is the case.

I released now a Plugin for Unraid 6.9.0rc2 and up so that the installation of the Drivers is as easy as going to the CA App and search for 'Coral-Driver'. It will take about an hour to show up in the CA App and you also have to be on Unraid 6.9.0rc2 to see the package in the CA App.

Oh, damn... I'm even more late. I love unRAID, even before it was all capital letters. I quit using it for media storage, because... streaming. Had a tuner card and all the drives and stuff. I had a friend, to whom I had recommended UNRAID, ask me what was up with the tuner cards, and just mentioned that the DVB plugin wasn't being developed anymore. I had bought a NAS, and was just using it to back up computers in the house. My job isn't IT... and making it a hobby was ... stressful. Recently, I think, oh, I'll just build a NAS with my UNRAID license and ... oh ... I see what "not being developed more" means. I didn't have a solution for my friend on tuners. Personally, I ended up trading for a two-bay Synology and using a network tuner... and by "use" I mean it sits around and does nothing, because ... my job isn't IT ... and making it a hobby was ... okay, you get it. I think there's this gap between "regular" people who just want a box, and a community of members / developers / enthusiasts that have to agree on how things work. A lot of my friends will simply pay for a box full of drives that does VMs and stores media. This drama is too much for them. Not because personal interaction is hard (it is very hard) but because they're willing to exchange money for ease. Community contributors don't even ask for money, they just want recognition. It's not a requirement, and sometimes money isn't a good solution for exchange of ideas or products. Some of us just take things. Like I was *taking* all that media. I figured it was just easier to pay for someone else to manage my storage solution. --- I'm thinking that leaving this "broken toy" on the floor, and apologizing is like... step 1. Step 3 is "profit" (as they say). So, step 2 is to roll that stuff [back?] into the product, and compensate the contributor. That might be recognition or money. Beats me, but "y'all gotta get it together"... I'm screaming in the back seat because my Uncle and my Dad can't get along and we aren't there yet... I want my UNRAID box to work, not watch the Maury show where parents argue about genetic contribution to a child -- and Maury actually earns money from all the drama. --- I ain't mad at Maury, but someone needs to take care of that kid. I think Maury pays the participants on the show. So, you know what to do. Am I saying that Synology is like Maury Povich? If so, the rest of us are not winning.

I've have been following this and the other thread with very mixed feelings and I feel the community is unjustly hard towards @limetech. Sure some things could have been handled better, yet I keep the feelings that the bigger injustice is not actually committed by him. In order to understand things better and to see things from a different perspective I personally like to make analogies. Sometimes it gives different insights into situations. And I cam up with the following for this one: We have 3 parties here, The parent (@limetech), the uncle (@CHBMB and the like) and the kid (the community). Now the situation is that the kid is asking the parent for this shiny new toy, but for whatever reason the parent is not buying the kid the toy. Maybe it is to expensive, maybe he is waiting for the birthday, whatever.. However, the uncle who hears the kid decided to get the kid this new toy, because he loved the kid and wants to please the kid. Fast forward and the parents sees that the kid really loved the toy but unfortunately the toy has some sharp edges and the parent is afraid the kid might hurt himself hence the parent decided to order a better and safer version of the toy. However, when the parent tells the kid it ordered this new toy the uncle hears the parent and flies into a rage because the parent did not tell the uncle that he/she was going to buy the new toy and the uncle thinks the parents is ungrateful because he/she did not even thank the uncle. In his rage therefore the uncle takes the toy away from the kid even before the new toy arrived (it is after all still in beta). Not only that but takes away the other toys he got the kid as well and says he is never going to give the kid any more toys. All this to punish the parent. Now with this analogy, ask yourself. Is the reaction of @CHBMB (the uncle) proportionate and justified? Does a parent (@limetech) need to inform the uncle of these kind of things? Sure it is nice, but is it really needed? Do you think it is right for the uncle to punish the kid? Should the parent even be grateful that the uncle presents the kid a toy with sharp edges (I know I wouldn't). The only one the uncle should expect thanks from i.m.o is the kid. The community is and was grateful. Yet @CHBMB is the one who decided to punish the community and take away their toy because of his hurt feelings. Yet the only one who gets shit is @limetech. If I where him I would be more than a little pissed and disappointment and I think it shows in his messages. Please read my analogy again and ask yourself who in the story did anything to hurt the kid? The parent or the uncle? And please also think about the fact that we have no way of knowing if @limetech was not going to thanks @CHBMB for the work in an official release note, which this wasn't. Now I do think the parent should have said something to the uncle. And I also am a bit disappointment to learn that even though UnRaid builds heavy on the community there is no special channel in place to facilitate communication with reliable community develops. Considering how well the development of both UnRaid and the community add-ons go together I kind of assumes something was already in place. However it seems this is something that is considered and worked on now. But in everything that happened, this simple miscommunication seems far the lesser evil here. And I do think it might be good that the community asks itself again who really is to blame for taking away it's shining toy with sharp edges and if it is reasonable to have this reaction. But that's just my 2 cents.

Install the Tips and Tweaks plugin for a non-command-line way to do it.

I'd been having exactly the same issues for a while and this worked perfectly! Though I did learn the hard way that "unrar x" respects the rar file folder structure, while "unrar e" will just dump everything in your current directory.

HA! I figured something out. I was a little apprehensive about having to use the command line. I was poking around in Krusader and saw that I could browse to a given folder and then open a terminal window at that spot, which I did. Now in the same directory as the RAR file I didn't need to mess with a lengthy absolute or relative reference to point to the file. So I just tried 'unrar e name.of.torrent.rar' and voila, it worked. Not quite as easy as a GUI because the torrent names are a pain to type, but doable.

A slightly better way to maintain the keys across reboots is to * copy the authorized_keys file to /boot/config/ssh/root.pubkeys * copy /etc/ssh/sshd_config to /boot/config/ssh * modify /boot/config/sshd_config to set the following line AuthorizedKeysFile /etc/ssh/%u.pubkeys This will allow you to keep the keys on the flash always and let the ssh startup scripts do all the copying.