Leaderboard

Hello Unraid Community! It has come to our attention that in recent days, we've seen a significant uptick in the amount of Unraid server's being compromised due to poor security practices. The purpose of this post is to help our community verify their server's are secure and provide helpful best-practices recommendations to ensuring your system doesn't become another statistic. Please review the below recommendations on your server(s) to ensure they are safe. Set a strong root password Similar to many routers, Unraid systems do not have a password set by default. This is to ensure you can quickly and easily access the management console immediately after initial installation. However, this doesn't mean you shouldn't set one. Doing this is simple. Just navigate to the Users tab and click on root. Now set a password. From then on, you will be required to authenticate anytime you attempt to login to the webGui. In addition, there is a plugin available in Community Apps called Dynamix Password Validator. This plugin will provide guidance on how strong of a password you're creating based on complexity rules (how many capital vs. lowercase letters, numbers, symbols, and overall password length are used to judge this). Consider installing this for extra guidance on password strength. Review port mappings on your router Forwarding ports to your server is required for specific services that you want to be Internet-accessible such as Plex, FTP servers, game servers, VoIP servers, etc. But forwarding the wrong ports can expose your server to significant security risk. Here are just a few ports you should be extra careful with when forwarding: Port 80: Used to access the webGui without SSL (unless you've rebound access to another port on the Management Access settings page). DO NOT forward port 80. Forwarding this port by default will allow you to access the webGui remotely, but without SSL securing the connection, devices in between your browser and the server could "sniff" the packets to see what you're doing. If you want to make the webGui remotely accessible, install the Unraid.net plugin to enable My Servers on your system, which can provide a secure remote access solution that utilizes SSL to ensure your connection is fully encrypted. Port 443: Used to access the webGui with SSL. This is only better than port 80 if you have a root password set. If no root password is set and you forward this port, unauthorized users can connect to your webGui and have full access to your server. In addition, if you forward this port without using the Unraid.net plugin and My Servers, attempts to connect to the webGui through a browser will present a security warning due to the lack of an SSL certificate. Consider making life easier for yourself and utilize Unraid.net with My Servers to enable simple, safe, and secure remote access to your Unraid systems. NOTE: When setting up Remote Access in My Servers, we highly recommend you choose a random port over 1000 rather than using the default of 443. Port 445: Used for SMB (shares). If you forward this port to your server, any public shares can be connected to by any user over the internet. Generally speaking, it is never advisable to expose SMB shares directly over the internet. If you need the ability to access your shares remotely, we suggest utilizing a Wireguard VPN to create a secure tunnel between your device and the server. In addition, if the flash device itself is exported using SMB and this port is forwarded, its contents can easily be deleted and your paid key could easily be stolen. Just don't do this. Port 111/2049: Used for NFS (shares). While NFS is disabled by default, if you are making use of this protocol, just make sure you aren't forwarding these ports through your router. Similar to SMB, just utilize Wireguard to create a secure tunnel from any remote devices that need to connect to the server over NFS. Port 22/23: Used by Telnet and SSH for console access. Especially dangerous for users that don't have a root password set. Similar to SMB, we don't recommend forwarding these ports at all, but rather, suggest users leverage a Wireguard VPN connection for the purposes of connecting using either of these protocols. Ports in the 57xx range: These ports are generally used by VMs for VNC access. While you can forward these ports to enable VNC access remotely for your VMs, the better and easier way to do this is through installing the Unraid.net plugin and enabling My Servers. This ensures that those connections are secure via SSL and does not require individual ports to be forwarded for each VM. Generally speaking, you really shouldn't need to forward many ports to your server. If you see a forwarding rule you don't understand, consider removing it, see if anyone complains, and if so, you can always put it back. Never ever ever put your server in the DMZ No matter how locked down you think you have your server, it is never advisable to place it in the DMZ on your network. By doing so, you are essentially forwarding every port on your public IP address to your server directly, allowing all locally accessible services to be remotely accessible as well. Regardless of how "locked down" you think you actually have the server, placing it in the DMZ exposes it to unnecessary risks. Never ever do this. Consider setting shares to private with users and passwords The convenience of password-less share access is pretty great. We know that and its why we don't require you to set passwords for your shares. However, there is a security risk posed to your data when you do this, even if you don't forward any ports to your server and have a strong root password. If another device on your network such as a PC, Mac, phone, tablet, IoT device, etc. were to have its security breached, it could be used to make a local connection to your server's shares. By default, shares are set to be publicly readable/writeable, which means those rogue devices can be used to steal, delete, or encrypt the data within them. In addition, malicious users could also use this method to put data on your server that you don't want. It is for these reasons that if you are going to create public shares, we highly recommend setting access to read-only. Only authorized users with a strong password should be able to write data to your shares. Don't expose the Flash share, and if you do, make it private The flash device itself can be exposed over SMB. This is convenient if you need to make advanced changes to your system such as modifying the go file in the config directory. However, the flash device itself contains the files needed to boot Unraid as well as your configuration data (disk assignments, shares, etc). Exposing this share publicly can be extremely dangerous, so we advise against doing so unless you absolutely have to, and when you do, it is advised to do so privately, requiring a username and password to see and modify the contents. Keep your server up-to-date Regardless of what other measures you take, keeping your server current with the latest release(s) is vital to ensuring security. There are constant security notices (CVEs) published for the various components used in Unraid OS. We here at Lime Technology do our best to ensure all vulnerabilities are addressed in a timely manner with software updates. However, these updates are useless to you if you don't apply them in a timely manner as well. Keeping your OS up-to-date is easy. Just navigate to Tools > Update OS to check for and apply any updates. You can configure notifications to prompt you when a new update is available from the Settings > Notifications page. More Best Practices Recommendations Set up and use WireGuard, OpenVPN or nginxProxyManager for secure remote access to your Shares. For WireGuard set up, see this handy getting started guide. Set up 2FA on your Unraid Forum Account. Set up a Remote Syslog Server. Install the Fix Common Problems plugin. Installing this plugin will alert you to multiple failed login attempts and much, much more. Change your modem password to something other than the default. Consider installing ClamAV. In addition to all of the above recommendations, we've asked SpaceInvaderOne to work up a video with even more detailed best-practices related to Unraid security. We'll post a link as soon as the video is up to check out what other things you can do to improve your system security. It is of vital importance that all users review these recommendations on their systems as soon as possible to ensure that you are doing all that is necessary to protect your data. We at Lime Technology are committed to keeping Unraid a safe and secure platform for all of your personal digital content, but we can only go so far in this effort. It is ultimately up to you the user to ensure your network and the devices on it are adhering to security best-practices.

A few suggestions if I may, from my experiences in the Cloud Infrastructure World; First, Reviewing Docker Folder Mappings (and to some extent VM Shares). Do all you Docker Containers need read and write access to non appdata folders? If it does, is the scope of the directories restricted to what is needed, or have you given it full read/write to /mnt/user or /mnt/user0 ? For example I need Sonnarr and Radarr to have write access to my TV and Movie Share, so they are restricted to just that, they don't need access to my Personal Photos, or Documents etc. Whereas for Plex, since I don't use the Media Deletion Feature, I dont need Plex, to do anything to those Folders, just read the content. So it has Read Only Permissions in the Docker Config. Additionally, I only have a few containers that need read/write access to the whole server (/mnt/user) and so these are configured to do so, but since they are more "Administration" containers, I keep them off until I need them, most start up in less than 30 seconds. That way, if for whatever reason a container was compromised, the risk is reduced in most cases. Shares on my VM's are kept to only the required directories and mounted as Read Only in the VM. For Docker Containers that use VNC or VMs, set a secure password for the VNC component too, to prevent something on the Network from using it without access (great if you don't have VLAN's etc). This may be "overkill" for some users, but have a look at the Nessus or OpenVAS Containers, and run regular Vulnerability Scans against your Devices / Local Network. I use the Nessus one and (IMO) its the easier of the two to setup, the Essentials (Free) version is limited to 15 IPs, so I scan my unRAID Server, VMs, and a couple of other physical devices and it has SMTP configured so once a week sends me an email with a summary of any issues found, they are categorized by importance as well. I don't think many people do this, but don't use the GUI mode of unRAID as a day to day browser, outside of Setup and Troubleshooting (IMO) it should not be used. Firefox, release updates quite frequently and sometimes they are for CVE's that depending on what sites you visit *could* leave you unprotected. On the "Keeping your Server Up-to-Date" part, while updating the unRAID OS is important, don't forget to update your Docker Containers and Plugins, I use the CA Auto Update for them, and set them to update daily, overnight. Some of the Apps, could be patched for Security Issues, and so keeping the up-to-date is quite useful. Also, one that I often find myself forgetting is the NerdPack Components, I have a few bits installed (Python3, iotop, etc), AFAIK these need to be updated manually. Keeping these Up-to-Date as well is important, as these are more likely to have Security Issues that could be exploited, depending on what you run. Also on the Updates, note, if you have VM's and they are running 24/7 keep these up-to-date too and try and get them as Hardened as possible, these can often be used as a way into your server/network. For Linux Debian/Ubuntu Servers, you can look at Unattended Upgrades, similar alternatives are available for other Distros. For Windows you can configure Updates to Install Automatically and Reboot as needed. Hardening the OS as well, is something I would also recommend, for most common Linux Distros and Windows, there are lots of guides useful online, DigitalOcean is a great source for Linux stuff I have found. If something is not available as a Docker Container or Plugin, don't try and run it directly on the unRAID Server OS itself (unless, its for something physical, e.g. Drivers, or Sensors etc), use a VM (with a Hardened Configuration), keeping only the bare minimum running directly on unRAID, helps to reduce your attack surface. Also, while strictly not part of Security, but it goes Hand in Hand, make sure you have a good Backup Strategy and that all your (important/essential) Data is backed up, sometimes stuff happens and no matter how much you try, new exploits come out, or things get missed and the worst can happen. Having a good backup strategy can help you recover from that, the 321 Backup method is the most common one I see used. If something does happen and you need to restore, where possible, before you start the restore, try and identify what happened, once you have identified the issue, if needed you can restore from Backups to a point in time, where there was no (known) issue, and start from there, making sure you fix whatever the issue was first in your restored server. I have seen a few cases (at work) where peoples Servers have been compromised (typically with Ransomware), they restore from backups, but don't fix the issue (typically a Weak Password for an Admin account, and RDP exposed to the Internet) and within a few hours of restoring, they are compromised again. Other ideas about using SSH Keys, Disabling Telnet/FTP etc, are all good ones, and definitely something to do, and something I would love to see done by default in future releases. EDIT: One other thing I forgot to mention was, setup Notifications for your unRAID server, not all of them will be for Security, but some of the apps like the Fix Common Problems, can alert you for security related issues and you can get notified of potential issues quicker than it may take you to find/discover them yourselves.

I can confirm that today everything is connected and working correctly. Thanks Unraid Team for your hard work.

The docker folder plugin would be a good place to look.

@tabris0202 You seem to have narrowed down the problem to DNS, Yes? perhaps try using a public DNS rather than your ISPs? It is unlikely that any query requests coming from outside are "overloading" your router, the traffic generated by those requests fall into the negligible category. You (or your ISP) may have firewall or IDS/IPS that are tripping but we do not have the information to diagnose the case.

Yes. I’m currently working on this.

I think a large factor on how your experiences on VM's are shaped is the usage of the VM's. If you have 24x7 heavy active production VM's running vfx renders, code compiles etc and your btrfs/zfs systems crashes , then you will see more of the "recovery power" of the filesystem and also more easily find its flaws. My issues where repeatable and unfortunately or fortunately happened in a time where i had lots of total systems crashes due to gpu issues. So this tested the skills of boths filesystems to the limits. Under these same cicomstances hosted on the same ssd's on the same OS version , withe everything else the same, btrfs failed more then once, zfs passed all tests. That is just my experience , but of course every system / setup is different and can lead to different results. Even version of btrfs/zfs/unraid etc can have a large efect on the results. In he end we all stick with what we trust

AMD Sensor support released for APU (Temp) and dGPU (Temp/Fan/Power).

This is implemented in Unraid OS 6.9.x which makes /root/.ssh a symlink to flash config/ssh/root directory.

Ohne dir zu nahe treten zu wollen. Aber je mehr Posts ich von dir lese umso mehr denke ich du solltest bei Mac und Synology bleiben. Kopieren geht entweder über die Konsole oder aber per z.B. Docker Container (Krusader z.B.) Und je nachdem wie die HDDs formatiert sind, benötigst du zusätzlich auch noch das Unassigned Devices PLUS Plugin

Application: borgmatic Docker Hub: https://hub.docker.com/r/b3vis/borgmatic Github: https://github.com/b3vis/docker-borgmatic Template's repo: https://github.com/Sdub76/unraid_docker_templates An Alpine Linux Docker container for witten's borgmatic by b3vis. Protect your files with client-side encryption. Backup your databases too. Monitor it all with integrated third-party services. Getting Started: It is recommended that your Borg repo and cache be located on a drive outside of your array (via unassigned devices plugin) Before you backup to a new repo, you need to initialize it first. Examples at https://borgbackup.readthedocs.io/en/stable/usage/init.html Place your crontab.txt and config.yaml in the "Borgmatic config" folder specified in the docker config. See examples below. A mounted repo can be accessed within Unraid using the "Fuse mount point" folder specified in the docker config. Example of how to mount a Borg archive at https://borgbackup.readthedocs.io/en/stable/usage/mount.html Support: Your best bet for Borg/Borgmatic support is to refer to the following links, as the template author does not maintain the application Borgmatic Source: https://github.com/witten/borgmatic Borgmatic Reference: https://torsion.org/borgmatic Borgmatic Issues: https://projects.torsion.org/witten/borgmatic/issues BorgBackup Reference: https://borgbackup.readthedocs.io Why use this image? Borgmatic is a simple, configuration-driven front-end to the excellent BorgBackup. BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it supports compression and authenticated encryption. The main goal of Borg is to provide an efficient and secure way to backup data. The data deduplication technique used makes Borg suitable for daily backups since only changes are stored. The authenticated encryption technique makes it suitable for backups to not fully trusted targets. Other Unraid/Borg solutions require installation of software to the base Unraid image. Running these tools along with their dependencies is what Docker was built for. This particular image does not support rclone, but does support remote repositories via SSH. This docker can be used with the Unraid rclone plugin if you wish to mirror your repo to a supported cloud service.

Information: Je crée ce tuto en français basé sous UNRAID, j'ai essayé de faire le plus simple et le plus explicite pour les novices! Créer un WORDPRESS avec une base de données MySQL Je n'aborderais que la partie installation de WORDPRESS, ce tuto n'est pas destiné à la configuration de WORDPRESS ni de son utilisation. Pré-requis: Je pars du principe que vous avez installé: - le plugin "COMMUNITY APPLICATIONS" - que vous avez activé DOCKER. - que vous connaissez l'ip du NAS - si vous avez déjà installé le conteneur MariaDB, passé directement à l'étape pour créer un utilisateur dans MariaDB Installation: 1) Installation de MariaDB a) Téléchargement de l'image MariaDB Recherché dans l'onglet "APPS" le conteneur "MariaDB - linuxserver's Repository": b) Paramétrage du conteneur host port 1 = port utilisé pour mariadb MYSQL_ROOT_USER = nom de l'utilisateur avec accès "root" key 3 = mot de passe du l'utilisateur "root_user" MYSQL_USER = nom de l'utilisateur avec accès simple utilisateur MYSQL_PASSWORD = mot de passe utilisateur MYSQL_DATABASE = nom de la base de données AppData_config_path = chemin du conteneur c) Création d'une base de données et d'un utilisateur dans MariaDB Ouvrir la console de commande pour MariadDB: Il va falloir entrer quelques commandes (adapter nom et mot de passe) D'abord, ont ce connecte en utilisateur "root" (avec les identifiants crées au-dessus lors de l'installation du conteneur MariaDB) mysql -uroot -p Le password demandé est celui crée lors de l'installation: key 3 = mot de passe du l'utilisateur "root_user" Créer un utilisateur et un mot de passe (il faut garder les ' qui encadre le nom et mot de passe) CREATE USER 'nom_utilisateur' IDENTIFIED BY 'mdp'; Création d'une base de données pour WORDPRESS: CREATE DATABASE IF NOT EXISTS nom_de_base; Autorisé l'utilisateur à accéder à la base de données: (il faut garder les ' qui encadre le nom et mot de passe) GRANT ALL PRIVILEGES ON nom_de_base.* TO 'nom_utilisateur' IDENTIFIED BY 'mdp'; Puis ont quitte proprement: quit !!! ATTENTION!!! DE BIEN NOTER LES IDENTIFIANTS ET LE NOM DE BASE DE DONNEES QUELQUE PART Si tout ce passe bien vous devez obtenir ceci: 2) Installation de WORDPRESS a) Téléchargement de l'image Recherché dans l'onglet "APPS" le conteneur "WORDPRESS" Kru-X's Repository: b) Paramétrage du conteneur WORDPRESS Conteneur Port = Port utilisé par WORDPRESS www = Chemin du conteneur WORDPRESS WORDPRESS_DB_HOST = IP_DU_NAS + port du conteneur MariaDB WORDPRESS_DB_USER = utilisateur crée dans le conteneur MariaDB WORDPRESS_DB_PASSWORD = mot de passe crée dans le conteneur MariaDB c) Ajout d'une variable au conteneur WORDPRESS on ajoute la variable WORDPRESS_DB_NAME avec le nom de la base de données créé dans le conteneur MariaDB d) Accès Interface WORDPRESS Pour accéder à l'interface WORDPRESS, utiliser: http://IP_DU_NAS:8080 le port choisi lors de l'installation du conteneur ci-dessus (dans mon cas 8080) Si tout ce passe bien vous devez obtenir ceci sur la page du navigateur: FIN

Firmware und BMC Update kann ich dir bereitstellen wenn du magst.

Oh, I see... and I agree, handling the entire unraid server as "exposed host" would be most unwise, especially if you are running privileged containers and such (which I am). But no, I have only opened port 443, nothing else. My router has a separate checkbox for allowing pings to a specific machine, which (to my knowledge) doesn't even know ports. So thanks for clearing that up! Back to my original question: Does myservers support the IPv6 protocol (or is planned to)?

Take the glory!! It's awesome work and thank you to @ljm42 for calling it out! I've been using this daily since I stood up my second unRAID server and the craftsmanship is great. I updated and was able to reissue keys for my four devices in less than 10 minutes.

Hey WireGuard users! Big thanks to @bonienl, yesterday we released a huge update to the WireGuard plugin designed to detect and prevent as many configuration problems as we could. If you are having any problems, please update the plugin, then make a small change to your tunnel and hit Apply, this will trigger all of the new validation rules. Some issues have to be fixed before the changes will save, for others you'll want to enable Advanced mode and read the helpful remarks in the right column. Also, if you are having trouble accessing dockers with custom IPs or other devices on your network, be sure to revisit the quickstart guide: https://forums.unraid.net/topic/84226-wireguard-quickstart/ The section on complex networks was completely rewritten to describe how certain settings conflict with each other. 2021.03.25b This version resolves the tunnel not restarting if changes were saved while connected through the tunnel incorrect AllowedIPs setting for some peer configs iptables not being updated after a reboot This version adds many safety guards to prevent invalid configurations validation that the local endpoint url actually resolves to the external WAN IP notification on specifically which peer configs were modified when changes were saved, so the user knows to update those clients

@ljm42 I am out of town for this weekend, so I used wiregaurd to see if it was on or not. It looks like that was the problem. I'm not sure how or why it got turned off. Many thanks for the suggestion. When I get back to the houses I will verify, but it looks like that was it. 2 weeks for something this simple. I'll report back!

Gotcha. I wish I had developer mates around so I could learn from watching - I reckon there would be a ton of basic dev stuff I'd be good at. I'd be a bit scared of losing my life to IT though - it's bad enough already!

Habe gerade eben 11 GB an Daten auf meine Nextcloud geschoben. (Via Sync Client auf meinem PC) -> Sowohl RAM als auch Docker.img sind unverändert geblieben.

Awesome, great to hear Here are the relevant parts from the docker setup, but take note that I have not updated to check_mk 2.0 - a good weekend project for me checkmk/check-mk-raw:1.6.0-latest https://hub.docker.com/r/checkmk/check-mk-raw https://checkmk.com/application/files/2715/9834/3872/checkmk_icon_neg_v2.png http://[IP]:[PORT:5000]/cmk/check_mk/ --ulimit nofile=1024 --tmpfs /opt/omd/sites/cmk/tmp:uid=1000,gid=1000

Nicht möglich. Wenn Nextcloud eine Sicherheitslücke hat und davon würde ich bei jeder Software ausgehen, dann kannst du dich nicht schützen. Da hilft nur Nextcloud ausschließlich über VPN zu nutzen. Was vielleicht ein bisschen schützt wäre eine rein deutsche IP Range zuzulassen. Aber viel wird das auch nicht helfen, wenn es einer auf deine Daten abgesehen hat. Also Backups, Backups und noch mal Backups. Und eben die anderen Klassiker wie sicheres Passwort und Zwei-Faktor-Authentifizierung. EDIT: Ok, die Ideen hattest du auch schon ^^

Yeah but what I'm concerned about is the fact that something was changed from underneath me. I didn't make these changes but suddenly there's this https://myunraid.ru/ showing up in my unraid templates. My template completely changed, seemed to be changed by a 3rd party actor. These templates are weird - https://github.com/Muwahhidun/unraid-docker-templates and something nefarious seems to be going on. The githistory on that repo is very recent. Yet I was using the VPN template for two years. So how did my unraid switch to a new template? Let me know if this thread isn't the right place to talk about this. I will switch to your template (Thanks for providing it!)

I think this is the template from the other container if I remember correctly... You should be able to switch easily to my container template. Also my container isn't that long around, I think I created it somewhere around last November...

This is not my container, there where a container in the CA App that was also from dperson but not created by me and I think that is the container you are running... Please look in the CA App how my template looks like.

After rsync is done run it again, it will only try to copy the missing files.

Hey LNXD, I tried it already, unfortunately it did not run, i get the same error; Project: PhoenixMiner 5.5c Author: lnxd Base: Ubuntu 14.04.02 Target: Unraid 6.9.0 - 6.9.1 Wallet: 3K4kD8QijmqAJHEqijhWe5Nnbu4CvdURJB Pool: asia1.ethermine.org:4444 Starting PhoenixMiner 5.5c with the following arguments: -pool asia1.ethermine.org:4444 -wal 3K4kD8QijmqAJHEqijhWe5Nnbu4CvdURJB.x -tt 75 -tstop 85 -tstart 80 -cdm 1 -cdmport 5450 -amd Phoenix Miner 5.5c Linux/gcc - Release build -------------------------------------------- [0mNo OpenCL platforms found [91mNo avaiable GPUs for mining. Please check your drivers and/or hardware. [0m I could understand when you are a little exhausted, dealing some year old s**t is often complicated. Thank you very much for your efforts, i hope you will find the igniting spark *fingerscrossing*

Yeah but at least I know the cause and I am no longer paranoid. I can look into implementing something similar as you pointed out for windows or bake into my weekly back up to just copy it and replace old version (Aka the dumb lazy way if I can't figure out the proper way)

It worked! Thank you!

I am having issues with the latest Docker image and i cannot access the application, if i look in the log file located at '/config/supervisord.log' then i see the following message:- '/usr/lib/jvm/java-8-openjdk/jre' is not a valid Java environment path Q. What does it mean and how can i fix it? A. See Q10 from the following link for the solution:- https://github.com/binhex/documentation/blob/master/docker/faq/general.md EDIT - unRAID 6.9.2 has just been released, this includes the latest version of Docker, which in turn includes the latest version of runc, so if you are seeing the message above then the simplest solution is to upgrade to v6.9.2

There's metadata corruption, you need to copy what you can to another place and re-format that disk, corruption like that suggests an underlying hardware problem.

Thanks for trying that build for me mate. 5 hours into development I'm a bit of a zombie, but I got a build working in an Ubuntu 14.04 container with the correct drivers. If this one doesn't work I'm completely stumped. I'm just going to clean up my code and get a build on DockerHub, should be about another 20 mins, I'll tag you in a post. EDIT: @Lobsi all ready. Same process as usual, should just take an update, and then confirm it shows Ubuntu 14.04.02 in the logs. It's wayyy too many layers but that's why it took me more than 20 minutes, every time I started merging them I'd break something. Fingers crossed it sees your card! Yup, mine's sitting at 4318.41mb. It could be an error with my container but I'm getting the same hash rate as I was running it in a VM, I've never really noticed that it doesn't fill it up. EDIT: Sorry I'm half asleep 😂 that's around the current DAG size, so it's a good thing our memory is only half utilised otherwise we wouldn't be able to mine Eth for much longer.

Super danke dir, die installation hat funktioniert.

OMG...I have been running for several years it would seem plugged into the surge only socket....I only came to this post as I just had a power cut and got an immediate parity check which didn't feel right.

It’s static. Can’t remember what the default one is, but you can change it to whichever supported endpoint you wish and it should persist from that point. Sent from my iPhone using Tapatalk

Hi @Lobsi, it was going to happen! Someone found one that's still worthwhile to mine with 😅 Let me do some research and see if I can get this working for you somehow. It's not supported in this container as it stands currently, you'll need a specific build that includes different drivers and you'll probably need to unblacklist radeon. But I'm sure it's possible. EDIT: @Lobsi In your signature, it says your "AMD Radeon R9 270X" is in Server 1 which is running "unRaid 6.2 RC2"! That's not going to work. Are you on a more up to date version now?

Don't hold your breath. https://pca.st/wcs7v9ww skip to 19:10

I have that same Noctua CPU fan you do so I'd imagine it would run too hot if it was working a heavy load 24/7. I suppose I could move the server to a closet or something where I didnt care if all the fans were running 100%, panels off, fan blowing on it. BUT I really dont want to compromise my server with so much heat. Might be a good idea for a dedicated box! Man, I turned off the container for like 5 minutes and my current hashrate fell from like 33MH/s down to 15.3MH/s. They really hit it hard when you stop for a few minutes! Man, thanks for taking the time to put this together, it's pretty cool....I always like finding more ways for my server to be useful for more than movies lol. It's a great use of the wasted video card and doesnt put any strain on any other parts of the server. Awesome job man! If you decide to mess with other stuff a real good wallet stored on Unraid would be cool. One that also has mobile access. Coinomi has a Linux version....I suppose that could be made into a Unraid container. But I'd imagine theres better ones than Coinomi but its rated high and not really any fees except direct miner fees.

The numbers on the Dashboard in the MEMORY section are not all RAM. The RAM indicator is showing how much of your RAM is used. The Flash indicator is showing how full your flash drive is. The Log indicator is showing how full the log space is. The Docker indicator is showing how much of docker.img is used. Now that I have cleared that up According to your diagnostics, Docker is currently disabled but is configured for 27G docker.img. 20G is usually more than enough. In my screenshot above, I am using 50% of 20G while running 17 containers. Making docker.img larger will not fix the problem of filling docker.img, it will only make it take longer to fill. The usual cause of filling docker.img is an application writing to a path that isn't mapped. Note that Linux is case-sensitive, so any path specified in an application must match a container path including upper/lower case.

SMART attributes are recorded by the drive firmware and can't be reset. You can acknowledge the current value by clicking on the SMART warning on the Dashboard page and it will warn again if it increases.

hijack split

Sweet, its working now.....so in the mining container settings it says fan control "only works if privileged mode is enabled"......how do I set up privileged mode? Should I delete my ip from the thread? Maybe that isnt good to publish

Turns out we are a victim of our own success We planned for growth in certain areas of the system but a surge of sign-ins uncovered problems in an unexpected area. Thanks to everyone who installed the plugin and helped uncover this! We are actively working on this and intend to have everything back up later today. Your systems may connect and disconnect throughout the day but it won't hurt them. Please do update your Unraid.net plugin if you haven't already, the latest version has improved logic for disconnects / reconnects and plays a little nicer with mothership

I edited the wallet number to remove the spaces and it started right up. My Radeon RX580 is running at 100% load now.....what is the best way to monitor the gpu temperature?

Depends on hardware generation. i just setup AMD Epyc Rome server with 3200MHz DDR4 - work by default, a this is recommended and supported RAM speed for this system.

Nice tips, I just wish it would be easier to setup KeysFile authentication and disable password authentication for the SSH. Just placing your pupkey in the UI and setting a checkbox to disable password auth would be nice. I currently have it setup like ken-ji describes here. Then i edited PasswordAuthentication to "no". Also think about a secure by default approach with future updates. Why not force the user to set a secure password on first load? Why even make shares public by default? Why allow "guest" to access SMB shares by default? Why create a share for the flash in the first place? I get that some of those things make it more convenient, but imo convenience should not compromise security.

This should do it: mount -o remount -o nodiscard /mnt/cache

On Google Play you´ll find Network Browser which is not working on folder upload on my mobile (Samsung) it´s crashing with a black screen but works well transfering single files to my shares. I´ve posted the same issue in another language and will let you know as soon as I got something performing much better than NB...

On my side, since 6.9: - Wake On LAN from sleep does not work, I need to manually go to the computer and press on. Seems going to sleep does not work as uptime restart from 0. - Wake On LAN from shutdown does work. This + the fact that activity on array isn't recognized, I must add disks manually.

Purchase Intel + NVIDIA for use with GPU / onboard audio pass through. AMD is notorious for having problems with pass through.

How do I use the Syslog Server? Beginning with release 6.7.0, there has been a syslog server functionality added to Unraid. This can be a very powerful diagnostic tool when you are confronted with a situation where the regular tools can not or do not capture information about about a problem because the server has become non-responsive, has rebooted, or spontaneously powered down. However, getting it set up to use has been confusing to many. Let's see if we clarify setting it up for use. Begin by going to Settings >>> Syslog Server This is the basic Syslog Server page: You can click on the 'Help' icon on the Toolbar and get more information for all of these three options. The first one to be considered for use is the Mirror syslog to flash: This one is the simplest to set up. You select 'Yes' from the dropdown box and click on the 'Apply' button and the syslog will be mirrored to logs folder/directory of the flash drive. There is one principal disadvantage to this method. If the condition, that you are trying to troubleshoot, takes days to weeks to occur, it can do a lot of writes to the flash drive. Some folks are hesitant to use the flash drive in this manner as it may shorten the life of the flash drive. This is how the setup screen looks when the Syslog Server is set up to mirror to the flash drive. The second option is use an external Syslog Server. This can be another Unraid server. You can also use virtually any other computer. You find the necessary software by googling for the syslog server <Operating system> After you have set up the computer/server, you fill in the computer/server name or the IP address. (I prefer to use the IP address as there is never any confusion about what it is.) The Click on the 'Apply' button and your syslog will be mirrored to the other computer. The principal disadvantage to this system is that the other computer has be left on continuously until the problem occurs. The third option uses a bit of trickery in that we use the Unraid server with the problem as the Local syslog server. Let's begin by setting up the Local syslog server. After changing the Local syslog server: dropdown to 'Enabled', the screen will look like this. Note that we have a new menu option-- Local syslog folder: This will be a share on the your server but chose it with care. Ideally, it will be a 'cache only' or a 'cache preferred' share. This will minimize the spinning up of disks due to the continuous writing of new lines to the syslog. A cache SSD drive would be the ideal choice here. (The folder that you see above is a 'cache preferred' share. The syslog will be in the root of that folder/share.) If you click the 'Apply button at this point, you will have this server setup to serve as a Remote Syslog Server. It can now capture syslogs from several computers if the need should arise. Now, we added the ip address of this server as the Remote syslog server (Remember the mention of trickery. So basically, you send data out-of-the-server and it comes-right-back-in.) This is what it looks now: As soon as you click on apply, the logging of your syslog will start to a file named (in this case) syslog-192.168.1.242.log in the root of the selected folder (in this case-- Folder_Tree). One very neat feature is that each entry are appended onto this file every time a new line is added to the syslog. This should mean if you have a reboot of the server after a week of collecting the syslog, you will have everything from before the reboot and after the reboot in one file! Thanks @bonienl for both writing this utility and the guidance in putting this together.