Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 12/08/19 in Posts

  1. 4 points
  2. 2 points
    Note: this community guide is offered in the hope that it is helpful, but comes with no warranty/guarantee/etc. Follow at your own risk. What can you do with WireGuard? Let's walk through each of the connection types: Remote access to server: Use your phone or computer to remotely access your Unraid server, including: Unraid administration via the webgui Access dockers, VMs, and network shares as though you were physically connected to the network Remote access to LAN: Builds on "Remote access to server", allowing you to access your entire LAN as well. Server to server access: Allows two Unraid servers to connect to each other. LAN to LAN access: Builds on "Server to server access", allowing two entire networks to communicate. May require additional settings, TBD. Server hub & spoke access: Builds on "Remote access to server", except that all of the VPN clients can connect to each other as well. Note that all traffic passes through the server. LAN hub & spoke access: Builds on "Server hub & spoke access", allowing you to access your entire LAN as well. VPN tunneled access: Route traffic for specific Dockers and VMs through a commercial WireGuard VPN provider (see this guide) Remote tunneled access: Securely access the Internet from untrusted networks by routing all of your traffic through the VPN and out Unraid's Internet connection In this guide we will walk through how to setup WireGuard so that your trusted devices can VPN into your home network to access Unraid and the other systems on your network. Prerequisites You must be running Unraid 6.8 with the Dynamix WireGuard plugin from Community Apps Be aware that WireGuard is is technically classified as experimental. It has not gone through a full security audit yet and has not reached 1.0 status. But it is the first open source VPN solution that is extremely simple to install, fast, and designed from the ground up to be secure. Understand that giving someone VPN access to your LAN is just like giving them physical access to your LAN, except they have it 24x7 when you aren't around to supervise. Only give access to people and devices that you trust, and make certain that the configuration details (particularly the private keys) are not passed around insecurely. Regardless of the "connection type" you choose, assume that anyone who gets access to this configuration information will be able to get full access to your network. This guide works great for simple networks. But if you have Dockers with custom IPs or VMs with strict networking requirements, please see the "Complex Networks" section below. Unraid will automatically configure your WireGuard clients to connect to Unraid using your current public IP address, which will work until that IP address changes. To future-proof the setup, you can use Dynamic DNS instead. There are many ways to do this, probably the easiest is described in this 2 minute video from SpaceInvaderOne If your router has UPnP enabled, Unraid will be able to automatically forward the port for you. If not, you will need to know how to configure your router to forward a port. You will need to install WireGuard on a client system. It is available for many operating systems: https://www.wireguard.com/install/ Android or iOS make good first systems, because you can get all the details via QR code. Setting up the Unraid side of the VPN tunnel First, go to Settings -> Network Settings -> Interface eth0. If "Enable bridging" is "Yes", then WireGuard will work as described below. If bridging is disabled, then none of the "Peer type of connections" that involve the local LAN will work properly. As a general rule, bridging should be enabled in Unraid. If UPnP is enabled on your router and you want to use it in Unraid, go to Settings -> Management Access and confirm "Use UPnP" is set to Yes On Unraid 6.8, go to Settings -> VPN Manager Give the VPN Tunnel a name, such as "MyHome VPN" Press "Generate Keypair". This will generate a set of public and private keys for Unraid. Take care not to inadvertently share the private key with anyone (such as in a screenshot like this) By default the local endpoint will be configured with your current public IP address. If you chose to setup DDNS earlier, change the IP address to the DDNS address. Unraid will recommend a port to use. You typically won't need to change this unless you already have WireGuard running elsewhere on your network. Hit Apply If Unraid detects that your router supports UPnP, it will automatically setup port forwarding for you: If you see a note that says "configure your router for port forwarding..." you will need to login to your router and setup the port forward as directed by the note: Some tips for setting up the port forward in your router: Both the external (source) and internal (target/local) ports should be the set to the value Unraid provides. If your router interface asks you to put in a range, use the same port for both the starting and ending values. Be sure to specify that it is a UDP port and not a TCP port. For the internal (target/local) address, use the IP address of your Unraid system shown in the note. Google can help you find instructions for your specific router, i.e. "how to port forward Asus RT-AC68U" Note that after hitting Apply, the public and private keys are removed from view. If you ever need to access them, click the "key" icon on the right hand side. Similarly, you can access other advanced setting by pressing the "down chevron" on the right hand side. They are beyond the scope of this guide, but you can turn on help to see what they do. In the upper right corner of the page, change the Inactive slider to Active to start WireGuard. You can optionally set the tunnel to Autostart when Unraid boots. Defining a Peer (client) Click "Add Peer" Give it a name, such as "MyAndroid" For the initial connection type, choose "Remote access to LAN". This will give your device access to Unraid and other items on your network. Click "Generate Keypair" to generate public and private keys for the client. The private key will be given to the client / peer, but take care not to share it with anyone else (such as in a screenshot like this) For an additional layer of security, click "Generate Key" to generate a preshared key. Again, this should only be shared with this client / peer. Click Apply. Note: Technically, the peer should generate these keys and not give the private key to Unraid. You are welcome to do that, but it is less convenient as the config files Unraid generates will not be complete and you will have to finish configuring the client manually. Configuring a Peer (client) Click the "eye" icon to view the peer configuration. If the button is not clickable, you need to apply or reset your unsaved changes first. If you are setting up a mobile device, choose the "Create from QR code" option in the mobile app and take a picture of the QR code. Give it a name and make the connection. The VPN tunnel starts almost instantaneously, once it is up you can open a browser and connect to Unraid or another system on your network. Be careful not to share screenshots of the QR code with anyone, or they will be able to use it to access your VPN. If you are setting up another type of device, download the file and transfer it to the remote computer via trusted email or dropbox, etc. Then unzip it and load the configuration into the client. Protect this file, anyone who has access to it will be able to access your VPN. About DNS The 2019.10.20 release of the Dynamix Wireguard plugin includes a "Peer DNS Server" option (thanks @bonienl!) If you are having trouble with DNS resolution on the WireGuard client, return to the VPN Manager page in Unraid and switch from Basic to Advanced mode, add the IP address of your desired DNS server into the "Peer DNS Server" field, then install the updated config file on the client. You may want to use the IP address of the router on the LAN you are connecting to, or you could use a globally available IP like 8.8.8.8 This is required for "Remote tunneled access" mode, if the client's original DNS server is no longer accessible after all traffic is routed through the tunnel. If you are using any of the split tunneling modes, adding a DNS server may provide name resolution on the remote network, although you will lose name resolution on the client's local network in the process. The simplest solution is to add a hosts file on the client that provides name resolution for both networks. Complex Networks (added Oct 24) The instructions above should work out of the box for simple networks. With "Use NAT" defaulted to Yes, all network traffic on Unraid uses Unraid's IP, and that works fine if you have a simple setup. However, if you have Dockers with custom IPs or VMs with strict networking requirements, things may not work right (I know, kind of vague, but feel free to read the two WireGuard threads for examples) A partial solution is: In the WireGuard config, set "Use NAT" to No In your router, add a static route that lets your network access the WireGuard "Local tunnel network pool" through the IP address of your Unraid system. For instance, for the default pool of 10.253.0.0/24 you should add this static route: Network: 10.253.0.0/16 (aka 10.253.0.0 with subnet 255.255.0.0) Gateway: <IP address of your Unraid system> (Note that this covers the entire class B 10.253.x.x network, so you can add other WireGuard tunnels without having to modify your router setup again.) With these changes, your network should work normally. However, your WireGuard clients still may not be able to access Dockers on custom IPs or VMs. If you find a solution to this, please comment!
  3. 2 points
    won't warn you about usage or anything, but to see how much an app has consumed of network, docker stats
  4. 2 points
    Unraid has a 30 drive limit for the array, so there's that. As for your risk tolerance, well, you need backups for anything you can't afford to lose. Every storage OS is similar in that regard. Parity, RAID, whatever, it's not a backup. If you can't afford to lose it, you can't afford not to back it up.
  5. 2 points
    Hey @sonicyouth just start the docker image as normal. Then right click on it and start the console. There you enter: apt install nano Then with nano installed open the file /macinabox/unraid.sh and change the Product ID 041-83630 to 061-10700 Restart the docker container and there u go 😛
  6. 1 point
    The drive which has its file system changed, will show up unmountable. You should have copied all its contents prior to this, because the next step is to format this disk and all its content will be lost.
  7. 1 point
    GoAutoYT makes it easy for you to automatically download videos from as many YouTube channels as you'd like. Features: Clean, very simple design - The dashboard only contains an input form where you can add a channel and configure checking intervals and what to download, and a little list of all your channels where you can delete them or tell the server to check for new uploads immediately. Everything is on a single page - You can view and control everything from just one page. Makes downloading videos/audio automatically very easy - Just paste a link of a channel you want to download, set a checking interval and that's it, the server will keep checking for new uploads and download if necessary. The container runs with PID/GID of 1000 and UMASK of 022 by default. This can be changed by passing environment variables to the container like so: environment: - PUID=1000 - PGID=1000 - UMASK_SET=0044 Mounted folder with the downloaded files is located in : /mnt/user/appdata/go-auto-yt/downloads Mounted folder with the configuration files is located in : /mnt/user/appdata/go-auto-yt/config
  8. 1 point
    @bastl So I updated to 6.8 stable and decided to try this workaround. I did try the Skylake emulation for my AMD FX8320 and it didn't quite seem to like it very much and gave an unsupported CPU error when I tried to start the VM. I guess my CPU is either too old or lacks the instructions to emulate Skylake properly. Maybe I need to model an older Intel CPU, like Sandybridge or something?? I know my model is a Opteron_G5. I had no choice but to opt for Emulated QEMU64 mode, hopefully the lack of AES-NI won't impact overall CPU performance with respect to VPN usage. EDIT: I seem to have gotten pfSense to boot with AES-NI on my AMD wit this: <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>Opteron_G5</model> <vendor>AMD</vendor> <feature policy='require' name='vme'/> <feature policy='require' name='x2apic'/> <feature policy='require' name='tsc-deadline'/> <feature policy='require' name='hypervisor'/> <feature policy='require' name='arat'/> <feature policy='require' name='tsc_adjust'/> <feature policy='require' name='bmi1'/> <feature policy='require' name='mmxext'/> <feature policy='require' name='fxsr_opt'/> <feature policy='require' name='cmp_legacy'/> <feature policy='require' name='cr8legacy'/> <feature policy='require' name='osvw'/> <feature policy='disable' name='rdtscp'/> <feature policy='disable' name='svm'/> </cpu>
  9. 1 point
    Thanks for the great work on getting WireGuard working. I followed the guide to get Remote Tunnelled Access working, but I see that it uses UnRaid's Internet Connection. How can I force the tunnelled traffic through a PiHole Docker? Router that UnRaid and PiHole use: 10.3.1.1 PiHole DNS Output via 'br0' (ad-free): 10.3.1.2 Local tunnel network pool: 10.253.0.1 If I try to set a Peer's DNS to 10.3.1.2, traffic just fails when the VPN is turned on, assuming due to being in a different subnet. Is there a way to get WireGuard Peers connected via Remote Tunnelled Access to also go through my PiHole Docker?
  10. 1 point
    Upgraded from 6.7.2 to 6.8.0 with no issue at all.
  11. 1 point
    For some reason, certain combinations of hardware will issue an mce when initializing the CPU's. That's what happening with yours, and isn't anything to worry about.
  12. 1 point
    I merged your threads, looking at diagnostics now, and just as I expected, you are getting login attempts from all over. Take your server off the internet!!! NOW!!!
  13. 1 point
  14. 1 point
    Unraid rocks! Upgraded to 6.8.0 with no real dramatic issues. Only thing I found was when reinstalling 'UnRaid Nividia' for GPU pass through the plugin is not listing the latest nvidia drivers for 6.8.0, however I selected 6.8.0rc9 and this driver seems to be OK.
  15. 1 point
    I'm curious, why have this limitation/restriction? I ran into the same permissions issue but I don't see this behavior in similar dockers (nzbget, syncthing, etc) that create and access files on my public shares. Edit: Changing the UMASK to 0022 fixes this permission issue. The project as outlined on github uses 022 as the default, but for some reason my docker was set to 044 which was too restrictive for my use case.
  16. 1 point
    That looks it could be a problem with one of the bz* type files on the flash drive. i would suggest: plug the Flash drive into a PC/Mac and run a check on it. download the zip file of the release from the Unraid site. extract all the bz* type files overwriting the ones on the root of the flash drive.
  17. 1 point
    It would seem to me that, if the operation is critically dependent on the functionality of your server, that you would have materials in place to ensure that functionality in the case of failure. If that means having duplicate hardware or software (licenses) then that's what's required. I mean, I'm just a lowly little computer guy with a small hosting operation, and I have a cold spare of my main server sitting here, ready to have everything dropped on it at a moments notice. (reminds me... i'm due for an a-periodic bare metal restore test... thanks for that.) I do that because I've made a promise to my clients, and that requires me to do everything in my power to keep it, including keeping $20k+ (original purchase price) of gear sitting idle. If the necessity of maintaining 2 licenses of unRAID is needed to satisfy your uptime requirements due to the fact of you being in the, as you put it, ass end of the world, then that's just the cost of doing business. I would also suggest that you consider looking at your hardware in terms of, can this REALLY satisfy my requirements? I think an honest evaluation might find it wanting.
  18. 1 point
    As long as you do the editing and running via the User Scripts plugin then there is no problem as it handles this correctly for the new security settings.
  19. 1 point
    It's like the "Tools -> Diagnostics -> attach zip file" that I just copy-paste all the time. 😅
  20. 1 point
    I had to use this dummy kext to get HEVC acceleration back in 10.15.2 HEVCEnabler.kext.zip
  21. 1 point
    Upgraded two servers from 6.7.2 without a problem whatsoever so far. Probably the most pain-free upgrade ever for me.
  22. 1 point
    great work guys, glad to see this branch make it to stable! can't wait to upgrade!
  23. 1 point
    @limetech - https://unraid.net/blog/unraid-6-8 <- on the announcement there is a typo. "We started 6.9 development and initial testing" <- should be 6.8. Just wanted to point it out.. Thanks for the hard work btw
  24. 1 point
  25. 1 point
    You can format now, it will take several minutes with v6.7.2, much faster if using v6.8rc. You can also use the array during the parity sync but is not recommended since both the sync itself and the data transfer will be slower than normal, though data transfer should be better with v6.8, sacrificing the sync.
  26. 1 point
    It is not normal for appdata to contain your media, but merely the Plex working files and as such keeping these on the cache is good for performance. You will have a separate mapping to the plex container for the media and this SHOULD use /mnt/user.
  27. 1 point
    Did you map Plex appdata to /mnt/cache or /mnt/user?
  28. 1 point
    Always create a new VM template when changing machine type (i440fx is based on PCI and Q35 is based on PCIe, the GUI cannot deal with such drastic changes). You can always have 2 VM templates using the same hardware (and vdisk) and switch between them, in a sense, "change it back". From my experience, it is only 10-15s longer initial boot after changing machine type. However, note that frequent switching may cause Windows to require reactivation.
  29. 1 point
    I noticed the same yesterday firing up a Pfsense VM that I use from time to time to test some stuff. No device passthrough I only use 2 virtual nics. One on br0 as WAN for pfsense and a internal virbr where usually a VM is connected to to generate some traffic. It never halted on startup nore did I install anything inside or changed any config. I played around a couple hours yesterday but I wasn't able to start the VM at all. Changing different Q35 versions, switching the vdisk type from qcow2 to raw, virtio, scsi, sata nothing worked. Also the restore of an old backup didn't help and also not to generate a new VM with the same vdisk attached. It always halts directly after the boot selection and 1 core utilises 100%
  30. 1 point
    Sometime it's the small things in life LOL; FINALLY got all this sorted out. Converted to SQL DB and got the silly security warnings ALL fixed. "All checks passed." Anyone else having Nextclouds Security check update the scan on their website? Says my scan was last done in October and I hit "trigger re-scan" hours ago and it still hasn't updated hmmm :shrug: oh well
  31. 1 point
    I'm very much interested in hearing how things go.
  32. 1 point
    Way to early in the morning for answering forum posts.... I blame no coffee! 😑
  33. 1 point
    It can, but it shouldn't cause data corruption, it should correct single bit errors or halt the system if an uncorrectable error is detected, you can post the diagnostics, maybe something else visible.
  34. 1 point
    I will expand the guide write on the reserved post how to integrate nextcloud with document server.... In case you did not succeed read the how to again when it is done.
  35. 1 point
    Dude, I've already replied to you on the ls.io forum. Sent from my Mi A1 using Tapatalk
  36. 1 point
  37. 1 point
    Change to: hook_script = '/usr/bin/zm_detect_wrapper.sh'
  38. 1 point
    It's hosted on Digitalocean Spaces
  39. 1 point
    I also had this problem and just fixed it. Looks like the new update pushed qBittorrent 4.2.0, which uses a different password hashing process. You can reset to the default account (admin:adminadmin) by editing the config file at ~/appdata/qbittorrent/qBittorrent/qBittorrent.conf Delete the lines near the end starting with WebUI\Username and WebUI\Password_ha1 After you log in with the default and set a new username and password, the WebUI\Password_ha1 line becomes WebUI\Password_PBKDF2
  40. 1 point
    It was a controller problem: Dec 6 06:22:09 Tower kernel: mpt2sas_cm0: SAS host is non-operational !!!! Mmake sure it's well seated and sufficiently cooled, you can also try a different PCIe slot if available. As for the disabled disk either rebuild on top if the emulated disk is mounting correctly and data looks fine, or, and assuming nothing was written to it after it got disabled, do a new config and resync parity.
  41. 1 point
    unRAID is now having libevent-2.1.11-x86_64-1 installed by default. Preclear plugin is downgrading this to libevent-2.1.8-x86_64-3, please see below. Not sure from which unRAID version libevent is included, but could you please remove the downloading and installation of libevent for unRAID v6.8.0 for sure? Thank you! Dec 6 09:59:05 Tower root: +============================================================================== Dec 6 09:59:05 Tower root: | Upgrading libevent-2.1.11-x86_64-1 package using /boot/config/plugins/preclear.disk/libevent-2.1.8-x86_64-3.txz Dec 6 09:59:05 Tower root: +============================================================================== Dec 6 09:59:05 Tower root: Pre-installing package libevent-2.1.8-x86_64-3... Dec 6 09:59:05 Tower root: Removing package: libevent-2.1.11-x86_64-1-upgraded-2019-12-06,09:59:05 Dec 6 09:59:05 Tower root: Verifying package libevent-2.1.8-x86_64-3.txz. Dec 6 09:59:05 Tower root: Installing package libevent-2.1.8-x86_64-3.txz:
  42. 1 point
    Master Version: Not sure what is going on, just updated, and now it crashes without much in the logs. Debug mask set to true or false comes up with same logs I will install and test dev, as I no longer see a master version, only 2 dev versions available. < ___. .__ .__ \_ |__ |__| ____ | |__ ____ ___ ___ | __ \| |/ \| | \_/ __ \\ \/ / | \_\ \ | | \ Y \ ___/ > < |___ /__|___| /___| /\___ >__/\_ \ \/ \/ \/ \/ \/ https://hub.docker.com/u/binhex/ 2019-12-04 17:03:37.527209 [info] System information Linux 642928f489f4 5.3.6-Unraid #2 SMP Wed Oct 16 14:28:06 PDT 2019 x86_64 GNU/Linux 2019-12-04 17:03:37.565416 [info] PUID defined as '99' 2019-12-04 17:03:37.760181 [info] PGID defined as '100' 2019-12-04 17:03:38.047748 [info] UMASK defined as '000' 2019-12-04 17:03:38.082860 [info] Permissions already set for volume mappings 2019-12-04 17:03:38.125948 [info] DELUGE_DAEMON_LOG_LEVEL not defined,(via -e DELUGE_DAEMON_LOG_LEVEL), defaulting to 'info' 2019-12-04 17:03:38.160930 [info] DELUGE_WEB_LOG_LEVEL not defined,(via -e DELUGE_WEB_LOG_LEVEL), defaulting to 'info' 2019-12-04 17:03:38.197591 [info] VPN_ENABLED defined as 'yes' 2019-12-04 17:03:38.245688 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/** >
  43. 1 point
    It's a bit of an upfront cost, but it pays for itself from ease of use and free of hassles by not requiring custom kernels if you switch over to using a network-based tuners such as HDHomeRun.
  44. 1 point
    I understand you don't want to compile yourself, but I don't particularly want to compile any more than the exisiting four/five builds I do with every release. If these kernel modifications are needed then they should be pushed upstream to LimeTech.
  45. 1 point
    Great interview! Fantastic videos, they got me into unRAID and I watch every one you release @SpaceInvaderOne. A live stream would be great, you should do a regular slot! Neat setup with the servers, it gave me some ideas for my three servers. Keep up the excellent work.
  46. 1 point
    The H310 is a PCIe 2.0 x8 card. You can expect a max bandwidth of ~400 MB/s per lane. That's plenty for any spinning disk. You should not attach SSDs to it anyway as it does not support TRIM operations. There are lots of tests and benchmarks that show that 3.2 GB/s is the real-world maximum for all lanes (accounting for overhead) despite the higher stated theoretical limit of 500 MB/s per lane. I have an H310 in my server.
  47. 1 point
    I did a quick search and I don't believe this is what you want. It is a dedicated RAID card and won't work with Unraid. Read here for a details on the type of card that you should be looking for: https://forums.unraid.net/topic/69018-sata-controller-replacement-question-and-advice/?tab=comments#comment-630097
  48. 1 point
    All volumes for docker containers require two things, the path to the unRaid folder, and the path within the container. Its the container path that Plex actually accesses. As an example, you've got Plex's appdata as /mnt/user/appdata/Plex and a container path of /config If you explore within the container, you will see the contents of /mnt/user/appdata/Plex stored within Plex at /config Same thing with your media. Once you add the path of /media, you will see the contents of that disk at /media
  49. 1 point
    Can't remember when it was added but for sure 6.2 includes a listing of the directory /boot/extra (this information is stored in the file folders.txt under system). Never knew that... Awesome addition. config/boot/extra is not a directory, at least not one created by unRAID OS. config/boot/extra.cfg is a config file that can be used to provide "extra" mount options to shfs, among other things - mainly this is a development tool. This file is not created by default.
  50. 1 point
    Because of my troubles with the Pro/1000 PT I bough a i340-T4, it's a more recent model, works on any board I tried, half the TDP also. The i350-T4 is even newer, but careful with Chinese sellers at prices that look to good to be true, that ones look counterfeit, e.g., look at the unbranded crystal, see here for how to spot them: https://forums.servethehome.com/index.php?threads/comparison-intel-i350-t4-genuine-vs-fake.6917/