Leaderboard

Popular Content

Showing content with the highest reputation since 01/22/21 in Posts

  1. I had exactly the same issue and could not find any solutions on the forum or the internet. So I did some digging myself and found the cause of the issue. The docker update check script gets the remote digest of the latest tag from the docker repository via a header called 'Docker-Content-Digest'. The script checks for this header with a case-sensitive regex pattern. Manually querying the docker hub registry gives me a header called 'docker-content-digest' (mind the casing). The docker hub registry must have recently changed the casing of this header, because it broke for me in the last 24 hours. I'm running on Unraid 6.8.3 still, so I'm not 100% sure if this issue also exists in 6.9.x. If you feel up to it, you could quite easily fix this yourself until there is a real fix. I'll describe the steps below: Open file: /usr/local/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php Go to line 457. There you should look for the text: @Docker-Content-Digest:\s*(.*)@ and replace it with: @Docker-Content-Digest:\s*(.*)@i Save the file. This will make the header check case-insensitive and should make it work again.
    39 points
  2. Refer to Summary of New Features for an overview of changes since version 6.8. To upgrade: First create a backup of your USB flash boot device: Main/Flash/Flash Backup If you are running any 6.4 or later release, click 'Check for Updates' on the Tools/Update OS page. If you are running a pre-6.4 release, click 'Check for Updates' on the Plugins page. If the above doesn't work, navigate to Plugins/Install Plugin, select/copy/paste this plugin URL and click Install: https://s3.amazonaws.com/dnld.lime-technology.com/stable/unRAIDServer.plg Bugs: If you discover a bug or other issue in this release, please open a Stable Releases Bug Report. From myself and everyone at Lime Technology, I want to express heartfelt thanks to the Community for helping with testing, providing feedback and code changes. Hopefully this is the last of the massive releases; as a company we are committed to producing smaller, more frequent stable releases. - Tom Mortensen Reverting back to 6.8.3 If you have a cache disk/pool it will be necessary to either: restore the flash backup you created before upgrading (you did create a backup, right?), or on your flash, copy 'config/disk.cfg.bak' to 'config/disk.cfg' (restore 6.8.3 cache assignment), or manually re-assign storage devices assigned to cache back to cache This is because to support multiple pools, code detects the upgrade to 6.9.0 and moves the 'cache' device settings out of 'config/disk.cfg' and into 'config/pools/cache.cfg'. If you downgrade back to 6.8.3 these settings need to be restored.
    36 points
  3. This release contains bug fixes and minor improvements. To upgrade: First create a backup of your USB flash boot device: Main/Flash/Flash Backup If you are running any 6.4 or later release, click 'Check for Updates' on the Tools/Update OS page. If you are running a pre-6.4 release, click 'Check for Updates' on the Plugins page. If the above doesn't work, navigate to Plugins/Install Plugin, select/copy/paste this plugin URL and click Install: https://s3.amazonaws.com/dnld.lime-technology.com/stable/unRAIDServer.plg Bugs: If you discover a bug or other issue in this release, please open a Stable Releases Bug Report. Thank you to all Moderators, Community Developers and Community Members for reporting bugs, providing information and posting workarounds. Please remember to make a flash backup! Edit: FYI - we included some code to further limit brute-force login attempts; however, fundamental changes to certain default settings will be made starting with 6.10 release. Unraid OS has come a long way since originally conceived as a simple home NAS on a trusted LAN. It used to be that all protocols/shares/etc were by default "open" or "enabled" or "public" and if someone was interested in locking things down they would go do so on case-by-case basis. In addition, it wasn't so hard to tell users what to do because there wasn't that many things that had to be done. Let's call this approach convenience over security. Now, we are a more sophisticated NAS, application and VM platform. I think it's obvious we need to take the opposite approach: security over convenience. What we have to do is lock everything down by default, and then instruct users how to unlock things. For example: Force user to define a root password upon first webGUI access. Make all shares not exported by default. Disable SMBv1, ssh, telnet, ftp, nfs by default (some are already disabled by default). Provide UI for ssh that lets them upload a public key and checkbox to enable keyboard password authentication. etc. We have already begun the 6.10 cycle and should have a -beta1 available soon early next week (hopefully).
    35 points
  4. Hello Unraid Community! It has come to our attention that in recent days, we've seen a significant uptick in the amount of Unraid server's being compromised due to poor security practices. The purpose of this post is to help our community verify their server's are secure and provide helpful best-practices recommendations to ensuring your system doesn't become another statistic. Please review the below recommendations on your server(s) to ensure they are safe. Set a strong root password Similar to many routers, Unraid systems do not have a password set by default. This is to ensure you can quickly and easily access the management console immediately after initial installation. However, this doesn't mean you shouldn't set one. Doing this is simple. Just navigate to the Users tab and click on root. Now set a password. From then on, you will be required to authenticate anytime you attempt to login to the webGui. In addition, there is a plugin available in Community Apps called Dynamix Password Validator. This plugin will provide guidance on how strong of a password you're creating based on complexity rules (how many capital vs. lowercase letters, numbers, symbols, and overall password length are used to judge this). Consider installing this for extra guidance on password strength. Review port mappings on your router Forwarding ports to your server is required for specific services that you want to be Internet-accessible such as Plex, FTP servers, game servers, VoIP servers, etc. But forwarding the wrong ports can expose your server to significant security risk. Here are just a few ports you should be extra careful with when forwarding: Port 80: Used to access the webGui without SSL (unless you've rebound access to another port on the Management Access settings page). DO NOT forward port 80. Forwarding this port by default will allow you to access the webGui remotely, but without SSL securing the connection, devices in between your browser and the server could "sniff" the packets to see what you're doing. If you want to make the webGui remotely accessible, install the Unraid.net plugin to enable My Servers on your system, which can provide a secure remote access solution that utilizes SSL to ensure your connection is fully encrypted. Port 443: Used to access the webGui with SSL. This is only better than port 80 if you have a root password set. If no root password is set and you forward this port, unauthorized users can connect to your webGui and have full access to your server. In addition, if you forward this port without using the Unraid.net plugin and My Servers, attempts to connect to the webGui through a browser will present a security warning due to the lack of an SSL certificate. Consider making life easier for yourself and utilize Unraid.net with My Servers to enable simple, safe, and secure remote access to your Unraid systems. NOTE: When setting up Remote Access in My Servers, we highly recommend you choose a random port over 1000 rather than using the default of 443. Port 445: Used for SMB (shares). If you forward this port to your server, any public shares can be connected to by any user over the internet. Generally speaking, it is never advisable to expose SMB shares directly over the internet. If you need the ability to access your shares remotely, we suggest utilizing a Wireguard VPN to create a secure tunnel between your device and the server. In addition, if the flash device itself is exported using SMB and this port is forwarded, its contents can easily be deleted and your paid key could easily be stolen. Just don't do this. Port 111/2049: Used for NFS (shares). While NFS is disabled by default, if you are making use of this protocol, just make sure you aren't forwarding these ports through your router. Similar to SMB, just utilize Wireguard to create a secure tunnel from any remote devices that need to connect to the server over NFS. Port 22/23: Used by Telnet and SSH for console access. Especially dangerous for users that don't have a root password set. Similar to SMB, we don't recommend forwarding these ports at all, but rather, suggest users leverage a Wireguard VPN connection for the purposes of connecting using either of these protocols. Ports in the 57xx range: These ports are generally used by VMs for VNC access. While you can forward these ports to enable VNC access remotely for your VMs, the better and easier way to do this is through installing the Unraid.net plugin and enabling My Servers. This ensures that those connections are secure via SSL and does not require individual ports to be forwarded for each VM. Generally speaking, you really shouldn't need to forward many ports to your server. If you see a forwarding rule you don't understand, consider removing it, see if anyone complains, and if so, you can always put it back. Never ever ever put your server in the DMZ No matter how locked down you think you have your server, it is never advisable to place it in the DMZ on your network. By doing so, you are essentially forwarding every port on your public IP address to your server directly, allowing all locally accessible services to be remotely accessible as well. Regardless of how "locked down" you think you actually have the server, placing it in the DMZ exposes it to unnecessary risks. Never ever do this. Consider setting shares to private with users and passwords The convenience of password-less share access is pretty great. We know that and its why we don't require you to set passwords for your shares. However, there is a security risk posed to your data when you do this, even if you don't forward any ports to your server and have a strong root password. If another device on your network such as a PC, Mac, phone, tablet, IoT device, etc. were to have its security breached, it could be used to make a local connection to your server's shares. By default, shares are set to be publicly readable/writeable, which means those rogue devices can be used to steal, delete, or encrypt the data within them. In addition, malicious users could also use this method to put data on your server that you don't want. It is for these reasons that if you are going to create public shares, we highly recommend setting access to read-only. Only authorized users with a strong password should be able to write data to your shares. Don't expose the Flash share, and if you do, make it private The flash device itself can be exposed over SMB. This is convenient if you need to make advanced changes to your system such as modifying the go file in the config directory. However, the flash device itself contains the files needed to boot Unraid as well as your configuration data (disk assignments, shares, etc). Exposing this share publicly can be extremely dangerous, so we advise against doing so unless you absolutely have to, and when you do, it is advised to do so privately, requiring a username and password to see and modify the contents. Keep your server up-to-date Regardless of what other measures you take, keeping your server current with the latest release(s) is vital to ensuring security. There are constant security notices (CVEs) published for the various components used in Unraid OS. We here at Lime Technology do our best to ensure all vulnerabilities are addressed in a timely manner with software updates. However, these updates are useless to you if you don't apply them in a timely manner as well. Keeping your OS up-to-date is easy. Just navigate to Tools > Update OS to check for and apply any updates. You can configure notifications to prompt you when a new update is available from the Settings > Notifications page. More Best Practices Recommendations Set up and use WireGuard, OpenVPN or nginxProxyManager for secure remote access to your Shares. For WireGuard set up, see this handy getting started guide. Set up 2FA on your Unraid Forum Account. Set up a Remote Syslog Server. Install the Fix Common Problems plugin. Installing this plugin will alert you to multiple failed login attempts and much, much more. Change your modem password to something other than the default. Consider installing ClamAV. In addition to all of the above recommendations, we've asked SpaceInvaderOne to work up a video with even more detailed best-practices related to Unraid security. We'll post a link as soon as the video is up to check out what other things you can do to improve your system security. It is of vital importance that all users review these recommendations on their systems as soon as possible to ensure that you are doing all that is necessary to protect your data. We at Lime Technology are committed to keeping Unraid a safe and secure platform for all of your personal digital content, but we can only go so far in this effort. It is ultimately up to you the user to ensure your network and the devices on it are adhering to security best-practices.
    34 points
  5. Done. Going back to bed now...
    27 points
  6. This thread is meant to replace the now outdated old one about recommended controllers, these are some controllers known to be generally reliable with Unraid: 2 ports: Asmedia ASM1061/62 (PCIe 2.0 x1) or JMicron JMB582 (PCIe 3.0 x1) 4 ports: Asmedia ASM1064 (PCIe 3.0 x1) or ASM1164 (PCIe 3.0 x4 physical, x2 electrical, though I've also seen some models using just x1) 5 ports: JMicron JMB585 (PCIe 3.0 x4 - x2 electrically) These JMB controllers are available in various different SATA/M.2 configurations, just some examples: 6 ports: Asmedia ASM1166 (PCIe 3.0 x4 physical, x2 electrical) These exist with both x4 (x2 electrical) and x1 PCIe interface, for some use cases the PCIe x1 may be a good option, i.e., if you don't have larger slots available, though bandwidth will be limited: 8 ports: any LSI with a SAS2008/2308/3008/3408 chipset in IT mode, e.g., 9201-8i, 9211-8i, 9207-8i, 9300-8i, 9400-8i, etc and clones, like the Dell H200/H310 and IBM M1015, these latter ones need to be crossflashed (most of these require a x8 or x16 slot, older models like the 9201-8i and 9211-8i are PCIe 2.0, newer models like the 9207-8i, 9300-8i and newer are PCIe 3.0) For these and when not using a backplane you need SAS to SATA breakout cables, SFF-8087 to SATA for SAS2 models: SFF-8643 to SATA for SAS3 models: Keep in mind that they need to be forward breakout cables (reverse breakout look the same but won't work, as the name implies they work for the reverse, SATA goes on the board/HBA and the miniSAS on a backplane), sometimes they are also called Mini SAS (SFF-8xxx Host) to 4X SATA (Target), this is the same as forward breakout. If more ports are needed you can use multiple controllers, controllers with more ports (there are 16 and 24 port LSI HBAs, like the 9201-16i, 9305-16i, 9305-24i, etc) or use one LSI HBA connected to a SAS expander, like the Intel RES2SV240 or HP SAS expander. P.S. Avoid SATA port multipliers with Unraid, also avoid any Marvell controller. For some performance numbers on most of these see below:
    26 points
  7. This release contains bug fixes and minor improvements. Refer to Summary of New Features for an overview of changes since version 6.8. To upgrade: First create a backup of your USB flash boot device: Main/Flash/Flash Backup If you are running any 6.4 or later release, click 'Check for Updates' on the Tools/Update OS page. If you are running a pre-6.4 release, click 'Check for Updates' on the Plugins page. If the above doesn't work, navigate to Plugins/Install Plugin, select/copy/paste this plugin URL and click Install: https://s3.amazonaws.com/dnld.lime-technology.com/stable/unRAIDServer.plg Bugs: If you discover a bug or other issue in this release, please open a Stable Releases Bug Report. Thank you to all Moderators, Community Developers and Community Members for reporting bugs, providing information and posting workarounds. Please remember to make a flash backup.
    21 points
  8. The attachment in this post is a joint effort between @Batter Pudding and myself. @Batter Pudding supplied much of the technical part of the Attached Document and I provide most of the background information. What we are attempting to do is to show that it is easy to actually use Unraid with all of the security features that Microsoft has incorporated into Windows 10. What many of us have been doing (myself included) is to reverse those enhancements to security and use our Unraid network in what is basically a 2010 security environment. @limetechhas announced in the release thread for version 6.9.2 that they are about to increase security on Unraid in future releases. Unfortunately, this list is going to impact a lot of current Unraid users as many have setup their Unraid servers and networking to use these very features. Each user will have two choices. Either embrace security or spend time to undo each new security addition that either LimeTech or MS adds in their updates. If you decide to continue to bypass security, just realize that the number of folks prepared to assist you with any problems doing this will probably decline as more folks adopt increased security as a necessity. In some cases, this is going to present some difficult decisions. For example, I have an old Netgear NTV-550 set top media player (last firmware/software update was in early 2011) that only supports SMBv1 or NFS. Do I open up a security hole to use a well-functioning piece of equipment or do I replace it? (The choice, obviously, is one that only I can make...) Two Important things! Do not post up any problems that you have with networking between Windows 10 and Unraid in this thread! Start a new thread in the General Support forum. Please don’t tell us that there is another way to do something and that we should change our recommendation to employ that method. If you feel you have a better way, you are encouraged to write it up in detail and post it in this thread pointing out the advantages of your way. (One well regarded Windows 10 networking book has over 400 pages in it. Our document is 16 pages long…) EDIT: November 30, 2021. Recently, something has come to my attention about Unraid and SMB. There have been incidences where access to Unraid shares is restricted or blocked completely from users who should have access to it. What has been found in these cases is that a feature, has been enable on the Unraid side, called Access Control Lists (ACL for short). This will show up as an ‘+’ at the end of the Linux permissions. See the screen capture below: Note that the ‘+’ is also on the file as well as the share/directory. ACL changes the way that Linux is going to control access to these resources. After some research, I found out that Windows has used ACL for a long time. The SAMBA group has added ACL into its version of SMB. Unraid does not use ACL in its security scheme. At the present time, I can think of only one way that a ACL could be found on any Unraid server. It was done by a Windows user who was trying to change how SMB worked by applying Windows security features to an Unraid share by changing the default Security settings. (Basically, right-clicking on the Share in Windows Explorer, selecting ‘Properties’, then the ‘Security’ tab and working from there.) The point I am making is that you can’t fix a share access problem by trying to change a Unraid share security using Windows security tools on that share. If you try, you will probably make things worst! (Unless you are a Windows SMB Networking Guru…) It is important to realize that if you are denied permission to an Unraid share resource, the problem can only be fixed on the Unraid side using the Tools in the Unraid GUI (or via the command line for specific problems). If you are having an access problem to a Unraid share and can’t solve it with the tools in the GUI, start a thread in the General Support sub-forum and let the community help you fix it. Unraid & Windows 10 SMB Setup.pdf
    20 points
  9. ***Update*** : Apologies, it seems like there was an update to the Unraid forums which removed the carriage returns in my code blocks. This was causing people to get errors when typing commands verbatim. I've fixed the code blocks below and all should be Plexing perfectly now Y =========== Granted this has been covered in a few other posts but I just wanted to have it with a little bit of layout and structure. Special thanks to [mention=9167]Hoopster[/mention] whose post(s) I took this from. What is Plex Hardware Acceleration? When streaming media from Plex, a few things are happening. Plex will check against the device trying to play the media: Media is stored in a compatible file container Media is encoded in a compatible bitrate Media is encoded with compatible codecs Media is a compatible resolution Bandwith is sufficient If all of the above is met, Plex will Direct Play or send the media directly to the client without being changed. This is great in most cases as there will be very little if any overhead on your CPU. This should be okay in most cases, but you may be accessing Plex remotely or on a device that is having difficulty with the source media. You could either manually convert each file or get Plex to transcode the file on the fly into another format to be played. A simple example: Your source file is stored in 1080p. You're away from home and you have a crappy internet connection. Playing the file in 1080p is taking up too much bandwith so to get a better experience you can watch your media in glorious 240p without stuttering / buffering on your little mobile device by getting Plex to transcode the file first. This is because a 240p file will require considerably less bandwith compared to a 1080p file. The issue is that depending on which format your transcoding from and to, this can absolutely pin all your CPU cores at 100% which means you're gonna have a bad time. Fortunately Intel CPUs have a little thing called Quick Sync which is their native hardware encoding and decoding core. This can dramatically reduce the CPU overhead required for transcoding and Plex can leverage this using their Hardware Acceleration feature. How Do I Know If I'm Transcoding? You're able to see how media is being served by playing a first something on a device. Log into Plex and go to Settings > Status > Now Playing As you can see this file is being direct played, so there's no transcoding happening. If you see (throttled) it's a good sign. It just means is that your Plex Media Server is able to perform the transcode faster than is necessary. To initiate some transcoding, go to where your media is playing. Click on Settings > Quality > Show All > Choose a Quality that isn't the Default one If you head back to the Now Playing section in Plex you will see that the stream is now being Transcoded. I have Quick Sync enabled hence the "(hw)" which stands for, you guessed it, Hardware. "(hw)" will not be shown if Quick Sync isn't being used in transcoding. PreRequisites 1. A Plex Pass - If you require Plex Hardware Acceleration Test to see if your system is capable before buying a Plex Pass. 2. Intel CPU that has Quick Sync Capability - Search for your CPU using Intel ARK 3. Compatible Motherboard You will need to enable iGPU on your motherboard BIOS In some cases this may require you to have the HDMI output plugged in and connected to a monitor in order for it to be active. If you find that this is the case on your setup you can buy a dummy HDMI doo-dad that tricks your unRAID box into thinking that something is plugged in. Some machines like the HP MicroServer Gen8 have iLO / IPMI which allows the server to be monitored / managed remotely. Unfortunately this means that the server has 2 GPUs and ALL GPU output from the server passed through the ancient Matrox GPU. So as far as any OS is concerned even though the Intel CPU supports Quick Sync, the Matrox one doesn't. =/ you'd have better luck using the new unRAID Nvidia Plugin. Check Your Setup If your config meets all of the above requirements, give these commands a shot, you should know straight away if you can use Hardware Acceleration. Login to your unRAID box using the GUI and open a terminal window. Or SSH into your box if that's your thing. Type: cd /dev/dri ls If you see an output like the one above your unRAID box has its Quick Sync enabled. The two items were interested in specifically are card0 and renderD128. If you can't see it not to worry type this: modprobe i915 There should be no return or errors in the output. Now again run: cd /dev/dri ls You should see the expected items ie. card0 and renderD128 Give your Container Access Lastly we need to give our container access to the Quick Sync device. I am going to passively aggressively mention that they are indeed called containers and not dockers. Dockers are manufacturers of boots and pants company and have nothing to do with virtualization or software development, yet. Okay rant over. We need to do this because the Docker host and its underlying containers don't have access to anything on unRAID unless you give it to them. This is done via Paths, Ports, Variables, Labels or in this case Devices. We want to provide our Plex container with access to one of the devices on our unRAID box. We need to change the relevant permissions on our Quick Sync Device which we do by typing into the terminal window: chmod -R 777 /dev/dri Once that's done Head over to the Docker Tab, click on the your Plex container. Scroll to the bottom click on Add another Path, Port, Variable Select Device from the drop down Enter the following: Name: /dev/dri Value: /dev/dri Click Save followed by Apply. Log Back into Plex and navigate to Settings > Transcoder. Click on the button to SHOW ADVANCED Enable "Use hardware acceleration where available". You can now do the same test we did above by playing a stream, changing it's Quality to something that isn't its original format and Checking the Now Playing section to see if Hardware Acceleration is enabled. If you see "(hw)" congrats! You're using Quick Sync and Hardware acceleration [emoji4] Persist your config On Reboot unRAID will not run those commands again unless we put it in our go file. So when ready type into terminal: nano /boot/config/go Add the following lines to the bottom of the go file modprobe i915 chmod -R 777 /dev/dri Press Ctrl X, followed by Y to save your go file. And you should be golden!
    16 points
  10. Hello Unraid Community! Today we're excited to give you a sneak peak at something we've been working on for quite some time. A new feature we like to call My Servers. "My Servers" is designed to extend the value of your investment in Unraid by enabling you to more easily connect, share, monitor, and access your systems. For the initial beta launch, we are focusing on the following key features: Secure Remote Access Whether you need to add a share, container, or virtual machine, do it all from the webGui from anywhere and at any time using using HTTPS. Best of all, all SSL certificates are verified by Let's Encrypt, so no browser security warnings. Online Flash Backup When your Unraid configuration changes, the new settings on the flash drive will automatically be backed up to Unraid.net, enabling easy recovery in the event of a device failure. Never self-manage/host your flash backups again! Real-time Monitoring Get quick real-time info on the status of your servers such as storage, container, and VM usage. And not just for one server, but all the servers in your Unraid fleet! License Management Download any registration key linked to your account. Upgrade keys to higher editions. In addition, Trial keys are now downloaded automatically. Simply sign-in! Installing For the full details on how to install and configure, check out the wiki.
    16 points
  11. Has the plan for VM snapshots gone away?
    16 points
  12. Just thought I'd share my experience setting up a Valheim server with this docker app from @ich777(thank you!) You don't need to worry about Steam authentication for Valheim, the default anonymous user can download and host a server (yay!), so no fuss with Steam users or Steam Guard to worry about. Deploy the docker as provided, leaving username & password blank. The Server Name field is important, this is how your name will appear in the public server list in Valheim. (as of this writing there are 7 "Valheim Docker" server names, good luck finding yours! So choose something unique that you and your friends can find. World Name is the name of your world, this can be anything, if you wish to import a single-player or self-hosted save file in your docker, this name must be set to the same name/spelling as your save game world. Save the docker/let it install. You'll want to make sure your firewall or router has UDP ports 2456-2458 forwarded to your Unraid server's IP so the game can work as intended. In 10-15 minutes typically you should see your server name in the public server list in Valheim, you're done! * if you wish to import a previous save file, you need to make sure the Docker is Stopped first. Then browse your local computer's profile, typically in "%appdata%\..\LocalLow\IronGate\Valheim\worlds" you will find your save games. You'll want to take a copy of your world files, database, everything named the same as your world name over to your docker data files, by default with this docker settings should be: \\<your unraid server IP or name>\appdata\valheim\.config\unity3d\IronGate\Valheim\worlds Place your save game files in there, and overwrite any existing newly generated world of the same name with your save game. Start the Docker, wait for it to appear in Valheim, join & play! I hope this was helpful for someone, took a bit to figure out the exact steps to follow
    16 points
  13. Yeah just a min, actually about 15. I put it on the wrong branch 😆 Ok good to go now, sheesh
    15 points
  14. I have a created a file manager plugin, which I will release when the next Unraid 6.10 version comes out, This plugin extends the already present Browse function of Unraid with file management operations, such as copy, move, rename, delete and download. Operations can be performed on either folders and/or files and objects can be selected using a selection box at the left (in case multiple objects need to be copied or moved for example) or by clicking on a selection popup to an operation on a single object. All operations need to be confirmed before proceeding, this should avoid accidental mistakes. The file manager gives direct access to all resources on the array and pools and should be handled with care. Below two screenshots to give a first impression. Once released more info will be given in the plugins section.
    14 points
  15. Hallo an alle! Wollte hier schon längst mal meinen Server vorstellen da ich das für schon längst fällig hielt und ich sonst irgendwie nie so richtig Zeit gefunden hab. Der Server besteht aus folgenden Komponenten: Case: NZXT H2 Classic (Frontblende wurde entfernt für besseren AirFlow) zusätzlicher HDD Cage: ICY Dock MB074SP-B (wird demnächst gegen ein MB074SP-1B mit Hot-Swap getauscht) CPU: Intel Core i5-10600 CPU Kühler: Noctua NH-U14S Motherboard: ASUS Z490-E GAMING RAM: 4x Corsair Vengeance LPX 16GB DDR4 @2666MT/s C16 Netzteil: Corsair RM850x Addon Karten: Mellanox ConnectX3 CX311A-XCAT 10Gbit/s SFP+ NIC 2x DigitalDevices Cine C/T v6 Dual Tuner TV Karten Dell Perc H310 LSI 9240-8i im HBA Modus Coral Dual Edge TPU (leider nur einer verfügbar da nur über PCIe x1 angebunden) Nvidia T400 2GB Speicher: 2x Samsung 970 Evo Plus 1TB ZFS Mirror (appdata, Docker, libvirt,...) 2x Crucial MX500 1TB als Cache Pool (Nextcloud Datenverzeichnis, unRAID Cache,...) 1x M2 NVMe Transcend 128GB (per VirtIO durchgereicht zu einer Debian VM zum bauen der Docker Container) 6x WD Reds/White Labels für das Array mit einer Parity (Debian aptitude Mirror, verschiedenste Mirror von Betriebssystemen, Private Cotnainer Registry, Medien...) 1x Industrial Samsung SSD 128GB (per VirtIO durchgereicht zu einer VM zum bauen der Plugin Pakete für unRAID) 1x WD Red Unassigned Devices (Nextcloud externe Speicher, Backups, nicht kritische Daten...) Boot Stick(s): 1x Transcend JetFlash 600 Extreme-Speed 32GB USB 2.0 (unRAID) 1x SanDisk 16GB Cruzer Blade USB 2.0 (durchgereicht zu einer unRAID VM) Der Server beherbergt außerdem auch noch ein Git Repo, Jenkins und wie schon oben erwähnt eine Debian VM & eine unRAID VM. Auf dem Server werden lokal alle meine Docker Container gebaut, werden danach zu DockerHub und nochmal auf den Server in eine Private Registry (sicher ist sicher ) hochgeladen. Wie schon oben erwähnt befindet sich auf dem Server noch eine unRAID VM die gestartet wird wenn eine neue Version von unRAID gefunden wird, diese wird dann automatisch auf die neue Version aktualisiert. Danach startet der Build Prozess für die verschiedensten Plugins die nach dem erfolgreichem build auf Github in das dementsprechende Repositor hochgeladen werden. Eine zusätzliche Routine wurde ebenso eingebaut die die unRAID VM startet wenn eine neue Version von ZFS, CoreFreq und Nvidia Treiber gefunden wird die diese Packages für die aktualle Release version von unRAID kompiliert und hochlädt. Momentan wird bei einem Build Vorgang, wenn eine neue unRAID Version gefunden wird, folgendes kompiliert: ZFS Package @steini84 USB Serial Package @SimonF USB IP Package @SimonF NCT 6687 Package Nvidia Treiber Package DigitalDevices Package LibreELEC Package TBS-OS Package Coral TPU Package Firewire Package CoreFreq AMD Package CoreFreq Intel Package AMD Vendor Reset Package HPSAHBA Package Sound Package (noch kein Release geplant) So ein Build Vorgang dauert ca. zwischen 35 und 45 Minuten, je nachdem wie viele Nvidia Treiber Version gebaut werden müssen, da mittlerweile mindestens zwei bzw. in Zukunft drei gebaut werden müssen: Production Branch New Feature Branch Beta Branch (nur falls vorhanden) 470.82.00 (letzte Treiberversion die Serie 600 und 700 unterstützt) Der Build Vorgang ist vollständig automatisiert und wird spätestens nach 15 Minuten nachdem eine neue unRAID Version Released wurde gestartet. Ein Hinweis zum Verbrauch, durschnittlich liegt die Systemlast beim Bild Vorgang bei ca. 180Watt für die 35 bis 45 Minuten, hab noch ein Bild von der Auslastung ganz unten hinzugefügt... 🙈 Nur zur Erklärung, diese Packages müssen für jede unRAID Version kompiliert/erstellt werden da die Module die dafür benötigt werden in Abhängigkeit zum Kernel der jeweiligen unRAID Version stehen, die Plugins erkennen eine Änderung der Kernel Version beim Booten und laden die Packages für die jeweilige Kernel Version herunter und werden dann beim Start auch gleich installiert. Das ist mitunter ein Grund warum ich gegen Virtualisierte Firewalls auf unRAID bzw. AdBlocker die auch unRAID mit einschließen bin, da ein herunterladen der Packages beim Start von unRAID dann nicht möglich ist weil eben keine Internetverbindung besteht bzw. der DNS Server (im Falle von AdBlockern) noch nicht verfügbar ist. Momentan überlege ich den Server mit einem i9-10850k auszustatten um den Build Vorgang nochmal zu verkürzen aber da diese CPU momentan schwer zu bekommen ist und auch nicht gerade billig ist muss das noch warten. Nicht praktikabel, spart nur ein paar Minuten ein. Ich hoffe euch hat die Servervorstellung und der kurze Einblick hinter die Kulissen wie so einiges bei mir auf dem Server funktioniert gefallen. Hier noch ein paar Bilder: Auslastung beim Build Vorgang, immer zwischen 90 und 100% :
    14 points
  16. Original comment thread where idea was suggested by reddit user /u/neoKushan : https://old.reddit.com/r/unRAID/comments/mlcbk5/would_anyone_be_interested_in_a_detailed_guide_on/gtl8cbl/ The ultimate goal of this feature would be to create a 1:1 map between unraid docker templates and docker-compose files. This would allow users to edit the docker as either a compose file or a template and backing up and keeping revision control of the template would be simpler as it would simply be a docker-compose file. I believe the first step in doing so is changing the unraid template structure to use docker-compose labels for all the metadata that unraid uses for its templates that doesn't already have a 1:1 map to docker-compose. this would be items such as WebUI, Icon URL, Support Thread, Project Page, CPU Pinning, etc. Most of the meat of these templates are more or less direct transcriptions of docker-compose, put into a GUI format. I don't see why we couldn't take advantage of this by allowing users to edit and backup the compose file directly.
    14 points
  17. That would be very nice if Unraid would support snapshots for VMs. I would prefer this feature above all others.
    13 points
  18. New repository is: vaultwarden/server:latest Change it in docker settings: Stop the container Rename repository to vaultwarden/server Hit Apply and start the container That's it. Don't forget to go to unRAID Settings >> click on Fix Common Problems (if the scan doesn't start automatically then click RESCAN) and you will receive a notification to apply a fix for *.xml file change. I just went through this procedure and can verify everything went smooth and well.
    13 points
  19. Would you mind running `unraid-api restart` in a terminal and let me know if that sorts it. I’ve added this to our bug tracker.
    13 points
  20. Summary: Support Thread for ich777 Gameserver Dockers (CounterStrike: Source & ConterStrike: GO, TeamFortress 2, ArmA III,... - complete list in the second post) Application: SteamCMD DockerHub: https://hub.docker.com/r/ich777/steamcmd All dockers are easy to set up and are highly customizable, all dockers are tested with the standard configuration (port forwarding,...) if the are reachable and show up in the server list form the "outside". The default password for the gameservers if enabled is: Docker It there is a admin password the default password is: adminDocker Please read the discription of each docker and the variables that you install (some dockers need special variables to run). If you like my work please consider Donating for further requests of game server where i don't own the game. The Steam Username and Password is only needed in templates where the two fields are marked as requirde with the red * Created a Steam Group: https://steamcommunity.com/groups/dockersforunraid If you like my work, please consider making a donation
    12 points
  21. @kennygunit I was able to SSH in to my server. But this will only last until you reboot. sudo nano /usr/local/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php The permanent way would be to modify the boot via SSH: sudo nano /boot/config/go Paste this at the end: (Shift Insert or Right Click) # Fix Docker - Case Insensitive sed -i 's#@Docker-Content-Digest:\\s*\(.*\)@#\@Docker-Content-Digest:\\s*\(.*\)@i#g' /usr/local/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php Ctrl X and save then Reboot. All thanks goes to HyperV, Morthan, and ich777 ❤️
    12 points
  22. It has been some time since I visited the Unraid forums. Due to health issues I had to take a break, and unfortunately this break took way longer than anticipated. But I am back and will start giving support again to Unraid and plugins. First step is an update to the s3_sleep plugin, which now supports the latest features of Unraid 6.9 properly. Please update this plugin if you are running Unraid 6.9.0 or higher. I need to do a lot of catching up, but feel free to post issues with the Dynamix plugins here and I will look into it.
    12 points
  23. People with specific Seagate Ironwolf disks on LSI controllers have been having issues with Unraid 6.9.0 and 6.9.1. Typically when spinning up the drive could drop off the system. Getting it back on would require checking, unassigning, reassigning and rebuilding its contents (about 24 hours). It happened to me three times in a week across two of my four affected drives. The drive in question is the 8TB Ironwolf ST8000VN004, although 10TB has been mentioned, so it may affect several. There have been various comments and suggestions over the threads, and it appears that there is a workaround solution. The workaround is reversible, so if an official fix comes along you can revert your settings back. This thread is here to consolidate the great advice given by @TDD, @SimonF, @JorgeB and others to hopefully make it easier for people to follow. This thread is also here to hopefully provide a central place for those with the same hardware combo to track developments. NOTE: Carry out these steps at your own risk. Whilst I will list each step I did and it's all possible within Unraid, it's your data. Read through, and only carry anything out if you feel comfortable. I'm far from an expert - I'm just consolidating valuable information scattered - if this is doing more harm than good, or is repeated elsewhere, then close this off. The solution involves making changes to the settings of the Ironwolf disk. This is done by running some Seagate command line utilities (SeaChest) explained by @TDD here The changes we will be making are Disable EPC Disable Low Current Spinup (not confirmed if this is required) The Seagate utilities refer to disks slightly differently than Unraid, but there is a way to translate one to the other, explained by @SimonF here I have carried out these steps and it looks to have solved the issue for me. I've therefore listed them below in case it helps anybody. It is nowhere near as long-winded as it looks - I've just listed literally every step. Note that I am not really a Linux person, so getting the Seagate utilities onto Unraid might look like a right kludge. If there's a better way, let me know. All work is carried out on a Windows machine. I use Notepad to help me prepare commands beforehand, I can construct each command first, then copy and paste it into the terminal. If you have the option, make these changes before upgrading Unraid... Part 1: Identify the disk(s) you need to work on EDIT: See the end of this part for an alternate method of identifying the disks 1. Go down your drives list on the Unraid main tab. Note down the part in brackets next to any relevant disk (eg, sdg, sdaa, sdac, sdad) 2. Open up a Terminal window from the header bar in Unraid 3. Type the following command and press enter. This will give you a list of all drives with their sg and sd reference sg_map 4. Note down the sg reference of each drive you identified in step 1 (eg, sdg=sg6, sdaa=sg26, etc.) There is a second way to get the disk references which you may prefer. It uses SeaChest, so needs carrying out after Part 2 (below). @TDD explains it in this post here... Part 2: Get SeaChest onto Unraid NOTE: I copied SeaChest onto my Flash drive, and then into the tmp folder. There's probably a better way of doing this EDIT: Since writing this the zip file to download has changed its structure, I've updated the instructions to match the new download. 5. Open your flash drive from Windows (eg \\tower\flash), create a folder called "seachest" and enter it 6. Go to https://www.seagate.com/gb/en/support/software/seachest/ and download "SeaChest Utilities" 7. Open the downloaded zip file and navigate to Linux\Lin64\ubuntu-20.04_x86_64\ (when this guide was written, it was just "Linux\Lin64". The naming of the ubuntu folder may change in future downloads) 8. Copy all files from there to the seachest folder on your flash drive Now we need to move the seachest folder to /tmp. I used mc, but many will just copy over with a command. The rest of this part takes place in the Terminal window opened in step 2... 9. Open Midnight Commander by typing "mc" 10. Using arrows and enter, click the ".." entry on the left side 11. Using arrows and enter, click the "/boot" folder 12. Tab to switch to the right panel, use arrows and enter to click the ".." 13. Using arrows and enter, click the "/tmp" folder 14. Tab back to the left panel and press F6 and enter to move the seachest folder into tmp 15. F10 to exit Midnight Commander Finally, we need to change to the seachest folder on /tmp and make these utilities executable... 16. Enter the following commands... cd /tmp/seachest ...to change to your new seachest folder, and... chmod +x SeaChest_* ...to make the files executable. Part 3: Making the changes to your Seagate drive(s) EDIT: When this guide was written, there was what looked like a version number at the end of each file, represented by XXXX below. Now each file has "_x86_64-linux-gnu" so where it mentions XXXX you need to replace with that. This is all done in the Terminal window. The commands here have two things that may be different on your setup - the version of SeaChest downloaded (XXXX) and the drive you're working on (YY). This is where Notepad comes in handy - plan out all required commands first 17. Get the info about a drive... SeaChest_Info_XXXX -d /dev/sgYY -i ...in my case (as an example) "SeaChest_Info_150_11923_64 -d /dev/sg6 -i" You should notice that EPC has "enabled" next to it and Low Current Spinup is enabled 18. Disable EPC... SeaChest_PowerControl_XXXX -d /dev/sgYY --EPCfeature disable ...for example "SeaChest_PowerControl_1100_11923_64 -d /dev/sg6 --EPCfeature disable" 19. Repeat step 17 to confirm EPC is now disabled 20. Repeat steps 17-19 for any other disks you need to set 21. Disable Low Current Spinup...: SeaChest_Configure_XXXX -d /dev/sgYY --lowCurrentSpinup disable ...for example "SeaChest_Configure_1170_11923_64 -d /dev/sg6 --lowCurrentSpinup disable" It is not possible to check this without rebooting, but if you do not get any errors it's likely to be fine. 22. Repeat step 21 for any other disks You should now be good to go. Once this was done (took about 15 minutes) I rebooted and then upgraded from 6.8.3 to 6.9.1. It's been fine since when before I would get a drive drop off every few days. Make sure you have a full backup of 6.8.3, and don't make too many system changes for a while in case you need to roll back. Seachest will be removed when you reboot the system (as it's in /tmp). If you want to retain it on your boot drive, Copy to /tmp instead of moving it. You will need to copy it off /boot to run it each time, as you need to make it executable. Completely fine if you want to hold off for an official fix. I'm not so sure it will be a software fix though, since it affects these specific drives only. It may be a firmware update for the drive, which may just make similar changes to above. As an afterthought, looking through these Seagate utilities, it might be possible to write a user script to completely automate this. Another alternative is to boot onto a linux USB and run it outside of Unraid (would be more difficult to identify drives).
    11 points
  24. In addition to the public availability of the My Servers plugin, we also wanted to let everyone know about our new Unraid Community Discord Server! As great as the forums are for providing support and long-hand conversations, sometimes you just want to chat with someone in real-time. Discord gives us that ability and is just another great way to communicate. If you're not familiar with Discord, you can create an account and download their apps at discord.gg. Once done, you can join our discord server using this link: https://forums.unraid.net/discord/invite/general/ Please note that we do require you to link your Unraid.net forum account in order to join our discord server. Your username will be automatically set to match your display name here. This is done in order to prevent impersonation of other community members. No exceptions will be made to this policy. We intend to do more and more with Discord over time, as it is a powerful platform with lots of intriguing possibilities for our community. Join today and be a part of the conversation!! Also we want to give a special thanks to the guys who are running the Unofficial Discord Server @Roxedusand @GilbN (and if I'm missing anyone else, please forgive me). They were fantastic in helping us and the community and will be moderators in our server as well.
    11 points
  25. Big News from NVIDIA Just a few hours ago, NVIDIA added an article to its support knowledge base regarding GPU passthrough support for Windows VMs. While we've supported this functionality for some time, it was done without official support from the vendor themselves. This move by NVIDIA to announce official support for this feature is a huge step in the right direction for all of our VM pass through users. This should also help instill confidence in users that wish to pass through these GPUs to virtual machines without the worry that a future driver update would break this functionality. Let us know what you think about this announcement here!
    11 points
  26. You seem to believe that unRAID is a full Linux distribution. It is not. It may never implement users, permissions and security in the way you would expect of a full Linux distro or any other OS. As a special use appliance OS, unRAID does what it is expected to do in the way it was designed to do it. Are there issues and problems that need to be fixed? Yes, absolutely. Does unRAID need to be completely redesigned to fix these issue? No. Obviously, you can quit using unRAID at any time if it does not meet your needs. It is not for everyone and perhaps it does not do what you want or expect it to do. The hacks are a result of unRAID being used improperly rather than unRAID failing to function in the manner in which it was designed. I would expect to see more emphasis on educating and helping users to implement unRAID and its supporting infrastructure properly rather than a product redesign to address problems it was never intended to address.
    11 points
  27. Successfully upgraded 3 (encrypted) systems from 6.8.3 to 6.9.0. One of the 6.8.3 systems was running nvidia-plugin, upgrade procedure: 0. Stop docker containers from auto-starting. 1. Download and upgrade to 6.9.0 without rebooting. 2. Go to plugins and select old nvidia plugin, select it and remove. 3. Reboot. 4. Install new nvidia plugin: https://raw.githubusercontent.com/ich777/unraid-nvidia-driver/master/nvidia-driver.plg 5. WAIT FOR PROPER INSTALL TO FINISH - IT TAKES TIME 6. Stop and start Docker service 7. Enjoy. NOTE: Your GPU ID should not change.
    11 points
  28. Hey Unraiders, We have enabled the option to add extra layers of security to your forum account on top of the usual login layer. You are now able to enable 2 new forum account security options: Additional Security Question 2FA using Google Authenticator/Authy/KeePassXC etc. These additional security layers are optional, but recommended. We have received reports of hacking/bot login attempts on forum member's accounts so on top of enabling 2FA, it’s always a good idea to use a strong password which is changed periodically. To enable one or both, head to your forum account info in the top right and click Account Settings. The following instructions are to set up Google Authenticator as an example. Click on Security and Privacy and reauthenticate with your password. From there, follow the prompts to enable a Security Question and/or Google Authenticator: For Google Authenticator, you will need to download the app on your phone. Once downloaded, click on Enable within the forum Security page and scan the QR code with your phone authenticator to verify the code. Thereafter, when prompted, you will need to supply the randomly generated code from the Authenticator app: When enabled, you will need to authenticate when: Changing your email address Logging into the forum from a new device Managing Authorized Devices Updating two-factor authentication setup Changing your password Logging into the front-end from a known device. Note: This does not apply if the user is logged in automatically because they have used the 'Remember Me' checkbox. Happy Friday, Spencer
    10 points
  29. Hallo zusammen, ich weiß, dass es hier eventuell nicht hingehört, aber ich möchte mich bei allen aktiven Mitgliedern dieses Forums bedanken. Ihr habt mir alle den Einstieg in die unRAID-Welt sehr erleichert. Ich war seit einigen Wochen stiller Mitleser und habe mir mein System zusammengebaut. Seien es die Hardware-Ratschläge oder die Lösungen zu kleinen/großen Problemen. Als Neuling, wie ich einer bin, konnte ich mir bis jetzt hier im Forum zu jeder Frage eine Antwort erlesen. Klasse! Mein System läuft und ich fange schon jetzt an mehr damit machen zu wollen 🙈 Vielen, lieben Dank! 👏 Wünsche euch allen nur das Beste.
    10 points
  30. Per @Squid, @luxinliang was lucky visitor # 1 MILLION to the Community Apps Plug-in thread! Wow!
    10 points
  31. The reason it isn't on this list for this poll is for reasons that might not be so obvious. As it stands today, there are really 3 ways to do snapshots on Unraid today (maybe more ;-). One is using btrfs snapshots at the filesystem layer. Another is using simple reflink copies which still relies upon btrfs. Another still is using the tools built into QEMU to do this. Each method has pros and cons. The qemu method is universal as it works on every filesystem we support because it isn't filesystem dependent. Unfortunately it also performs incredibly slow. Btrfs snapshots are really great, but you have to first define subvolumes to use them. It also relies on the fact that the underlying storage is formatted with btrfs. Reflink copies are really easy because they are essentially a smart copy command (just add --reflink to the end of any cp command). Still requires the source/destination to be on btrfs, but it's super fast, storage efficient, and doesn't even require you to have subvolumes defined to make use of it. And with the potential for ZFS, we have yet another option as it too supports snapshots! There are other challenges with snapshots as well, so it's a tougher nut to crack than some other features. Doesn't mean it's not on the roadmap
    10 points
  32. It's hard to release it in the USA and around the world at the same time. Someone is always sleeping. Also @limetech getting us the latest kernel the same day it was released. Hard to give the plugin devs the heads up when the linux kernel wasn't even released before they went to bed
    10 points
  33. Nice tips, I just wish it would be easier to setup KeysFile authentication and disable password authentication for the SSH. Just placing your pupkey in the UI and setting a checkbox to disable password auth would be nice. I currently have it setup like ken-ji describes here. Then i edited PasswordAuthentication to "no". Also think about a secure by default approach with future updates. Why not force the user to set a secure password on first load? Why even make shares public by default? Why allow "guest" to access SMB shares by default? Why create a share for the flash in the first place? I get that some of those things make it more convenient, but imo convenience should not compromise security.
    10 points
  34. Woher bekomme ich Apps? Die Community Apps bieten Zugriff auf Plugins und Templates für viele Docker Container. Um den Eintrag im Menü freizuschalten, geht man auf Plugins > Install Plugin und fügt diese URL ein (Support) : https://raw.githubusercontent.com/Squidly271/community.applications/master/plugins/community.applications.plg Ein Template erleichtert hierbei die Installation, da bereits verschiedene Pfade und evtl notwendige Variablen von andern Usern der Community vorausgefüllt wurden. Wenn das Konzept irgendwann verstanden wurde, kann man aber auch jeden anderen Container installieren. Welche Plugins sollte ich installieren? Ohne Anspruch auf Vollständigkeit sind die folgenden Plugins quasi unverzichtbar: - Fix Common Problems (informiert dich über Konfigurationsfehler und löst Benachrichtigungen bei veralteten Plugins aus) - Unassigned Devices (ermöglicht die Einbindung von USB Laufwerken und Netzwerk-Freigaben anderer Server) Weiterhin empfehlenswert: - CleanUp Appdata (entfernt man Container, können hiermit auch die Nutzerdateien gelöscht werden. Vorsicht!) - Unbalance (falls man komplette Verzeichnisse von einer HDD zur anderen verschieben oder auf mehrere verteilen möchte) - User Scripts (Bash/Shell Skripte per Cronjob ausführen) - Config Editor (falls mal eine Config Datei auf dem Stick oder sonstwo bearbeitet werden muss) - CA Appdata Backup/Restore v2 für die Sicherung des USB Sticks oder des Appdata Netzwerkordners - Duplicacy, Lucky Backup, Duplicati oder Rsync für Backups Wo finde ich mobile Unraid-Apps? Unraid selbst bringt keine Apps mit, sondern setzt voraus, dass man sich für den jeweiligen Einsatzzweck einen Docker Container installiert, der eigene Apps mitbringt: Dateien teilen, WebDAV, eigene Cloud - Nextcloud Filme anschauen - Emby - Jellyfin - Plex Musik hören - Plexamp (kostenpflichtig) Fotos anschauen - Nextcloud - Plex Videoüberwachung / Surveillance - Blue Iris (kostenpflichtig), Container im Beta-Status, stabil in einer Windows VM - Frigate Notizen - Nextcloud + Notes (Browser) + QOwnNotes (Windows + Mac) + Nextcloud Notes (Android) + CloudNotes (iOS) - Nextcloud + Joplin (Apps für alle Plattformen, außer Browser) Container über das Internet erreichbar machen - Portfreigabe im Router von 80 auf 1880 und 443 auf 18443 + Nginx Proxy Manager Welche Zeitpläne soll ich einstellen? Empfehlungen und Erklärungen findest du in dieser Diskussion. Warum kann ich mich mit einem User nicht bei der Unraid WebGUI anmelden? Die User sind ausschließlich für den Netzwerkzugriff. Die WebGUI kann einzig über den User "root" genutzt werden (sicheres Passwort wählen!) Was sollte ich zu Anfang einstellen? - einen Netzwerk-User hinzufügen - Bei allen Freigaben > SMB Sicherheit > Export auf "Ja" (oder "Nein") und Sicherheit auf "Privat" - bei der Disk-Übersicht auf den Stick klicken und auch da unter SMB Sicherheit Ja + Privat - in den Einstellungen den FTP Server deaktivieren (Achtung, ein FTP Nutzer hat Vollzugriff = SMB Sicherheit gilt nicht!) - in den Einstellungen die Zeitzone einstellen - in den Einstellungen bei Management > Telnet, SSH und UPnP deaktivieren, wenn nicht benötigt (Tipp: oben rechts das ">_" öffnet das WebTerminal) - Apps installieren (siehe "Woher bekomme ich Apps?") - Zeitpläne einstellen (siehe "Welche Zeitpläne soll ich einstellen?") - optional: in den Einstellungen unter Netzwerk das "Bonding" (mehrere LAN Ports verbinden) deaktivieren und das "Bridging" (notwendig für Docker+VM) aktivieren - optional: Feste IP-Adresse vergeben (optimal außerhalb der DHCP-Range, bei einer Fritz!Box zB .2 bis .19) Benötige ich eine Grafikkarte? Wir empfehlen eine CPU mit integrierter Grafik (iGPU). Unraid nutzt die im BIOS eingestellte primäre GPU aus zwei Gründen: 1.) Für den optionalen GUI Modus (inkl. Firefox) 2.) Damit Docker Container darauf zugreifen können 3.) Wenn es eine Intel iGPU ist, kann diese zur Beschleunigung von virtuellen Maschinen verwendet werden Wie schnell sollte die CPU sein? Die grundsätzlichen Hardware-Anforderungen sind sehr gering. Für ein optimales Erlebnis ist eine CPU mit mindestens 1400 Single Thread Passmark-Punkten empfehlenswert. Benötige ich einen SSD Cache? Mit einer Paritäts-HDD ist die Schreibgeschwindigkeit je nach HDD auf 40 bis 90 MB/s begrenzt, was langsamer ist als eine 1G Netzwerkverbindung (Hinweis: Wechselt man auf "Reconstruct Write" erhöht sich diese auf die maximale Geschwindigkeit der HDD, allerdings laufen dann immer alle HDDs parallel). Die Lesegeschwindigkeit ist auf die maximale Geschwindigkeit einer HDD begrenzt. Mit einer entsprechend schnellen SSD können selbst 10G Netzwerkverbindungen problemlos ausgelastet werden. Ein SSD Cache hilft außerdem beim Strom sparen, da die dahinter liegende HDD dauerhaft still stehen kann (Standby). . Benötige ich zwei SSDs für den Cache? Dateien befinden sich entweder auf der SSD oder dem HDD Array. Mit nur einer SSD besteht die Gefahr, dass diese Dateien verloren gehen. Ein regelmäßiges Backup hilft nur, wenn keine Dateien auf den Server verschoben, also von der Quelle gelöscht wurden. Wir empfehlen daher zwei SSDs. Wie übertrage ich die Dateien von meinem alten NAS? Das Unraid Array nutzt standardmäßig das XFS Dateisystem, womit jede HDD einzeln formatiert wird. Das alte NAS nutzt in der Regel ein (proprietäres) RAID. Unraid benötigt also für die Übertragung eigene HDDs. Dazu eignen sich dann die Standardwerkzeuge wie rsync, Drag & Drop über SMB oder das Einbinden der Quelle per Unassigned Devices + Datei-Explorer wie Krusader. Bei der Erstbefüllung sollte man: - den SSD Cache deaktivieren, damit dieser nicht unnötig abgenutzt wird und - die Parität erst mal weglassen oder "Reconstruct Write" (TurboWrite) aktivieren, damit die Übertragung schneller ist
    10 points
  35. Hello, long time no see. I am truly sorry to see so many of you have had an issue with this plugin, and it was not my intention to abandon it for as long as I have. Sadly, life had other plans (as it often does). I've recently found myself with time to tinker again, and as such I've released an update that does a few things to try and address some of the issues I am aware of. Unfortunately, I haven't been able to replicate many of the issues others are having, so my ability to test has been limited. I also can see that the operation of some of the advanced functions isn't immediately clear either. A few of the issues people have had could have been resolved with a settings change in one of the more advanced settings tabs (usually Danger Zone). I'll try to find a way to make some of those things clearer as I progress on addressing the larger issues. The big issue I'm attempting to address in the new release is the issue some people have had with the array not wanting to stop. I have adjusted how the backup scripts are checked and it will hopefully be able kill stuck ones more readily. The other thing I have done is set a max version of 6.8.3 until I have time to test on 6.9. I currently do not have a test server, so it could be a bit before I have a chance to spin one up for troubleshooting. Again, I do sincerely apologize for those that feel I left them in the lurch. Thankfully, as others have rightly pointed out, the script that the plugin uses on the back-end is much more stable and a solid way to go. I would also like to add that I am more that willing to add contributors to the project if others would like to help me maintain it. Best, JTok
    10 points
  36. To utilize your Nvidia graphics card in your Docker container(s) the basic steps are: Add '--runtime=nvidia' in your Docker template in 'Extra Parameters' (you have to enable 'Advanced view' in the template to see this option) Add a variable to your Docker template with the Key: 'NVIDIA_VISIBLE_DEVICES' and as Value: 'YOURGPUUUID' (like 'GPU-9cfdd18c-2b41-b158-f67b-720279bc77fd') Add a variable to your Docker template with the Key: 'NVIDIA_DRIVER_CAPABILITIES' and as Value: 'all' Make sure to enable hardware transcoding in the application/container itself See the detailed instructions below for Emby, Jellyfin & Plex (alphabetical order). UUID: You can get the UUID of you graphics card in the Nvidia-Driver Plugin itself PLUGINS -> Nvidia-Driver (please make sure if there is no leading space!) : NOTE: You can use one card for more than one Container at the same time - depending on the capabilities of your card. Emby: Note: To enable Hardware Encoding you need a valid Premium Subscription otherwise Hardwar Encoding will not work! Add '--runtime=nvidia' to the 'Extra Parameters': Add a variable to your Docker template with the Key: 'NVIDIA_VISIBLE_DEVICES' and as Value: 'YOURGPUUUID': Add a variable to your Docker template with the Key: 'NVIDIA_DRIVER_CAPABILITIES' and as Value: 'all': Make sure to enable hardware transcoding in the application/container itself After starting the container and playing some movie that needs to be transcoded that your graphics card is capable of you should see that you can now successfully transcode using your Nvidia graphics card (the text NVENC/DEC is indicating exactly that) : Jellyfin: Add '--runtime=nvidia' to the 'Extra Parameters': Add a variable to your Docker template with the Key: 'NVIDIA_VISIBLE_DEVICES' and as Value: 'YOURGPUUUID': Add a variable to your Docker template with the Key: 'NVIDIA_DRIVER_CAPABILITIES' and as Value: 'all': Make sure to enable hardware transcoding in the application/container itself After starting the container and playing some movie that needs to be transcoded that your graphics card is capable of you should see that you can now successfully transcode using your Nvidia graphics card (Jellyfin doesn't display if it's actually transcoding with the graphics card at time of writing but you can also open up a Unraid terminal and type in 'watch nvidia-smi' then you will see at the bottom that Jellyfin is using your card) : PLEX: (thanks to @cybrnook & @satchafunkilus that granted permission to use their screenshots) Note: To enable Hardware Encoding you need a valid Plex Pass otherwise Hardwar Encoding will not work! Add '--runtime=nvidia' to the 'Extra Parameters': Add a variable to your Docker template with the Key: 'NVIDIA_VISIBLE_DEVICES' and as Value: 'YOURGPUUUID': Add a variable to your Docker template with the Key: 'NVIDIA_DRIVER_CAPABILITIES' and as Value: 'all': Make sure to enable hardware transcoding in the application/container itself: After starting the container and playing some movie that needs to be transcoded that your graphics card is capable of you should see that you can now successfully transcode using your Nvidia graphics card (the text '(hw)' at Video is indicating exactly that):
    10 points
  37. Overview: Support thread for Machinaris Application: Machinaris - https://github.com/guydavis/machinaris About: A pure-Docker solution for plotting and farming the Chia™ cryptocurrency on Unraid. Docker Hub: https://hub.docker.com/repository/docker/guydavis/machinaris GitHub: https://github.com/users/guydavis/packages/container/package/machinaris Discord Support: https://discord.gg/mX4AtMTt87 Documentation: https://github.com/guydavis/machinaris/wiki Building upon the official Chia docker image, Machinaris combines the Plotman CLI with a simple WebUI for Unraid.
    9 points
  38. Donate: Ultimate UNRAID Dashboard (UUD) Current Release: Version 1.6 (Added UNRAID API) UUD NEWS: 2021-05-26: The UUD Forum Topic Reaches 1,000 Replies! 📝 2021-04-17: The UUD Forum Topic Reaches 100,000 Views! 👀 👀 2021-03-26: The UUD Tops 2,500 Unique Downloads 💾 💾 🎉 2021-03-23: UUD 1.6 is Featured Again in the "Best of the Forum" Blog 🥇🥇 2021-03-21: The UUD Forum Topic Reaches 75,000 Views! 👀 2021-03-20: UUD Version 1.6 is Released 2021-01-19: The UUD Forum Topic Reaches 50,000 Views! 👀 2021-01-11: The UUD Tops 1,000 Unique Downloads 💾 🎉 2021-01-07: UUD is Featured as the FIRST "Best of the Forum" Blog 🥇 2021-01-06: UUD Donations Site is Created 2020-12-31: UUD Version 1.5 is Released 2020-10-09: UUD Version 1.4 is Released 2020-09-28: The UUD is Featured in the Official UNRAID Monthly Newsletter (September 2020)! 2020-09-21: UUD Version 1.3 is Released 2020-09-14: UUD Version 1.2 is Released 2020-09-12: UUD Version 1.1 is Released 2020-09-11: The UUD is Born and Version 1.0 is Released Overview: Welcome to the OFFICIAL UUD forum topic. The UUD is my attempt to develop the Ultimate Grafana/Telegraf/InfluxDB/Plex/Tautulli/Varken dashboard. This entire endeavor started when one of our fellow users @hermy65 posed a simple, but complex question in another forum topic (see post #3). I decided to give it a shot, as I am an IT professional, specifically in enterprise data warehouse/SQL server. After a few days of hard work, UUD version 1.0 was released. We are currently on Version 1.6, and the project is in active development. If you are a Grafana developer, or have had experience building dashboards/panels for UNRAID, please let me know. I would love to collaborate. Version 1.6 Screenshots (Click the Images as They are Very High Resolution): Disclaimer: This is based on my 30 Drive UNRAID Array. So this shows an example of a fully maxed out UNRAID setup with max drives, dual CPUs, Dual NICs, etc. You will/may need to adjust panels & queries to accommodate your individual UNRAID/PLEX architecture. I have spent many hours custom coding new functionality and features based on that original template. Much has been learned and I am excited to see how far this can go in the future. Thanks again! Developers: Primary Developer: @falconexe (USA) UUD Creator | Active Development | Panels | Database Queries | Integration | Look & Feel | GUI | Refinement | Support Developer/Colleague: @GilbN (Europe) Dashboard Examples | Back-end | Dynamics | REGEX | Support | Tutorials Contributors: @hermy65 @atribe @Roxedus @SpencerJ @testdasi @ChatNoir @MammothJerk @FreeMan @danktankk @Dazog @MrLondon @LTM @mattekure @ptchernegovski @caplam @RockDawg @corgan @jbartlett @Hoopster @LTM Dependencies (Last Updated On 2021-03-20) Docker - InfluxDB Docker - Telegraf Docker Network Type: HOST (Otherwise You May Not Get All Server Metrics) 👉 Create Telegraf Configuration File 👈 (DO THIS FIRST!) Create and Place a File into Directory "mnt/user/appdata/YOUR_TELEGRAF_FOLDER" Enable and Install Telegraf Plugins Telegraf Plugin - [[inputs.net]] Enable in telegraf.config Telegraf Plugin - [[inputs.docker]] Enable in telegraf.config Telegraf Plugin - [[inputs.diskio]] Enable in telegraf.config To Use Static Drive Serial Numbers in Grafana (For DiskIO Queries) Do the Following: Edit telegraf.conf > [[inputs.diskio]] > Add device_tags = ["ID_SERIAL"] > Use ID_SERIAL Flag in Grafana Now Upon Booting, You Don't Have to Worry About SD* Mounts Changing (So Your Graphs Don't Get Messed Up!) You Can Also Set Overrides on the Query Fields to Map the Serial Number to a Common Disk Name Like "DISK01" etc. Telegraf Plugin - [[inputs.smart]] Enable in telegraf.config Also Enable "attributes = true" Bash Into Telegraf Docker and Run "apk add smartmontools" Telegraf Plugin - [[inputs.ipmi_sensor]] Enable in telegraf.config Bash Into Telegraf Docker and Run "apk add ipmitool" Telegraf Plugin - [[inputs.apcupsd]] Enable in telegraf.config Telegraf Docker Config Add New Path (NOTE: This path has now been merged into Atribe's Telegraf Docker Image. (Thanks @GilbN & @atribe) Post Arguments "/bin/sh -c 'apk update && apk upgrade && apk add ipmitool && apk add smartmontools && telegraf'" Docker - Grafana Grafana Plugins Pie Chart Panel Run Following Command in Docker: grafana-cli plugins install grafana-piechart-panel World Map Run Following Command in Docker: grafana-cli plugins install grafana-worldmap-panel JSON API Run Following Command in Docker: grafana-cli plugins install marcusolsson-json-datasource Dynamic Image Panel Run Following Command in Docker: grafana-cli plugins install dalvany-image-panel Docker - Tautulli Docker - Varken Docker - UNRAID API CA Plugin: IPMI Tools License: GeoLite2 (Free) NON SERVER HARDWARE (If You Cannot Use "IPMI" and Need to Use "Sensors") As an alternate to IPMI to monitor CPU/System/Aux Temps, you can try the Sensors Plugin. Telegraf Plugin - [[inputs.sensors]] Enable in the Telegraf Config (Uncomment It) Bash into the Telegraf Docker and Execute "apk add lm_sensors" Stop All 3 Dockers (Grafana > Telegraf > InfluxDB) If You Want to Keep This Plugin in Perpetuity, You Will Need to Modify Your Telegraf Docker Post Arguments (Adding lm_sensors): "/bin/sh -c 'apk update && apk upgrade && apk add ipmitool && apk add smartmontools && apk add lm_sensors && telegraf'" Start All 3 Dockers (InfluxDB > Telegraf > Grafana) Dashboard Variables (Update These For Your Server): Let me know if you have any questions or are having any issues getting this up and running if you are interested. I am happy to help. I haven't been this geeked out about my UNRAID server in a very long time. This is the cherry on top for my UNRAID experience going back to 2014 when I built my first server. Thanks everyone! VERSION 1.6 (Current) Ultimate UNRAID Dashboard - Version 1.6 - 2021-03-20 (falconexe).json VERSION 1.5 (Deprecated) Ultimate UNRAID Dashboard - Version 1.5 - 2020-12-31 (falconexe).json VERSION 1.4 (Very Deprecated) Ultimate UNRAID Dashboard - Version 1.4 - 2020-10-09 (falconexe).json VERSION 1.3 (Extremely Deprecated) Ultimate UNRAID Dashboard - Version 1.3 - 2020-09-21 (falconexe).json VERSION 1.2 (Just Don't... Deprecated) Ultimate UNRAID Dashboard - Version 1.2 - falconexe.json
    9 points
  39. Hey Unraid Community! For the first time ever, we're running a Cyber Monday Sale: 20% off Unraid Pro and Pro Upgrades! If you're planning a new build soon or want to purchase a key for a friend or family member, do it this Monday, 11/29/21- 24 hours only from 12:01-11:59 PST! No server installation required for purchase. For full details, head over to unraid.net/cybermonday
    9 points
  40. No crypto currency? That one will be a global payment system.
    9 points
  41. Hey everyone! As you may have noticed, today we put out a release for Unraid 6.10-rc1 and with that release in the wild, we wanted to get feedback from you, our loyal community, on what feature you'd like to see MOST in Unraid 6.11. To better explain the options in the attached poll, here's a breakdown: ZFS File System Ever since the release of Unraid 6, we have supported the use of btrfs for the cache pool, enabling users to create fault-tolerant cache storage that could be expanded as easily as the Unraid array itself (one disk at a time). Adding ZFS support to Unraid would provide users with another option for pooled storage, and one for which RAID 5/6 support is considered incredibly stable (btrfs today is most reliable when configured in RAID 1 or RAID 10). ZFS also has many similar features like snapshot support that make it ideal for inclusion. Multiple Arrays As many of you already know, the Unraid array is limited to 30 total devices (28 data and 2 parity). This limit is set to prevent users from configuring too wide of an array and ending up in a situation where the likelihood of multi-device failure during a rebuild operation is too high. This only is exacerbated by the ever-increasing size of HDDs which further elongates the rebuild process. So how do users with a full 30 disk array further expand? The answer is with multiple array support. This feature would be similar to "multiple pools" which were introduced in Unraid 6.9, but would apply to the Unraid array. Users with multiple arrays could have those arrays still participate in the same shares, allowing the same management but with more storage devices. QEMU-ARM for VMs I know a few people in our community who have personally requested this of us in the past. Adding this to Unraid would allow users to create ARM-based VMs which is ideal for testing out mobile OSes and other platforms. While you won't likely be passing GPUs through here, this is still a very interesting use-case for mobile developers who could use this as a way to test their applications in a variety of scenarios (as well as to gain the benefits of running mobile applications from your server). So make sure you vote in here and let your voice be heard! I know I'm rooting for a very specific feature in this list. What about you?
    9 points
  42. Overview: Support thread for Partition Pixel/Chia in CA. Application: Chia - https://github.com/Chia-Network/chia-blockchain "Docker Hub": https://github.com/orgs/chia-network/packages/container/package/chia GitHub: https://github.com/Chia-Network/chia-docker This is not my docker, nor my blockchain, and I'm not a developer for them either. I simply did an Unraid template for the already existing docker so that way It will be easier for me and others to install the docker on an existing Unraid Server. I can support any changes required to the xml template and provide assistance on how to use the parameters or how to use the docker itself. Please read on SSD Endurance if you don't know about Chia and you plan on farming it : https://github.com/Chia-Network/chia-blockchain/wiki/SSD-Endurance Instructions: Install Partition Pixel's Chia via CA. Create a 'chia' directory inside of your appdata folder. Skip to step 4 if you do not have an existing chia wallet Inside this new folder, create a new file called 'mnemonic.txt' and copy and paste your 24 words mnemonic from your wallet inside (every word one after another on the same line with 1 space in between like this sentence). Back on the docker template, choose a location for your plotting if you plan on plotting on your server (preferably a fast SSD here) Choose a location for storing your plots (this is where they will be used to 'farm', preferably HDD here) Feel free to click on show more settings and change any other variable or path you would like Save changes, pull down the container and enjoy ! If you have some unassigned or external HDDs that you want to use for farming: edit /mnt/user/appdata/chia/mainnet/config/config.yaml Add more plot directories like so : plot_directories: - /plots - /plots2 Create a new path in the docker template like so : config type : Path container path : /plots2 host path : /mnt/an_unassigned_hdd/plots/ Here are some often used command lines to get you started: Open a console in the docker container, then type : venv/bin/chia farm summary venv/bin/chia wallet show venv/bin/chia show -s -c venv/bin/chia plots check Command to start plotting : venv/bin/chia plots create -b 5000 -r 2 -n 1 -t /plotting/plot1 -d /plots -b is amount of ram you want to give -r is the amount of threads -n is the number of plots you want to queue -t is temp dir -d is the completed directory From user ropes: If you only want to harvest on this docker, then you don't need to create a mnemonic file with your passphrase. Instead you can do the following (more secure imo) : chia plots create [other plot options] -f <farmer key> -p <pool key> If you want to run in Parallel just run the command in another terminal window as many times as your rig will allow. Here are all the available CLI commands for chia : https://github.com/Chia-Network/chia-blockchain/wiki/CLI-Commands-Reference From user tjb_altf4:
    9 points
  43. During one of our Private Message discussions, @Batter Pudding suggested that ‘Short Sheets’ of the steps involved in each procedure could be beneficial. I know that when I am doing any multi-step procedure, I like have have a printout of the procedure and check off each step as I complete it. The attachments to this posting are the short sheets for each procedure in the document in the first post. How To #1-Advance Network Settings.pdf How to #2-Fixing the Windows Explorer Issue.pdf How to #3– Turning Off “SMB 1.0_CIFS File Sharing Support”.pdf How to #4-Adding a SMB User to Unraid.pdf How to #5-Adding a Windows Credential.pdf
    9 points
  44. DEVELOPER UPDATE: 😂 But for real guys, I'm going to be stepping away from the UUD for the foreseeable future. I have a lot going on in my personal life (divorce among other stuff) and I just need a break. This thing is getting too large to support by myself. And it is getting BIG. Maybe too big for one dash. I have plenty of ideas for 1.7, but not even sure if you guys will want/use them. Not to mention the updates that would be required to support InfluxDB 2.X. At this point, it is big enough to have most of what people need, but adaptable enough for people to create custom panels to add (mods). Maybe I'll revisit this in a few weeks/months and see where my head is at. It has been an enjoyable ride and I appreciate ALL of your support/contributions since September of 2020. That being said @LTM and I (mostly him LOL) were working on a FULL Documentation website. Hey man, please feel free to host/release/introduce that effort here on the official forum. I give you my full blessing to take on the "support documentation/Wiki" mantel, if you still want it. I appreciate your efforts in this area. If LTM is still down, you guys are going to be impressed! I wanted to say a huge THANK YOU to @GilbN for his original dash which 1.0-1.2 was based on and ALL of his help/guidance/assistance over the last few months. It has truly been a great and pleasurable experience working with you man! Finally, I want to say a huge thanks to the UNRAID community and its leadership @SpencerJ @limetech. You guys supported and shared my work with the masses, and I am forever grateful! I am an UNRAIDer 4 LIFE! THANKS EVERYONE!
    9 points
  45. We're working on a design that lets driver plugins be automatically updated when we issue a release.
    9 points
  46. A few suggestions if I may, from my experiences in the Cloud Infrastructure World; First, Reviewing Docker Folder Mappings (and to some extent VM Shares). Do all you Docker Containers need read and write access to non appdata folders? If it does, is the scope of the directories restricted to what is needed, or have you given it full read/write to /mnt/user or /mnt/user0 ? For example I need Sonnarr and Radarr to have write access to my TV and Movie Share, so they are restricted to just that, they don't need access to my Personal Photos, or Documents etc. Whereas for Plex, since I don't use the Media Deletion Feature, I dont need Plex, to do anything to those Folders, just read the content. So it has Read Only Permissions in the Docker Config. Additionally, I only have a few containers that need read/write access to the whole server (/mnt/user) and so these are configured to do so, but since they are more "Administration" containers, I keep them off until I need them, most start up in less than 30 seconds. That way, if for whatever reason a container was compromised, the risk is reduced in most cases. Shares on my VM's are kept to only the required directories and mounted as Read Only in the VM. For Docker Containers that use VNC or VMs, set a secure password for the VNC component too, to prevent something on the Network from using it without access (great if you don't have VLAN's etc). This may be "overkill" for some users, but have a look at the Nessus or OpenVAS Containers, and run regular Vulnerability Scans against your Devices / Local Network. I use the Nessus one and (IMO) its the easier of the two to setup, the Essentials (Free) version is limited to 15 IPs, so I scan my unRAID Server, VMs, and a couple of other physical devices and it has SMTP configured so once a week sends me an email with a summary of any issues found, they are categorized by importance as well. I don't think many people do this, but don't use the GUI mode of unRAID as a day to day browser, outside of Setup and Troubleshooting (IMO) it should not be used. Firefox, release updates quite frequently and sometimes they are for CVE's that depending on what sites you visit *could* leave you unprotected. On the "Keeping your Server Up-to-Date" part, while updating the unRAID OS is important, don't forget to update your Docker Containers and Plugins, I use the CA Auto Update for them, and set them to update daily, overnight. Some of the Apps, could be patched for Security Issues, and so keeping the up-to-date is quite useful. Also, one that I often find myself forgetting is the NerdPack Components, I have a few bits installed (Python3, iotop, etc), AFAIK these need to be updated manually. Keeping these Up-to-Date as well is important, as these are more likely to have Security Issues that could be exploited, depending on what you run. Also on the Updates, note, if you have VM's and they are running 24/7 keep these up-to-date too and try and get them as Hardened as possible, these can often be used as a way into your server/network. For Linux Debian/Ubuntu Servers, you can look at Unattended Upgrades, similar alternatives are available for other Distros. For Windows you can configure Updates to Install Automatically and Reboot as needed. Hardening the OS as well, is something I would also recommend, for most common Linux Distros and Windows, there are lots of guides useful online, DigitalOcean is a great source for Linux stuff I have found. If something is not available as a Docker Container or Plugin, don't try and run it directly on the unRAID Server OS itself (unless, its for something physical, e.g. Drivers, or Sensors etc), use a VM (with a Hardened Configuration), keeping only the bare minimum running directly on unRAID, helps to reduce your attack surface. Also, while strictly not part of Security, but it goes Hand in Hand, make sure you have a good Backup Strategy and that all your (important/essential) Data is backed up, sometimes stuff happens and no matter how much you try, new exploits come out, or things get missed and the worst can happen. Having a good backup strategy can help you recover from that, the 321 Backup method is the most common one I see used. If something does happen and you need to restore, where possible, before you start the restore, try and identify what happened, once you have identified the issue, if needed you can restore from Backups to a point in time, where there was no (known) issue, and start from there, making sure you fix whatever the issue was first in your restored server. I have seen a few cases (at work) where peoples Servers have been compromised (typically with Ransomware), they restore from backups, but don't fix the issue (typically a Weak Password for an Admin account, and RDP exposed to the Internet) and within a few hours of restoring, they are compromised again. Other ideas about using SSH Keys, Disabling Telnet/FTP etc, are all good ones, and definitely something to do, and something I would love to see done by default in future releases. EDIT: One other thing I forgot to mention was, setup Notifications for your unRAID server, not all of them will be for Security, but some of the apps like the Fix Common Problems, can alert you for security related issues and you can get notified of potential issues quicker than it may take you to find/discover them yourselves.
    9 points
  47. Happy Tuesday, February 9th to all and a BIG HAPPY BIRTHDAY to @limetech! Without you, none of us would be here-- This place wouldn't exist! Here's to a great birthday to you, Tom! Cheers 🍻
    9 points
  48. By this guide Plex uses your RAM while transcoding which prevents wearing out your SSD. Edit the Plex Container and enable the "Advanced View": Add this to "Extra Parameters" and hit "Apply": --mount type=tmpfs,destination=/tmp,tmpfs-size=4000000000 Result: Side note: If you dislike permanent writes to your SSD add " --no-healthcheck ", too. Now open Plex -> Settings -> Transcoder and change the path to "/tmp": If you like to verify it's working, you can open the Plex containers Console: Now enter this command while a transcoding is running: df -h Transcoding to RAM-Disk works if "Use%" of /tmp is not "0%": Filesystem Size Used Avail Use% Mounted on tmpfs 3.8G 193M 3.7G 5% /tmp After some time it fills up to nearly 100%: tmpfs 3.8G 3.7G 164M 97% /tmp And then Plex purges the folder automatically: tmpfs 3.8G 1.3G 3.5G 33% /tmp If you stop the movie Plex will delete everything: tmpfs 3.8G 3.8G 0 0% /tmp By this method Plex never uses more than 4GB RAM, which is important, as fully utilizing your RAM can cause an unexpected server behaviour.
    9 points
  49. VM erstellen Windows Home / Pro ISO über das Media Creation Tool oder die Windows Enterprise ISO über UUP Dump erstellen. Settings > VM Manager > aktuellstes "Default Windows VirtIO driver ISO" auswählen und herunterladen Optional: Wer eine Grafikkarte durchschleifen möchte (nicht iGPU!): Tools > System Devices > Alle Einträge (VGA, Audio, USB, etc) der Grafikkarte anklicken und an VFIO binden > Unraid Server neu starten Optional: Wer nicht der CPU die Last-Verteilung überlassen möchte, der isoliert über Settings > CPU Pinning > CPU Isolation die Kerne der VM VMS > Add VM > Windows 10 Entweder: Alle Kerne auswählen und der CPU die Last-Verteilung überlassen, Oder: Die isolierten Kerne zuweisen 4096MB RAM, min und max Werte gleich, da unterschiedliche Werte zu Problemen führen können (2GB sind das offizielle Minimum) aktuellste Q35 als Machine, weil es von Intel GVT-g empfohlen wird über "OS Install ISO" die Windows ISO-Datei auswählen 32G vdisk oder größer (32G ist mittlerweile das offizielle Minimum, früher waren es 20G). Hinweis: vdisk.img sind Sparse-Dateien und belegen daher auf dem Datenträger weniger als angezeigt. Man muss aber was tun, damit das so bleibt. VNC Graphics Card auf German stellen Optional: Grafikkarte über das Plus-Symbol hinzufügen Optional: Sound Card auswählen, wer lokal am Server Lautsprecher / Kopfhörer anschließen möchte, bei Grafikkarten den Audio Controller der Grafikkarte auswählen Network Model: Wer keine Docker im "br0" Netzwerk verwendet, sollte für die bessere Performance "virtio" wählen, da "virtio-net" deutlich langsamer ist Optional: Haken bei "Start VM after creation" raus und über GVT-g der VM eine vGPU zuweisen VM erstellen Optional: Über das GVT-g Plugin eine vGPU zuweisen und die VM starten Installation VMS > VM Logo > VNC Remote Wenn man "Press any Key" verpasst hat, dann einfach "reset" in der UEFI Shell eingeben um neu zu starten Am linken Rand "Serverseitiges Skalieren" aktivieren Benutzerdefinierte Installation > Treiber laden > Virtio CD Laufwerk > amd64\w10\ auswählen um den SCSI Controller Treiber für die virtuelle Festplatte zu laden Nach der Installation Optional: Wer möchte aktiviert den Ruhezustand (Hibernate), damit er die VM über das Unraid Menü nicht nur herunterfahren kann. Dazu das Windows Logo klicken > "cmd" eintippen > Rechte Maustaste als Administrator ausführen: powercfg.exe /hibernate on powercfg /h /type full Rechte Maustaste aufs Windows Logo > Ausführen > powercfg.cpl Dann "Auswählen was beim Drücken..." > "Einige Einstellungen sind..." > Schnellstart deaktivieren und wer sich für den Ruhezustand entschieden hat, diesen einschalten Der Schnellstart muss deaktiviert werden, da es sonst zu Problemen kommt, falls man zB die Anzahl der CPU Kerne verändert etc Über das Virtio CD Laufwerk die virtio-win-gt-x64.msi ausführen, was die folgenden Treiber installiert: Balloon, Network, Pvpanic, Qemufwcfg, Qemupciserial, Vioinput, Viorng, Vioscsi, Vioserial, Viostor, Viofs Erst jetzt hat also die VM Internet Über das VirtIO CD Laufwerk die virtio-win-guest-tools ausführen, welches dann auch den VNC Grafiktreiber installiert, so dass wir nun ebenfalls die Auflösung ändern können. Dadurch können wir die VM nun über das Unraid Menü bequem Herunterfahren (Stop) oder in den Ruhezustand (Hibernate) versetzen: Unten rechts rechte Maustaste auf das Netzwerk-Symbol > "Netzwerk-..." > Adapteroptionen ändern > rechte Maustaste Ethernet > Internetprotokoll, Version 4... > Eigenschaften > Feste IP-Adresse vergeben Rechte Maustaste auf das Windows Logo > System > Remotedesktop > Remotedesktop aktivieren Optional: Bei Intel (vGPU) oder Nvidia (Grafikkarte) oder AMD (Grafikkarte) den Treiber herunterladen und installieren Das aktuelle Fenster schließen, auf einem Windows PC nach "Remote..." suchen und "Remotedesktopverbindung" (RDP) öffnen. IP-Adresse und Windows Username hinterlegen. Außerdem unter "Anzeige" die Auflösung anpassen, damit die VM nicht wie euer PC zB in 4K gestartet wird, was eine sehr hohe CPU Last auf dem Server verursachen kann: Hinweis: RDP läuft deutlich flüssiger als NoVNC im Browser und unterstützt auch Sound. Alternativ geht auch Parsec. Optional: PowerShell als Admin öffnen und folgendes ausführen um Windows von Bloatware zu befreien: iwr -useb https://git.io/debloat|iex Optional: Direkter Login-Bildschirm: Rechte Maustaste auf das Windows Logo > Ausführen > regedit KEY_LOCAL_MACHINE > Software > Policies > Microsoft > Rechte Maustaste auf Windows > Neu > Schlüssel > Personalization als Name eingeben > Rechte Maustaste auf Personalization > Neu > DWORD > NoLockScreen > Doppelklick > 1 als Wert > OK Alle Updates installieren (also auch bei Bedarf mehrmals neu starten) Herunterfahren Optional: ISO-Datei und virtio CD Laufwerk aus der VM Konfiguration entfernen Ein Backup von unserer Vanilla Windows vidks1.img erstellen. Das geht über Krusader (Apps), SMB (falls Netzwerkfreigabe vorhanden) oder über das Unraid WebTerminal (">_" oben rechts) mit dem folgenden Befehl (Pfade bei Bedarf anpassen): cp -a "/mnt/user/domains/Windows 10/vdisk1.img" "/mnt/user/domains/Windows 10/vdisk1-backup.img" Video
    8 points