Jump to content

groot-stuff

Members
  • Content Count

    8
  • Joined

  • Last visited

Community Reputation

1 Neutral

About groot-stuff

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Despite the thanks... gzip off; doesn't work for me @Indmenity83, or I am not entering it in the right .conf file. I have tried in my nginx x.subdomain.conf file (below) as well as the main nginx.conf file (changing from on to off) and the site-confs>default file. Where are you entering this? server { listen 443 ssl; listen [::]:443 ssl; server_name myunRaidSubdomain.*; include /config/nginx/ssl.conf; client_max_body_size 0; gzip off; location / { include /config/nginx/proxy.conf; proxy_pass https://[unRaidIP]; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } }
  2. Thank you @maciekish and @Indmenity83 for pursuing the resolution of the problem presented in the OP. I too have experienced unhelpful and out of scope "resolutions" in the past. The key to this thread is that regardless of the security of the application in question, the question is not how to "be more secure" or "work around the problem"... it is about solving the problem presented. I too use a reverse proxy to access my unRaid gui... which is completely restricted to internal machines or those connected to my VPN. There is no security risk to my unRaid gui, being behind a reverse proxy that only works... on the internal network, the same as the local IP of the gui. Again, really appreciate the nginx response from @Indmenity83, thanks to you both!
  3. Curious, what DNS settings resolved your symptoms? I had a similar issue and despite most threads saying to assign public DNS servers (my usual config), setting unRaid's first DNS server to my local router resolved it.
  4. @Squid I understand you aren't a networking guru, but thank you very much, I really appreciated your instant CA update to help me troubleshoot. After a nice hike yesterday and good night's sleep, I banged my head on the keyboard some more this morning. I would hate coming to a thread with a similar or same issue... read through and it ends without a resolution. I would equally hate a final post from the OP saying "Never mind, I fixed it." because it doesn't help the next person that a Google search lands here. Request: I am a not a networking expert and would LOVE someone who is - to take a stab at why this resolved the issue... despite no changes being made to the router or unRaid network config that would have caused it. So further down the troubleshooting rabbit hole: - I stopped the array, same symptoms - I tested this because of reading posts about unRaid gui latency being caused by failing disks Next I dug through my mental cobwebs and found my 20 year old, uncertifed CCNA knowledge... along with many web articles, some linked below. - dig [anyDomainName.TLD] came back instantaneously... SO STRANGE, as here I am thinking unRaid is having DNS request time outs - This command allowed me to learn that my docker containers are using 127.0.0.11 as their DNS server... hence why docker containers had no symptoms - Resource: https://www.google.com/amp/s/www.hostinger.com/tutorials/how-to-use-the-dig-command-in-linux/amp/ So I ran tcpdumps on these various commands (curl, ping, traceroute and even clicking on the CA apps tab) to observe what is sent/received Digging into tcpdump of "curl ifconfig.io" - unRaid settings: external DNS servers statically assigned in Settings > Network (open DNS = 208.67.220.220 and 208.67.222.222) - The traffic (packets) going from point A to B were just fine, quick as it should be... but something was slowing the overall request down - 106 packets over 15 seconds - 33 of those were ARP requests to my local router asking "who has [myPublicIP]? - This got me curious... why is unRaid continually trying to figure out that my router is the next layer 2 (mac address) hop to my public IP? Digging into ARP requests - Resource: https://osqa-ask.wireshark.org/questions/5412/what-does-arp-42-who-has-19216811-tell-192168133-mean - ARP (Address Resolution Protocol) requests are similar to DNS requests but they are IP to MAC resolutions rather than Domain to IP resolutions - running arp -a was very slow (this shows IP addresses and their corresponding MAC addresses) - running arp -an (no DNS lookups) was instantaneous - Surprisingly this is the same after resolution, but it makes sense because DNS requests of each local subnet IP and 172.18.X.X docker subnet IP fail Digging into tcpdump of "curl ifconfig.io" with local router as the first DNS server - unRaid settings: local router and external DNS servers statically assigned in Settings > Network - local router as #1, then open DNS = 208.67.220.220 and 208.67.222.222 as #2 and #3) - 42 packets (64 less) over less than 1 second (14 less) - None of those (33 less) were ARP requests to my local router asking "who has [myPublicIP]? Symptom Resolution: - CLI requests to WAN resources are instantaneous (as expected) - Plugins tab loads in ~5 seconds (background update checks are enabled) - CA tab loads in 2-3 seconds - Dockers update and retain icon image - Fix Common Problems plugin scans within 15 seconds now (took multiple minutes before) Unresolved symptoms: - Docker's still show version "not available" - Forcing an update resolves this, but I am going to wait overnight to see if the scheduled update check resolves it (will post again tomorrow) - UPDATE (same day): I triggered a manual check for docker updates and about 15-20 seconds later all 17 of my dockers had no more "not available" - traceroutes to my default gateway still fail @Squid So, it was my network... I think? lol
  5. I updated CA and it loads now, under 30 seconds on the few tries I did. Still have the same slow response on curl, ping and traceroute requests on the host, dockers are still ok.
  6. Same results even when using open dns (what I usually use, firewall assigns them to devices rather than itself). Same with google and cloudflare dns servers - all statically set in Settings > Network. Regarding "it's not my network" - I let my OP be open-ended, but I feel it is ip routing or dns resolution. Just not the network numbers I'm typing in or configuration of my firewall. Literally nothing has changed on that side, and connection requests from dockers and vms are unaffected. Edit: also no pfsense or other proxys between the unraid box and WAN. Thoughts on my ip routes and traces? I have nothing to compare them to, nor have I ever recorded the same in the past. They are only what unraid generates, aside from the metric = 1 for the IPv4 gateway I set in the gui when troubleshooting. The 14-16 second curl ifconfig.io response is very consistent, same time span for a domain name ping to start hitting the resolved ip. Could it be attempting to route through the 172.18 docker network then falling back to eth0/br0?
  7. I am running into the same issue multiple people are having here, I have read over a dozen threads both old and new. Nothing is working, please don't give me the "it's your network response". When attempting to load the CA tab I get this error: That is only one symptom, I have the other symptoms other's have described: - Intermittent access to CA list (occasionally it loads, most often it times out after 60 seconds) - Docker containers show version "not available" - Forcing the update of a Docker container causes the icon to disappear and show the ? one - When a Docker is missing an icon, loading the Docker tab takes 15 seconds (research shows this is the standard timeout, down from 60 in the past) - I learned how to manually resolve this (where to save the image files and naming convention) - Commands with IPs such as "ping 172.217.12.14" (google.com's ip address) come back instantly - Commands with domains such as "curl ifconfig.io" and "ping google.com" take 10-14 seconds to return anything (ip address or start pinging the ip) - These same commands run instantly, as expected, when run in ANY docker's shell - So we know the network card and subnet/firewall is capable - Commands and speed tests run on a fresh W10 VM are instantaneous and pull my full gig bandwidth - So we know the network card and subnet/firewall is capable Facts and attempted resolutions: - I have rebooted numerous times, re-logged-in through a new browser with cache cleared, re-logged-in through SSH - IPv6 is disabled on unraid and my firewall - I setup letsencrypt docker with reverse proxy a few weeks ago, everything worked fine, still does - This required setting up a custom Docker network (proxynet, as instructed in SpaceInvaderOne's video) - That network has a metric of 1 in my ip routes, whereas my eth0/br0 subnet always has a 200+ metric - I don't know how to change the new Docker network (br-b579...) to a higher metric... could this be the cause? - When Docker is enabled the 172.17.0.0/16 docker0 network shows up with a metric of 1, same symptoms (no dockers use it, all are on proxynet) - Screenshot above also has the "optional metric" for my eth0/br0 IPv4 gateway set to 1, yields the same symptoms - Only recent change is converting the letsencrypt container to swag (name, appdata folder and mapping, repo and icon url were all updated) - swag works fine, websites and dockers are all accessible as they were before (I only mention this because it is the only recent change) - No changes to IP scheme, masks or dns servers (the firewall provides ip/mac bound address and open dns servers) - DHCP and Static configurations yield the same symptoms - Yes I am using the correct mask, gateway and multiple DNS providers (open dns, google, and cloudfare) - I have tried with bonding/bridging: on/on, off/on, off/off (respectively) - I have tried with Docker/VM manager on and off - I have regenerated the /boot/config/network.cfg file and resolvr.conf (forget what path that one was at) - both update in response to changes in Settings > Network (evidenced by cat /boot/config/network.cfg and cat resolvr.conf) - I can ping: 127.0.0.1, 10.3.55.2 (server's IP), 10.3.55.1 (gateway), both ISP's modems LAN address and my WAN IP without issue... it's when I try to ping, traceroute or curl a domain name that it hangs 10+ seconds - Tracing the route to my default gateway though... doesn't work from unraid but it comes back as expected on any other VM or machine on the network (from VM on same subnet, 10.3.55.7) (from unraid console via ssh as root) So I really need some help here folks. I've attached what I thought would be helpful... let me know if other info is needed to help. After 8 hours of reading threads and troubleshooting I am at a loss.
  8. These types of responses are not helpful and have rendered this thread useless to anyone who comes across it looking for the same information @Rhino2310 was looking for. Hopefully someone else can provide a helpful response to this simple syntax question. This config edit appears to be very common when considering YouTube videos demonstrate it and have multiple thankful comments on them. All the OP and I are looking for is a way to define multiple users in the highlighted config line below: [rootshare] path = /mnt/user comment = browseable = no valid users = write list = vfs objects = i.e. valid users = george,lucas,rey valid users = george;lucas;rey valid users = [george,lucas,rey] This is not a question about if it should be done, how it should be done (GUI, CLI, config edits, etc.)... Just CAN it be done? If it can, what is the syntax to define multiple users? If multiple users cannot be defined, can you essentially copy and paste the same share with a different user specified?