062bel313
-
Posts
34 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by 062bel313
-
-
On 7/13/2023 at 8:19 AM, primeval_god said:
I am not sure how to create persistent docker networks, is there any link I can follow. My issue is also same as @L0rdRaiden. Here are my network settings, if you can quickly see anything wrong.
Thank you,
-
7 hours ago, Kilrah said:
Working as expected here... You sure you don't have a custom script or something that you forgot about?
No I do not have any custom script related to dockers.
39 minutes ago, primeval_god said:After startup check your log for messages of the format "Starting compose stack: ${name}". The compose autostart script should log that message for each stack it tries to autostart.
I will give a restart and try to gather the logs for further insights.
-
Does this mean, I am the only one with this issue? All my docker are turned off on the containers it self. I only have pi-hole auto start on on the docker-compose stack. Not sure what is triggering auto start of all the docker during the restart of unraid server 😞
-
21 hours ago, Kilrah said:
Make sure you didn't set autostart on the containers themselves in the top section.For compose stacks you only want it on the stack itself.
Yes those are all off.
-
How does this autostart feature work? I want to disable the docker up after the reboot. Somehow I am facing similar issue as @L0rdRaiden. So I want all docker to stay off except one (pihole). If I toggle the auto start to off, there are still trying to execute the docker. Anything we need to do on top of disabling the auto start to make sure the docker is not trying to go up after a reboot?
-
On 1/30/2022 at 7:19 PM, Built2Succeed said:
I was wondering. Did you resolve this issue? If you do can you post the solution here. Thank you.
Nope couldn’t figure out why it was not blocking though i have all the ip blocked in the iptables. Decided to not use it after lots of tries and frustration.
-
1 hour ago, Kevin Marchese said:
@062bel313 Just making sure you know that when you uploading via Cloudflare you will be limited to 100MB, however if you upload locally you can upload as much as you like. So rather than paying cloudflare I just gotten used to doing any major uploads at home on my local network bypassing the CF protected domain. I hope you get fail2ban to work but that is my 2 cents on uploading via cloudflare.
Also if you dont mind me asking why did you set bantime to "-1" does that set it for forever, dont ban at all, or is it some testing puspose?
I have remote users my family members and they always had issues because of cloudflare, i will look into it again.
yes, bantime -1 will block it forever.
-
On 1/28/2022 at 9:32 AM, Built2Succeed said:
Are you using cloudflare to host your site? I'm certainly no expert and hopefully i don't steer you in the wrong direction. But it seems to me that your filter and jail are setup correctly since the fail2ban log you show seems to be showing a ban. Did you go into the container console and type 'fail2ban-client status Nginx' ? Does it show as banned? Also I would check your action setup in action.d folder. I have two files in my action.d folder : iptables-common.local and cloudflare-apiv4.conf.
My iptables-common.local file looks like this:
# /mnt/user/appdata/fail2ban/action.d/iptables-common.local
[Init]
blocktype = DROP
[Init?family=inet6]
blocktype = DROP
My cloudflare-apiv4.conf file looks like this:
#
# Author: Gilbn from https://technicalramblings.com
# Adapted Source: https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.conf and https://guides.wp-bullet.com/integrate-fail2ban-cloudflare-api-v4-guide/
#
# To get your Cloudflare API key: https://dash.cloudflare.com/profile use the Global API Key
#
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart =
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop =
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: IP address
# number of failures
# unix timestamp of the ban time
# Values: CMD
actionban = curl -s -X POST "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json" \
--data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Fail2ban <name>"}'
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: IP address
# number of failures
# unix timestamp of the ban time
# Values: CMD
#
actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1);}}}' | tr -d '"' | sed -e 's/^[ \t]*//' | head -n 1)" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json"
[Init]
# Name of the jail in your jail.local file. default = [jail name]
name = default
# Option: cfuser
# Notes.: Replaces <cfuser> in actionban and actionunban with cfuser value below
# Values: Your CloudFlare user account
cfuser = your_cloudflare_username
# Option: cftoken (Global API Key)
# Notes.: Replaces <cftoken> in actionban and actionunban with cftoken value below
# Values: Your CloudFlare API key
cftoken = your_Cloudflare_API_token
My domain is hosted at cloudflare, and not using proxy at the moment ( had issue with nextcloud, that auto upload was not working properly for larger files).
In my iptables, I see all the IPs are banned as well. I have very similar configuration as yours besides the cloudflare part. 😞
-
With configuration like yours: jail
Same issue.
-
I am not sure what I did wrong. The difference between yours and mine is just cloudflare. I do not have subdomains proxied via cloudflare. I am trying to set it up for nginx. the logs displays ip is banned (I am using vpn to test the fail2ban). But I can still access the services. I asked in the reddit to see if I can get quick response. Here is the link to the detail issue and configuration I am using,
fail2ban detecting IP but not blocking : fail2ban (reddit.com)
I saw you were using different config for the action. So I gave second try with exact configuration like you and still stuck with the IP not being actually banned. Any idea?
-
Hello sorry if I am at the wrong place, I want to understand a problem I am facing for the OpenVPN.
I am using: OpenVPN-client maintained by @ich777. I updated the vpn.ovpn file today to change the location and now when I restart the docker, I get this error.
seems like something different in the new ovpn file. can you suggest any resolution?
Thank you,
-
I couldn't find nginx.conf in my NPM /config directory. Do you know where it is located, I am using Nginx Proxy manager docker. I searched using find everything and it results empty search. 😞
-
1 hour ago, rswafford said:
Got this set up, ran through the config guide, and when I try to access via local ip (http://192.168.1.xxx:9091), my browser just gives me the generic Chrome error "This site can't be reached".
In the Authelia container logs, I see:
What'd I miss?
When i started mine I got stuck at the same issue. At that time I modified the configuration that came with authelia instead of one provided by Sycotix in github. I later used the config from Sycotix and motified on it. And I was able to load the webpage. I don’t see why it shouldn’t work with the original configuration but may be I had some mistakes there no idea.
-
Nice one, i will give this a try. Thank you for sharing.
-
I tested with other apps like unifi, bitwarden, and some synology apps and non of them worked fir me. Definitely i am doing something wrong. I can access them from webpage via authelia but not from apps. I am sure others have tried containers with ios apps, can someone share what container worked with NPM and api via authelia, want to make sure that runs on my end as well otherwise I must be doing some mistake that I am not able to figure out.
thank you
-
I feel like the /api setting in NPM is not correct.
If I check the log when the emby.mydomain.com was requested from webpage, I see: path=/api/firstfactor in the log. There is /api and it was still requesting for authelia authentication.
If I check the log when the emby was requested from the ios, I see: path=/api/verify in the log.
Do you think the /api I set is not correct. I posted the screen shot above in my 1st post here:
https://forums.unraid.net/topic/94096-support-ibracorp-all-images-and-files/?do=findComment&comment=965345 -
3 minutes ago, Sycotix said:
there's your issue. You don't have the correct rules in your Authelia config file. Reading this it looks like you are unauthorised. Try adding a rule for that subdomain if you haven't or you can cover all subdomains with a wildcard such as *.example.com.
Let us know what you find
I confirmed again that I have emby.mydomain.com defined in the config file and I was able to successfully authenticate it via authelia when accessing from the web browser (I have attached the log in previous with successful login via authelia from web), I only get this error (that you quoted) when I am trying to connect from ios.
I just tried wildcard *.mydomain.com and I still get same issue 😞
I strongly feel like emby app do not request for /api location may be? is there a way to know that?
Thank you for your help!
-
22 minutes ago, Sycotix said:
That's okay, we were all beginners at some point. So usually if an app has a API endpoint this method shown will allow the authentication to be skipped for the API, but if someone was to log in directly still be presented with the sign in for say Authelia or Organizr.
I tried looking it up for Emby but can't confirm if it allows API access. From what I can see you need to actually log in. I could be wrong, but that's all I know sorry. I don't use Emby personally.
You should provide the logs from Authelia. You can do this in Unraid by clicking the Docker container for Authelia and selecting Logs.
This is what I get in the log:
time="2021-03-22T00:16:29-05:00" level=info msg="Access to https://emby.mydomain.com/emby/system/info/public (method unknown) is not authorized to user <anonymous>, sending 401 response" method=GET path=/api/verify remote_ip=172.69.34.142
I also tried the organizr method and that also doesn't work, may be the emby app doesn't use api.
surprisingly, when accessing from the web, the link has /api but it asks for the authentication though I have auth_request off; for api requests. may be my understanding is not right about if it was a /api request.
time="2021-03-22T00:15:38-05:00" level=debug msg="Mark authentication attempt made by user username" method=POST path=/api/firstfactor remote_ip=XX.XX.XX.XX time="2021-03-22T00:15:38-05:00" level=debug msg="Credentials validation of user username is ok" method=POST path=/api/firstfactor remote_ip=XX.XX.XX.XX time="2021-03-22T00:15:38-05:00" level=debug msg="Required level for the URL https://emby.mydomain.com/ is 1" method=POST path=/api/firstfactor remote_ip=XX.XX.XX.XX'
Thank you for the help!
-
6 minutes ago, Sycotix said:
My pleasure thank you!
Hi Sycotix:
I followed the video again, and may be I am not understanding it for api. Sorry I am just a beginner trying to figure out the stuff. Basically, I have a advance configuration setup for emby as you posted in your video for authelia, and that is woriking great for the web access. On top of that now I am doing as follows based on the video you made for organizr
I am still getting same issue. Just want to confirm if I am doing it correct. Do I need to create another DNS entry for emby.mydomain.com/api or such? sorry If my question doesn't make sense 🙂
Thank you
-
19 minutes ago, Sycotix said:
Thanks for watching my videos, appreciate it.
For the first issue I'm not entirely sure but it could be that a header needs to be forwarded on? I'm currently using Organizr Auth for Ombi so can't test it right this second.
The second issue is because your API path is being blocked by Authelia. Please watch my Organizr Auth video to undertand how to circumvent this for API paths. The video is about Organizr but the principle and the method is exactly the same:
Thank you, i have watched all your videos including this one, i might have missed it somehow, i will check it again. Looking for more videos and have already subscribed. Great work and best wishes!
-
On 2/23/2021 at 4:17 PM, Sycotix said:
Hi @gizmerthanks for the feedback, glad to help.
So yeah with the API stuff I'm going to do a video on that because it comes up a lot. Keep an eye on the YouTube channel and you'll see it come up if subscribed. I'll end up putting it here too
Not sure if Issues are related or not but I am posting it to get insights from experts. Things are working except two issues:
1. Ombi: With the ombi.mydomain.com it successfully authenticates via authelia. Then it redirects to ombi login page, but there I cannot login. If I remove authelia for ombi, I can successfully login. I am trying from web no app. Not sure what is the issue.
2. Emby: with emby.mydomain.com, in web I can successfully authenticate and authelia redirects to emby and I can sign in there as well. But if i try from emby app, i get connection error to server.
I have tried using
proxy_intercept_errors off;
any insights, what i might be doing wrong? I am using NPM as shown in the youtube setup (depth).
nice video and great job 👏
-
Hi JorgeB:
Indeed, there was some issue with the PCIE slot I was using, not sure what is the issue but, I switched my graphics card P200 and the NIC, and now it shows up. I will setup pfsense now.
Thank you all. you guys are the best.
-
1
-
-
Hello ChatNoir:
I am running version 6.8.3. Diagnostic attached.
Thank youunraid-diagnostics-20201028-0154.zip
-
Ok, I found another post from July, where the 82576 is working. So in that case why I cannot see it in unraid? any insights?
[Plugin] Docker Compose Manager
in Plugin Support
Posted
I have that setting on from beginning.
And I created networks like this in the docker compose.
I am not sure how I created dockernet. I think I used CLI to create that. Anything I am doing wrong?
Thank you,