Weavus

Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by Weavus

  1. Did this ever get resolved? I also see the same behaviour on viewing Docker logs and consoles.
  2. Anyone able to run this behind nginx and actually get the Alexa skill to communicate with it? I’m getting SSL errors as it seems AWS does not like letsencrypt certs and even uploading the full pem as a self cert certificate still prevents the skill from successfully being able to connect.
  3. I have the VLAN listed in my Docker settings as shown above and br0.5 is listed on the Docker settings page. However Docker network ls or the 'Network Type' dropdown on container templates is not showing it.
  4. Having trouble getting br0.5 showing up in the Docker 'Network Type' dropdown. I only see br0. Network Settings Enable VLANs: Yes VLAN number: 5 Interface description: Docker VLAN Network protocol: IPV4 Only IPv4 address assignment: Static IPv4 address: 192.168.5.0 IPv4 default gateway: 192.168.5.1 Routing Table IPv4 default 192.168.1.1 via br0 1 IPv4 default 192.168.5.1 via br0.5 2 IPv4 172.17.0.0/16 docker0 1 IPv4 192.168.1.0/24 br0 1 IPv4 192.168.5.0/24 br0.5 1 IPv6 ::1 lo 256 IPv6 fd00:0:0:1::/64 br0 256 Docker Settings Docker version: 18.09.6 Docker vDisk location: /mnt/cache/docker.img Default appdata storage location: /mnt/user/appdata/ Docker LOG rotation: Enabled Preserve user defined networks: No IPv4 custom network on interface br0: Subnet: 192.168.1.0/24 Gateway: 192.168.1.1 DHCP pool: 192.168.1.128/26 (64 hosts) IPv4 custom network on interface br0.5: Subnet: 192.168.5.0/24 Gateway: 192.168.5.1 DHCP pool: 192.168.5.128/26 (64 hosts) Docker Network LS NETWORK ID NAME DRIVER SCOPE 92afbb695547 br0 macvlan local 37e5ee6e805d bridge bridge local ea7a550c1b45 host host local bd960ef7eb26 none null local Any ideas why I can't see br0.5 in Docker network ls or the dropdown? I've tried running 'rm /var/lib/docker/network/files/local-kv.db; /etc/rc.d/rc.docker restart' but that didnt help. Any ideas?
  5. Speed. https://nzbget.net/choosing-cipher recommends using RC4-MD5
  6. It stopped working because RC4 is not included in the container. openssl ciphers -v doesn't show any RC4 Thanks for the info. Any advice on which cipher I should be using going forward or best to leave it blank until RC4-MD5 is restored?
  7. Overnight my container was updated to "25.02.19: - Rebasing to alpine 3.9" and I'm now getting the following error for all of my newsservers: TLS handshake failed for nl.newsgroupdirect.com: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure TLS handshake failed for news.tweaknews.eu: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure TLS handshake failed for sslreader.eweka.nl: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure If I leave the cipher empty in the newsservers configuration of nzbget then everything works fine. Why has RC4-MD5 stopped working all of the sudden with the rebasing to alpine 3.9 and no change the the nzbget code?
  8. Thanks bonienl, I'll give that workaround a go and see if that works for me until a proper way of handling this advanced use/edge case is provided in a future release. EDIT: Can confirm, commenting out those 3 lines and adding the file to flash and copying it via the go file means my custom docker network was preserved and my containers auto started as expected using the old custom network after a reboot. Thanks again for a speedy workaround idea.
  9. Could we have a Docker GUI setting to skip the removal of any manually created macvlan?
  10. Sorry, I was mistaken, when rebooting Unraid/Docker recreated br0 which is using the gateway 192.168.1.1 which means I cant recreate my localnetwork network as it can't use the gateway while br0 has it until I manually delete br0 and recreate my localnetwork network. My eth1 interface does not have an IP address assigned so nothing is automatically created on startup for br1. How is 6.4 supposed to work with two network interfaces to achieve what I want, i.e. my containers having their own assigned IP in my 192.168.1.x range? Am I missing something as to how its supposed to work in 6.4 to do this automagically? Right now I can't see how the automatic wipe existing/create new is helping me so is their a way to tell Unraid/Docker not to blow my self-created network away when it restarts? Thanks
  11. Excellent write up, thanks! I've followed this (using the same network layout as I was already using 192.168.1.x) and its working great for my containers however when I stop / start docker the localnetwork is deleted and I have to manually recreate it and then manually start the containers. Also, the last time I rebooted unraid (6.4.0_rc20a) it also recreated br1 which I had to delete from docker before I could recreate localnetwork. Is it supposed to save this network in the docker.img? If yes, any idea why mine isn't being saved and I'm having to recreate it each time? If not, is there a best practice way of automating the recreation of the network and starting of the containers?
  12. Add the following to Extra Parameters in the docker template to get it working: --dns 127.0.0.1 --dns 8.8.8.8
  13. Having the same issue with single NIC, bonding = no, bridging = yes
  14. Figured it out. I commented out the last section of iptables-common.conf in action.d #[Init?family=inet6] # Option: blocktype (ipv6) # Note: This is what the action does with rules. This can be any jump target # as per the iptables man page (section 8). Common values are DROP # REJECT, REJECT --reject-with icmp6-port-unreachable # Values: STRING #blocktype = REJECT --reject-with icmp6-port-unreachable # Option: iptables (ipv6) # Notes.: Actual command to be executed, including common to all calls options # Values: STRING #iptables = ip6tables <lockingopt> Now fail2ban is starting without errors
  15. Ran the command and restarted, new errors now about initialising ip6tables 2017-03-28 23:29:51,870 fail2ban.utils [264]: ERROR ip6tables -w -N f2b-nginx-botsearch ip6tables -w -A f2b-nginx-botsearch -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr: 2017-03-28 23:29:51,871 fail2ban.utils [264]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-03-28 23:29:51,871 fail2ban.utils [264]: ERROR -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-03-28 23:29:51,871 fail2ban.utils [264]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-03-28 23:29:51,871 fail2ban.utils [264]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory" 2017-03-28 23:29:51,871 fail2ban.utils [264]: ERROR -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-03-28 23:29:51,872 fail2ban.utils [264]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-03-28 23:29:51,872 fail2ban.utils [264]: ERROR -- stderr: 'Could not open socket to kernel: Address family not supported by protocol' 2017-03-28 23:29:51,872 fail2ban.utils [264]: ERROR ip6tables -w -N f2b-nginx-botsearch ip6tables -w -A f2b-nginx-botsearch -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 1 2017-03-28 23:29:51,872 fail2ban.actions [264]: ERROR Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport So tried passing unraids /lib/modules as a read-only path to the container but now get 2017-03-28 23:40:37,382 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-botsearch ip6tables -w -A f2b-nginx-botsearch -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr: 2017-03-28 23:40:37,382 fail2ban.utils [261]: ERROR -- stderr: 'modprobe: module ip6_tables not found in modules.dep' 2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: 'modprobe: module ip6_tables not found in modules.dep' 2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)" 2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.' 2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: 'Could not open socket to kernel: Address family not supported by protocol' 2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-botsearch ip6tables -w -A f2b-nginx-botsearch -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 1 2017-03-28 23:40:37,383 fail2ban.actions [261]: ERROR Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport So maybe I need to install that apk in unraid but I'd really rather not as I don't use ipv6 on my network. Is there anyway just to configure fail2ban not to try using ip6tables and drop ipv6 support instead? Thanks
  16. I'm having trouble getting Fail2ban working. I'm seeing this in the logs: 2017-03-26 04:04:46,710 fail2ban.jail [266]: INFO Jail 'nginx-http-auth' started 2017-03-26 04:04:46,712 fail2ban.jail [266]: INFO Jail 'nginx-botsearch' started 2017-03-26 04:04:46,714 fail2ban.jail [266]: INFO Jail 'nginx-badbots' started 2017-03-26 04:04:46,799 fail2ban.utils [266]: ERROR ip6tables -w -N f2b-nginx-http-auth ip6tables -w -A f2b-nginx-http-auth -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- stderr: 2017-03-26 04:04:46,799 fail2ban.utils [266]: ERROR -- stderr: '/bin/sh: ip6tables: not found' 2017-03-26 04:04:46,800 fail2ban.utils [266]: ERROR -- stderr: '/bin/sh: ip6tables: not found' 2017-03-26 04:04:46,800 fail2ban.utils [266]: ERROR -- stderr: '/bin/sh: ip6tables: not found' 2017-03-26 04:04:46,800 fail2ban.utils [266]: ERROR ip6tables -w -N f2b-nginx-http-auth ip6tables -w -A f2b-nginx-http-auth -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- returned 127 2017-03-26 04:04:46,800 fail2ban.utils [266]: INFO HINT on 127: "Command not found". Make sure that all commands in 'ip6tables -w -N f2b-nginx-http-auth\nip6tables -w -A f2b-nginx-http-auth -j RETURN\nip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals. 2017-03-26 04:04:46,826 fail2ban.actions [266]: ERROR Failed to start jail 'nginx-http-auth' action 'iptables-multiport': Error starting action Jail('nginx-http-auth')/iptables-multiport How do I turn off ip6 support in fail2ban or make the ip6tables command available? Thanks
  17. To answer my own question I found a couple of files that the filename encoding had got really screwed. Once I managed to fix them the folders started appearing in SMB shares. I'm still not sure where and when the few filenames got badly encoded but at least its working now.
  18. I've been migrating my content from two separate v5 Unraid servers to a new v6 server. Most of the data is now copied to the v6 machine but I cant see most of my content via SMB and its driving me nuts. I used rsync to copy the data from the old servers to the new. I have the following structure currently spread across 2 8TB disks /mnt/user/Media/Movies /mnt/user/Media/TV If I open a connection to the server via SMB on OSX 10.11.3 I only see 275 folders in the Movies directory in Finder. If I open a terminal in OSX and goto /Volumes/Media/Movies and do a ls | wc -l I get 236 folders back. If I connect via AFP or open a browser to the unraid GUI and browse the share I can see all 1752 folders in the Movies share and I can pick one that does not appear on the SMB share and read the contents of any file in the directory without issue. I have the share set to Public permissions, I've tried running new_permissions tool, I've restarted both the server and client. What the hell is going on? Could it be issues with UTF-8 characters in some of the filenames that the rsync copy has broken? Any other ideas?