[Odd issue when trying to look at logs - pop up login window - not sure if bug]

Did this ever get resolved? I also see the same behaviour on viewing Docker logs and consoles.

[[Support] Linuxserver.io - Kanzi]

Anyone able to run this behind nginx and actually get the Alexa skill to communicate with it? I’m getting SSL errors as it seems AWS does not like letsencrypt certs and even uploading the full pem as a self cert certificate still prevents the skill from successfully being able to connect.

[Network isolation in unRAID 6.4]

14 hours ago, bonienl said:

Can you post a screenshot of your network settings and a screenshot of your Docker settings (docker service stopped and advanced view)

As requested. Thanks.

[Network isolation in unRAID 6.4]

35 minutes ago, jowe said:

I have set up my VLAN in network settings (without a static IP for unraid server)

 

Then stop docker go to settings / docker, advanced view, and there you should be able to choose vlans for docker. And after that, see them in every container.

I have the VLAN listed in my Docker settings as shown above and br0.5 is listed on the Docker settings page. However Docker network ls or the 'Network Type' dropdown on container templates is not showing it.

[Network isolation in unRAID 6.4]

Having trouble getting br0.5 showing up in the Docker 'Network Type' dropdown. I only see br0.

 

Network Settings
Enable VLANs: Yes
VLAN number: 5
Interface description: Docker VLAN
Network protocol: IPV4 Only
IPv4 address assignment: Static
IPv4 address: 192.168.5.0 
IPv4 default gateway: 192.168.5.1

Routing Table
IPv4	default	192.168.1.1 via br0	1	
IPv4	default	192.168.5.1 via br0.5	2	
IPv4	172.17.0.0/16	docker0	1	
IPv4	192.168.1.0/24	br0	1	
IPv4	192.168.5.0/24	br0.5	1	
IPv6	::1	lo	256	
IPv6	fd00:0:0:1::/64	br0	256	
  
Docker Settings
Docker version: 18.09.6
Docker vDisk location: /mnt/cache/docker.img
Default appdata storage location: /mnt/user/appdata/
Docker LOG rotation: Enabled
Preserve user defined networks: No
IPv4 custom network on interface br0:
Subnet: 192.168.1.0/24 Gateway: 192.168.1.1 DHCP pool: 192.168.1.128/26  (64 hosts)
IPv4 custom network on interface br0.5:
Subnet: 192.168.5.0/24 Gateway: 192.168.5.1 DHCP pool: 192.168.5.128/26  (64 hosts)

Docker Network LS
NETWORK ID          NAME                DRIVER              SCOPE
92afbb695547        br0                 macvlan             local
37e5ee6e805d        bridge              bridge              local
ea7a550c1b45        host                host                local
bd960ef7eb26        none                null                local

Any ideas why I can't see br0.5 in Docker network ls or the dropdown? I've tried running 'rm /var/lib/docker/network/files/local-kv.db;                                   /etc/rc.d/rc.docker restart' but that didnt help. Any ideas?

[[Support] Linuxserver.io - NZBGet]

28 minutes ago, nuhll said:

Why are you entering ciphers in the first place? As far as i understand it, its only needed when nzbget cant connect to server. If its working without, why adding one? Never entered one. 

 

I thought its only if nzbget is not able to automatic find out which cipher to use!?

Speed. https://nzbget.net/choosing-cipher recommends using RC4-MD5

[[Support] Linuxserver.io - NZBGet]

2 hours ago, dmacias said:

23 hours ago, Weavus said:

Overnight my container was updated to "25.02.19: - Rebasing to alpine 3.9" and I'm now getting the following error for all of my newsservers:
 
TLS handshake failed for nl.newsgroupdirect.com: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
TLS handshake failed for news.tweaknews.eu: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
TLS handshake failed for sslreader.eweka.nl: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

If I leave the cipher empty in the newsservers configuration of nzbget then everything works fine. Why has RC4-MD5 stopped working all of the sudden with the rebasing to alpine 3.9 and no change the the nzbget code?

It stopped working because RC4 is not included in the container. openssl ciphers -v doesn't show any RC4

Thanks for the info. Any advice on which cipher I should be using going forward or best to leave it blank until RC4-MD5 is restored?

[[Support] Linuxserver.io - NZBGet]

Overnight my container was updated to "25.02.19: - Rebasing to alpine 3.9" and I'm now getting the following error for all of my newsservers:

 

TLS handshake failed for nl.newsgroupdirect.com: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

TLS handshake failed for news.tweaknews.eu: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

TLS handshake failed for sslreader.eweka.nl: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

If I leave the cipher empty in the newsservers configuration of nzbget then everything works fine. Why has RC4-MD5 stopped working all of the sudden with the rebasing to alpine 3.9 and no change the the nzbget code?

[[6.3.0+] How to setup Dockers without sharing unRAID IP address]

Thanks bonienl, I'll give that workaround a go and see if that works for me until a proper way of handling this advanced use/edge case is provided in a future release.

 

EDIT: Can confirm, commenting out those 3 lines and adding the file to flash and copying it via the go file means my custom docker network was preserved and my containers auto started as expected using the old custom network after a reboot. Thanks again for a speedy workaround idea.

 

[[6.3.0+] How to setup Dockers without sharing unRAID IP address]

On 10/01/2018 at 9:12 PM, bonienl said:

Any manually created macvlan is removed, cause these interfere with the automatic creation.

 

Could we have a Docker GUI setting to skip the removal of any manually created macvlan?  

[[6.3.0+] How to setup Dockers without sharing unRAID IP address]

11 hours ago, bonienl said:

Yes unRAID 6.4. scans all available interfaces when starting the docker service. Each interface which has an IP address assigned to it will be automatically included in the dropdown list of network types when configuring a container.

 

Any manually created macvlan is removed, cause these interfere with the automatic creation.

 

eth0 (br0) is the management interface and always has an IP address. Consequently this interface becomes automatically available to docker containers, which can set a different and unqiue IP address (either dynamic or static) for this interface.

 

And unRAID 6.4 supports both IPv4 and IPv6 addresses for docker containers.

 

 

Sorry, I was mistaken, when rebooting Unraid/Docker recreated br0 which is using the gateway 192.168.1.1 which means I cant recreate my localnetwork network as it can't use the gateway while br0 has it until I manually delete br0 and recreate my localnetwork network. My eth1 interface does not have an IP address assigned so nothing is automatically created on startup for br1.

 

How is 6.4 supposed to work with two network interfaces to achieve what I want, i.e. my containers having their own assigned IP in my 192.168.1.x range? Am I missing something as to how its supposed to work in 6.4 to do this automagically? Right now I can't see how the automatic wipe existing/create new is helping me so is their a way to tell Unraid/Docker not to blow my self-created network away when it restarts?

 

Thanks

[[6.3.0+] How to setup Dockers without sharing unRAID IP address]

On 14/11/2017 at 11:52 PM, ken-ji said:

The IP address details are:

• Network: 192.168.1.0/24
• Router: 192.168.1.1
• unRAID: 192.168.1.2 (on eth0/br0)
• DHCP range: 192.168.1.64-192.168.1.127 (this just simplifies some of the math)
• Docker container range: 192.168.1.128-192.168.1.192

Running on the terminal:

# docker network create \
-o parent=br1 \
--driver macvlan \
--subnet 192.168.1.0/24 \
--ip-range 192.168.1.128/26 \
--gateway 192.168.1.1 \
localnetwork

• Modify any Docker via the WebUI in Advanced mode
• Set Network to None
• Remove any port mappings
• Fill in the Extra Parameters with: --network localnetwork
• Apply and start the docker

 

Excellent write up, thanks!

 

I've followed this (using the same network layout as I was already using 192.168.1.x) and its working great for my containers however when I stop / start docker the localnetwork is deleted and I have to manually recreate it and then manually start the containers. Also, the last time I rebooted unraid (6.4.0_rc20a) it also recreated br1 which I had to delete from docker before I could recreate localnetwork.

 

Is it supposed to save this network in the docker.img? 

If yes, any idea why mine isn't being saved and I'm having to recreate it each time?

If not, is there a best practice way of automating the recreation of the network and starting of the containers?

[[SUPPORT] pihole for unRaid - Spants repo]

On 07/01/2018 at 10:07 AM, bmdegraaf said:

I am getting the following error message:
[✗] DNS resolution is currently unavailable

As a result, the block lists will not update... Can someone point me in the right direction?

 

Add the following to Extra Parameters in the docker template to get it working:
 

--dns 127.0.0.1 --dns 8.8.8.8

 

[System log blown up with bro/eth0 issue]

Having the same issue with single NIC, bonding = no, bridging = yes

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

21 hours ago, aptalca said:

 

FYI, I reported the issue to fail2ban and they confirmed it as a bug, which will be fixed. Until then, your workaround should be sufficient

https://github.com/fail2ban/fail2ban/issues/1741

 

 

Perfect, thanks!

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

Figured it out. I commented out the last section of iptables-common.conf in action.d

 

#[Init?family=inet6]

# Option:  blocktype (ipv6)
# Note:    This is what the action does with rules. This can be any jump target
#          as per the iptables man page (section 8). Common values are DROP
#          REJECT, REJECT --reject-with icmp6-port-unreachable
# Values:  STRING
#blocktype = REJECT --reject-with icmp6-port-unreachable

# Option:  iptables (ipv6)
# Notes.:  Actual command to be executed, including common to all calls options
# Values:  STRING
#iptables = ip6tables <lockingopt>

Now fail2ban is starting without errors 

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

5 hours ago, aptalca said:

 

Can you exec into the container ( docker exec -it letsencrypt bash ) and then install the package ( apk add --update ip6tables ) and restart? If that fixes it, we'll go ahead and add the package to the image

 

Ran the command and restarted, new errors now about initialising ip6tables

2017-03-28 23:29:51,870 fail2ban.utils          [264]: ERROR   ip6tables -w -N f2b-nginx-botsearch
ip6tables -w -A f2b-nginx-botsearch -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr:
2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"
2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"
2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2017-03-28 23:29:51,872 fail2ban.utils          [264]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2017-03-28 23:29:51,872 fail2ban.utils          [264]: ERROR    -- stderr: 'Could not open socket to kernel: Address family not supported by protocol'
2017-03-28 23:29:51,872 fail2ban.utils          [264]: ERROR   ip6tables -w -N f2b-nginx-botsearch
ip6tables -w -A f2b-nginx-botsearch -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 1
2017-03-28 23:29:51,872 fail2ban.actions        [264]: ERROR   Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport

So tried passing unraids /lib/modules as a read-only path to the container but now get

2017-03-28 23:40:37,382 fail2ban.utils          [261]: ERROR   ip6tables -w -N f2b-nginx-botsearch
ip6tables -w -A f2b-nginx-botsearch -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr:
2017-03-28 23:40:37,382 fail2ban.utils          [261]: ERROR    -- stderr: 'modprobe: module ip6_tables not found in modules.dep'
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'modprobe: module ip6_tables not found in modules.dep'
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'Could not open socket to kernel: Address family not supported by protocol'
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR   ip6tables -w -N f2b-nginx-botsearch
ip6tables -w -A f2b-nginx-botsearch -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 1
2017-03-28 23:40:37,383 fail2ban.actions        [261]: ERROR   Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport

So maybe I need to install that apk in unraid but I'd really rather not as I don't use ipv6 on my network.

 

Is there anyway just to configure fail2ban not to try using ip6tables and drop ipv6 support instead?

 

Thanks

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

I'm having trouble getting Fail2ban working. I'm seeing this in the logs:

 

2017-03-26 04:04:46,710 fail2ban.jail           [266]: INFO    Jail 'nginx-http-auth' started
2017-03-26 04:04:46,712 fail2ban.jail           [266]: INFO    Jail 'nginx-botsearch' started
2017-03-26 04:04:46,714 fail2ban.jail           [266]: INFO    Jail 'nginx-badbots' started
2017-03-26 04:04:46,799 fail2ban.utils          [266]: ERROR   ip6tables -w -N f2b-nginx-http-auth
ip6tables -w -A f2b-nginx-http-auth -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- stderr:
2017-03-26 04:04:46,799 fail2ban.utils          [266]: ERROR    -- stderr: '/bin/sh: ip6tables: not found'
2017-03-26 04:04:46,800 fail2ban.utils          [266]: ERROR    -- stderr: '/bin/sh: ip6tables: not found'
2017-03-26 04:04:46,800 fail2ban.utils          [266]: ERROR    -- stderr: '/bin/sh: ip6tables: not found'
2017-03-26 04:04:46,800 fail2ban.utils          [266]: ERROR   ip6tables -w -N f2b-nginx-http-auth
ip6tables -w -A f2b-nginx-http-auth -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- returned 127
2017-03-26 04:04:46,800 fail2ban.utils          [266]: INFO    HINT on 127: "Command not found".  Make sure that all commands in 'ip6tables -w -N f2b-nginx-http-auth\nip6tables -w -A f2b-nginx-http-auth -j RETURN\nip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals.
2017-03-26 04:04:46,826 fail2ban.actions        [266]: ERROR   Failed to start jail 'nginx-http-auth' action 'iptables-multiport': Error starting action Jail('nginx-http-auth')/iptables-multiport

 

How do I turn off ip6 support in fail2ban or make the ip6tables command available?

 

Thanks

 

[Folders missing from SMB shares. Can see them fine via AFP and web gui]

To answer my own question I found a couple of files that the filename encoding had got really screwed. Once I managed to fix them the folders started appearing in SMB shares. I'm still not sure where and when the few filenames got badly encoded but at least its working now.

[Folders missing from SMB shares. Can see them fine via AFP and web gui]

I've been migrating my content from two separate v5 Unraid servers to a new v6 server. Most of the data is now copied to the v6 machine but I cant see most of my content via SMB and its driving me nuts. I used rsync to copy the data from the old servers to the new.

 

I have the following structure currently spread across 2 8TB disks

/mnt/user/Media/Movies

/mnt/user/Media/TV

 

If I open a connection to the server via SMB on OSX 10.11.3 I only see 275 folders in the Movies directory in Finder. If I open a terminal in OSX and goto /Volumes/Media/Movies and do a ls | wc -l I get 236 folders back.

 

If I connect via AFP or open a browser to the unraid GUI and browse the share I can see all 1752 folders in the Movies share and I can pick one that does not appear on the SMB share and read the contents of any file in the directory without issue.

 

I have the share set to Public permissions, I've tried running new_permissions tool, I've restarted both the server and client.

 

What the hell is going on? Could it be issues with UTF-8 characters in some of the filenames that the rsync copy has broken? Any other ideas?

[Tvheadend plugin for unRAID V5.0]

Any chance you could compile a version of the latest git trunk with transcoding support enabled?

 

"change in src/plumbing/transcode.c -> enable_transcode to 1 and

 

./configure and make it."

 

Really want to see if I can get live http transcoding working via Plex.

 

Thanks!