[Ryzen 5 3400G - supported with Version 6.9.2 ?]

thank.

 

but unfortunately, due to several problems/bugs with unraid and those docker things, i switch back to ubuntu server and regular software/config install...

[J'abandonne ...]

11 hours ago, ChatNoir said:

Salut, dommage que tu n'aies pas pu faire ce que tu souhaitais.

 

Je ne vais pas répondre à tous tes points en détail, je ne partage pas tes conclusions, je n'ai personnellement eu aucun soucis depuis les 10 mois que j'utilise Unraid et je ne suis pas un pro d'IT et je ne connaissais rien à Linux en commençant (je n'y connais pas beaucoup plus maintenant ^^). Notamment sur Docker qui marche très bien, même si j'ai des usages assez simples.

 

J'ai l'impression que beaucoup de tes soucis pourraient venir de soucis lié au matériel ou de compatibilité/stabilité AMD sur Linux.

 

Au plaisir, si tu repasses dans quelque temps.  

 

Merci, j'ai eu la même impression que toi au bout d'un moment...

 

8 heures de travail sur ubuntu serveur 21.  

un petit dpkg -l amdgpu-pro pour regler le soucis de drivers manquant.

 

J'ai maintenant sur la même base hardware un serveur en nginx-proxy, avec redis, en raid5 mdadm/lvm2 avec un ssd en lvmcache et un cold spare. Maria chante, nextcloud fume tranquillement, avec toutes les options f2a que je voulais. seul letsencrypt m'a causé un soucis, que j'ai résolu...

 

Pas de docker, pas de snap, pas de prise de tete car je ne maitrise pas mon environnement.

Pour les bon vieux *.conf, webmin securisé via f2a/wireguard... et le tout en ipv6 !

 

Et pas de licence ...

 

je me donne 1 mois de test pour en faire mon serveur de prod...

 

 

[J'abandonne ...]

Salut.

 

Le titre résume mon avis sur unraid et les dockers.

 

Mon objectif, l'équivalent d'un raid6, en nginx proxy, hébergeant principalement un serveur nextcloud.

Pour le hardware, 1 ssd en cache, 5 disques dont deux en parité. Une Intel X520-da2.

 

Premiere deception, IPV6 plante. Pas trop grave.

 

deuxieme, l'absence de f2a pour le login de unraid.

 

Concernant unraid, j'ai joué avec le système, perdue deux fois la grappe de disques...

 

Perdue deux fois mes docker en jouant avec le ssd. 

Perdus les docker en rebootant simplement, deux fois !!! sur une vingtaine de reboot.

 

pas réussi à installer fail2ban.

 

Tous perdus, en tuant  définitivement deux clés usb. une vielle, une neuve. 

 

posté des messages en français, en anglais... le niveau d'aide était ... léger, voir inexistant.

 

Lorsque j'ai eu finis de jouer, j'ai décidé de testé en vrais, avec une licence plus, pour le fun...

 

J'ai donc répliqué mon /mnt/raid6/data de mon nextcloud de production vers ce unraid de test...

 

Mon fils et moi avons joué le jeux et tenté de l'utiliser journalièrement en utilisant:

- W10pro et plusieurs navigateur

- les apps android et la synchro active

- les app ios

 

Résultat: 

 

Le serveur a planté tellement souvent que j'ai arrêté de compter. pour simplifier et lister:

- bad gateway de nginx sans raisons. Les restart du docker n'y faisait rien. Il fallait rebooter.

- impossibilité de me connecter avec les options f2a de nextcloud. Boucle sur users/password.... et puis sans raison, sa remarche... puis sans raison, sa marche plus.

- perte de connexion sauvage de la x520-da2. Tower kernel: ixgbe eth1: NIC Link is Down... au minimum 1 fois toutes les 10 minutes...

- plantage a répétition de nginx erreur 502 bad gateway...

- CRSF error a plein pots...

- Redis has gone away ... sympatique, mais il est partis ou ? et pour quelles raisons. la volatilité ou l'absence de logs me rends fou.

- Le docker maria db qui s'arrete ou freeze. 

- et plein d'autre mini-bug.

 

Bref, stop. Impossible pour moi de mettre ce système en production.

 

Sans compter que je ne comprends rien ( ou que je veux pas comprendre ) au fonctionnement des dockers... de leurs constructions, de leur paramétrages, de leur stockage, de leur configurations, de leur logs ...

 

Ha oui, aussi de syscrtl.conf sous /etc qui veut pas garder mes modifications entre les reboots ...

 

Je dois etre definitivement trop old-school...

 

c'était agréable du point de vue GUI, mais je vais retourner vers le bon vieux putty-like et les *.conf que je maitrise.

 

Peut être dans 2-3 ans, quand je devrais re-migrer mon système et que unraid aura évolué...

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[[Support] Linuxserver.io - Nextcloud]

Hello,

 

using this container, i am having trouble when logging via a browser.

 

Am i the only one ?

 

My trouble is a loop originating-ending on the password-user skipping all 2FA options i am using.

 

The only workaround is to reboot unraid. Start-stop-restart of docker are useless.

 

Using nextcloud , proxy_manager_nginx , redis.

And, of courses, no logs usefull...

 

 

[[Support] A75G Repo]

Hello,

 

Don't think not sure ... /etc/system.conf is persistant at unraid reboot.

 

Any modifications is revert back at original file.

 

This is why I modify the /boot...

 

 

[unraid.net plugin (beta)]

11 hours ago, ljm42 said:

 

The optional Remote Access feature is a convenient and secure way to access your webgui remotely.

 

WireGuard is arguably less convenient (takes more than a browser to use, doesn't work on some networks) but more secure (uses public/private keys rather than a password). WireGuard can also give access to more than just the webgui.

 

So it depends on what you need. But again, Remote Access is one of the optional features of this plugin and is in no way required.

Thank you

 

I might just stick to wireguard as I used it to access my lan too.

[[Support] A75G Repo]

Hello,

 

My log is complaining about:

vm.overcommit_memory = 1

 How to make it persistant ? can't remember ... !!

 

okay, i found out.

 

created a sysctll.conf files under /boot/config/

# redis
vm.overcommit_memory = 1

 then execute :

/sbin/sysctl -p /boot/config/sysctl.conf

 

 

should do the trick...

 

posted for other newbee like me...

[unraid.net plugin (beta)]

Hello,

 

the real question about this "feature" is, is it safer than a wireguard or openvpn tunnel ??

[Witch docker to choose ? is there some kind of supervision ?]

In french we say: au petit bonheur la chance...trusting to fate !

 

 

[Witch docker to choose ? is there some kind of supervision ?]

Hello,

 

I was about to install Redis for caching purpose.

Looked to the docker list, and found 3 différents docker. All doing the almost same purpose.

 

So, how to choose ( so far, i go the the support thread and choose the one with the lesser list of messages, avoiding the one with too many bugs ).

Is there some rules for the end-users like me ?

Is there any king of supervision from unRAID to CA Dockers/plug-in like an official/authorized listing ?

 

Here is the infos with the dockers:

 

Redis 1:

Redis for use with gitlab. Install this docker before installing the gitlab docker.

Does that mean it is specificaly done only for gitlab ?

 

Redis 2:

  
Redis is an open source (BSD licensed), in-memory data structure store,
used as a database, cache and message broker.
Based on official Redis Docker image.

Seem pretty straight forward... but 2 years old page support with only one page message.... Two possibilities: this is dead. Or this is the absolut perfect docker.

 

Redis 3:

Redis is an open source (BSD licensed), in-memory data structure store,
used as a database, cache and message broker.

This one seem the same, with less advertisement.  12 pages on support thread.

 

 

I did spent a few hours reading ALL support threads for those 3 dockers, and finaly made my mind.... 

 

But having a sort of guidance, rules, whatever, to help in those process would be interresting. 

[Ryzen 5 3400G - supported with Version 6.9.2 ?]

well,

 

no answer from anyone... how usual....

 

short answer to my original question: yes. 

 

 

 

next empty thread to next no answer...

[Intel Xeon + PCIe 4.0 & UnRAID?]

Would be interesting .. question is does Slackware kernel 5.x used to build unRAID support those top of the line hardware's.

 

Guess you will soon find out.

 

Good luck and fun.

 

 

[unraid.net plugin (beta)]

unraid.net killed my wireguard conf ... 

 

resolved by resolved ... 

[[Support] Linuxserver.io - Folding@home]

unRAID 6.9.2 opencl support with this folding docker ??

error in folding@home FAHcontrol ...

Is it the docker missing something, or unRAID missing amdgpu-opencl drivers ??

 

 

ClGetPlateformId -1001

 

[Licence upgrade]

On 2/4/2021 at 1:10 PM, Mik3 said:

 

1. When I buy the upgrade from plus to pro do I receive a new licence file by email?
2. What happens to the old one?
3. o I need to reinstall the key in my current unraid server or it automatically sees the upgrade?
4. f the usb drive fail and I need to migrate my licence to the new usb, will Unraid recognize it as PRO licence

1: Original Unraid Server OS Registration Key was sent by email. New one too.

 

2: Old one will transform to a pink 🦄

 

3: no tested yet. Believe you have to cut and past new key, unless it is directly updated on keys servers. Who knows ...

 

4: save your original usb key, this is a basic point with unRAID. Better, do it on a regular basis. After the OS is upgrade to pro, save it again. If your usb device fail one day as it surely will, with backup, you will migrate your saved licence and setup to a new usb device. You will have backup your OS to a new hardware. But, backup is only timely link to the last backup. All commit in between link to /flash will be lost, unless your a pink 🦄

 

[Hardware support unraid.]

1 hour ago, itimpi said:

It IS already supplied  It is located at /usr/src/linux-5.10.28-Unraid/.config for the current unRaid release.

 

Thank... So much to discover.

[Hardware support unraid.]

Hello 

 

Could it be possible for the dev team to provide the .config file the kernel was built with, this will give the community the exact hardware support list for any specific release 

[Comments on these specs]

Nope.

 

If it is unRAID related, just check hardware compat list for linux kernel 5.x ...

Otherwise use a "pc building website tool" to check imcompatibilities

[UPS suggestion to wok out of the box with NUT & Unraid]

Hello.

 

Most of Eaton line are Nut compatible, even if a specific package from Eaton is available for linux based system ...

 

Using an Ellipse Pro 1600FR, witch work out of the box on my 6.9.2 new unRAID.

 

 

[Ryzen 5 3400G - supported with Version 6.9.2 ?]

Hello all

 

after a few weeks, my brand new unRAID server based on 

Gigabyte Technology Co., Ltd. B450M DS3H-CF, Version x.x
American Megatrends International, LLC., Version F61b GF
BIOS dated: Fri 16 Apr 2021 12:00:00 AM CEST
AMD Ryzen 3 2200G with Radeon Vega Graphics @ 3500 MHz
PCI device 0x8086:0x10fb (ixgbe) Intel X520-DA2 10G

is showing is limits.

 

I have a second hand Ryzen 5 3400G compatible with my motherboard ( Ryzen 5 3400G (YD340GC5M4MFH) compatible with bios F60 and up )

 

Does any of you using this iCPU with unRAID Version 6.9.2 2021-04-07 ??

 

FYI, i have a beta-test bios for this motherboard F61b adding the possibility to shut off the internal NIC, as i am using an Intel Ixgbe X520-DA2.

 

Thank.

[UnRAID need better login security's, login&password are not enought.]

Dear community,

 

Some thoughts following CNN article about: "hackers repeatedly took advantage of several known flaws and one newly discovered vulnerability in Pulse Secure VPN, a widely used remote connectivity tool, to gain access to dozens of organizations in the defense industrial sector"

 

I am pretty sure others vpn like wireguard and openvpn may have the same flaws.

 

But there is another point of failure in our network. Our ISP routers. Bypassing vpn by direct access using them is possible.

Even sometime easy as they have built in login as admin/admin most of the time... 

 

Yesterday, using burp, hydra and kali I gained access to a test network through the wifi as a demonstration to one of my friend, trying to show him how to hardened his Isp routers. 

 

Once done, I hit his openmediavault Gui, trying log in. Using an eset network scanner, I highlight a login failure as admin/openmediavault was still used. The only thing stoping me by the lack of time was his F2A protection.

 

My point here, is unRAID might be in the same trouble, and don't have F2A login protection.

 

What are your tought on this subject ?

 

 

 

 

[Warning: Unraid Servers exposed to the Internet are being hacked]

Securing a tunnelwithe openvpn or wireguard is nice, but a unsecured door is still an unsecure door...

 

There is a spof in every home, your isp router. Usually, for economic reason, this box are low grade quality, sometimes without firewall or even set with an admin/admin like password never change by the users and can be ( not so easy but feasible ) access through wifi ( as for my neighbours , both of them, with 2 different isp )

 

When done, their network are simply open.

 

At that time, forget your nicely done tunnel.

 

Adding one more security layer like a F2A/fido validation for the sign-in is not so stupid.

 

 

 

 

[Problème ipv4 vs ipv6 avec unraid 6.9.1]

Merci... Le soucis, c'est que je penses que 99 a 100% d'entre eux n'ont pas de Freebox delta sur un réseaux free 🤣...

Et que j'ai bien plus de chance ici... Théoriquement...

[Hardening to expose to the internet]

On 2/11/2021 at 5:17 PM, Opawesome said:

 

Hi @loopback

 

Based on what I understand of your use case and knowledge in security I would also strongly advise against opening any of the 80/443/445 port (or corresponding HTTP, HTTPS and SMB services) to the internet (not that I am an expert myself either).

 

IMO, the simplest and safest way to remotely access your Unraid server is via VPN. In addition to @trurl's suggestion to use WireGuard, I would also recommend OpenVPN, which have been around (and audited) for a long time now, and therefore could be seen by some as potentially less likely to suffer from vulnerabilities compared to WireGuard.

 

If you really cannot use a VPN because of the need to have a VPN client or a VPN-client capable router, then @tudalex suggestion may be the way to go. You would then need to install some sort of web service to access your files (maybe a cloud file service like nextcloud ?).

 

Then, as an additional mitigation measure, you can avoid using default ports for the different services you have opened to the internet, and use high number ports instead (like 45299 instead of 443 for your Nginx proxy). I have personally found it to drastically reduce the number of BOT attacks on my network. Some will argue that this is "security through obscurity" and that therefore it is bad. And some would argue that in some use cases, a bit of obscurity is beneficial. 

 

Finally, you could install fail2ban and have it watch for failed attempts to connect to the services running on your server. When a potential attack is detected (i.e. multiple failed connection attempts in a set period of time), fail2ban will ban the IP and prevent it from connecting to your machine. 

 

Please feel free to report back with what you did.

 

Best,

OP

Dig this one...." Fail2ban with unRAID how to " is needed cause was not able to find any CA called fail2ban, or any how to install via console...specifically for unRAID and his docker.

[Unraid Feature Request Wishlist]

More security, fully manageable firewall, u2f fido, live like journalctrl in dashboard...