Dephcon

Note about the ombi-preview container: It currently doesn't work with SSL, so it wont work if you've restricted your plex server to use secure connections only.

AB works for me...

+1 Having the standard cache pool, plus additional users definable pools would be awesome. I'm running into horrible iowait issues when downloading/parchecking/extracting/moving lots of data on my SSD cache, it's causing all my containers to be slow. The possibility of having a cache pools plus a docker/vm pool or separate docker and vm pools would be great. I found a crappy old 120GB SSD and moved my docker.img and some of my appdata contents to it and my iowait has decreased substantially and even when the cache drive gets backed up, it doesn't affect my app performance. The only option currently is to scale up and buy a diamond encrusted NVME ssd and hope it can take the load. Scale out is the way to go!

So it turns out the firewall in unifi is awful, no bi-directional rules, no protocol specification in port groups. I've defaulted back to wide open between my container VLAN and the main LAN for now. I might dig into the ER config guide and see if it's easier to just configure the firewall via CLI and export to json. However I might be able to throw something together as an example of what needs to be done to facilitate permitting one app and then deny all, i already had it working for plex before i started piling more apps into the VLAN.

just make sure that routing between physical ports on your ER doesn't bypass hardware offload, that would be less than ideal.

Not sure about the ER line, but if you use the second LAN port on the USG Pro i think it disabled hardware offload or something so i don't think that would be ideal.

I do have a unifi switch and by default it trunks all vlans to all ports. I'll take some screenshots to illustrate where i'm at **edit** I basically nuked all the routes and started from scratch and now, at least the containers, seem to work. It's possible that my USG didn't get all the config changes as it sometimes starts to provision before finishing the changes. I forced a provision which may have helped also. Anyway, this is a super cool feature and i'm glad to have it working. Now I just need to work backwards to open up all the ports I need for my containers then slap a big DENY ALL at the end of the list to limit the docker vlan from accessing my main LAN. I ended up taking all those screenshots anyway so I might compile a unifi specific guide for users looking to do this and how to harden the stack as all vlans are wide open by default. Thanks!

I've having some issues with this... If I setup a VLAN (4) tagged interface as per the VM example with address assignment set to None: I can ping my vlan gateway just fine from my unraid cli. my ubuntu VM on br0.4 can not ping it's gateway When I try to follow the docker example: I can ping the vlan ip set on the unraid box, but not the gateway. docker containers on br0.4 are not reachable I'm also using a unfi router, setup the VLAN network to be "corporate" so inter vlan routing is enabled by default, just like in your example. Pretty sure everything is in order, the only difference from your examples is that my main unraid interface is a 2GB LACP bond.

Just noticed the bit about VLANs for containers/VMs, i dunno how i missed that in the RCs. Nice Sunday afternoon project! Good work!

the main page has been sitting there for hours since i installed the plugin, no dice lol

The temp plugin is only showing the temps in the bottom bar on the plugins page in 6.4rc6.

I hope we get 4.10 kernel soon, that threadripper is good too to ignore

I'm surprised you didn't wait for unraid to upgrade to the 4.10 kernel, all the Zen optimizations are in 4.10. I'm hoping the next beta includes it, might upgrade my FX8320 build.

Good luck! These types of migrations are always interesting.

sweet container, thanks!

something's up with mine too in the last couple days. when i run a test it says it's testing from an IP in finland, not my WAN IP in canada and i have to set the server manually due to the distance from Finland. Even with the server set, i'm seeing crap speeds vs speedtest.net to the same server. should be getting 250/20 Internet bandwidth test started Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Testing from Capgemini Finland Oy (145.247.13.142)... Hosted by Source Cable Ltd (Hamilton, ON) [6642.50 km]: 14.903 ms Testing download speed... Download: 47.67 Mbits/s Testing upload speed... Upload: 16.34 Mbits/s Share results: http://www.speedtest.net/result/6024954676.png *edit* seems to be an issue with the squidguard webproxy i added to my router. Disabling it completely seemed to fix the issue.

Ditto

Thanks for the update!

using a url redirect? not exactly sure how to accomplish it. **edit** Figured it out, took a couple tries to get the websocket errors to go away: server { listen 443 ssl; server_name unifi.domain.com; access_log /var/log/nginx/unifi.log; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; location / { proxy_pass https://10.81.0.13:8443/; proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; } }

I don't think you can use a path like "domain.com/unifi" as the address advertised to the devices from the controller, which means reverse proxy wont work.

Any chance of adding a script for let's encrypt to get an SSL cert for the controller? I saw this on reddit, might be helpful: I don't want to edit the docker container myself as it'll probably be overwritten whenever it upgrades. Just thought this would be pretty neat for those allowing access to the inet for multiple-site setups

KP'd again while I was away for the weekend. If it happens again i'm going to have to downgrade to rc2. Sent from my 6055Y using Tapatalk

Upgraded from rc2 before bed, and it kernel panicked this morning. First KP with unraid in 5 years. I didn't think to take a picture of the console output, but i will if it does it again.

I know this has been rejected already, but adding an ability to run the beta stream would be awesome. Ubnt is awfully slow adding new features that should have been included day 1 and the beta code is the only way to get them in a reasonable timeframe. I caved and bought 4 USGs and I'd really like to use the custom firewall options and not need to write a ridiculous json file. Sent from my 6055Y using Tapatalk

Done. Thanks! Love the container BTW, 5.0 has convinced me to invest in some USGs Sent from my 6055Y using Tapatalk