Jump to content

Bulletoverload

Members
  • Posts

    29
  • Joined

  • Last visited

Posts posted by Bulletoverload

  1. 6 hours ago, ssmith369 said:

    That's a good idea. I currently backup to my Unraid server then use Syncthing to sync to a NAS. Is that easy enough to setup, syncing to Onedrive?

     

    Many thanks

     

    SS

    I use rclone. I have a post-run script that syncs the backup directories to onedrive after CA backup is done doing its thing. it works very well and gives me peace of mind.

  2. 5 hours ago, Kilrah said:

    ab is appdata backup, 030001 is the time, 3am 0min 1 sec

    Sorted by name they'll be in chronological order, 2nd block is the date...

    That's funny. I also just so happen to run my backups at 3am so when the above picture was posted and it looked identical my brain didn't process it was the time, I thought it was just extra numbers. Derp moment for me.

    Its definitely just a small preference thing. I would like the ability to make it whatever I wanted but its not a huge deal. The fact the plugin works as well as it does is really all that matters. I just really liked the old format. 07.04.2024@0300 or whatever it was. Felt easier for me to see right away.

  3. On 7/2/2024 at 5:24 AM, KluthR said:

    Why? Its perfetcly ordered (for me?). And the date string is also clearly visible. Even the datetime in file browser shows it:

     

    grafik.thumb.png.1bf126f676694c71542ab0dc9e510061.png

    I sync my backups to onedrive. The file explorer dates are when they were synced, not when the file was created. I can look at the file names but they aren't great to eyeball. Its a nit picky thing for sure but a preference nonetheless. Can I ask what the point of the "ab" and "030001" is? Maybe I'd change my mind if I understood better.

  4. I just received the error that my Disk 5 has read errors. The plugin says if the drive hasn't been disabled (which it hasn't), then these errors were most likely corrected by Unraid. SMART shows no issues at all; the drive appears to be in perfect health though obviously I am going to monitor it.

     

    When I run the plugin again, the error continues to pop up. Is there a way for me to reset this error or is there still something wrong? I don't want to select ignore the error it as if it reoccurs I want to be notified, but I can't tell why its still popping up now.

  5. On 7/13/2023 at 2:45 PM, KluthR said:

    Yep, if its set.

     

    What would another naming change?

    Failed backups are suffixed with „-failed“.

    I second the ability to rename backups. The old naming scheme was much better. I like the ability at quick glance to see that backups have run and are up to date. The current scheme is not user friendly for date and time at quick glance. I would enjoy the ability to set a custom scheme if possible.

  6. Hello,

     

    Regarding Kiwix-Serve

     

    Does anyone know of a way or process I could use to add a cron expression for redownloading an updated wiki dump?

     

    As it is right now by design, the docker redownloads the file every time it is restarted. I know I can disable this by removing the download link or download parameter but I would much rather somehow automate it to download, say, once a month. Any ideas?

  7. On 7/24/2022 at 3:36 PM, Kilrah said:

    I got rid of Appdata Backup and just do it myself in a daily scheduled user script. 

     

    echo "Flash backup..."
    cd /boot
    datestring=$(date '+%Y-%m-%d_%H-%M-%S')
    zip -qr "/mnt/user/backups/flash/flash-$datestring.zip" *
    find /mnt/user/backups/flash -mtime +7 -type f -delete # Keep 7 days

     

    image.png.bf640423edead81262b79e157fa7662b.png

    This is for USB backup? I might just steal it then.

  8. You saved my ass here. This loop was driving me absolutely crazy, I was about ready to nuke the whole system. Thanks so much and nice job figuring it out!

     

    So this pops up for more people who might be searching for the issue:

     

    Unraid server docker container was stuck in a loop rebuilding because its network was set such that it was dependent on another docker that no longer existed. Simply editing the Docker attempting to rebuilt itself and changing the network solved the problem!

    • Like 1
  9. On 7/17/2022 at 6:28 PM, Bulletoverload said:

    @ich777Hi. I am having trouble swapping from the deprecated OpenVPN dperson version to yours. I didn't change anything at all, appdata folders lined up but for some reason I am getting

     

    "2022-07-17 18:17:14 sitnl_send: rtnl: generic error (-101): Network is unreachable"

     

    while trying to connect to PIA. I downloaded new ovpn files and confirmed my credentials in auth.vpn were correct. I even wiped the appdata folder and image and completely fresh installed. No luck. Any idea what is going on here? It looks like it is talking to and logging into the vpn server I have selected but something is failing. Appreciate any insight. Thanks!

     

    Edit: I'd like to add that PIA includes (requires?) a .crt and a .pem file. Not sure what either of them do and/or if they are necessary for this setup, but I didn't see how to handle these extra files within the documentation. I have them both in /vpn/ but no change.

     

    I've since figured out they are just separate files that contain what is already in the .ovpn. I did not do anything special within the dperson package so it must not have been using those files, as far as I can tell. I attempted to call these files in both the .ovpn and a .config file based on the instructions in the documentation but I still couldn't get anything to happen. This is way more than I did with the dperson package so I am assuming it is unecssary and I am just missing something rudimentary.

     

    2022-07-17 18:07:16 Initialization Sequence Completed
    ---Checking for optional scripts---
    ---No optional script found, continuing---
    ---Taking ownership of data...---
    ---Starting...---
    Error: ipv4: FIB table does not exist.
    
    Dump terminated
    + exec sg vpn -c 'openvpn --cd /vpn --config /vpn/vpn.ovpn --script-security 2 --redirect-gateway def1 --auth-user-pass /vpn/vpn.auth '
    2022-07-17 18:17:14 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.
    
    2022-07-17 18:17:14 WARNING: file '/vpn/vpn.auth' is group or others accessible
    
    2022-07-17 18:17:14 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
    2022-07-17 18:17:14 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
    2022-07-17 18:17:14 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
    REDACTED
    -----END X509 CRL-----
    
    2022-07-17 18:17:14 TCP/UDP: Preserving recently used remote address: [AF_INET]140.228.24.198:1198
    2022-07-17 18:17:14 UDP link local: (not bound)
    2022-07-17 18:17:14 UDP link remote: [AF_INET]140.228.24.198:1198
    2022-07-17 18:17:14 [montreal430] Peer Connection Initiated with [AF_INET]140.228.24.198:1198
    2022-07-17 18:17:14 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
    
    2022-07-17 18:17:14 sitnl_send: rtnl: generic error (-101): Network is unreachable
    
    2022-07-17 18:17:14 TUN/TAP device tun0 opened
    2022-07-17 18:17:14 net_iface_mtu_set: mtu 1500 for tun0
    2022-07-17 18:17:14 net_iface_up: set tun0 up
    2022-07-17 18:17:14 net_addr_v4_add: 10.9.112.64/24 dev tun0
    2022-07-17 18:17:14 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
    
    2022-07-17 18:17:14 add_route_ipv6(2000::/3 -> :: metric -1) dev tun0
    2022-07-17 18:17:14 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    
    2022-07-17 18:17:14 Initialization Sequence Completed

     

     

    @ich777 Sorry to spam you. When you get a chance, do you have any idea what is going on here? Thanks!

  10. @ich777Hi. I am having trouble swapping from the deprecated OpenVPN dperson version to yours. I didn't change anything at all, appdata folders lined up but for some reason I am getting

     

    "2022-07-17 18:17:14 sitnl_send: rtnl: generic error (-101): Network is unreachable"

     

    while trying to connect to PIA. I downloaded new ovpn files and confirmed my credentials in auth.vpn were correct. I even wiped the appdata folder and image and completely fresh installed. No luck. Any idea what is going on here? It looks like it is talking to and logging into the vpn server I have selected but something is failing. Appreciate any insight. Thanks!

     

    Edit: I'd like to add that PIA includes (requires?) a .crt and a .pem file. Not sure what either of them do and/or if they are necessary for this setup, but I didn't see how to handle these extra files within the documentation. I have them both in /vpn/ but no change.

     

    I've since figured out they are just separate files that contain what is already in the .ovpn. I did not do anything special within the dperson package so it must not have been using those files, as far as I can tell. I attempted to call these files in both the .ovpn and a .config file based on the instructions in the documentation but I still couldn't get anything to happen. This is way more than I did with the dperson package so I am assuming it is unecssary and I am just missing something rudimentary.

     

    2022-07-17 18:07:16 Initialization Sequence Completed
    ---Checking for optional scripts---
    ---No optional script found, continuing---
    ---Taking ownership of data...---
    ---Starting...---
    Error: ipv4: FIB table does not exist.
    
    Dump terminated
    + exec sg vpn -c 'openvpn --cd /vpn --config /vpn/vpn.ovpn --script-security 2 --redirect-gateway def1 --auth-user-pass /vpn/vpn.auth '
    2022-07-17 18:17:14 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.
    
    2022-07-17 18:17:14 WARNING: file '/vpn/vpn.auth' is group or others accessible
    
    2022-07-17 18:17:14 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
    2022-07-17 18:17:14 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
    2022-07-17 18:17:14 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
    REDACTED
    -----END X509 CRL-----
    
    2022-07-17 18:17:14 TCP/UDP: Preserving recently used remote address: [AF_INET]140.228.24.198:1198
    2022-07-17 18:17:14 UDP link local: (not bound)
    2022-07-17 18:17:14 UDP link remote: [AF_INET]140.228.24.198:1198
    2022-07-17 18:17:14 [montreal430] Peer Connection Initiated with [AF_INET]140.228.24.198:1198
    2022-07-17 18:17:14 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
    
    2022-07-17 18:17:14 sitnl_send: rtnl: generic error (-101): Network is unreachable
    
    2022-07-17 18:17:14 TUN/TAP device tun0 opened
    2022-07-17 18:17:14 net_iface_mtu_set: mtu 1500 for tun0
    2022-07-17 18:17:14 net_iface_up: set tun0 up
    2022-07-17 18:17:14 net_addr_v4_add: 10.9.112.64/24 dev tun0
    2022-07-17 18:17:14 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
    
    2022-07-17 18:17:14 add_route_ipv6(2000::/3 -> :: metric -1) dev tun0
    2022-07-17 18:17:14 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    
    2022-07-17 18:17:14 Initialization Sequence Completed

     

  11. On 3/28/2022 at 1:49 PM, Squid said:

    The assumption the plugin makes is that everything is a bash script (because most people would store it on the flash drive), so it executes it as /bin/bash

     

    Create another script (.sh) that then calls it

     

    (Or if that is a typo (ph), then make sure you're using Linux style line endings and not dos - Config File Editor / Notepad++ will be able to convert for you

    Oh wow, that was stupid of me. Ya I just made it a bash script and it worked. Thanks!

  12. 12 hours ago, Kulisch said:

     

    root@NotUnraid:~ $ nmap 209.222.82.253 -p 25 -Pn
    Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-23 08:17 CEST
    Nmap scan report for mail.ess.barracuda.com (209.222.82.253)
    Host is up (0.12s latency).
    
    PORT   STATE SERVICE
    25/tcp open  smtp
    
    Nmap done: 1 IP address (1 host up) scanned in 5.90 seconds
    
    root@NotUnraid:~ $ nc 209.222.82.253 25
    220 mail.ess.barracuda.com ESMTP (mx-inbound20-134.us-east-2b.ess.aws)

     

    It is best to try the same commands (vm, live linux, raspi, etc) as I did above. If this does not work for several target mail servers, then a blockage would not be impossible. Maybe it is also blocked at the router. If not, ask your provider.

     

    If 25 SMTP works, or partially, check if you can send mail to other addresses like gmail, microsoft, protonmail etc.

     

    Otherwise check again if you are forwarding all ports correctly and you are using the right ports on the client (SSL/TLS). 

     

    If necessary check your domain at DNSBWL as mentioned in previous post.

    Ran what you suggested:

     

    PORT     STATE SERVICE
    25/tcp   open  smtp
    53/tcp   open  domain
    80/tcp   open  http
    143/tcp  open  imap
    443/tcp  open  https
    465/tcp  open  smtps
    587/tcp  open  submission
    993/tcp  open  imaps
    4567/tcp open  tram

     

    Everything is open. These are just checking for inbound ports, no? My concern is that I think my ISP is blocking outbound 25. Does mail-server only use 25 for outgoing mail or can I swap/select something else? Not talking about mail client -> server but server actually sending out the mail. So far, I have tried emailing like 5 different emails, all various hosters, and nothing can get through.

  13. On 5/21/2022 at 9:46 AM, Kulisch said:

     

    That is correct.

     

    The requests to the reverse proxy are HTTP/HTTPS (80/443) requests only. Since SMTP IMAP etc. does not belong to this category, no communication can take place. Therefore the error messages you mentioned shows that the SMTP requests are invalid.

     

    As described, the router must forward these ports directly to the mail server. As soon as this should be enabled, SSL should definitely be configured.

    Thanks a ton for your help here and your info above. I've been able to get everything working 95%, including SSL via NGINX. I can receive email, but cannot send. Below are some logs and my settings. Currently I am using ports 993 and 465, but all are port-forwarded currently for testing purposes. Are these the two I should be using? None are working for submission, so...appreciate any insights!

     

    Incoming:

    *username*

    *password*

    *server IP*:993

    SSL/TLS

    SPA Off

     

    Outgoing:

    *Server IP*:465

    SSL/TLS

    Outgoing SMTP requires Authentication: On and using same credentials as incoming

     

    LOGS

     

    --UPDATE--

     

    Unless you have any ideas, I think the problem is that Verizon blocks outbound:25 by default. I may be out of luck...

  14. 14 hours ago, Kulisch said:

    I'm not sure if I just understood this correctly, but if you are trying to use the NGINX reverse proxy to forward the communication to the email server then this is not possible.

     

    The port forwardings like SMTP 25 143 465 587 etc... should not be forwarded to the reverse proxy but must be forwarded to the mail server (192.168.1.3) directly. The mail server itself does not have a web interface via port 80 or 443. For this an additional container like Roundcube would have to be installed to have a WebUI. But this is another topic and should only be addressed when the mailserver itself is working.

     

    Make sure you have a static IP address and not a dynamic one. Because dynamic addresses are declared as spam and for mailing this is practically useless.

     

    First of all I would try the following to make sure the mailserver is configured correctly.

     

    The server is running without SSL for now, which is fine for local connections. If the mail server is in your local network (not on the internet) you can try to connect directly to it with a mail client (Thunderbird for example). First create two accounts ([email protected] & [email protected] for example). As SMTP Host and Outgoing Server you use your IP address 192.168.1.3.  Accordingly you use [email protected] and [email protected] as username and password which you have choosen. If the server allows connections (even if over non SSL for now) and you can send and receive mails to another account on the same server, that means the server itself is working.

     

    The connections from outside I would just check by making sure that the ports 25 143 etc. are forwarded to your mail server 192.168.1.3. There are certain websites that check if the connection to the mail server can be established, if and how secure the connection itself is. Or use a smartphone mail client outside your WIFI to check if a connection can be established.

     

    Also make sure that the duckdns MX records are set correctly. These are also important. If the connection works outside and you can send an address from bob (sender) to max (receiver), most things will work.

     

    But after that you should definitely configure SSL because unencrypted connections should definitely be avoided for production use cases.

     

    If your mails to GMail, iCloud, or other providers are declaring your mails as spam, I would check if your domain appears in the DNSBL. If so, you can make a request that this can be taken out.

     

    I hope that this big amount of information does not overwhelm you. I hope I could help you.

    Thanks a ton for such an informational response.

     

    Ya, I had a lapse in understanding. I was thinking I could use NGINX to direct all of my web traffic and never open ports on my router again, but NGINX is specifically only listening on ports 80 and 443, meaning there is no way the SMTP requests would have gone anywhere. Am I understanding that correctly?

  15. I am new to some of these things and may need some help, if you dont mind.

     

    I have the server running and I added my user/password. No issues there. I have SSL off for now until I can get the basic functionality working. Logs aren't really showing any issues.

     

    Through NGINX proxy manager and duckdns, I have two domains; mailin.duckdns.org and mailout.duckdns.org. Both are forwarding to the appropriate internal addresses, 192.168.1.3:143 and 192.168.1.3:25, respectively. I have NGINX working with many other projects so I don't think that is the issue.

     

    When I attempt to connect to the server via SMTP (No SSL) using those domains, I cannot get through. Any ideas?

     

    UPDATE:

    When I attempt to go to these domains through a web-browser, I get non-smtp command errors, which proves the domains/NGINX are configured correctly. I still just cannot login. I tried outlook and one other mail client but no luck.

     

    So far I've gotten

     

    "* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready. GET BAD Error in IMAP command received by server. Host: BAD Error in IMAP command received by server. * BYE Too many invalid IMAP commands."

     

    and

     

    "220-mail.REDACTED.org ESMTP 521 5.7.0 Error: I can break rules, too. Goodbye."

  16. 6 hours ago, ChatNoir said:

    As a side note, it is NOT recommended.

    Say one of your data drive is actually acting up. Writing the correction to parity will write the wrong information to your parity drive(s).

     

    It is better to assess the situation, then decide what to do. Trust parity or write the correction.

    I appreciate this. Will change this setting. Thanks! 

  17. 16 minutes ago, JonathanM said:

    Yes. The RAM isn't the limiting factor, it's the CPU / chipset. Most RAM is rated for way higher speeds than the CPU can stably drive.

    And you would expect that to be causing the parity errors? 

     

    My CPU and Motherboard officially support 3200mhz ram, which is what I'm running at, so I'm surprised there would be issues. 

  18. Just now, JonathanM said:

    Servers and overclock don't mix.

    Ya I was thinking that but its just XMP. Is it even technically overclocking if the RAM is rated for that speed? But ya, I mentioned that b/c somewhere in the back of my head I've heard complaints of RAM OC and unraid

  19. Hello,

     

    I have been dealing with parity errors that won't seem to go away, and now the number appears to be climbing (up to 157 now). I can't seem to get them to to go away. None of my drives seem to be showing any issues and everything is working correctly, but I hate seeing errors. Can someone suggest next steps or where my issues might be? I have attached diagnostics.

     

    Potentially helpful info;

    I run parity checks monthly and keep write correction on (not sure if his is good practice). Last few parity checks have thrown errors.

    My RAM is non-ECC and running at rated overclock of 3200MHZ (maybe I should try no/lower OC?).

    Server has been restarted and multiple parity checks with write correction, errors always remain (though not always the same number of errors)

    Current uptime of this diag. is almost 25 days so it should be enough info.

     

    Please let me know if there are any questions that would shed extra light. Appreciate any help!

    server-diagnostics-20220301-1627.zip

×
×
  • Create New...