Everything posted by ddumont
-
Allow for the install of a custom root certificate authority (CA)
Oh that must be relatively new. That's nice they did that, it wasn't always the case.
-
Allow for the install of a custom root certificate authority (CA)
true. As I stated, I'm running dnsmasq to add my own dns resolution for "my" at.home domain. The certificate I created was a wildcard for it, so it will work for any server on "at.home". I don't think LE will let issue and let you renew wildcards... which is another reason I'm not using it. This is for my personal use, not for production. I don't want to manage n certs for my n servers.
-
Allow for the install of a custom root certificate authority (CA)
It was and is still working fine for me. I wish there was a supported way, but I haven't heard from the dev team about this in a looooooong time.
-
Allow for the install of a custom root certificate authority (CA)
That's not what this request is for. There are ways to either bake in a CA yourself into a customized container, or run update-ca-certificates in a linux container by either leveraging an init script (if the container supports that) or running your own command post container creation. It would be up to you to modify the container or automate the command to do all that. This request was for adding a CA to the unraid system itself so that the docker commands would accept certificates being offered by docker containers (for example, a docker registry). And this is really only necessary because I wanted my own CA. LE is great, but I don't want to worry about updating all of my certs every 3 months or whatever timeline they are moving to now.
-
Allow for the install of a custom root certificate authority (CA)
jeeze, I don't know why I didn't get any notifications of responses to this thread. is anyone still looking for help on this?
-
Are plugins able to add support for HW raid controllers to monitor temps and stats of individual disks in hw raid?
From what I read, it was statically linked. Perhaps I'm wrong.
-
Are plugins able to add support for HW raid controllers to monitor temps and stats of individual disks in hw raid?
There may be other ways to get at the low level info. This isn't my wheelhouse, so I don't know how involved this will be
-
Are plugins able to add support for HW raid controllers to monitor temps and stats of individual disks in hw raid?
From the research I did, the driver is already in the kennel for a while now for their utility to use. Most os' only need their binary to see the drives, smart stats, temps, array configs, etc. I already played with it in unRAID and it seemed to work well. To unRAID, it looks like with this controller the built arrays show up as single drives.
-
Are plugins able to add support for HW raid controllers to monitor temps and stats of individual disks in hw raid?
answering myself a little here... this seems like a good example plugin with source: https://github.com/theone11/serverlayout_plugin
-
Are plugins able to add support for HW raid controllers to monitor temps and stats of individual disks in hw raid?
I've been poking around for a bit, looking at those plugins in the CA interface... I don't see any links to github or something. The plugin forum has some stickies in it with links to plugin doc and conversations about a template... but I wasn't seeing a good place to just look and see what a plugin is. What is a plg file? is it a renamed tgz? Is there something like a https://gitpod.io workspace that can be used as a demo with common build process or something? I'm curious to play around.
-
Are plugins able to add support for HW raid controllers to monitor temps and stats of individual disks in hw raid?
It looks like they show up as drives. (but each entry is a 4x drive RAID 10 array) Their utility is a self contained binary and will list the devices and a ton of information about them including health. I was hoping to pipe some of that health data to any place unRaid currently monitors drive health. On that subject, can I get unraid to send emails on drive health events?
-
Are plugins able to add support for HW raid controllers to monitor temps and stats of individual disks in hw raid?
Sure. storage-diagnostics-20220608-2108.zip
-
Are plugins able to add support for HW raid controllers to monitor temps and stats of individual disks in hw raid?
Yes and I never implied that it was. I thought I was pretty clear. My question was if I plugins could support adding temp/smart/etc monitoring to the Array UI or not. I am not confusing RAID (which I am doing in hardware) with unRAID's normal array operation (which is not RAID and does not meet my needs for performance, and data security)
-
Are plugins able to add support for HW raid controllers to monitor temps and stats of individual disks in hw raid?
Yeah I started with plain drives /w 2x parity and the performance was so incredibly bad that I really had no choice.
-
Are plugins able to add support for HW raid controllers to monitor temps and stats of individual disks in hw raid?
I was wondering if I could try to go down this route and package their binary to read the stats and eventually hook it up to something in the array view.
-
Support for Adaptec 2277500-R (8805)
Just picked up one of these from ALLHDD.com for pretty cheap. Got some cheap cables and now I have a nice Raid 10 device to play with. I notice that the drivers for this seem to be in the os already. Also, their CLI tool runs and correctly reports things like logs, status, etc. https://storage.microsemi.com/en-us/downloads/storage_manager/sm/productid=asr-8805&dn=adaptec+raid+8805.php I'd like to be able to at least get SMART error reports, warnings, notifications through unraid. Is this something a plugin could do? Is this something that could go in the actual OS?
-
Allow for the install of a custom root certificate authority (CA)
I also run a docker container with a dns server, and i point my home router to it as #1 and google's secure dns as #2 This lets me easily define any hostname I want to whatever I want. storage.at.home docker.at.home transmission.at.home plex.at.home etc...
-
Allow for the install of a custom root certificate authority (CA)
So yeah... it looks like a lot of work, but it's not too bad. What does this get me, you may ask? Well, I have a docker container that runs nginx and actually proxies all of my web traffic on the box and containers (including unraid) with my certificate. I'll attach that here for info... the rules about web sockers are particularly important if you want working console shells on the unraid interface. Now, once you import the root cert into the unraid os as described above, you can have a docker.at.home registry container running to host your own custom images. I hope this helps some folks. nginx.template init.sh
-
Allow for the install of a custom root certificate authority (CA)
I've been asked by a few how to go about creating the ca and issuing the certs. There's a lot of information online for using openssl and doing this kind of stuff, here's a "short" rundown of what's going on: https://gist.github.com/Soarez/9688998 So... i guess decide what you want your domain to be. Originally I wanted a tld (*.home) but you can't have wildcard certs for a tld, and I didn't want to issue a cert for everything I wanted to host... so I settled for (*.at.home). I call my unraid server storage.at.home. Here are the steps I took to create the ca: # create the CA key (you should put a password on this) openssl genrsa -out home.at.ca.key 4096 # create the CA certificate openssl req -x509 -new -nodes -key home.at.ca.key -days 18262 -sha256 -out home.at.ca.crt # Now import the certificate into your computer's root trust store. On windows, double click the crt file and open it: then click "Install Certificate..." Then pick if you want to install it only for the current user, or for every user on the machine: Then choose to place the cert in the trusted roots: click next, then finish... now you're done importing. One thing to remember, the ca is a root certificate you control and if compromised, it means certificates could be generated for sites like google, facebook, etc... and your computer would trust them. Root CAs are the backbone of the secure internet... make sure to protect your key... with your life! Now we generate our wildcard certificate for our web servers and stuff: # create the certificate key openssl genrsa -out home.at.wildcard.key 4096 # create a file with the following contents called ssl.conf (between the dashes) --- authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE [ req ] default_bits = 4096 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName_default = US stateOrProvinceName_default = localityName_default = organizationName_default = at.home commonName_max = 64 commonName_default = wildcard.at.home [ req_ext ] keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = *.at.home --- # Now let's make a certificate signing request for our wildcard cert openssl req -new -key home.at.wildcard.key -out home.at.wildcard.csr -config ssl.conf # and now let's mint the cert with our CA openssl x509 -req -in home.at.wildcard.csr -CA home.at.ca.crt -CAkey home.at.ca.key -CAcreateserial -out home.at.wildcard.crt -days 18262 -sha256 -extfile ssl.conf -extensions req_ext Now you can use your wildcard cert for any webserver you want in your local deployment, and it will be valid on the computers you install your ca on.
-
Allow for ip:port port binding in docker container config
I've seen this elsewhere on the forums that this feature could help people. In my case, I'd really like to be able to specify which nic/ip to bind ports to. If you have multiple nics, or you just want to have several things on port 80 and use all the 127.0.0.0/8 space. Right now, it seems it binds to 0.0.0.0 (all addresses) and I'd really like to be able to choose.
-
Allow for the install of a custom root certificate authority (CA)
The problem I was having was installing a custom CA in the system. During my troubles I also found out that the update-ca-certificates command when run with --fresh will wipe the current cert bundle in order to rebuild it fresh. But perl is not installed and perl is a dependency of openssl for this and possibly other reasons. You can read about it here: Here's how I fixed it: /boot/config/fix-ca-certificates #/bin/bash set -x; # curl https://slackware.uk/slackware/slackware64-14.2/slackware64/d/perl-5.22.2-x86_64-1.txz -o perl-5.22.2-x86_64-1.txz upgradepkg --install-new /boot/config/perl-5.22.2-x86_64-1.txz mkdir -p /usr/local/share/ca-certificates cp /boot/config/home.at.ca.crt /usr/local/share/ca-certificates/ update-ca-certificates --verbose --fresh This is called in the go script to fix the perl dep and re-install my ca on system boot. I would like this to be easier... and not as brittle as it could potentially be.
-
how do I install a custom CA certificate
Ok will do.
-
add ssh user
For those not wanting to use a plugin, you can add the user via the root user. Give it a home dir and shell, and then update the saved /boot/config/passwd with the one in /etc/passwd It seems that when booting, unriad turns off all shells for non root accounts, so you need to add a line in the init script to enable them again... /boot/config/go No idea how updates/upgrades will work with this... probably will blow it away.
-
NGINX Proxy and Cloudflare
post your nginx config?
-
question: Seperate Networking for unraid GUI and Shares (and also dockers)
It would be possible with a reverse proxy (like nginx) in a docker image that bound a web port to your specific nic. I have a post here asking them to expose ip:port syntax for portmapping, which they do not right now. I am surprised, though, that the unraid webserver doesn't bind to all adapters (0.0.0.0) seeing as I'm having this kind of problem with docker... You might be able to find where they keep the docker container config files that persist through reboots and edit them manually... I haven't been looking yet, I had larger issues with CA management. Or better yet, find the http config for unriad and bind only to the nic you want.