spants

The problem with the 404 method is that if you use a custom network (say PROXYNET for dockers that can be reached from outside), then you cannot (well, I couldn't!) reach the /admin endpoint from inside either. I have made some changes regarding the 403/401 error codes and now use this.... (based on an old bitwarden template) #BITWARDEN # make sure that your domain has dns has a cname or a record set for the subdomain bitwarden # This config file will work as is when using a custom docker network the same as letesencrypt (proxynet). # However the container name is expected to be "bitwardenrs" as it is by default the template as this name is used to resolve. # If you are not using the custom docker network for this container then change the line "server bitwardenrs:80;" to "server [YOUR_SERVER_IP]:8086;" Also remove line 7 resolver 127.0.0.11 valid=30s; upstream bitwarden { server bitwardenrs:80; } server { # return error code 404 if 401 or 403 would be returned to hide admin endpoint # no need to create the 404.html file unless you want to customise error_page 401 403 404 /404.html; listen 443 ssl; server_name bitwarden.*; include /config/nginx/ssl.conf; client_max_body_size 128M; location /admin { # allow LAN access (match your IP range) allow 192.168.1.0/24; # allow VPN access (match your IP range) allow 10.0.10.0/24; # BLOCK all other access deny all; proxy_pass http://bitwarden; } location / { proxy_pass http://bitwarden; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /notifications/hub { proxy_pass http://bitwarden; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /notifications/hub/negotiate { proxy_pass http://bitwarden; } }

For folks that want to protect the /admin page from being accessed from outside of the internal network when using SWAG, I think this is a better way..... Note 192.168.1.0 is the LAN network and 10.0.10.0 is a VPN network attaching remotely location /admin { allow 192.168.1.0/24; allow 10.0.10.0/24; deny all; # enable the next two lines for http auth # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; proxy_pass http://bitwarden; }

I have two network cards to avoid any problems and my main pihole is the docker. I have a secondary pihole as a physical machine with opnsense providing both DNS ips for DHCP Sent from my SM-N976B using Tapatalk

If you use RETAINED topics, it can write them to a temporary db in case of restarting. Most people dont need this. There seems to be a permissions issue with some dockers, I should take a look at this as I made it some time ago (it just works for me!). I saw on another thread that someone had similar issues on another docker and was advised to run a script (attached). It will reset the directory permissions on the appdata directory. Run it at your own risk (I just tried it) fixAppdataPerms.sh

if you dont need persistance, please edit the mosquitto.conf: persistence false persistence_file mosquitto.db persistence_location /config/data/ and restart MQTT...

Does your MQTT directory look like this?: You can also try setting open permissions on that directory: cd /mnt/user/appdata chmod -R 777 MQTT

@Lebowski that is strange. That error looks to be caused by having persistence=true in the config file and not being able to write the mosquitto.db file. Can you share the config file (delete any private bits) ?

@Lebowski sorry for the delay in the reply. please try this fix: Change the permissions of the appdata directory for your MQTT data: for example: chown -R nobody:users /mnt/user/appdata/MQTT and you should be ok.

can you do an ls -al on that directory please?

for serial devices (such as my two 3d printers using octoprint), I just use the /dev/serial/by-id/@xxxxxxxxxx paths for them.

I use the /dev/serial/by-id/@xxxxxxxxxx paths for my devices

You may have to keep changing it as the template is not refreshed on the update. Check your /boot/config directory structure for the cached templates and also edit it there Sent from my SM-N976B using Tapatalk

I have pushed this - note that you will not see the change if you already downloaded NR as the template is cached on your boot drive. Thanks for the link - I didnt see it when I first made the template in 2016! You can change it on your own system btw

actually I was wrong again - NodeRed was changed but not pihole... SORRY - will fix it now

I've not changed it yet....... :-) WRONG!! I did change it some time ago to /mnt/user/appdata/nodered/ .It must be cached on your boot/config volume.....

You are free to set the appdata to where you like. This was a setting that I used when the template was originally written. The problem is that changes to templates are not written back to existing installations.

nbrowser seems to have not been updated for a long while. There is another node (scrape-it) that may help?. I used to use the HTTP nodes when I wrote an integration to HiveHome - but I swapped that over to HomeAssistant.

tried this one: https://flows.nodered.org/node/node-red-contrib-pocket-api ?

The NodeRed team did not allow SUDO or APT-GET in their docker images so unfortunately you will need to build a different docker file if you need to do this. (INCORRECT) I just built the template for the official docker image (and abandoned my custom one some time ago). What are you trying to do with nbrowser? EDIT: add "--user=0" without the quotes to Extra Parameters, this will allow you to use the APK command to install any dependancies

Use the /dev/serial/by-id/ directory so that your tty address does not change. You will need to add the additional serial posrts in octoprint as per my earlier post

try changing your octoprint settings: Mine are

ok, thats a shame. If you did not have any extra rules setup then it is easy to reinstall. I couldn't operate without it now!.

Unrelated to any problems for the official pihole docker (my template has no tweaks, its just vanilla), @testdasi has produced a nice version with DOT/DOH baked in. It is worth a try for more security & piece of mind.

@Unraiding Both of my Piholes are running ok (sorry, but I know that doesn't help you!). There seems to be a number of people using pihole that have had similar messages in the past with pihole. Most just reinstall. I guess the easiest way is to use the SETTINGS/teleporter function to save your settings, stop pihole, delete files in the data directory, reinstall and load settings back in using teleporter. The docker is the official one from Pihole with no changes - so you can also post on their github page. (there does seem to be similar messages there https://github.com/pi-hole/docker-pi-hole)

A couple of people were looking at the app so I thought that it would be worthwhile helping with a template. I have just used it to scan 10,000 photos and it will index them by date etc. Looks ok to browse through your collection but doesnt seem to have photo recognition.