-
Win11 VM bootet nicht mehr von bootbaren ISO Files
Danke für die schnelle Antwort! Leider ist der Tab Boot Order bei mir ausgegraut (auch im ausgeschalteten Zustand): Edit: Ich habe es nun auf folgendem Weg gelöst: Mit "Entf" oder "F2" (man weiss es nie so genau ;)) beim booten der VM in ihr virtuelles BIOS und dort dann die Boot-Reihenfolge auf das virtuelle CD Laufwerk als First Boot geändert.
-
Win11 VM bootet nicht mehr von bootbaren ISO Files
Hallo zusammen, seit dem ich meine Win11 VM neu installiert habe, bootet die Unraid VM leider nicht mehr von bootbaren ISO-Files. Bisher: Dauerhaft eingeängtes Veeam.iso um vor dem Booten mit einem Tastendruck in Veeam Restore booten zu können, um ein VM Backup einspielen zu können jetzt: Egal welches Iso ich einhänge, es wird nicht mehr davon gebootet sondern immer direkt von der durchgereichten SSD Was hat sich verändert?: Win11 VM neu installiert die Iso dateien auf ein anderes Unraid-Share gelegt (Pfad natürlich angepasst) Habt ihr eine Idee woran das liegen könnte? Hier meine XML: <?xml version='1.0' encoding='UTF-8'?> <domain type='kvm' id='4'> <name>Windows 10 2024</name> <uuid>216e48a9-c46a-9b63-c70f-9d3dbe582cce</uuid> <metadata> <vmtemplate xmlns="unraid" name="Windows 10" icon="windows.png" os="windows10"/> </metadata> <memory unit='KiB'>17301504</memory> <currentMemory unit='KiB'>17301504</currentMemory> <memoryBacking> <nosharepages/> </memoryBacking> <vcpu placement='static'>6</vcpu> <cputune> <vcpupin vcpu='0' cpuset='4'/> <vcpupin vcpu='1' cpuset='5'/> <vcpupin vcpu='2' cpuset='2'/> <vcpupin vcpu='3' cpuset='6'/> <vcpupin vcpu='4' cpuset='3'/> <vcpupin vcpu='5' cpuset='7'/> </cputune> <resource> <partition>/machine</partition> </resource> <os> <type arch='x86_64' machine='pc-q35-7.1'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd</loader> <nvram>/etc/libvirt/qemu/nvram/216e48a9-c46a-9b63-c70f-9d3dbe582cce_VARS-pure-efi.fd</nvram> <boot dev='fd'/> </os> <features> <acpi/> <apic/> <hyperv mode='custom'> <relaxed state='on'/> <vapic state='on'/> <spinlocks state='on' retries='8191'/> <vendor_id state='on' value='none'/> </hyperv> <kvm> <hidden state='on'/> </kvm> <ioapic driver='kvm'/> </features> <cpu mode='host-passthrough' check='none' migratable='on'> <topology sockets='1' dies='1' cores='3' threads='2'/> <cache mode='passthrough'/> </cpu> <clock offset='localtime'> <timer name='hypervclock' present='yes'/> <timer name='hpet' present='no'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/local/sbin/qemu</emulator> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/user/isos/Win11_24H2_angepasst.iso' index='3'/> <backingStore/> <target dev='hda' bus='sata'/> <readonly/> <alias name='sata0-0-0'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/user/Backups/virtio-win-0.1.225-2.iso' index='2'/> <backingStore/> <target dev='hdb' bus='sata'/> <readonly/> <alias name='sata0-0-1'/> <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> <disk type='block' device='disk'> <driver name='qemu' type='raw' cache='writeback'/> <source dev='/dev/disk/by-id/ata-WDC_WD4002FYYZ-01B7CB0_K4GKPJXB' index='1'/> <backingStore/> <target dev='hdc' bus='sata'/> <alias name='sata0-0-2'/> <address type='drive' controller='0' bus='0' target='0' unit='2'/> </disk> <controller type='pci' index='0' model='pcie-root'> <alias name='pcie.0'/> </controller> <controller type='pci' index='1' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='1' port='0x8'/> <alias name='pci.1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/> </controller> <controller type='pci' index='2' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='2' port='0x9'/> <alias name='pci.2'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <controller type='pci' index='3' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='3' port='0xa'/> <alias name='pci.3'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> </controller> <controller type='pci' index='4' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='4' port='0xb'/> <alias name='pci.4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x3'/> </controller> <controller type='pci' index='5' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='5' port='0xc'/> <alias name='pci.5'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x4'/> </controller> <controller type='pci' index='6' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='6' port='0xd'/> <alias name='pci.6'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x5'/> </controller> <controller type='virtio-serial' index='0'> <alias name='virtio-serial0'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </controller> <controller type='sata' index='0'> <alias name='ide'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> </controller> <controller type='usb' index='0' model='qemu-xhci' ports='15'> <alias name='usb'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </controller> <interface type='bridge'> <mac address='52:54:00:5d:f4:53'/> <source bridge='br0'/> <target dev='vnet3'/> <model type='virtio-net'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </interface> <serial type='pty'> <source path='/dev/pts/0'/> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> <alias name='serial0'/> </serial> <console type='pty' tty='/dev/pts/0'> <source path='/dev/pts/0'/> <target type='serial' port='0'/> <alias name='serial0'/> </console> <channel type='unix'> <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-4-Windows 10 2024/org.qemu.guest_agent.0'/> <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/> <alias name='channel0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> <input type='mouse' bus='ps2'> <alias name='input0'/> </input> <input type='keyboard' bus='ps2'> <alias name='input1'/> </input> <audio id='1' type='none'/> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </source> <alias name='hostdev0'/> <rom file='/mnt/user/Backups/GeForce_GT_710_GK208_fixed.rom'/> <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x02' slot='0x00' function='0x1'/> </source> <alias name='hostdev1'/> <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x07' slot='0x00' function='0x0'/> </source> <alias name='hostdev2'/> <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x046a'/> <product id='0xc098'/> <address bus='1' device='8'/> </source> <alias name='hostdev3'/> <address type='usb' bus='0' port='1'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x046d'/> <product id='0xc093'/> <address bus='1' device='9'/> </source> <alias name='hostdev4'/> <address type='usb' bus='0' port='2'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x0d8c'/> <product id='0x000c'/> <address bus='1' device='2'/> </source> <alias name='hostdev5'/> <address type='usb' bus='0' port='3'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x1395'/> <product id='0x0033'/> <address bus='1' device='5'/> </source> <alias name='hostdev6'/> <address type='usb' bus='0' port='4'/> </hostdev> <memballoon model='none'/> </devices> <seclabel type='dynamic' model='dac' relabel='yes'> <label>+0:+100</label> <imagelabel>+0:+100</imagelabel> </seclabel> </domain>
-
Windows 11 VM doesn't boot to iso file anymore
Hi there, I've had a good running Windows 11 VM in UnRaid, in which I had loaded an Veeam.Iso file. The reason is, I'm doing daily incremental backups from my passthrough SSD to my passthrough HDD. So if anything goes wrong with my Windows 11 Installation, I can always go back to "yesterday" with just a few clicks on startup. ("press any key to load veeam" and if not, Win11 was loading) Since I've installed the VM completely new (which means only the passthrough SSD, the setup remained the same), I can't boot to the iso on startup anymore. Does anyone have a idea what is the problem? Here is my XML: <?xml version='1.0' encoding='UTF-8'?> <domain type='kvm' id='4'> <name>Windows 10 2024</name> <uuid>216e48a9-c46a-9b63-c70f-9d3dbe582cce</uuid> <metadata> <vmtemplate xmlns="unraid" name="Windows 10" icon="windows.png" os="windows10"/> </metadata> <memory unit='KiB'>17301504</memory> <currentMemory unit='KiB'>17301504</currentMemory> <memoryBacking> <nosharepages/> </memoryBacking> <vcpu placement='static'>6</vcpu> <cputune> <vcpupin vcpu='0' cpuset='4'/> <vcpupin vcpu='1' cpuset='5'/> <vcpupin vcpu='2' cpuset='2'/> <vcpupin vcpu='3' cpuset='6'/> <vcpupin vcpu='4' cpuset='3'/> <vcpupin vcpu='5' cpuset='7'/> </cputune> <resource> <partition>/machine</partition> </resource> <os> <type arch='x86_64' machine='pc-q35-7.1'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd</loader> <nvram>/etc/libvirt/qemu/nvram/216e48a9-c46a-9b63-c70f-9d3dbe582cce_VARS-pure-efi.fd</nvram> <boot dev='fd'/> </os> <features> <acpi/> <apic/> <hyperv mode='custom'> <relaxed state='on'/> <vapic state='on'/> <spinlocks state='on' retries='8191'/> <vendor_id state='on' value='none'/> </hyperv> <kvm> <hidden state='on'/> </kvm> <ioapic driver='kvm'/> </features> <cpu mode='host-passthrough' check='none' migratable='on'> <topology sockets='1' dies='1' cores='3' threads='2'/> <cache mode='passthrough'/> </cpu> <clock offset='localtime'> <timer name='hypervclock' present='yes'/> <timer name='hpet' present='no'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/local/sbin/qemu</emulator> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/user/isos/Win11_24H2_angepasst.iso' index='3'/> <backingStore/> <target dev='hda' bus='sata'/> <readonly/> <alias name='sata0-0-0'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/user/Backups/virtio-win-0.1.225-2.iso' index='2'/> <backingStore/> <target dev='hdb' bus='sata'/> <readonly/> <alias name='sata0-0-1'/> <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> <disk type='block' device='disk'> <driver name='qemu' type='raw' cache='writeback'/> <source dev='/dev/disk/by-id/ata-WDC_WD4002FYYZ-01B7CB0_K4GKPJXB' index='1'/> <backingStore/> <target dev='hdc' bus='sata'/> <alias name='sata0-0-2'/> <address type='drive' controller='0' bus='0' target='0' unit='2'/> </disk> <controller type='pci' index='0' model='pcie-root'> <alias name='pcie.0'/> </controller> <controller type='pci' index='1' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='1' port='0x8'/> <alias name='pci.1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/> </controller> <controller type='pci' index='2' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='2' port='0x9'/> <alias name='pci.2'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <controller type='pci' index='3' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='3' port='0xa'/> <alias name='pci.3'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> </controller> <controller type='pci' index='4' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='4' port='0xb'/> <alias name='pci.4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x3'/> </controller> <controller type='pci' index='5' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='5' port='0xc'/> <alias name='pci.5'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x4'/> </controller> <controller type='pci' index='6' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='6' port='0xd'/> <alias name='pci.6'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x5'/> </controller> <controller type='virtio-serial' index='0'> <alias name='virtio-serial0'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </controller> <controller type='sata' index='0'> <alias name='ide'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> </controller> <controller type='usb' index='0' model='qemu-xhci' ports='15'> <alias name='usb'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </controller> <interface type='bridge'> <mac address='52:54:00:5d:f4:53'/> <source bridge='br0'/> <target dev='vnet3'/> <model type='virtio-net'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </interface> <serial type='pty'> <source path='/dev/pts/0'/> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> <alias name='serial0'/> </serial> <console type='pty' tty='/dev/pts/0'> <source path='/dev/pts/0'/> <target type='serial' port='0'/> <alias name='serial0'/> </console> <channel type='unix'> <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-4-Windows 10 2024/org.qemu.guest_agent.0'/> <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/> <alias name='channel0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> <input type='mouse' bus='ps2'> <alias name='input0'/> </input> <input type='keyboard' bus='ps2'> <alias name='input1'/> </input> <audio id='1' type='none'/> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </source> <alias name='hostdev0'/> <rom file='/mnt/user/Backups/GeForce_GT_710_GK208_fixed.rom'/> <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x02' slot='0x00' function='0x1'/> </source> <alias name='hostdev1'/> <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x07' slot='0x00' function='0x0'/> </source> <alias name='hostdev2'/> <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x046a'/> <product id='0xc098'/> <address bus='1' device='8'/> </source> <alias name='hostdev3'/> <address type='usb' bus='0' port='1'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x046d'/> <product id='0xc093'/> <address bus='1' device='9'/> </source> <alias name='hostdev4'/> <address type='usb' bus='0' port='2'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x0d8c'/> <product id='0x000c'/> <address bus='1' device='2'/> </source> <alias name='hostdev5'/> <address type='usb' bus='0' port='3'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x1395'/> <product id='0x0033'/> <address bus='1' device='5'/> </source> <alias name='hostdev6'/> <address type='usb' bus='0' port='4'/> </hostdev> <memballoon model='none'/> </devices> <seclabel type='dynamic' model='dac' relabel='yes'> <label>+0:+100</label> <imagelabel>+0:+100</imagelabel> </seclabel> </domain>
-
*** [GUIDE] *** Setup Crowdsec with SWAG
Hi Mik3, thank you very much for your fast reply! The idea with temporarily disabling the nextclowd own bruteforce protection did the trick: BOOM...crowdsec blocked my IP I have never been so happy to see a "you got blocked" page haha I didn't find out how to turn-off the bruteforce protection on vaultwarden so far, but I guess, if I can see crowdsec reading the logfile in the commandline and since I configured it the same way as i did it with nextcloud, it will work, too. I use SWAG as reverse-proxy and nextcloud, vaultwarden and so on are sitting behind SWAG. I was hoping, that crowdsec can also watch for SQL-Injection tryouts and so on or if a nextcloud version gets vulnerable and there are public exploits, that crowdsec would download the pattern automatically and block these exploit-attempts. I thought that would be possible since I read that crowdsec can also block hafnium exploit attempts (Exchange Zero Day). The attacker in this case would try to add powershell commands to a URL-Variable to gain root access. Someone on the internet said that crowdsec can see these attacks and block the IP of the attacker. But I guess that is not possible on nextcloud parser and too much of a wish
-
Crowdsec installation sanity check
same question here
-
*** [GUIDE] *** Setup Crowdsec with SWAG
hi there, i have the same problem with "No matching files for pattern". I can manually block my IP and unblock it, so I guess crowdsec is working correct. But it seems like my nextcloud logs won't be read! Nextcloud-Parser seems to be active: But nextcloud logs aren't displayer here: And in cli it says: So I guess nextcloud logfile won't be read? this is my acquis.yaml: My questsions are: 1. how can I check nextcloud.log with crowdsec? 2. how can I verify for sure, that crowdsec is working on nextcloud? 3. how can I test a malicious string or something on my nextcloud to see if my IP-Adress is getting banned through crowdsec? Thanks for help ::: EDIT: OK, I've found it out myself You have to create a path variable on nextcloud docker and crowdsec docker: Then you have to tell nextcloud to change the logfile path: sudo -u abc touch /log/nextcloud.log chmod 777 /log/nextcloud.log Then Edit the config.php and insert the path: nano /mnt/user/appdata/nextcloud/www/nextcloud/config/config.php 'loglevel' => 1, 'logfile' => '/log/nextcloud.log', ::: Now I have another question How can we test if crowdsec is doing something at all? As far as I know, crowdsec can only prevent bruteforce for nextcloud (which is too bad, I was hoping, that crowdsec is a real intrusion prevention system and blocks more attack szenarios like "trying SQL Injections".... nethertheless I now have the problem, that I can't test crowdsec for bruteforce attacks since nextcloud anti-bruteforce tool is blocking my tests BEFORE crowdsec is blocking anything. Does anybody have an idea on how to test if crowdsec is doing its job? How can I trigger a pattern to verify?
-
Boot from Unraid USB stick failes every second reboot
after I switched to another usb-hub and had the same issue, i replaced my usb stick. Now I can say: my usb stick was dying On my new usb stick, I can reboot over 10 times in a row without a single issue. Thanks for your help!
-
Boot from Unraid USB stick failes every second reboot
Thanks for this hint! When I unplug every USB except the unraid USB, I can boot 5 times in a row without any issues. I then pluged the USB-Hub back in which has my USB mouse and USB Keyboard and then the boot-problems happened again. I will buy another USB-Hub and try again.
-
Boot from Unraid USB stick failes every second reboot
It is a USB2 Port for the boot drive. (Front USB) I have attached a USB-Hub to another Rear USB which is passed through to the Win10 VM. Do you have any further ideas?
-
Docker network security/isolation with iptables?
thanks for your reply, I will read further on how to use the second network adapter on my unraid for different dockers and throw the second network adapter in a vlan.
-
Boot from Unraid USB stick failes every second reboot
hi there, I have the problem (ever since), that my unraid usb stick is not recognized by my Server and it boots directly to windows. I updated bios to the latest version. After that, my server recognizes the usb stick every reboot, but every now and then it fails to boot properly. When I stick my usb stick to another USB Port, and reboot then it boots normal for a few times before it happens again. I have attached you pictures of the errors. Unraid stops booting. What I have done so far: 1. played around with legacy and UEFI boot 2. deactivated secure boot (for sure) 3. deactivated fast boot 4. bios update The model of my motherboard is TUF X299 MARK 1 I'm a UNRAID user and big fan since december 2022. My brand new usb stick which I bought on christmas had this problem ever since. Once the system has booted everything runs smooth for weeks! Do you have any suggestions to stop this? I would be very happy to solve this problem since my Nextcloud is not available after a powerloss and that's a big problem when I need it and I am not at home thanks!
-
Docker network security/isolation with iptables?
Thanks for your fast reply! So if there is an exploit on nextcloud itself which leads to a rootshell on the docker container "nextcloud", someone could install for example metasploit on that container and can try to attack my Win10 Client in my home network (since it is pingable and connectable). That's a thing I can't get out of my head and I really don't like Attacker attacks --> https://nextcloud.OWNSERVER --> runs an exploit to gain access to a root shell on nextcloud docker --> install "hacking tools" on nextcloud docker --> attacks my Win10 VM and hacks to RDP Port (which I assume is open in that scenario)
-
Docker network security/isolation with iptables?
Thanks for reply! I did some deeper research and read a little more about docker container. Are the following information correct? 1. Docker container on unraid are not executed with root rights per default 2. so if a Docker container gets hacked, nothing can be installed on the docker container and escaping to another container is not possible 3. using docker.socks directly in an container is indeed very dangerous and could lead to hacked unraid hosts and takeover So if you avoid doing Point 3, there is nothing bad about the containers being able to ping each other and the internal network. Right?
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Hi there, I switched to traefik and had the same problem. So that did the trick for me: nano /mnt/user/appdata/nextcloud/php/www2.conf insert these variables: pm = ondemand pm.max_children = 300 pm.start_servers = 8 pm.min_spare_servers = 8 pm.max_spare_servers = 16 pm.max_requests = 500
-
Docker network security/isolation with iptables?
hi there, I'm wondering how to secure Dockers with iptables, too. I have nextcloud running through swag like spaceinvador does in his tutorial. SWAG and nextcloud can reach my internal network and my Windows10 Client directly on any port which is a security issue in my opinion. Because if SWAG or Nextcloud docker gets hacked, then my whole system can get compromised. So I want to block internal traffic between the dockers and isolate the proxynet completely. Is that possible? I have posted screenshots of my setup and a established connection from the nextcloud docker to RDP Port of my Win10 Client which i wan't to block with iptables. I want to only allow the following communication and block all others: SWAG 172.18.0.5 to NextCloud 172.18.0.3 443 + 80 SWAG 172.18.0.5 to Documentserver 172.18.0.4 443 + 80 NextCloud 172.18.0.3 to SWAG 172.18.0.5 443 + 80 Documentserver 172.18.0.4 to SWAG 172.18.0.5 443 + 80 I already tried many different commands on iptables but nothing works. Does anybody have an idea and can help? Would be very grateful Thanks!
diederich89
Members
-
Joined
-
Last visited