ljm42
-
Posts
4,391 -
Joined
-
Last visited
-
Days Won
27
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by ljm42
-
-
So Docker has still been holding the /var/lib/docker mount open for some folks. If you have been affected, please test Unraid 6.12.7-rc2 which does a "lazy unmount" of /var/lib/docker. This means instead of trying to unmount and giving up if it can't, it will wait until it is not in use and then automatically unmount. This should eliminate the need to ever have to manually run `umount /var/lib/docker` again.
-
Everything in Unraid runs as root, including the Docker Daemon. The better containers then reduce their privs to user 99 and group 100.
Moving away from root is a much larger discussion with many consequences. Actually forcing all containers to run as a non-privileged user will reduce the functionality of Docker. For instance, you wouldn't be able to have a backup container that has access to all your files, or give an editor like Code Commit access to edit files on the flash drive. So this is not a change that should be made lightly.
This is the first ever Docker escape flaw, and we will have an rc release out soon that resolves it. Note that this flaw is only a problem if the Docker containers you choose to install are malicious. If you are concerned, you may choose to disable any risky containers you have installed, and avoid updating/installing containers until you have updated to the forthcoming rc release.
-
2
-
-
Thanks, I did not notice those diags get added. I'm not sure how we'll solve this yet.
-
9 hours ago, Surgikill said:
I ran 'umount /dev/loop2 twice, on the second time it reported that /dev/loop2: not mounted.
Glad you got past it. 6.12.6 has additional protections for this issue with the Docker image.
9 hours ago, Surgikill said:The array is still trying to unmount shares
This means something is holding the share open. Be sure to close any open web terminals or SSH shells, if they are open to a share that will prevent the array from stopping.
-
1 hour ago, 0x0x0x said:
I am having issues with stability since updating to 6.12.6. After roughly 20 minutes of uptime the entire server goes down and doesn't even respond to pings. Attached please find my diagnostics.
Please review the updated release notes:
https://docs.unraid.net/unraid-os/release-notes/6.12.6/
particularly these sections:
- Call traces and crashes related to macvlan
- Problems due to Realtek network cards
-
I highly recommend that you leave ipvlan enabled, or take the steps listed in the release notes to make macvlan safe.
-
I'd recommend reading the Known Issues area of the release notes:
https://docs.unraid.net/unraid-os/release-notes/6.12.6/Specifically, you'll want to switch from macvlan to ipvlan and consider installing drivers for your Realtek RTL8125B network card
-
Assuming DHCP is available on your network, probably the easiest is to delete these files from the flash drive and reboot into bare metal:
- config/network.cfg
- config/network-rules.cfg
-
Well that is interesting : )
12 hours ago, tormi said:will setting it up in the "intended" way with certificates and VPN make it harder for me to connect remotely?
No, in fact it will be easier because you won't have to tell the browser to ignore certificate errors. When used as intended, it will have a fully valid certificate.
See https://docs.unraid.net/connect/remote-access/
-
1
-
-
It looks like there might be some partial config files causing problems. On your flash drive, open the config/wireguard folder and delete any files/folders you find there, then refresh the page.
-
1
-
-
Hi, I need to let you know that you are not using Unraid Connect Remote Access as intended. All you are doing is exposing your webgui to the Internet, you are not using our full solution which includes a valid certificate for ip.your-personal-hash.myunraid.net.
This is not secure. I would highly recommend NOT using your own DDNS with an invalid certificate, see this blog post for security best practices:
https://unraid.net/blog/unraid-server-security-best-practices
Having said that, I am trying to figure out what has caused this to stop working between 6.12.4 and 6.12.6. Please do not respond with these private details publicly, either send me a DM in the forum or open support request:
https://unraid.net/contact
and ask to have it reassigned to ljm42. Either way, please include a link back to this thread so I can more easily follow the conversation.1) Please show me a screenshot of your router port forwarding config. It should show TCP port 44444 being forwarded to 192.168.0.99, port 443.
2) Please provide me with the full url (including the port) that you think should work to access your server remotely.
3) Go to Settings > Management Access and copy/paste all of the "Local Access URLs" that are listed there.
4) Open a web terminal and run:curl https://wanip.unraid.netThen copy/paste the results. This will tell me your server's WAN IP.
5) In your normal browser from your normal Mac/Windows/whatever computer, while on the same network as the server, with no VPN running, visit https://wanip.unraid.net/ and copy/paste the results
6) Note that on a normal network, the WAN IPs shown for #3 and #4 will be the same. If they are different, you will need to do some research to figure out how your network has multiple WAN IPs. -
6 minutes ago, tormi said:
Wow about the WAN IP - it is actually wrong. Checking on WHats My IPAdress both the Unraid reported IP and the real IP start with 79. so I missed that they are the same. How the heck does this happen?
Something on your network is routing outgoing traffic from the Unraid server through a different WAN IP than you are expecting. I'd guess you have it behind some sort of VPN service, but I don't know.
Whatever WANIP is used for outgoing communication from the server is the same WANIP that is used for the port forward check and when the Connect Dashboard checks for Remote Access availability.
-
What version did you upgrade from?
Is the WAN IP that you blacked out correct?
What happens when you press the Check button?
Please upload your diagnostics (from Tools -> Diagnostics)
-
On 12/22/2023 at 12:29 PM, hwextreme said:
and now I am unable to log in via a web browser. Incorrect username/password reported.
This behavior can happen when SSL is disabled, the browser gets fixated on the SSL URL and doesn't want to use the non-SSL URL. The fix is to clear your cache and restart your browser as mentioned in the warning shown when you disable SSL:
I would not expect the upgrade from 6.12.3 to 6.12.6 to have disabled SSL, but I'm glad you are back in. If you need help setting up SSL in the new version see https://docs.unraid.net/unraid-os/manual/security/secure-webgui-ssl/ -
On 12/17/2023 at 9:31 AM, smileybri said:
I doubt my diagnostics (attached) are much help without the required log suggested by Fix Common Problems but if someone could give me some direction I thank you in advance.
Looks like this test could use some improvements for your situation.
The good news is it doesn't look like you have anything to worry about:Dec 16 04:35:31 BKHunraid kernel: mce: [Hardware Error]: Machine check events logged Dec 16 04:35:31 BKHunraid kernel: [Hardware Error]: Corrected error, no action required. -
4 hours ago, Mantene said:
I just installed the latest update to the plugin -
2023.12.21
and now it just sits at the scanning modal forever. It just never goes away. I think it is broken.
Can you show a screenshot of what the scanning modal says when it gets stuck?
Please also upload your diagnostics (from Tools -> Diagnostics) -
A separate bug report is not needed, this is fine.
But looking at your diagnostics, you have not installed the Unraid Connect plugin. I guess you are forwarding a port and setting up your own DDNS? There are too many variables here, this is not recommended and not supported. Please review these security best practices:
https://docs.unraid.net/unraid-os/manual/security/good-practices/
For supported Remote Access, please install the Unraid Connect plugin:
https://docs.unraid.net/connect/help/
and setup Remote Access per:
https://docs.unraid.net/connect/remote-access/
dlandon said they could reproduce the problem with Unraid Connect so I will be investigating that
-
Those SQUASHFS errors mean the system isn't able to read the bz files on the flash drive. That flash drive is probably bad, but you could try moving it to a different port
-
Looking at the diags ending in 1149, I see some issues with disks that somebody else might be able to help with:
Dec 5 22:21:57 TrueSource kernel: ata6.00: exception Emask 0x0 SAct 0x80ff8001 SErr 0x0 action 0x0 Dec 5 22:21:57 TrueSource kernel: ata6.00: irq_stat 0x40000008 Dec 5 22:21:57 TrueSource kernel: ata6.00: failed command: READ FPDMA QUEUED Dec 5 22:21:57 TrueSource kernel: ata6.00: cmd 60/00:78:c8:4c:23/04:00:cf:01:00/40 tag 15 ncq dma 524288 in Dec 5 22:21:57 TrueSource kernel: res 41/40:00:40:4d:23/00:00:cf:01:00/00 Emask 0x409 (media error) <F> Dec 5 22:21:57 TrueSource kernel: ata6.00: status: { DRDY ERR } Dec 5 22:21:57 TrueSource kernel: ata6.00: error: { UNC } Dec 5 22:21:57 TrueSource kernel: ata6.00: configured for UDMA/133 Dec 5 22:21:57 TrueSource kernel: sd 6:0:0:0: [sds] tag#15 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=DRIVER_OK cmd_age=4s Dec 5 22:21:57 TrueSource kernel: sd 6:0:0:0: [sds] tag#15 Sense Key : 0x3 [current] Dec 5 22:21:57 TrueSource kernel: sd 6:0:0:0: [sds] tag#15 ASC=0x11 ASCQ=0x4 Dec 5 22:21:57 TrueSource kernel: sd 6:0:0:0: [sds] tag#15 CDB: opcode=0x88 88 00 00 00 00 01 cf 23 4c c8 00 00 04 00 00 00 Dec 5 22:21:57 TrueSource kernel: I/O error, dev sds, sector 7770164424 op 0x0:(READ) flags 0x0 phys_seg 128 prio class 2 Dec 5 22:21:57 TrueSource kernel: md: disk7 read error, sector=7770164360 Dec 5 22:21:57 TrueSource kernel: md: disk7 read error, sector=7770164368 Dec 5 22:21:57 TrueSource kernel: md: disk7 read error, sector=7770164376 Dec 5 22:21:57 TrueSource kernel: md: disk7 read error, sector=7770164384 Dec 5 22:21:57 TrueSource kernel: md: disk7 read error, sector=7770164392 ... Dec 6 02:48:39 TrueSource kernel: sd 13:0:1:0: [sdc] tag#1192 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=DRIVER_OK cmd_age=0s Dec 6 02:48:39 TrueSource kernel: sd 13:0:1:0: [sdc] tag#1192 Sense Key : 0x5 [current] Dec 6 02:48:39 TrueSource kernel: sd 13:0:1:0: [sdc] tag#1192 ASC=0x21 ASCQ=0x0 Dec 6 02:48:39 TrueSource kernel: sd 13:0:1:0: [sdc] tag#1192 CDB: opcode=0x42 42 00 00 00 00 00 00 00 18 00 Dec 6 02:48:39 TrueSource kernel: critical target error, dev sdc, sector 1950420992 op 0x3:(DISCARD) flags 0x800 phys_seg 1 prio class 2 Dec 6 02:48:39 TrueSource kernel: BTRFS warning (device sdt1): failed to trim 1 device(s), last error -121
Shortly after that there are a bunch of errors from php-fpm and nginx, which led to the error 500's you were seeing. I am not sure if a disk issue can cause these php/nginx errorsI do see this system has a Realtek RTL8168h/8111h network card, I'd suggest trying the alternate drivers for that nic:
https://forums.unraid.net/topic/141349-plugin-realtek-r8125-r8168-and-r81526-drivers/
-
This system has a RTL8125B nic, I'd suggest trying the alternate drivers for that nic:
https://forums.unraid.net/topic/141349-plugin-realtek-r8125-r8168-and-r81526-drivers/
-
1
-
-
Most likely the system is having issues with macvlan. Navigate to Settings > Docker, switch to advanced view, and change the "Docker custom network type" from macvlan to ipvlan. This is the default configuration that Unraid has shipped with since version 6.11.5 and should work for most systems.
For more details see https://docs.unraid.net/unraid-os/release-notes/6.12.4/#fix-for-macvlan-call-traces
-
Delete config/wireguard/wg1.* from the flash drive and then refresh the page
-
You are having issues with SSL and DNS.
After disabling SSL like JorgeB recommended you should be able to access the server via:
http://10.10.10.10
(note: http not https)
Then follow the instructions here:
https://docs.unraid.net/unraid-os/manual/security/secure-webgui-ssl/
to enable SSL with a custom certificate. Note that servername + localTLD has to be listed in the custom SSL cert. And the network has to provide a DNS entry that resolves to the server's IP.
-
1
-
-
This feels like something specific to your environment that may not be automatically solved by a new release. It is up to you, but if you'd like to keep going here's what I'd recommend...
Setup a new flash drive with 6.12.6 and boot into a default config. Navigate around the webgui and see how it responds. If this all works fine, then that points to a configuration issue with your server that we can work to isolate.
If it is still slow, I would start by focusing on your client. Try accessing the server from private/incognito mode, or a different browser or even a different computer. The webgui did change, so it is possible that browser extensions or security software on the client could be causing issues with the updated webgui.
Either way, be sure to grab diagnostics while in this state.
Docker Security Advisory for runc, BuildKit, and Moby (is this affecting the current release?)
in Security
Posted
Regarding the Docker security advisory, Unraid 6.12.7-rc2 is now available with Docker 24.0.9 and runc 1.1.12: