roland

Hi @binhex my VPN provider released an updated certificate and I just tried to update it here. The openvpn protocol is TCP-CLIENT But when I define this in the VPN_PROTOCOL variable the iptables command does not like it. iptables v1.6.1: unknown protocol "tcp-client" specified When I change it to TCP the openvpn command complains: [debug] OpenVPN command line '/usr/bin/openvpn --cd /config/openvpn --config /config/openvpn/swissvpn.ovpn --daemon --dev tun0 --remote connect.swissvpn.net 1194 --proto tcp --reneg-sec 0 --mute-replay-warnings --auth-nocache --keepalive 10 60 --setenv VPN_PROV custom --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --auth-user-pass credentials.conf --log-append /config/supervisord.log' Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.4 I have now hardcoded the tcp-client value in your openvpn.sh script and defined VPN_PROTOCOL = tcp and that works. The same variable needs to have two different values at different points in the scripts. # define common command lne parameters for openvpn openvpn_cli="/usr/bin/openvpn --cd /config/openvpn --config ${VPN_CONFIG} --daemon --dev ${VPN_DEVICE_TYPE}0 --remote ${VPN_REMOTE} ${VPN_PORT} --proto tcp-client --reneg-sec 0 --mute-replay-warnings --auth-nocache --keepalive 10 60 --setenv VPN_PROV ${VPN_PROV} --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart" But obviously that is not a permanent solution. Any chance you could look into this sometime? EDIT: if it helps, the provider is SWISSVPN.net

Check the FAQ for his VPN dockers

OK, so the provider came back with a new certificate and ovpn file. This is the file: remote zrh-vpn39.monzoon.net 1194 tcp-client persist-key auth-user-pass tls-client pull ca ca.crt redirect-gateway def1 nobind persist-tun dev tun route 80.254.79.10 255.255.255.255 remote-cert-tls server cipher AES-128-CBC auth SHA1 when I define the protocol as tcp I get these errors: [info] Starting OpenVPN... Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client Use --help for more information. 2017-05-24 21:50:56,012 DEBG 'start-script' stdout output: [info] OpenVPN started 2017-05-24 21:50:56,012 DEBG 'start-script' stdout output: [debug] Waiting for valid IP address from tunnel... and it never moves on from there. So I changed the protocol to tcp-client and I get these errors 2017-05-24 21:59:07,725 DEBG 'start-script' stderr output: iptables v1.6.1: unknown protocol "tcp-client" specified Try `iptables -h' or 'iptables --help' for more information. 2017-05-24 21:59:07,747 DEBG 'start-script' stdout output: [info] iptables defined as follows... -------------------- 2017-05-24 21:59:07,749 DEBG 'start-script' stdout output: -P INPUT DROP -P FORWARD ACCEPT -P OUTPUT DROP -A INPUT -i tun0 -j ACCEPT -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT -A INPUT -s 192.168.2.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT -A INPUT -s 192.168.2.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT -A INPUT -p udp -m udp --sport 53 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A OUTPUT -o tun0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT -A OUTPUT -d 192.168.2.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 192.168.2.0/24 -o eth0 -p tcp -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT Any idea? Thanks

totally agree with you. I have just sent a request to them, depending on the answer I will decide what to do next. Thanks for your help

I did, but it turns out for this docker the variable needs to be set to true not yes. Anyway, I get debug now and I have the same error as @danith above. I can follow his workaround and revert back to an old version but that seems a bad idea especially for this kind of docker. Wed May 17 21:33:07 2017 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=CH, ST=ZH, O=Monzoon Networks AG, OU=OpenVPN server, CN=server, [email protected] Wed May 17 21:33:07 2017 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Wed May 17 21:33:07 2017 TLS_ERROR: BIO read tls_read_plaintext error Wed May 17 21:33:07 2017 TLS Error: TLS object -> incoming plaintext read error Wed May 17 21:33:07 2017 TLS Error: TLS handshake failed Wed May 17 21:33:07 2017 Fatal TLS error (check_tls_errors_co), restarting Wed May 17 21:33:07 2017 SIGUSR1[soft,tls-error] received, process restarting Wed May 17 21:38:07 2017 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. Wed May 17 21:38:07 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Wed May 17 21:38:07 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]80.254.79.101:443 Wed May 17 21:38:07 2017 Attempting to establish TCP connection with [AF_INET]80.254.79.101:443 [nonblock] Wed May 17 21:38:08 2017 TCP connection established with [AF_INET]80.254.79.101:443 Wed May 17 21:38:08 2017 TCP_CLIENT link local: (not bound) Wed May 17 21:38:08 2017 TCP_CLIENT link remote: [AF_INET]80.254.79.101:443 I downloaded a new ovpn and ca.crt file from the provider but it did not change anything. Any other ideas? I will contact the VPN provider as well to get some update from them. Thanks!

Hi binhex, I have been using this docker for a long time now and it is just fantastic. But recently it stopped working for me. I can't connect to the website anymore. Previously I was able to debug the logfile, but this time I can't find where to start. root@Tower:/mnt/cache/appdata/deluge# cat supervisord.log Created by... ___. .__ .__ \_ |__ |__| ____ | |__ ____ ___ ___ | __ \| |/ \| | \_/ __ \\ \/ / | \_\ \ | | \ Y \ ___/ > < |___ /__|___| /___| /\___ >__/\_ \ \/ \/ \/ \/ \/ https://hub.docker.com/u/binhex/ 2017-05-16 22:35:35.099496 [info] Host is running unRAID 2017-05-16 22:35:35.123464 [info] System information Linux b1566d3dff6f 4.9.19-unRAID #1 SMP PREEMPT Thu Mar 30 08:32:28 PDT 2017 x86_64 GNU/Linux 2017-05-16 22:35:35.148573 [warn] PUID not defined (via -e PUID), defaulting to '99' 2017-05-16 22:35:35.177215 [warn] PGID not defined (via -e PGID), defaulting to '100' 2017-05-16 22:35:35.215138 [warn] UMASK not defined (via -e UMASK), defaulting to '000' 2017-05-16 22:35:35.240178 [info] Permissions already set for volume mappings 2017-05-16 22:35:35.272918 [info] VPN_ENABLED defined as 'yes' 2017-05-16 22:35:35.296944 [info] VPN_PROV defined as 'custom' 2017-05-16 22:35:35.324490 [info] VPN_REMOTE defined as 'connect-openvpn.swissvpn.net' 2017-05-16 22:35:35.351916 [info] VPN_PORT defined as '443' 2017-05-16 22:35:35.376071 [info] VPN_PROTOCOL defined as 'tcp' 2017-05-16 22:35:35.400712 [info] LAN_NETWORK defined as '192.168.2.0/24' 2017-05-16 22:35:35.424650 [warn] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to Google and FreeDNS name servers 2017-05-16 22:35:35.448234 [info] VPN_USER defined as 'XXXXXXX' 2017-05-16 22:35:35.472268 [info] VPN_PASS defined as 'XXXXXXX' 2017-05-16 22:35:35.495133 [warn] VPN_DEVICE_TYPE not defined (via -e VPN_DEVICE_TYPE), defaulting to 'tun' 2017-05-16 22:35:35.516841 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS) 2017-05-16 22:35:35.538718 [info] ENABLE_PRIVOXY defined as 'yes' 2017-05-16 22:35:35.558664 [info] Setting permissions on files/folders inside container... 2017-05-16 22:35:35,788 CRIT Set uid to user 0 2017-05-16 22:35:35,788 INFO Included extra file "/etc/supervisor/conf.d/delugevpn.conf" during parsing 2017-05-16 22:35:35,790 INFO supervisord started with pid 7 2017-05-16 22:35:36,792 INFO spawned: 'start-script' with pid 107 2017-05-16 22:35:36,793 INFO spawned: 'deluge-script' with pid 108 2017-05-16 22:35:36,794 INFO spawned: 'deluge-web-script' with pid 109 2017-05-16 22:35:36,796 INFO spawned: 'privoxy-script' with pid 110 2017-05-16 22:35:36,801 DEBG 'start-script' stdout output: [info] VPN is enabled, beginning configuration of VPN 2017-05-16 22:35:36,801 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) 2017-05-16 22:35:36,801 INFO success: deluge-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) 2017-05-16 22:35:36,801 INFO success: deluge-web-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) 2017-05-16 22:35:36,801 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) 2017-05-16 22:35:36,807 DEBG 'deluge-script' stdout output: [info] Deluge config file already exists, skipping copy 2017-05-16 22:35:36,808 DEBG 'deluge-script' stdout output: [info] VPN is enabled, checking VPN tunnel local ip is valid 2017-05-16 22:35:36,814 DEBG 'start-script' stdout output: [info] VPN config file (ovpn extension) is located at /config/openvpn/swissvpn.ovpn 2017-05-16 22:35:36,815 DEBG 'start-script' stderr output: dos2unix: 2017-05-16 22:35:36,815 DEBG 'start-script' stderr output: converting file /config/openvpn/swissvpn.ovpn to Unix format... 2017-05-16 22:35:36,838 DEBG 'start-script' stdout output: [info] Default route for container is 172.17.0.1 2017-05-16 22:35:36,841 DEBG 'start-script' stdout output: [info] Adding 8.8.8.8 to /etc/resolv.conf 2017-05-16 22:35:36,843 DEBG 'start-script' stdout output: [info] Adding 37.235.1.174 to /etc/resolv.conf 2017-05-16 22:35:36,845 DEBG 'start-script' stdout output: [info] Adding 8.8.4.4 to /etc/resolv.conf 2017-05-16 22:35:36,848 DEBG 'start-script' stdout output: [info] Adding 37.235.1.177 to /etc/resolv.conf 2017-05-16 22:35:36,852 DEBG 'start-script' stdout output: [info] Adding 192.168.2.0/24 as route via docker eth0 2017-05-16 22:35:36,853 DEBG 'start-script' stdout output: [info] ip route defined as follows... -------------------- 2017-05-16 22:35:36,853 DEBG 'start-script' stdout output: default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.4 192.168.2.0/24 via 172.17.0.1 dev eth0 2017-05-16 22:35:36,853 DEBG 'start-script' stdout output: -------------------- 2017-05-16 22:35:36,859 DEBG 'start-script' stdout output: [info] iptable_mangle support detected, adding fwmark for tables 2017-05-16 22:35:36,876 DEBG 'start-script' stdout output: [info] Docker network defined as 172.17.0.0/16 2017-05-16 22:35:36,919 DEBG 'start-script' stdout output: [info] iptables defined as follows... -------------------- 2017-05-16 22:35:36,922 DEBG 'start-script' stdout output: -P INPUT DROP -P FORWARD ACCEPT -P OUTPUT DROP -A INPUT -i tun0 -j ACCEPT -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 443 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT -A INPUT -s 192.168.2.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT -A INPUT -s 192.168.2.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT -A INPUT -p udp -m udp --sport 53 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A OUTPUT -o tun0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 443 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT -A OUTPUT -d 192.168.2.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 192.168.2.0/24 -o eth0 -p tcp -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT 2017-05-16 22:35:36,924 DEBG 'start-script' stdout output: -------------------- [info] Starting OpenVPN... 2017-05-16 22:35:36,937 DEBG 'start-script' stdout output: [info] OpenVPN started I am not aware of any changes that I have done recently. Any help would be greatly appreciated.

Is that still the case for you? I have just checked mine and they are both on 29% and 31% respectively.

the newest version now has the chmod built in. Just update and it works again!! thanks to titpetric (https://github.com/titpetric)

OK, there is a workaround. go into the docker docker exec -it Netdata bash and run chown -R root:root /usr/share/netdata/web/ This is due to a change the docker dev made in the last build, deciding to run netdata as root in the docker. I am sure he will work it out somehow and resolve it soon. see: https://github.com/firehol/netdata/issues/1051 that refers to : https://github.com/titpetric/netdata/issues/18

Yes, I got the same problem myself. It does not seem to be a 6.2 issue as I had it running on 6.2 before the recent update. I will raise this with the docker and netdata developers. Sorry, I am out of my dept here. Do you guys have any useful logs?

Did you have any success passing the stick thru to the docker? I have just started with Home Assistant and next would be to get some z-wave stuff. It would be great to have it all running from unRAID. On the other hand, this could be the "excuse" to buy a RPI :-)

There is a unBALANCE plugin that might do what you are looking for.

What tdallen is trying to say is that these dockers are generally the server components of the solution. Take plex for example, the Plex docker gives you a plex server. To actually watch anything you need a plex client. I am not aware of a plex client docker. To use unRaid as a Plex client as well as server you would install a VM of your choice that can run the client. But for that your hardware needs to support visualisation. I hope this helps.

Yes, I "copied" them manually from the Let's Encrypt thread (I think I used this example: http://lime-technology.com/forum/index.php?topic=43696.msg437353#msg437353) There are a few more examples in that thread and there is also an interesting approach to have a docker that generates the reverse proxy automatically. Start reading from here: http://lime-technology.com/forum/index.php?topic=43696.msg476068#msg476068 But you need to be able to define more subdomains. Good luck!

I don't claim to be a senior enough member to be an Administrator, but I am happy to become a SPAM-Cleaner if you want to make a distinction like this. This forum has given me a lot of help and I enjoy "hanging" around here. Might as well give something little back.

Happy to help out from Australia (GMT+10) I might not be so well versed in all matters of the forum, but I can spot spam!

Great! Glad it worked. There are a few reverse proxy examples around in this and other threads. I just posted mine recently here: https://lime-technology.com/forum/index.php?topic=49534.msg488617#msg488617

I am using this with duckdns.org and it works. From memory you need to put your subdomain into the domain field and leave subdomain blank. (exactly because you don't own duckdns.org) xxxxx.duckdns.org I am at work at the moment but I can check my config when I get home tonight.

Hi, sorry to hijack this thread, but this seems to be the right group of people following here. If this evolves into anything, I move it. I am looking to build a dashboard for my "home" and am hoping to include things like - Power Consumption that I can get using Node-Red - Temperature, Weather (NodeRed or Wether station once I get one) - Current Downloads (Deluge) - Current Streams (Plex) - CPU load (maybe from my netdata docker) - Network load (maybe from my netdata docker) I was wondering if anyone has tried this and how would I get the data from deluge and plex? I like the simplicity of Node-Red and can probably figure out how to send it to dashing. The Node-Red dashboard is a good start, but it just does not look as nice as I would like. Any hints, tips? Thanks

Thanks for the reminder. I use the "Nginx-letsencrypt" docker and I managed to get it to work like this: nginx/site-confs/default upstream backend { # the netdata server server 192.168.2.130:19999; keepalive 64; } server { listen 80; listen 443 ssl http2; # server_name mysecretdomain.com www.mysecretdomain.com; include /config/nginx/proxy.conf; include /config/nginx/auth.conf; ssl_certificate /config/keys/fullchain.pem; ssl_certificate_key /config/keys/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; ssl_prefer_server_ciphers on; location / { root /config/www; index index.html index.htm index.php; } # This exposes the unraid GUI, not a good idea ! # location / { # proxy_pass http://192.168.2.130/; # proxy_buffering off; # } location /coach { proxy_pass http://192.168.2.130:5050/coach; } location /sonarr { proxy_pass http://192.168.2.130:8989/sonarr; } location ~ /netdata/(?<ndpath>.*) { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend/$ndpath$is_args$args; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } the URL needs to have a trailing /, I couldn't work that out yet. Hope it works for you. there are also official ngnix, apache, lighttpd and caddy examples https://github.com/firehol/netdata/wiki/Running-behind-nginx https://github.com/firehol/netdata/wiki/Running-behind-apache https://github.com/firehol/netdata/wiki/Running-behind-lighttpd https://github.com/firehol/netdata/wiki/Running-behind-caddy

You got me doubting myself ... But this model does not have different outputs, both are battery backed up outputs.

Maybe the "user script" plugin could be used for this. Store your docker commands in a global script or individual scripts and execute via plugin. https://lime-technology.com/forum/index.php?topic=49992.0

I received and connected the UPS today. CyberPower Value SOHO UPS 1000VA/550W So far all looks good and a test shutdown went well (I only connected USB, not actually the power, just in case) Now here is hoping I will never need it.

Or if you want it to survive a complete reinstall of the docker.

This was my point exactly. I try to be clearer next time. From the OP I suspect it is a 2 disk (no parity) setup, but there is not enough detail in the post. And of course, all the other points are very valid and important, UPS and Backup should always be part of the solution.