Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

jameson_uk

Members
  • Joined

  • Last visited

Everything posted by jameson_uk

  1. OK I have started playing around with this and BIND_MGT="yes" Seems to do the trick for the web interface. For Samba I added the following lines to [global] section in the SMB config via the UI bind interfaces only = yes interfaces = lo eth0 and that seems to work. SSH however is still listening on my second IP. I have added a VLAN interface in the network setting and assigned a static IP there. Now the only things I can see running on this VLAN IP are SSH and rpcbind (which is a separate question...) and the Docker mappings I have setup Is the above incorrect that BIND_MGT does not limit SSH or is this a bug?
  2. I have in the past had OpenVPN setup to access my LAN remotely and that worked OK but I have been looking at using WireGuard but I can't quite figure out the best way to set this up. My network is setup across three VLANs with some of the docker containers running on Unraid assigned macvlan addresses on the different VLANs. I want to have some fine grain control over what can be accessed over the VPN but I am not sure where the routing takes place in this setup. I have tried various settings and I am able to access the Unraid server frontend but I can't seem to figure out to access things and lock this down to specific IP / ports. In reality I mainly want to give access to some servers on VLAN 2 but the Unraid box doesn't actually have an address on this VLAN (the docler containers are running as macvlan as I only have one NIC) but it would be nice if I was also able to access some boxes on VLAN 1 Currently this is setup as "Remote Access to LAN" and I have setup a static route for the VPN network to the Unraid server IP and this gives me access to everything on one VLAN but I can't seem to get anything else to work. Anyone got anything similar working?
  3. Another check that noticed that port 111 was open for rpcbind. AIUI this is only necessary if you are using NFS so if NFS is not enabled should this process be running at all?
  4. I happened to notice that port 21 was open on my Unraid box even though I have never enabled ftp and it was definitely disabled previously. Now I can go in and disable the FTP server but as soon as I restart the box the ftp server starts again. The only thing I can find in syslog that is ftp related is ool www[15093]: /usr/local/emhttp/plugins/dynamix/scripts/ftpusers '0' '' which looking at the script suggests that 0 means disable ftp.
  5. This is setup on an Android phone. The wireguard app setup the connection by just scanning the QR which is fine but there is no control over opening the app and it added a shortcut to open the tunnel in the menu where you can turn on the torch (and is available without unlocking the phone). Are there any other Android clients that only open with biometric authentication?
  6. Is there anyway of adding any form of authentication (beyond the shared keys)
  7. Is there anyway to add additional authentication in WireGuard? I have been able to get everything setup but it seems a bit too easy to enable access on my Android phone. I can simply click the shortcut menu item to connect, using OpenVPN I am have configured 2FA so someone cannot simply press a button to get full access to my LAN. It would be even better if I could use U2F from my Yubikey devices but I would take being able to add Google Authenticator as a first step
  8. always eth0? What about Samba / Docker? I don't actually have the second NIC yet to test but I am hoping I would be able to have management and samba on one nic and docker on both.
  9. Is there a proper way of changing the listen address for SSH and unraid front end in a way that will stick? It looks like /etc/ssh/sshd_config has listenaddress commented out so will default to 0.0.0.0 and /etc/nginx/conf.d/emhttp-servers.conf had listen *:80 default_server; listen [::]:80 default_server; Looks like Samba doesn't have anything configured again so I believe will bind to all interfaces. So as it stands everything is listening on every interface I can change each of the config files but these won't survive a restart. Is there a way of achieving this?
  10. My understanding is that I could create a custom docker network (outside of VLAN1 or 10) and have both containers in this network. Only one would have any ports accessible but being on the same network it would be able to access to other container. The difference to running this on Macvlan is that currently everything on VLAN 10 can see and access this container that I essentially want to hide. Or at least that is what I think I can do.....
  11. I guess the question was whether it is possible to to have an IP allocated on VLAN 10 but force Web UI, Samba, SSH.... to only listen on VLAN 1
  12. I wanted to run in bridge mode so I can group a couple of containers together on the same network so I could essentially run one as a child of the other without it being accessible from anywhere else
  13. No, with no address assigned I cannot access Unraid from VLAN10 but if I setup a container to run in bridge mode it is only accessible via the Unraid IP on VLAN 1. I want to have docker containers accessible on VLAN 10 (but running in bridge mode) but not Unraid. (I have reworded original post a little as it didn't quite make senes....)
  14. I have two VLANs on my network and one NIC on my unraid box. On Unraid I have configured the network card (eth0) to allow bridging and enabled VLANs adding eth0.10 with no IP4 assignment. Then in Docker I have added a subnet on br0.10 matching my VLAN 10 network. I have then been able to set some containers to run with a network of custom: br0.10 and they appear on my VLAN. This is all OK but I want to be a bit more selective and run these containers in bridge mode rather than macvlan. AIUI the ability to add custom bridge networks was added in 6.5.1 ... which I guess need to be added manually via docker CLI and then will appear in the dropdown? Running in bridge mode would mean giving the Unraid box an IP on VLAN 10 but I don't want anything other than dockers to be accessible from that VLAN. If I assign an address for eth0.10 in the network settings then the Unraid GUI and SSH both become available from that network. Is there anyway to achieve this so that I can run my container on a bridge network, accessible via a VLAN 10 address but not make Unraid itself accessible on VLAN 10?
  15. Finding anything in their forums (or getting an actual answer for that matter) is nigh on impossible. Guess I will stick with 5.9.29 for now and come back in several months to see if 6 has settled down. 6.x.x.x is needed for some of the new WiFi 6 APs though?
  16. What features aren't implemented in 6.x.x.x yet?
  17. OK here is what I did and what I was missing... The tickbox in the console sets it for everyone and I couldn't get the server to start after setting this. I also wanted to set it for a specific user as last time I couldn't get it to work so ended up having to trash everything and start again. So after setting up the user I opened up the console for the container and from /config/scripts I ran ./sacli --user <USERNAME> --key "prop_google_auth" --value "true" UserPropPut Then the key thing I was missing was that I needed to logon to the web interface rather than the Android client. Logging on via the Android client just prompts you for an authenticator code and doesn't give you the option to register. logging in via the web console lets you login and then gives you the QR code to register with Google Authenticator. Still haven't figured out whether this sticks following a container update???
  18. I have everything working but I want to setup Google Authenticator. Just setting the option to enable it in user management means I cannot login as anyone. Reading around it looks like I can add this via the command line? If I do this will it persist across container updates? (On a similar note I have read somewhere about the admin user returning after an update? Is this a thing?)
  19. I was using the Android app and didn't even think about the web portal. Having just tried and videos play in Chrome on my phone however the interface is pretty poor on a small screen. Given the app works when connected to WiFi and the VPN is obviously getting me to the server any thoughts on what I can try to get video playback working in the app via the VPN?
  20. By it do you mean VPN or PLEX? VPN is via a hostname that had a dynamic DNS entry. As for PLEX I am no longer sure.... I set it up years ago when there was a server config option and now you just sign in I don't know any more. How do you tell (and it is connecting to the server as I can see all the media) I am connecting to VPN over a strong 4G / LTE cellular connection.
  21. Looking for advice on where to look at debugging an issue I have... I have the Plex container setup and it works fine on my LAN and everything plays fine. I have the Open VPN AS container setup and that works fine (I cannot connect, access unraid web GUI, PLEX web GUI). I have remote access to PLEX disabled as I do not want anything directly open to the internet. When I connect to the VPN on my Android phone then the PLEX app seems to connect to the server, I can browse all my media and play music. Attempting to play any video however I am just getting a "Playback has stopped because the connection to the Plex Media Server has b een lost. Please ensure the server is available and retry" error. I see all the metadata for the video and it quite happily plays theme tunes etc so it is obviously connecting just not playing. I did come across a few suggestions to drop the quality setting and that would solve it but even dropping the quality to 320p in the app gives me the same error. The files are mainly SD DVD rips as MKV. The same files play quite happily on the my local network. I cannot see anything on the PLEX side and I only see this quite unhelpful error in the app. Anyone able to point me in the right direction or have an idea about how I might debug this?

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.