jameson_uk

That seems to suggest that deleting users will disable it but I don't have my FTP users configured but there is definitely a process listening on port 21. I will follow the link about killing it for good tomorrow

Another check that noticed that port 111 was open for rpcbind. AIUI this is only necessary if you are using NFS so if NFS is not enabled should this process be running at all?

This is setup on an Android phone. The wireguard app setup the connection by just scanning the QR which is fine but there is no control over opening the app and it added a shortcut to open the tunnel in the menu where you can turn on the torch (and is available without unlocking the phone). Are there any other Android clients that only open with biometric authentication?

I have disabled NetBIOS in the config and that seems OK but I notice that Samba is listening on 139. I have added smb ports = 445 into the smb-extras.conf which does work and stops smbd listening on 139 Should this entry be added when you disable netbios via the GUI?

Is there anyway of adding any form of authentication (beyond the shared keys)

Is there anyway to add additional authentication in WireGuard? I have been able to get everything setup but it seems a bit too easy to enable access on my Android phone. I can simply click the shortcut menu item to connect, using OpenVPN I am have configured 2FA so someone cannot simply press a button to get full access to my LAN. It would be even better if I could use U2F from my Yubikey devices but I would take being able to add Google Authenticator as a first step

always eth0? What about Samba / Docker? I don't actually have the second NIC yet to test but I am hoping I would be able to have management and samba on one nic and docker on both.

Just to be clear, you mean exposed in image rather than mapped right?

Is there a proper way of changing the listen address for SSH and unraid front end in a way that will stick? It looks like /etc/ssh/sshd_config has listenaddress commented out so will default to 0.0.0.0 and /etc/nginx/conf.d/emhttp-servers.conf had listen *:80 default_server; listen [::]:80 default_server; Looks like Samba doesn't have anything configured again so I believe will bind to all interfaces. So as it stands everything is listening on every interface I can change each of the config files but these won't survive a restart. Is there a way of achieving this?

I had a play around with a few of my containers and see the EXPOSE in the Dockerfile controls which ports show up here. I would have thought it would be far more useful to see what ports are actually in use (I guess the main point of the "show docker allocations" is to avoid conflicts which would be dependant on showing the ports actually mapped not the ones advertised but I can live with that (It is just a bit annoying that you cannot see the IP or ports for these without going into the config. So the WebUI thing (which is nothing to do with Docker) doesn't work on anything other than the default bridge network? I am failing to see why this would be a limitation (from a technical viewpoint) as it is only IP / port which should still be able to resolve?

It is not a worry just a slight annoyance. There is now a port exposed as I added this via unraid but this is being picked up from the image not unraid? (hence it is possible to add ports in Unraid and they won't appear in the GUI?) The bridge isn't an issue (see the top one, that has details). What about the Web UI though, that has to be unraid specific and I have updated the template to include a web UI address but this doesn't appear in the menu for the container.

I am struggling to work out why some info isn't showing up for some of my containers. eg. some containers are not showing any port mappings even though they are in use and working eg. looking at this container (I know it is stopped) shows the port mappings however this container doesn't show anything even though I do have port mappings defined (it is showing the volume mappings though) I have also attempted to add the missing Web UI for this container but whilst it is showing and included in the user template /boot/config/plugins/dockerMan/templates-user it doesn't show up as an option. I have recreated the container from the template and restarted docker but this doesn't seem to stick. Neither the port mapping nor the web UI menu item show up. What do I need to do to get this to work?

My understanding is that I could create a custom docker network (outside of VLAN1 or 10) and have both containers in this network. Only one would have any ports accessible but being on the same network it would be able to access to other container. The difference to running this on Macvlan is that currently everything on VLAN 10 can see and access this container that I essentially want to hide. Or at least that is what I think I can do.....

I guess the question was whether it is possible to to have an IP allocated on VLAN 10 but force Web UI, Samba, SSH.... to only listen on VLAN 1

I wanted to run in bridge mode so I can group a couple of containers together on the same network so I could essentially run one as a child of the other without it being accessible from anywhere else

No, with no address assigned I cannot access Unraid from VLAN10 but if I setup a container to run in bridge mode it is only accessible via the Unraid IP on VLAN 1. I want to have docker containers accessible on VLAN 10 (but running in bridge mode) but not Unraid. (I have reworded original post a little as it didn't quite make senes....)

I have two VLANs on my network and one NIC on my unraid box. On Unraid I have configured the network card (eth0) to allow bridging and enabled VLANs adding eth0.10 with no IP4 assignment. Then in Docker I have added a subnet on br0.10 matching my VLAN 10 network. I have then been able to set some containers to run with a network of custom: br0.10 and they appear on my VLAN. This is all OK but I want to be a bit more selective and run these containers in bridge mode rather than macvlan. AIUI the ability to add custom bridge networks was added in 6.5.1 ... which I guess need to be added manually via docker CLI and then will appear in the dropdown? Running in bridge mode would mean giving the Unraid box an IP on VLAN 10 but I don't want anything other than dockers to be accessible from that VLAN. If I assign an address for eth0.10 in the network settings then the Unraid GUI and SSH both become available from that network. Is there anyway to achieve this so that I can run my container on a bridge network, accessible via a VLAN 10 address but not make Unraid itself accessible on VLAN 10?

Finding anything in their forums (or getting an actual answer for that matter) is nigh on impossible. Guess I will stick with 5.9.29 for now and come back in several months to see if 6 has settled down. 6.x.x.x is needed for some of the new WiFi 6 APs though?

I finally got around to testing this and turns out I miscalculated. I didn't read the docs properly and the downloading (egress) cost are on top of the standard egress costs not instead of. So egress if $.012 per GB and egress from archive storage is is an additional $0.05 per GB. So I would have actually been charged £61.69 (plus tax). (~$80 before tax). Obviously this is more than covered by the trial fees but is obviously a lot more than I had first calculated. I guess the question is how often do you need to invoke this kind of disaster recovery? Storage is working out at £0.44 (+Tax) a month so over two years you are looking at £12.67 for storage including tax. If you then assume you have to download once over that period that is an additional £61.69 (£74.03 inc tax) so the total over two years would be £86.70 (£3.61 a month). If you work out for 2TB (2,048 GB) then you are looking at: Storage 2,048 * $0.0012 = $2.46 per month ($58.98 over two years) but you are looking at downloads of 2,048 * $0.17 = $348.16 So that comes to $407.14 which doesn't look that great against the likes of a standard Google One 2TB plan. (The actual cost is slightly higher as you have to pay for network operations but that is a one of and is a few $) Table code doesn't appear to be enabled on these forums so attaching this as an image So based on 2TB storage (and using the entire 2TB) you if you restore once in 7 years you would break even, two restores would take 14 years. Obviously if you never have to restore then you are making a significant saving from day 1. I did come close to loosing my whole array once (the PSU blew and started to smoulder) but I have never had a need to restore in several years (but I know the pain it would cause if I ever had to). As Ned Flanders says, insurance is gambling.... UnRaid already gives you some redundancy if a single drive fails but I guess I am looking at protecting the scenario of something like a fire taking out the whole server. The main question then is how important is the data to you and what risk level you attach to loosing it. I will experiment as to whether you can essentially jump trials (The simplest way to do this would just be to sign up for a new trail every year and start from scratch but I am not sure whether (a) there is any form of checking you are not creating multiple trials (You do have to enter a credit card number IIRC) and (b) whether you can essentially swap the costs of downloading or storage to another account without needing to upload again.

What features aren't implemented in 6.x.x.x yet?

Interesting but does this mean that to store 500 GB you would need to setup 34 different Google accounts? Presumably this is manual

I do plan to do a test of pulling the ~480MB back just to see how much it would cost. I will post an update when I find time to do this

So for the whole month of August I would have been billed £0.44 + TAX (~ £0.53 = $0.71) but this is obviously more than covered by the $250 trial credit. Obviously the hit is if you ever want to download your files but as a true backup / DR solution this seems to be a simple and cheap option.

So I have been running daily rsync and no costs have shown up at all (getting CRC and timestamps is obviously a free operation). This means I have been charged 1 Class A Operation for each file I uploaded (17,511 for which I would have been charged £0.71)