Jump to content

primeval_god

Members
  • Content Count

    187
  • Joined

  • Last visited

Community Reputation

19 Good

About primeval_god

  • Rank
    Advanced Member

Converted

  • Gender
    Undisclosed

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Also I think i have seen umask used to ensure that the application creates files with only open permissions. https://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
  2. I believe that many Docker images use a startup script to change the permissions of the config folder and all its files. Such scripts i believe use the PUID and PGID environmental variables (or equivalent), which can be set via docker to match the host. Additionally rather than setting the USER in the docker file many use scripts to create the user/group (from the environmental variables) and then start their app as that user at runtime. This script from jlesage's handbrake container is an example. https://github.com/jlesage/docker-handbrake/blob/master/rootfs/etc/cont-init.d/handbrake.sh I think the LinuxServer images do something similar, but they use a whole init system in their containers (s6 i want to say) and the particular init scripts that deal with users are buried in their base images i think.
  3. Hard to say, as I am not certain what your issue is. It does add another level of possible port forwarding (the docker port mapping essentially forwards a port from the unraid host to a port in the container). Unfortunately I dont really have one, as i dont use FTP myself. My recommendation was based purely on my philosophy for unRAID which is always use Docker, unless you cant. I would guess a search of Community Applications would turn up several options, though I am not in front of my server so i cant confirm. Looking at docker hub I see jlesage/filezilla, I have never used it but i have used other jlesage containers.
  4. Might be worth logging a feature request to have tmpfs mounts supported in Dockerman. So far as i know no one has asked for it yet (though i didnt actually check).
  5. Reiterating this point, if you need to expose FTP directly to the internet i would suggest trying to find an FTP Docker Container, rather than exposing the builtin service.
  6. Add the --tmpfs flags under the extra parameters I believe
  7. I use a docker container called FileBrowser https://github.com/filebrowser/filebrowser
  8. So i am trying to get qBittorrent VPN setup but i am running into some issues. The container and application come up, and i can access the webui. I can open a console into the container and check that i have a valid IP address through the VPN. qBittorrent however never finds any peers or shows any signs that it can contact the outside world. What am i doing wrong? docker create --name='qbittorrentvpn' --net='bridge' --log-opt max-size='50m' --log-opt max-file='3' --privileged=true -e TZ="America/New_York" -e HOST_OS="Unraid" -e 'WEBUI_PORT'='7070' -e 'INCOMING_PORT'='8999' -e 'VPN_ENABLED'='yes' -e 'VPN_USERNAME'='' -e 'VPN_PASSWORD'='' -e 'LAN_NETWORK'='192.168.0.0/24' -e 'NAME_SERVERS'='8.8.8.8,8.8.4.4,1.1.1.1' -e 'PUID'='99' -e 'PGID'='100' -e 'UMASK'='002' -p '7070:7070/tcp' -p '8999:8999/tcp' -p '8999:8999/udp' -v '/mnt/user/Video_Conversion/bit':'/downloads':'rw' -v '/mnt/user/appdata/qbittorrentvpn':'/config':'rw' 'markusmcnugen/qbittorrentvpn' 2019-11-21 04:03:36.501191 [info] VPN_ENABLED defined as 'yes' 2019-11-21 04:03:36.533662 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/openvpn.ovpn dos2unix: converting file /config/openvpn/openvpn.ovpn to Unix format... 2019-11-21 04:03:36.563569 [info] VPN remote line defined as 'example.com 1194' 2019-11-21 04:03:36.593125 [info] VPN_REMOTE defined as 'example.com' 2019-11-21 04:03:36.619303 [info] VPN_PORT defined as '1194' 2019-11-21 04:03:36.643870 [info] VPN_PROTOCOL defined as 'udp' 2019-11-21 04:03:36.668103 [info] VPN_DEVICE_TYPE defined as 'tun0' 2019-11-21 04:03:36.692478 [info] LAN_NETWORK defined as '192.168.0.0/24' 2019-11-21 04:03:36.718937 [info] NAME_SERVERS defined as '8.8.8.8,8.8.4.4,1.1.1.1' 2019-11-21 04:03:36.744692 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS) 2019-11-21 04:03:36.769547 [info] Adding 8.8.8.8 to resolv.conf 2019-11-21 04:03:36.795720 [info] Adding 8.8.4.4 to resolv.conf 2019-11-21 04:03:36.821595 [info] Adding 1.1.1.1 to resolv.conf 2019-11-21 04:03:36.845036 [info] Starting OpenVPN... Thu Nov 21 04:03:36 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018 Thu Nov 21 04:03:36 2019 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08 Thu Nov 21 04:03:36 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]172.246.117.2:1194 Thu Nov 21 04:03:36 2019 UDP link local: (not bound) Thu Nov 21 04:03:36 2019 UDP link remote: [AF_INET]172.246.117.2:1194 Thu Nov 21 04:03:37 2019 [example.com] Peer Connection Initiated with [AF_INET]172.246.117.2:1194 Thu Nov 21 04:03:43 2019 TUN/TAP device tun0 opened Thu Nov 21 04:03:43 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Thu Nov 21 04:03:43 2019 /sbin/ip link set dev tun0 up mtu 1500 Thu Nov 21 04:03:43 2019 /sbin/ip addr add dev tun0 local 10.200.0.22 peer 10.200.0.21 Thu Nov 21 04:03:43 2019 Initialization Sequence Completed 2019-11-21 04:03:43.885837 [info] WebUI port defined as 7070 2019-11-21 04:03:43.911684 [info] LAN Network defined as 192.168.0.0/24 2019-11-21 04:03:43.937177 [info] Default gateway defined as 172.17.0.1 2019-11-21 04:03:43.963338 [info] ip route defined as follows... -------------------- 0.0.0.0/1 via 10.200.0.21 dev tun0 default via 172.17.0.1 dev eth0 10.200.0.1 via 10.200.0.21 dev tun0 metric 1 10.200.0.21 dev tun0 proto kernel scope link src 10.200.0.22 128.0.0.0/1 via 10.200.0.21 dev tun0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.10 172.246.117.2 via 172.17.0.1 dev eth0 192.168.0.0/24 via 172.17.0.1 dev eth0 -------------------- iptable_mangle 16384 1 ip_tables 24576 3 iptable_filter,iptable_nat,iptable_mangle 2019-11-21 04:03:43.992738 [info] iptable_mangle support detected, adding fwmark for tables 2019-11-21 04:03:44.033458 [info] Docker network defined as 172.17.0.0/16 2019-11-21 04:03:44.089384 [info] Incoming connections port defined as 8999 2019-11-21 04:03:44.119328 [info] iptables defined as follows... -------------------- -P INPUT DROP -P FORWARD ACCEPT -P OUTPUT DROP -A INPUT -i tun0 -j ACCEPT -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 7070 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 7070 -j ACCEPT -A INPUT -s 192.168.0.0/24 -i eth0 -p tcp -m tcp --dport 8999 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A OUTPUT -o tun0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 7070 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 7070 -j ACCEPT -A OUTPUT -d 192.168.0.0/24 -o eth0 -p tcp -m tcp --sport 8999 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -------------------- Adding 100 group groupadd: GID '100' already exists Adding 99 user useradd: UID 99 is not unique 2019-11-21 04:03:44.168476 [info] UMASK defined as '002' 2019-11-21 04:03:44.201173 [info] Starting qBittorrent daemon... Logging to /config/qBittorrent/data/logs/qbittorrent-daemon.log. 2019-11-21 04:03:45.233003 [info] qBittorrent PID: 203 2019-11-21 04:03:45.237872 [info] Started qBittorrent daemon successfully... (N) 2019-11-21T04:03:44 - qBittorrent v4.1.5 started (I) 2019-11-21T04:03:44 - qBittorrent is trying to listen on any interface port: 8999 (N) 2019-11-21T04:03:44 - Peer ID: -qB4150- (N) 2019-11-21T04:03:44 - HTTP User-Agent is 'qBittorrent/4.1.5' (I) 2019-11-21T04:03:44 - DHT support [ON] (I) 2019-11-21T04:03:44 - Local Peer Discovery support [OFF] (I) 2019-11-21T04:03:44 - PeX support [ON] (I) 2019-11-21T04:03:44 - Anonymous mode [OFF] (I) 2019-11-21T04:03:44 - Encryption support [ON] (I) 2019-11-21T04:03:44 - Embedded Tracker [OFF] (I) 2019-11-21T04:03:44 - GeoIP database loaded. Type: GeoLite2-Country. Build time: Tue Nov 12 21:09:59 2019. (N) 2019-11-21T04:03:44 - Using built-in Web UI. (N) 2019-11-21T04:03:44 - Web UI translation for selected locale (en) has been successfully loaded. (N) 2019-11-21T04:03:44 - Web UI: Now listening on IP: *, port: 7070 (C) 2019-11-21T04:03:44 - Queue positions were corrected in 2 resume files (I) 2019-11-21T04:03:44 - qBittorrent is successfully listening on interface :: port: TCP/8999 (I) 2019-11-21T04:03:44 - qBittorrent is successfully listening on interface 0.0.0.0 port: TCP/8999 (I) 2019-11-21T04:03:44 - qBittorrent is successfully listening on interface 0.0.0.0 port: UDP/8999 (N) 2019-11-21T04:03:44 - 'linuxmint-17-cinnamon-32bit-v2.iso' restored. (N) 2019-11-21T04:03:44 - 'checkmyiptorrent' restored.
  9. Just a suggestion. If ever think of pursuing it further A quick docker hub search brought up this container https://github.com/panubo/docker-sshd https://hub.docker.com/r/panubo/sshd/
  10. Take this with a grain of salt since i dont use Rsync myself but i would be tempted not muck around in unraid's ssh config to get this done. Rather i would be tempted to setup a docker container with sshd, and pass the destination share/folder as a volume mount. I would guess that there is a docker container out there that can generate and persist the ssh keys automatically, maybe saving them to an external volume that can be bound to the app data folder.
  11. Absolutely correct. You should never expose the unRAID OS itself to directly to the internet (Web GUI, SSH, FTP, etc) It is simply not meant for that purpose. I do expose several docker containers though, taking care to secure them as much as is possible with the docker features that are available (never privileged, limited mount points, always behind a reverse proxy with lets encrypt and a separate authentication container).
  12. I dont use array encryption myself so I am not completely sure about this, but if you have your server sleeping that wont cause the array to lock will it? I used the the S3 sleep plugin myself for quite some time (the only method of sleep i am aware of for unRAID). If i remember correctly S3/Standby leaves the array mounted and thus unlocked.
  13. @Gyurci Good news, the PR landed today. dbengine should now be usable if you pull the latest titpetric/netdata image.
  14. At this time the titpetric/netdata image is not compiled with support for dbengine. There is an open issue and PR about it on github.