primeval_god

Add the --tmpfs flags under the extra parameters I believe

I use a docker container called FileBrowser https://github.com/filebrowser/filebrowser

So i am trying to get qBittorrent VPN setup but i am running into some issues. The container and application come up, and i can access the webui. I can open a console into the container and check that i have a valid IP address through the VPN. qBittorrent however never finds any peers or shows any signs that it can contact the outside world. What am i doing wrong? docker create --name='qbittorrentvpn' --net='bridge' --log-opt max-size='50m' --log-opt max-file='3' --privileged=true -e TZ="America/New_York" -e HOST_OS="Unraid" -e 'WEBUI_PORT'='7070' -e 'INCOMING_PORT'='8999' -e 'VPN_ENABLED'='yes' -e 'VPN_USERNAME'='' -e 'VPN_PASSWORD'='' -e 'LAN_NETWORK'='192.168.0.0/24' -e 'NAME_SERVERS'='8.8.8.8,8.8.4.4,1.1.1.1' -e 'PUID'='99' -e 'PGID'='100' -e 'UMASK'='002' -p '7070:7070/tcp' -p '8999:8999/tcp' -p '8999:8999/udp' -v '/mnt/user/Video_Conversion/bit':'/downloads':'rw' -v '/mnt/user/appdata/qbittorrentvpn':'/config':'rw' 'markusmcnugen/qbittorrentvpn' 2019-11-21 04:03:36.501191 [info] VPN_ENABLED defined as 'yes' 2019-11-21 04:03:36.533662 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/openvpn.ovpn dos2unix: converting file /config/openvpn/openvpn.ovpn to Unix format... 2019-11-21 04:03:36.563569 [info] VPN remote line defined as 'example.com 1194' 2019-11-21 04:03:36.593125 [info] VPN_REMOTE defined as 'example.com' 2019-11-21 04:03:36.619303 [info] VPN_PORT defined as '1194' 2019-11-21 04:03:36.643870 [info] VPN_PROTOCOL defined as 'udp' 2019-11-21 04:03:36.668103 [info] VPN_DEVICE_TYPE defined as 'tun0' 2019-11-21 04:03:36.692478 [info] LAN_NETWORK defined as '192.168.0.0/24' 2019-11-21 04:03:36.718937 [info] NAME_SERVERS defined as '8.8.8.8,8.8.4.4,1.1.1.1' 2019-11-21 04:03:36.744692 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS) 2019-11-21 04:03:36.769547 [info] Adding 8.8.8.8 to resolv.conf 2019-11-21 04:03:36.795720 [info] Adding 8.8.4.4 to resolv.conf 2019-11-21 04:03:36.821595 [info] Adding 1.1.1.1 to resolv.conf 2019-11-21 04:03:36.845036 [info] Starting OpenVPN... Thu Nov 21 04:03:36 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018 Thu Nov 21 04:03:36 2019 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08 Thu Nov 21 04:03:36 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]172.246.117.2:1194 Thu Nov 21 04:03:36 2019 UDP link local: (not bound) Thu Nov 21 04:03:36 2019 UDP link remote: [AF_INET]172.246.117.2:1194 Thu Nov 21 04:03:37 2019 [example.com] Peer Connection Initiated with [AF_INET]172.246.117.2:1194 Thu Nov 21 04:03:43 2019 TUN/TAP device tun0 opened Thu Nov 21 04:03:43 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Thu Nov 21 04:03:43 2019 /sbin/ip link set dev tun0 up mtu 1500 Thu Nov 21 04:03:43 2019 /sbin/ip addr add dev tun0 local 10.200.0.22 peer 10.200.0.21 Thu Nov 21 04:03:43 2019 Initialization Sequence Completed 2019-11-21 04:03:43.885837 [info] WebUI port defined as 7070 2019-11-21 04:03:43.911684 [info] LAN Network defined as 192.168.0.0/24 2019-11-21 04:03:43.937177 [info] Default gateway defined as 172.17.0.1 2019-11-21 04:03:43.963338 [info] ip route defined as follows... -------------------- 0.0.0.0/1 via 10.200.0.21 dev tun0 default via 172.17.0.1 dev eth0 10.200.0.1 via 10.200.0.21 dev tun0 metric 1 10.200.0.21 dev tun0 proto kernel scope link src 10.200.0.22 128.0.0.0/1 via 10.200.0.21 dev tun0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.10 172.246.117.2 via 172.17.0.1 dev eth0 192.168.0.0/24 via 172.17.0.1 dev eth0 -------------------- iptable_mangle 16384 1 ip_tables 24576 3 iptable_filter,iptable_nat,iptable_mangle 2019-11-21 04:03:43.992738 [info] iptable_mangle support detected, adding fwmark for tables 2019-11-21 04:03:44.033458 [info] Docker network defined as 172.17.0.0/16 2019-11-21 04:03:44.089384 [info] Incoming connections port defined as 8999 2019-11-21 04:03:44.119328 [info] iptables defined as follows... -------------------- -P INPUT DROP -P FORWARD ACCEPT -P OUTPUT DROP -A INPUT -i tun0 -j ACCEPT -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 7070 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 7070 -j ACCEPT -A INPUT -s 192.168.0.0/24 -i eth0 -p tcp -m tcp --dport 8999 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A OUTPUT -o tun0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 7070 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 7070 -j ACCEPT -A OUTPUT -d 192.168.0.0/24 -o eth0 -p tcp -m tcp --sport 8999 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -------------------- Adding 100 group groupadd: GID '100' already exists Adding 99 user useradd: UID 99 is not unique 2019-11-21 04:03:44.168476 [info] UMASK defined as '002' 2019-11-21 04:03:44.201173 [info] Starting qBittorrent daemon... Logging to /config/qBittorrent/data/logs/qbittorrent-daemon.log. 2019-11-21 04:03:45.233003 [info] qBittorrent PID: 203 2019-11-21 04:03:45.237872 [info] Started qBittorrent daemon successfully... (N) 2019-11-21T04:03:44 - qBittorrent v4.1.5 started (I) 2019-11-21T04:03:44 - qBittorrent is trying to listen on any interface port: 8999 (N) 2019-11-21T04:03:44 - Peer ID: -qB4150- (N) 2019-11-21T04:03:44 - HTTP User-Agent is 'qBittorrent/4.1.5' (I) 2019-11-21T04:03:44 - DHT support [ON] (I) 2019-11-21T04:03:44 - Local Peer Discovery support [OFF] (I) 2019-11-21T04:03:44 - PeX support [ON] (I) 2019-11-21T04:03:44 - Anonymous mode [OFF] (I) 2019-11-21T04:03:44 - Encryption support [ON] (I) 2019-11-21T04:03:44 - Embedded Tracker [OFF] (I) 2019-11-21T04:03:44 - GeoIP database loaded. Type: GeoLite2-Country. Build time: Tue Nov 12 21:09:59 2019. (N) 2019-11-21T04:03:44 - Using built-in Web UI. (N) 2019-11-21T04:03:44 - Web UI translation for selected locale (en) has been successfully loaded. (N) 2019-11-21T04:03:44 - Web UI: Now listening on IP: *, port: 7070 (C) 2019-11-21T04:03:44 - Queue positions were corrected in 2 resume files (I) 2019-11-21T04:03:44 - qBittorrent is successfully listening on interface :: port: TCP/8999 (I) 2019-11-21T04:03:44 - qBittorrent is successfully listening on interface 0.0.0.0 port: TCP/8999 (I) 2019-11-21T04:03:44 - qBittorrent is successfully listening on interface 0.0.0.0 port: UDP/8999 (N) 2019-11-21T04:03:44 - 'linuxmint-17-cinnamon-32bit-v2.iso' restored. (N) 2019-11-21T04:03:44 - 'checkmyiptorrent' restored.

Just a suggestion. If ever think of pursuing it further A quick docker hub search brought up this container https://github.com/panubo/docker-sshd https://hub.docker.com/r/panubo/sshd/

Take this with a grain of salt since i dont use Rsync myself but i would be tempted not muck around in unraid's ssh config to get this done. Rather i would be tempted to setup a docker container with sshd, and pass the destination share/folder as a volume mount. I would guess that there is a docker container out there that can generate and persist the ssh keys automatically, maybe saving them to an external volume that can be bound to the app data folder.

Absolutely correct. You should never expose the unRAID OS itself to directly to the internet (Web GUI, SSH, FTP, etc) It is simply not meant for that purpose. I do expose several docker containers though, taking care to secure them as much as is possible with the docker features that are available (never privileged, limited mount points, always behind a reverse proxy with lets encrypt and a separate authentication container).

I dont use array encryption myself so I am not completely sure about this, but if you have your server sleeping that wont cause the array to lock will it? I used the the S3 sleep plugin myself for quite some time (the only method of sleep i am aware of for unRAID). If i remember correctly S3/Standby leaves the array mounted and thus unlocked.

@Gyurci Good news, the PR landed today. dbengine should now be usable if you pull the latest titpetric/netdata image.

At this time the titpetric/netdata image is not compiled with support for dbengine. There is an open issue and PR about it on github.

Yes Duplicati is nice since you have quite a few choices for backends. It is also nice that it is cross platform. I primarily backup my windows machines to my unRAID server, using a Minio Docker to do S3. I also played around with doing it over FTP or SFTP. For cloud storage it supports a ton of stuff.

You could use Duplicati for the backup client and Minio to provide an S3 storage target. Both are available as Docker Containers I believe.

I also use Duplicati to backup to an unraid server, though instead of FTP i use a Minio Docker. Minio provides an S3 storage api, which duplicati is also compatible with.

The thing to keep in mind though is that in unRAID docker is the preferred way of installing applications. Everything from a full plex installation down to a single python script should be run in docker unless for some reason it cant. While containers use slightly more resources than a bare application, they provide varying levels of isolation to help keep applications from destabilizing the core unraid OS. Additionally they allow applications and their dependencies to be decoupled from whatever particular version of Slackware that unRAID is currently using. The key take away is that ideally plugins and additional packages should be reserved for extensions to the unRAID os and those occasional applications that require very low level system access and cannot run under docker.

I run a Minio Docker container on my unRAID machine as a backup target for duplicati. Minio provides an S3 storage API. I also use a traefik docker to reverse proxy / SSL wrap minio.

I guess i am a little confused on the issue. Especially with this statement. I would assume that if you are using the Next channel that you would be following development of new features and bug fixes fairly closely. Otherwise you would be on the Stable Branch.

@JustusAurelius I am sorry but i doubt my experience will be of much help to you. My server has a fairly light workload. It handles mainly file-serving and a couple of plex streams, as well as a handful other programming related Dockers. I occasionally run a minecraft server for 6ish people, and do some non-plex trans-coding. I dont really use VMs much less desktop replacement VMs. I should think that the 2700 would be plenty of power for a couple of gameservers and nextcloud (though i dont use nextcloud myself). My gut feeling would be that there would be enough resources to run a windows VM as well. That said i am not familiar with Design software or its system requirements, nor do i have any experience running VMs like that myself.

Users cannot update Docker, docker updates are baked into unRAID releases.

I use my unRAID machine for all the things you mentioned and more. Do you have much linux experience and or are you expecting to do things the linux way? One sticking point for a lot of newcomers who have a lot of linux knowledge and experience is that unRAID is not just another linux distro (similar to how it is not RAID). For instance you will not install the plex server or minecraft server on the underlying unRAID OS, rather you will run plex and minecraft docker containers. In reality it is much easier than trying to install applications on stripped down slackware linux, but if you come in thinking you are going to use unRAID exactly like any other linux OS then you may be frustrated by the unRAID way. Another point that seems to bother a lot of linux gurus is that unRAID does not have users in the linux sense. All administration is done using the root user and file/folder access controls are done by the software that servers them over the network (SMB,NFS...). One other thing that you might want to research a bit more on the forum is the processor/mobo hardware you are planning to use. I myself use a Ryzen 2700 and it works great. If my knowledge of part numbers is on point the 3400G is fairly recently released. It would be worth seeing if others are already using that in unRAID and if they have run into any problem.

Its been a while since i used the S3 plugin, but I thought that the Excluded hours setting was for doing exactly what you are trying to do. If i remember correctly the S3 Sleep plugin has some debug logging that you can enable. Have you tried enabling that and watching the syslog? That should let you see what triggers the sleep function.

On Android i use Syncthing, with my server setup to Receive only and Ignore Delete for the Android photo folder. The folder on my server is backed up along with the rest of my server data.

I am not sure about that particular line but yes, that is docker socket. Traefik uses the docker socket to query docker about containers, but there are security implications with giving containers access to the socket. The recommended way to do it so far as i know is to use a program to proxy the docker socket to limit what traefik can do with it (or anything else that you give access to). The traefik documentation says something about doing it via HAProxy and a TCP socket. I personally use a docker-proxy-acl container. https://github.com/titpetric/docker-proxy-acl https://hub.docker.com/search?q=docker-proxy-acl&type=image

@Squiggley Glad you got it working. Quick sidebar question, are you directly passing the docker socket to traefik or using a socket proxy?

That would also be my first guess, along with the possibility of an incorrectly configured traefik entrypoint (with regards to what port the entrypoint uses vs what port is mapped through docker to the host). One possibility that i am not sure about is the certificate aspect. I dont use lets encrypt on my setup (well i do but not in traefik, i have an nginx reverse proxy doing ssl unwrapping on a separate entrypoint server) so i am not sure if or how that could be part of the issue.

Those IP addresses look correct. The addresses will not be that of your server but rather the address that Docker assigns the container internally, normally starting with 172. Yes I believe you should see the request in the logs with the debugging levels you have set. As long as both traefik and the containers it is proxying to are on the same network it should be fine. I used to have all of mine on the default bridge network. Then i had traefik on the default bridge, and the containers on a custom network (traefik was attached to that network as well), now i have traefik et al on a custom bridge.

What are you using python for and does it need low level access to the unRAID? Depending on what you are doing it might be easier to setup your python environment in a docker container.