Nem

Members
 View Profile  See their activity

  • Posts

    177

  • Joined

  • Last visited

 Content Type 

Posts posted by Nem

    [Support] binhex - DelugeVPN

    in Docker Containers

    Posted

    a few hours ago delugevpn was working fine (albeit a bit slower than usual). I then restarted my server to install a new drive and my torrents dont download anymore. I can still access the webgui but each torrent keeps timing out when trying to establish a connection

     

    I saw that a few people have this issue and I think I've addressed most of those problems (e.g. ensuring LAN_NETWORK is correct, changing /data to /download) but I still cant download anything. Whats weird is that is was fine before I restarted, and I didn't change any of the deluge settings or update the container prior to the restart. It just stopped working all of a sudden

     

    Here are my deluge settings, ports and mappings:

     

    zJ31RBx.png

    QErkTRV.png

     

    Do those settings look correct? 

    Unraid gui through reverse proxy

    in General Support

    Posted

    Id like to be able to access the unraid webgui via reverse proxy now that unraid 6.4 has letsencrypt SSL certs

     

    I'd like to navigate to www.web.com/admin and be able to access the gui, but unraid doesnt have an option for adding a base url

     

    Im currently using this:

      

        location ^~ /admin {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.187.10:8181;
    }

     

    unraid isn't expecting to see /admin so nothing loads. Is there a way to add /admin to the target url even though unraid doesnt allow for customizing the base url it uses?

    [Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

    in Docker Containers

    Posted

    2 hours ago, aptalca said:

     

    I would strongly recommend against that for security reasons. VPN is considered pretty secure because it uses a certificate to authenticate. The web gui on the other hand only uses a password that can be brute forced. Once hacked, they can create their own cert through the web gui to get into your LAN

     

    Once you create the user cert, you shouldn't need to access the web gui remotely. If you really need to, you can vpn in, and then access the gui

     

    @aptalca I'm pretty new to using VPNs so to clarify: (assuming I'm using a weak admin password for ovpnas) if someone brute forces my password and gets into the webgui theres a section where they can upload their own SSL certificate, but isn't that certificate only used for the web interface, not the actual VPN connection? How would my LAN be compromised in that case? Or do you mean they can now change my server config and redirect traffic?

     

    I guess all of this can be prevented anyway with a strong password for the admin account...?

    [Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

    in Docker Containers

    Posted

    11 hours ago, Ding Dong Del said:

     

    @Nem - that's pretty much what I get when using my setup.

     

     @Ding Dong Del Ive finally managed to get ovpn-as webgui running through a reverse proxy by just using a subdomain and another server block in the config. But Im also intrigued by your use of the same port for both https and vpn traffic. I'm wondering why you chose to use hostnames/streams/subdomains to redirect traffic instead of using the port share feature of ovpn?

    [Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

    in Docker Containers

    Posted

    22 minutes ago, Ding Dong Del said:

     

    I only use duckdns because I only have a dynamic IP address through my ISP (both domain names point to the same IP address).

    You can use your own Dynamic DNS provider or hostname(s) assuming you can set up the relevant DNS entries.

     

    so I dont have hostnames set up, but my domain points to my IP, and I have www and vpn subdomains

     

    I changed my nginx.conf to (sites-config/default server also listens on 4430): 

    stream
{
    map $ssl_preread_server_name $name
    {
        www.example.net fred;
        vpn.example.net barney;
    }

    upstream barney
    {
        #openvpn container
        server 192.168.187.10:9453;
    }

    upstream fred
    {
        # upstream nginx virtual hosts such as sonarr, radarr, nzbget, etc.
        server 192.168.187.10:4430;
    }

    server
    {
        listen 443 so_keepalive=on;
        proxy_pass  $name;
        ssl_preread on;
    }
}

    what Im expecting is that when I go vpn.example.net I get taken to openvpn webgui, but if I go to www.example.net/whatever I get one of my other containers. Correct expectation with the current config? Or is there something I need to change?

    [Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

    in Docker Containers

    Posted

    7 minutes ago, Ding Dong Del said:

     

    My bad - I left out a key piece!

    I am using hostnames to get to either openvpn (via a vpn client), or my nginx reverse proxies.

     

    so using the example above, I have two duckdns domains set up (fred, and barney) and if I want to get to sonarr e.g. I use:

    https://fred.duckdns.org/sonarr

     

    when I want to connect to my vpn, I point my vpn client at barney.duckdns.org.

     

    I've done it this way on purpose so that both the reverse proxy, and openvpn are listening on 443 externally so that if behind a firewall I can still use my vpn.

    that is a slightly different use case than you described.

     

    I dont mind setting up a subdomain like vpn.site.com, but is there a way to set this up without duckdns?

     

    my use case, I think, is similar to yours. When I want to use the vpn or access the webgui I want to access it via vpn.site.com. If I want the rest of my other containers I want to go to www.site.com/whatever

    [Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

    in Docker Containers

    Posted

    11 minutes ago, Ding Dong Del said:

     

    Hi Nem, 

     

    I've been able to do it by using the stream directive in nginx, which uses SNI to direct the ssl stream to the right service.

    Add the following to your LE's nginx.conf

    ...

    The first (stream) block basically uses the requested host name to direct the request to either openvpn, or sends traffic on to nginx (same instance) for processing by your virtual host (note sure if virtual host is the right name here)

     

     

    Thanks, I tried it but none of my sites are working now. Most likely due to me not know exactly what needs to be changed. Here's what I changed things to:

      

    stream
{
    map $ssl_preread_server_name $name
    {
        example.net/ovpn fred;
        default barney;
    }

    upstream barney
    {
        #openvpn container
        server 192.168.187.10:9453;
    }

    upstream fred
    {
        # upstream nginx virtual hosts such as sonarr, radarr, nzbget, etc.
        server 192.168.187.10:443;
    }

    server
    {
        listen 443 so_keepalive=on;
        proxy_pass  $name;
        ssl_preread on;
    }
}

    sites-config/default basically looks the same as yours, only difference is the server is listening on 443

     

    My goal is to be able to hit openvpn-as webgui when I go to /ovpn

    appdata location

    in Docker Engine

    Posted

    whats the difference between /mnt/cache/appdata and /mnt/user/appdata? Should I be using one over the other for storing my container config directories?

     

    I've been using /mnt/cache/appdata for my containers, but if I need to switch over to the other is it safe to just point my container to the other location without affecting any existing config/settings?

    6.4 SSL webgui doesnt work

    in General Support

    Posted

    I tried changing my ports from 80/443 to 8181/4343 and now the webgui works, but the SSL certificate I was issued was invalid (chrome says the site is not secure)

     

    could this be because I was already issued a certificate with the old port numbers? how do I get around this problem?

    Xeon motherboard with dual graphics slots

    in Motherboards and CPUs

    Posted

    awesome, didnt know ASRock made server boards

     

    so originally I was planning on using a riser to plug my 16x graphics card into the 8x slot. I dont think it would fit otherwise?

     

    it might be good to have an option without needing a riser, so are there any motherboards that support 2 16x slots if I relax my requirements about motherboard size and allow for an ATX board?

    drive usage over time

    in Plugin System

    Posted · Edited by Nem

    is there a plugin that tracks disk usage over time? I'd like to be able to see how quickly I'm filling up my storage

     

    EDIT: I know there are plugins that track array storage over time, but I'm looking for info about specific drives

    webgui login

    in Completed

    Posted

    the current way of logging into the unraid webgui (using chrome) is through the little dropdown box for entering a username and password. However, this method isn't compatible with password managers like lastpass because the fields arent part of a form on a webpage

     

    Would it be possible to change over to a webpage form based method? currently I either have to either manually copy and paste my password from lastpass (which takes time) or to keep my password simple so I can remember it (which is insecure)

    • Like 2

    Xeon motherboard with dual graphics slots

    in Motherboards and CPUs

    Posted · Edited by Nem

    Im planning on getting a Xeon E3 1245v6 and I'm looking for a motherboard. Must meet the following requirements:

     

    - Must be able to hold two dual slot graphics cards (1080Ti). These will be passed through to different VMs

    - Micro ATX or smaller

    - ECC RAM (not sure to what degree this is determined by the motherboard)

    - At least 6 SATA ports

    - The machine is on 24/7, so presumably some server grade board would be better

     

    Any recommendations?

    [Support] binhex - DelugeVPN

    in Docker Containers

    Posted

    On 1/19/2018 at 1:05 PM, JustinChase said:

    searching this thread didn't reveal the answer to me, so I want to ask, why is community applications giving me 2 errors, which are almost identical...

     

    Docker Application delugevpn, Container Port 58946 not found or changed on installed application

    Docker Application binhex-delugevpn, Container Port 58946 not found or changed on installed application

     

    I'm only running the binhex-delugevpn docker on this machine (I probably had regular delugevpn a LONG time ago, but no longer.)

     

    I checked and the template seems to have included port 58846, but not 58946, and I did not remap it.  I asked about this in the community applications thread, but was suggested to ask here about it.

     

    I don't really care about the error, but I'm confused why it's there (repeatedly) and how to 'fix' it so that I'm not getting warnings about errors that seem irrelevant.

     

    I've read this port is necessary if not running with VPN, so I suppose I could delete it, but again, my template only shows 58846, and the error is 58946, so I suspect it's just as easy to get more errors if I remove this port.  I could add the 58946 port to the docker, but I'm not sure that would help either.

     

    Anyway, just trying to 'fix' all errors that fix common errors is showing me, and this is the last one.  Any help is much appreciated.

     

    I had the same issue and just added port 58946 to the docker, which fixed the problem. But yes, also curious why its not included in the template