izarkhin

Members
  • Posts

    86
  • Joined

  • Last visited

Everything posted by izarkhin

  1. Hello, My docker all of a sudden can't reach to the VPN server. The OVPN file is the one I downloaded from the provider. Error log and docker config are attached. Any ideas how to troubleshoot? Thanks! supervisord.log my-binhex-delugevpn.xml kodibear.ovpn
  2. I just checked their support forum. The last active discussion was from June 2020. None of the questions posted since were answered.
  3. Is this docker still being supported? Anyone?
  4. Hello, Post-processing doesn't work on my server. All downloaded episodes are stuck in the "snatched" status and not being moved to the appropriate show directories. "Enable download handler" is checked and the post-processing dir is set to the correct folder (I can see files and folders there). There are no errors in the log file. How do I go about troubleshooting?
  5. Is there a way to see which VM/docker is causing it? Because it definitely wasn't like it before.
  6. Hello, I'm seeing some unusual disk activity on my server. One of the data disks and both of the parity disks perform read / write operations every few seconds. All the other disks stay idle. I stopped the array and ran a short SMART test on the disk in question, but it didn't find any errors. Any ideas for what's happening? See attached movie clip and syslog. Thanks! disk activity.mp4 tower-diagnostics-20210908-2151.zip
  7. Never mind! Turns out I needed to open port 80 for the challenge to work. All fine now.
  8. HI guys, My certificate fails to renew. I have a free DuckDNS account that worked just fine before. I verified that the account is valid and has the correct IP address. What could be the problem? The config and the log files are attached. Thanks! [removed].duckdns.org.conf letsencrypt.log
  9. That's exactly why I asked about subdomains I watched it, but he uses his own domain there.
  10. Thanks for the idea! Do you happen to know a good write-up for how to configure it to use with unRAID? Also, do I understand it correctly that CloudFlare doesn't work with duckdns subdomains (i.e. [mysubdomain].duckdns.org)?
  11. Yes, I get that. Going forward I will not forward SSH port and only use SSH over VPN (which I already have set up on my router). I only mentioned Plex as an example. There are other dockers that I share, such as calibre, and I also run a WordPress site, so I will need to forward at least port 443. I guess my real question was: "Short of fully locking my server down behind VPN, what is the most secure way for allowing extended audience to access content on my server"? I thought letsecrypt/nginx was secure enough. Is it not?
  12. I tried that. Nothing seemed to help, SSH requests kept coming even after I stopped all dockers, until I changed IP and rebooted.
  13. Yeah, but that means whatever device is used for access should be configured for VPN, right? For example, my work place doesn't allow VPN, my friends & family use my Plex server, etc.
  14. OK, I stopped all dockers, disabled port forwarding, removed Win10 VM and changed IP address. SSH attempts seem to have stopped. However, I would like to eventually be able to access at least some dockers via reverse proxy. My understanding is that, unless I forward SSH port or a docker contains malware, it should be relatively safe with letsecrypt/nginx, right? Now that Win10 VM is out of the picture, how do I proceed with figuring out which docker contains malware?
  15. I haven't booted my Win VM at least 2 years, so I don't think that's it. Here is my list of dockers: binhex-delugevpn binhex-sabnzbdvpn cadvisor calibre-web DokuWiki duckdns Grafana HandBrake hydra Influxdb Krusader letsencrypt MakeMKV-RDP mariadb medusa organizr organizrv2 phpmyadmin plex telegraf radarr
  16. Thanks! I read up on it some. Do I understand it correctly that the idea is that you set up wireguard, then forward its port and use it as the tunnel to access nginx/letsenctypt, so you can keep accessing your dockers via reverse proxy? What is the advantage compared to setting up regular VPN on my router? Sorry, I'm new to this. There are quite a few guides on setting up wireguard but nobody tells you how to use it afterwards.
  17. it's not really helpful. what security measures?
  18. Thanks for looking into this. I updated to 6.8.2 (was 6.8.0 before) and attached the diagnostics. Oh, and one more thing: the provider said that suspicious traffic originated from port 55612. tower-diagnostics-20200212-0825.zip
  19. Hi guys! I really hope someone can help me here. I received an email from my Internet provider stating that they detected malware traffic coming from my WAN IP. It prompted me to check my router logs and I see a lot of traffic going from my unRAID IP address to all kinds of weird sites. Unfortunately, my Advanced Tomato router only gives me timestamp, originating IP and domain accessed. What can I do to identify the source of the problem? Are there any tools for selective traffic monitoring that provide more info? Thanks!
  20. How did you fix it exactly? I'm having the same issue. Update: issue fixed. Thank you for pointing to CTF being the root cause! I've been fiddling with my router settings for almost 3 weeks now
  21. NAT Loopback is set to "All" and NAT Target - to "MASQUERADE" (as they have been before), so I don't think that's it. Here is an abbreviated output of the "iptables -n -L -v -t nat" command: Chain PREROUTING (policy ACCEPT 5731 packets, 389K bytes) pkts bytes target prot opt in out source destination 92 5686 WANPREROUTING all -- * * 0.0.0.0/0 [public IP] Chain POSTROUTING (policy ACCEPT 26 packets, 1620 bytes) pkts bytes target prot opt in out source destination 5110 330K MASQUERADE all -- * vlan2 0.0.0.0/0 0.0.0.0/0 Chain WANPREROUTING (1 references) pkts bytes target prot opt in out source destination 1 44 DNAT icmp -- * * 0.0.0.0/0 0.0.0.0/0 to:[Advanced Tomato IP] 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:[unRAID IP]:[letsencrypt HTTPS PORT] 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:[unRAID IP]:[letsencrypt HTTP PORT] My understanding is that, according to this, all outbound requests for my duckdns subdomain from LAN should be pre-routed to [public IP] and then post-routed back to letsencrypt. Am I wrong?
  22. Hi guys! I really hope somebody can help me here. I switched from Comcast to AT&T Gigabit last week. AT&T forces you to use their own gateway. I configured it for IP passthrough in order to keep my Advanced Tomato wireless router setup. Now I can't access my duckdns subdomain from LAN. Externally everything still works. Here are the symptoms: [mysubdomain].duckdns.org works fine externally [mysubdomain].duckdns.org from LAN says "Establishing secure connection..." and then "This site can't be reached" I can successfully ping [mysubdomain].duckdns.org from LAN and get public IP back I can successfully trace [mysubdomain].duckdns.org from LAN duckdns.org website shows the correct public IP my Advanced Tomato router shows the correct public IP address forwarded to its WAN port I restarted letsencrypt container and didn't see any errors in the log I restarted duckdns container and didn't see any errors in the log I didn't make any changes, other that replacing Comcast cable modem with AT&T gateway and configuring it for IP passthrough. I. e. port forwarding, nginx config, etc. are still the same and it worked fine before What am I missing? How can I troubleshoot?
  23. Was anybody able to solve this? I'm having the same issue. I copied WebAPI-0.4.0-py3.7.egg to the /conf/plugins directory, restarted the container, but the plugin doesn't show up in WebUI. Please help!
  24. Yeah, it definitely has something to do with language. I tried adding an English language show and it worked fine. Any thoughts?
  25. Yes, I'm up to date. As far as allowing the Russian language, I wasn't aware that I can allow/ disallow specific languages. It least it shows as an option for me (see attached). Where do I check?