[[Support] binhex - DelugeVPN]

Hello,

 

My docker all of a sudden can't reach to the VPN server. The OVPN file is the one I downloaded from the provider. Error log and docker config are attached. Any ideas how to troubleshoot?

 

Thanks!

supervisord.log my-binhex-delugevpn.xml

kodibear.ovpn

[[Support] Linuxserver.io - Medusa]

16 hours ago, Froberg said:

 

Yup.. (It's being updated regularly.)

 

Actually your post reminded me that linuxserver seems to have abandoned direct support of their UnRaid container offerings.. so I switched to binhex/arch-medusa instead just now. 

I just checked their support forum. The last active discussion was from June 2020. None of the questions posted since were answered.

[[Support] Linuxserver.io - Medusa]

Is this docker still being supported? Anyone?

[[Support] Linuxserver.io - Medusa]

Hello,

 

Post-processing doesn't work on my server. All downloaded episodes are stuck in the "snatched" status and not being moved to the appropriate show directories. "Enable download handler" is checked and the post-processing dir is set to the correct folder (I can see files and folders there). There are no errors in the log file. How do I go about troubleshooting?

[HDD activity]

On 9/9/2021 at 6:36 AM, trurl said:

Your appdata share has files on disk3, and your system share has files on disk4. Dockers/VMs always have files open in these shares.

Is there a way to see which VM/docker is causing it? Because it definitely wasn't like it before.

[HDD activity]

Hello,

 

I'm seeing some unusual disk activity on my server. One of the data disks and both of the parity disks perform read / write operations every few seconds. All the other disks stay idle. I stopped the array and ran a short SMART test on the disk in question, but it didn't find any errors. Any ideas for what's happening? See attached movie clip and syslog.

 

Thanks!

tower-diagnostics-20210908-2151.zip

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

48 minutes ago, izarkhin said:

HI guys,

 

My certificate fails to renew. I have a free DuckDNS account that worked just fine before. I verified that the account is valid and has the correct IP address. What could be the problem? The config and the log files are attached.

 

Thanks!

[removed].duckdns.org.conf 1015 B · 0 downloads letsencrypt.log 3.05 kB · 0 downloads

Never mind! Turns out I needed to open port 80 for the challenge to work. All fine now.

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

HI guys,

 

My certificate fails to renew. I have a free DuckDNS account that worked just fine before. I verified that the account is valid and has the correct IP address. What could be the problem? The config and the log files are attached.

 

Thanks!

[removed].duckdns.org.conf letsencrypt.log

[Unauthorized web traffic from unRAID IP]

On 2/21/2020 at 10:10 AM, ijuarez said:

I believe that spaceinvader one has YouTube on LE reverse proxy using Cloudflare

That's exactly why I asked about subdomains I watched it, but he uses his own domain there.

[Unauthorized web traffic from unRAID IP]

19 hours ago, BRiT said:

Front all of your traffic via CloudFlare, never have anything pointed directly to your home server(s). Their free plan works well. https://www.cloudflare.com/plans/

Thanks for the idea! Do you happen to know a good write-up for how to configure it to use with unRAID? Also, do I understand it correctly that CloudFlare doesn't work with duckdns subdomains (i.e. [mysubdomain].duckdns.org)?

[Unauthorized web traffic from unRAID IP]

4 minutes ago, Squid said:

Nothing says that you can't forward the ports required for plex to operate.  In order for you to have had the login attempts on your server, you either forwarded the SSH ports or port 80/443 that unRaid uses or placed your server within your router's DMZ which opens up every port directly to the internet

 

If you need to access your server remotely (and by this, people mean the GUI or directly accessing via SSH), then you really need to use a VPN service of some kind, unless you are a network security expert (of which there are few and far between) and know exactly what you are doing.

Yes, I get that. Going forward I will not forward SSH port and only use SSH over VPN (which I already have set up on my router). I only mentioned Plex as an example. There are other dockers that I share, such as calibre, and I also run a WordPress site, so I will need to forward at least port 443. I guess my real question was: "Short of fully locking my server down behind VPN, what is the most secure way for allowing extended audience to access content on my server"? I thought letsecrypt/nginx was secure enough. Is it not?

[Unauthorized web traffic from unRAID IP]

1 minute ago, dockerPolice said:

Stop one at a time and see when the traffic to "weird sites" stops.

I tried that. Nothing seemed to help, SSH requests kept coming even after I stopped all dockers, until I changed IP and rebooted.

[Unauthorized web traffic from unRAID IP]

2 minutes ago, Squid said:

Even easier with the wireguard plugin.

Yeah, but that means whatever device is used for access should be configured for VPN, right? For example, my work place doesn't allow VPN, my friends & family use my Plex server, etc.

[Unauthorized web traffic from unRAID IP]

OK, I stopped all dockers, disabled port forwarding, removed Win10 VM and changed IP address. SSH attempts seem to have stopped. However, I would like to eventually be able to access at least some dockers via reverse proxy. My understanding is that, unless I forward SSH port or a docker contains malware, it should be relatively safe with letsecrypt/nginx, right? Now that Win10 VM is out of the picture, how do I proceed with figuring out which docker contains malware?

[Unauthorized web traffic from unRAID IP]

10 hours ago, limetech said:

There is a ssh login attempt from an IP geo-located in China.  But either your win10 VM has malware or maybe a Docker container has some kind of malware.  Please provide a list of all your containers.

I haven't booted my Win VM at least 2 years, so I don't think that's it. Here is my list of dockers:

binhex-delugevpn
binhex-sabnzbdvpn
cadvisor
calibre-web
DokuWiki
duckdns
Grafana
HandBrake
hydra
Influxdb
Krusader
letsencrypt
MakeMKV-RDP
mariadb
medusa
organizr
organizrv2
phpmyadmin
plex
telegraf
radarr

[Unauthorized web traffic from unRAID IP]

1 hour ago, Squid said:

Or use wireguard

Thanks! I read up on it some. Do I understand it correctly that the idea is that you set up wireguard, then forward its port and use it as the tunnel to access nginx/letsenctypt, so you can keep accessing your dockers via reverse proxy? What is the advantage compared to setting up regular VPN on my router? Sorry, I'm new to this. There are quite a few guides on setting up wireguard but nobody tells you how to use it afterwards.

[Unauthorized web traffic from unRAID IP]

18 minutes ago, ijuarez said:

yep attempts from China, pull the Ethernet cable off and so some security measures. 

it's not really helpful. what security measures?

[Unauthorized web traffic from unRAID IP]

Thanks for looking into this. I updated to 6.8.2 (was 6.8.0 before) and attached the diagnostics. Oh, and one more thing: the provider said that suspicious traffic originated from port 55612.

tower-diagnostics-20200212-0825.zip

[Unauthorized web traffic from unRAID IP]

Hi guys!

 

I really hope someone can help me here. I received an email from my Internet provider stating that they detected malware traffic coming from my WAN IP. It prompted me to check my router logs and I see a lot of traffic going from my unRAID IP address to all kinds of weird sites. Unfortunately, my Advanced Tomato router only gives me timestamp, originating IP and domain accessed. What can I do to identify the source of the problem? Are there any tools for selective traffic monitoring that provide more info?

 

Thanks!

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

23 hours ago, Kira said:

I setup router port forwarding for letsencypt 80 > 8080 and 443 > 8443

I am using xxxx.ddns.net services

I have also create a custom network "proxynet"

The log file showing "Server Ready"

 

but when I am trying to access my sites like next.ddns.net (example), I get error "The site can't be reach", "ERR_CONNECTION_RESET". I can ping next.ddns.net though

 

What other information I need to provide? Please help

 

Update:

Found out the issue, it seems I cant resolved dyndns on the same network, anyone know how to solve this?

 

Update 2:

Fixed, CTF broke NAT loopback

How did you fix it exactly? I'm having the same issue.

 

Update: issue fixed. Thank you for pointing to CTF being the root cause! I've been fiddling with my router settings for almost 3 weeks now

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

On 1/12/2020 at 7:49 PM, aptalca said:

Look into hairpin nat

 

On 1/12/2020 at 11:26 AM, izarkhin said:

Hi guys!

I really hope somebody can help me here. I switched from Comcast to AT&T Gigabit last week. AT&T forces you to use their own gateway. I configured it for IP passthrough in order to keep my Advanced Tomato wireless router setup. Now I can't access my duckdns subdomain from LAN. Externally everything still works. Here are the symptoms:

• [mysubdomain].duckdns.org works fine externally
• [mysubdomain].duckdns.org from LAN says "Establishing secure connection..." and then "This site can't be reached"
• I can successfully ping [mysubdomain].duckdns.org from LAN and get public IP back
• I can successfully trace [mysubdomain].duckdns.org from LAN
• duckdns.org website shows the correct public IP
• my Advanced Tomato router shows the correct public IP address forwarded to its WAN port
• I restarted letsencrypt container and didn't see any errors in the log
• I restarted duckdns container and didn't see any errors in the log
• I didn't make any changes, other that replacing Comcast cable modem with AT&T gateway and configuring it for IP passthrough. I. e. port forwarding, nginx config, etc. are still the same and it worked fine before

What am I missing? How can I troubleshoot?

 

On 1/12/2020 at 7:49 PM, aptalca said:

Look into hairpin nat

NAT Loopback is set to "All" and NAT Target - to "MASQUERADE" (as they have been before), so I don't think that's it.

 

Here is an abbreviated output of the "iptables -n -L -v -t nat" command:

Chain PREROUTING (policy ACCEPT 5731 packets, 389K bytes)
 pkts bytes target     prot opt in     out     source               destination
   92  5686 WANPREROUTING  all  --  *      *       0.0.0.0/0            [public IP]

 

Chain POSTROUTING (policy ACCEPT 26 packets, 1620 bytes)
 pkts bytes target     prot opt in     out     source               destination
 5110  330K MASQUERADE  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0

 

Chain WANPREROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    44 DNAT       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            to:[Advanced Tomato IP]

    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:[unRAID IP]:[letsencrypt HTTPS PORT]
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:[unRAID IP]:[letsencrypt HTTP PORT]

 

My understanding is that, according to this, all outbound requests for my duckdns subdomain from LAN should be pre-routed to [public IP] and then post-routed back to letsencrypt. Am I wrong?

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

Hi guys!

I really hope somebody can help me here. I switched from Comcast to AT&T Gigabit last week. AT&T forces you to use their own gateway. I configured it for IP passthrough in order to keep my Advanced Tomato wireless router setup. Now I can't access my duckdns subdomain from LAN. Externally everything still works. Here are the symptoms:

• [mysubdomain].duckdns.org works fine externally
• [mysubdomain].duckdns.org from LAN says "Establishing secure connection..." and then "This site can't be reached"
• I can successfully ping [mysubdomain].duckdns.org from LAN and get public IP back
• I can successfully trace [mysubdomain].duckdns.org from LAN
• duckdns.org website shows the correct public IP
• my Advanced Tomato router shows the correct public IP address forwarded to its WAN port
• I restarted letsencrypt container and didn't see any errors in the log
• I restarted duckdns container and didn't see any errors in the log
• I didn't make any changes, other that replacing Comcast cable modem with AT&T gateway and configuring it for IP passthrough. I. e. port forwarding, nginx config, etc. are still the same and it worked fine before

What am I missing? How can I troubleshoot?

[[Support] binhex - DelugeVPN]

On 3/1/2019 at 9:39 PM, IamSpartacus said:

Has anyone been able to get the WebAPI plugin installed in this container to enable Organizr V2 to talk to Deluge?  When I go to install the plugin it never shows an option to check off and thus isn't working.

Was anybody able to solve this? I'm having the same issue. I copied WebAPI-0.4.0-py3.7.egg to the /conf/plugins directory, restarted the container, but the plugin doesn't show up in WebUI. Please help!

[[Support] Linuxserver.io - Medusa]

Yeah, it definitely has something to do with language. I tried adding an English language show and it worked fine. Any thoughts?

[[Support] Linuxserver.io - Medusa]

5 minutes ago, ashman70 said:

Couple of questions:

 

Are you up to date on Medusa?

Are you allowing the Russian language and subtitles?

 

From the error it looks like the TVDB is having trouble finding or adding the show, have you tried a different option when adding the show?

Yes, I'm up to date. As far as allowing the Russian language, I wasn't aware that I can allow/  disallow specific languages. It least it shows as an option for me (see attached). Where do I check?